最近自己闲着无聊,弄了一台机器想用Linux完整的做一台网络服务器,实现Proxy、Web、FTP、MAIL、DNS、DHCP、LDAP等功能, 起初想的简单,结果做了才知道其中滋味。因为以前只是纸上谈兵,并没多少实战经验,现在空机器上一大堆的服务需要配置,满篇的代码需要一行一行的看,怎一 个苦字了得。也是因为这个,这段时间一直没空上来管理版块。现在我已经将服务器配的差不多,顺便花点小时间整理了一下安装笔记,现在贴上来供大家一起探 讨。因为过程比较烦乱,我只记录最终的版本,会在以后陆续贴上来,欢迎大家批评指导。
***********************************正文****************************************
Linux网络服务器架设笔记
*** 面向用户:初级
*** 文章属性:原创 (最先发布于http://www.52xfu.com/校友网论坛电脑知识版)
*** 作者:aeolus (aeolus01@163.com)
*** 编写时间:2004年7月
*** 版权声明:可自由以电子格式(非印刷)转载,但请保留此说明;如需印刷出版请与作者联系。
一、操作系统及环境
现在流行的UNIX操作系统种类繁多,分为Linux、BSD、Solaris、SCO UNIX、HP-UX、AIX、Tru64 UNIX、Mac OS X等等很多种类,而每个种类还不尽相同。就拿Linux来说,有很多分支,比如很出名的RedHat,SlackWare,TurboLinux, SUSE,Debian,teamLinux,BluePoint,以及中国的红旗Linux等,就Linux而言,现在RedHat是当之无愧的老大; 而BSD下面也分为FreeBSD、NetBSD、BSD/OS、4.4BSDLite等等,这当中FreeBSD应用最广;Solaris是Sun公司 的标准操作系统,我就不多说了;SCO UNIX是指Open UNIX、UnixWare、SCO OpenServer等SCO公司的操作系统;HP-UX是HP的,AIX是IBM的,Tru64 UNIX是Compaq的,Mac OS X是苹果公司最新的UNIX操作系统。
上面说了一大堆废话,就是想让大家了结一下UNIX的现状。好了,现在我们言归正传,看看我是怎么做的吧。
我选择的软件是:
RedHat Linux 版本 9.01 内核版本 2.4.20-8
Proxy: netfilter/iptables 版本 1.2.7a-2
Web: APACHE 版本 2.0.40-21
FTP: Proftp 版本 1.2.9
DNS: BIND 版本 9.2.1-16
DHCP: DHCPD 版本 3.0pl-23
MAIL: PostFix 版本 2.0.19
LDAP: OpenLDAP 版本 2.1.29
编译器: GCC 版本 3.2.2-5
再看看我的硬件:
CPU: P3 800Hz intel
IDE: 20G 昆腾
RAM: 128M HY
CD-ROM: 50X Acer
DISPLAY: TNT2 M64 不清楚
NET: 530TX两块 D-Link
同时我还准备了另外一台机子作为它的子机试验用,这台机子配置无关紧要,有个网卡能上网就行了。
二、系统安装
系统安装只需要将RedHat Linux9.01的第一张光盘放进光驱重启,进入安装界面,然后一步步按照提示选择即可,在这里略过不提。因为我的硬件都是比较老的,所以全部都被系统认出,没什么麻烦。但是如果在安装过程中遇到这种硬件无法驱动的情况,可以直接去红帽子网站http://www.redhat.com/寻找答案。
值得提醒的是,安装中有一个界面是要选择安装模式,station、server或者all,选择server就可以了,不过我为了后面配置简便, 在这里为每一项做了详细选择,安装了许多系统默认不会安装的东西。还有就是在安装时,系统会提醒输入主机名,我的主机名是aeolus。
三、配置网络
系统安装好并以root登陆后,就该开始逐步配置应用模块了。首先我需要aeolus这台机器能上网。先用ifconfig命令看看情况:
[root@aeolus//]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:05:5D:0A:1C:ED
inet addr:0.0.0.0
........(代表省略,我是用手敲的这些文字,照抄下去我会疯掉的,只留了有用的两行)
eth1 Link encap:Ethernet HWaddr 00:05:BA:2B:B8:E5
inet addr:0.0.0.0
........
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
........
我准备将eth0设为内网入口,将eth1设为外网出口,架设我有个外网公有IP地址为202.100.100.100,网关是202.100.100.1那么:
[root@aeolus//]# ifconfig eth0 192.168.0.1 netmask 255.255.225.0
[root@aeolus//]# route add default gw 192.168.0.1 eht0
[root@aeolus//]# ifconfig eth1 202.100.100.100 netmask 255.255.255.0
[root@aeolus//]# route add default gw 202.100.100.1 eht1
再用ifconfig命令看看情况:
[root@aeolus//]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:05:5D:0A:1C:ED
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
........
eth1 Link encap:Ethernet HWaddr 00:05:BA:2B:B8:E5
inet addr:202.100.100.100 Bcast:202.100.100.255
........
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
四、Proxy和firewall
我选用的proxy工具是netfilter/iptables,它是与最新的 2.4.x 版本 Linux 内核集成的 IP 信息包过滤系统。如果 Linux 系统连接到因特网或 LAN、服务器或连接 LAN 和因特网的代理服务器,则该系统在 Linux 系统上能更好地控制 IP 信息包过滤和防火墙配置。虽然netfilter/iptables IP 信息包过滤系统被称为单个实体,但它实际上由两个组件 netfilter 和 iptables 组成。
netfilter 组件也称为内核空间(kernelspace),是内核的一部分,由一些信息包过滤表组成,这些表包含内核用来控制信息包过滤处理的规则集。
iptables 组件是一种工具,也称为用户空间(userspace),它使插入、修改和除去信息包过滤表中的规则变得容易。
在开始安装 iptables 用户空间工具之前,需要对系统做某些修改。首先,需要使用 make config 命令来配置内核的选项。在配置期间,必须通过将 CONFIG_NETFILTER 和 CONFIG_IP_NF_IPTABLES 选项设置为 Y 来打开它们,因为这是使 netfilter/iptables 工作所必需的。下面是可能要打开的其它选项:
CONFIG_PACKET:如果要使应用程序和程序直接使用某些网络设备,那么这个选项是有用的。
CONFIG_IP_NF_MATCH_STATE:如果要配置有状态的防火墙,那么这个选项非常重要而且很有用。这类防火墙会记得先前关于信息包过滤所做的决定,并根据它们做出新的决定。
CONFIG_IP_NF_FILTER:这个选项提供一个基本的信息包过滤框架。如果打开这个选项,则会将一个基本过滤表(带有内置的 INPUT、FORWARD 和 OUTPUT 链)添加到内核空间。
CONFIG_IP_NF_TARGET_REJECT:这个选项允许指定:应该发送 ICMP 错误消息来响应已被 DROP 掉的入站信息包,而不是简单地杀死它们。
ok,开始吧。首先从http://www.netfilter.org/ 下载iptables的压缩文件iptables-1.2.7a-2.tar.bz2,我把这个文件存放到/tmp/temp/fire/目录。
首先必须关闭和卸载以前系统上默认安装的iptables或者ipchains,然后继续:
# cd /tmp/temp/fire
# bzip2 -d iptables-1.2.7a-2.tar.bz2
# tar -xvf iptables-1.2.6a.tar
# cd iptables-1.2.7a-2
# make
# make install
先用iptables --list查看一下没有定义规则时iptables的样子:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
好 了,现在可以定义iptables规则了,首先进入/etc/rc.d目录,可以看到在这个目录下有rc.local和rc.sysinit文件,这两个 文件都很重要,是机器每次启动时都会加载运行的脚本。首先新建一个脚本,命名为firewall,然后在这个脚本里按照自己的条件定义规则:
#缺省情况下,IP转发都处于不可用状态,将其设置为可用状态:
echo 1 > /proc/sys/net/ipv4/ip_forward
#加载所需的内核
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#定义规则
/sbin/iptables --flush INPUT
/sbin/iptables --flush FORWARD
/sbin/iptables --flush POSTROUTING --table nat
/sbin/iptables --policy FORWARD DROP
/sbin/iptables --table nat --append POSTROUTING --out-interface eth1 --source 192.168.0.0/24 --jump MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth1 --match state --state ESTABLISHED,RELATED --jump ACCEPT
/sbin/iptables --append FORWARD --source 192.168.0.0/24 --jump ACCEPT
#限制一些流出的信息
$IPTABLES -A OUTPUT -o eth0 -p tcp -dport 31337 -j DROP
$IPTABLES -A OUTPUT -o eth0 -p tcp -sport 31337 -j DROP
此外,31335、27444、27665、20034 NetBus、9704、137-139(smb)等端口也应被禁止,如果不想让局域网的人QQ,还可以在这里定义禁止8000端。(好像是8000吧,我不记得QQ端口是多少了)。
定义好iptables规则之后,保存firewall脚本,用./firewall执行就可以用了。然后编辑rc.sysinit文件,添加一行:
/etc/rc.d/firewall
这样在机器每次启动时都可以加载firewall脚本。
更详尽的资料可参照Oskar Andreasson的Iptables Tutorial 1.1.19一文,地址是:http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial.html
五、Web
在安装系统时,只要选择了服务器模式,RH是会自动安装好Apache的,所以安装一节略过不提,我主要说配置。Apache传统上使用三个配置文 件httpd.conf,access.conf和srm.conf来配置Apache服务器的行为。httpd.conf是Apache服务器主要配置 文件,它包含服务器的影响服务器运行的配置指令,被分为三个部分:1. 控制整个Apache服务器行为的部分(即全局环境变量)2. 定义主要或者默认服务参数的指令,也为所有虚拟主机提供默认的设置参数 3. 虚拟主机的设置参数 ,下面就是httpd.conf文件:
## httpd.conf - configuration for the Apache web server
#
### Section 1: Global Environment
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens OS
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <http://httpd.apache.org/docs-2.0/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/httpd"
#
# ScoreBoardFile: File used to store internal server process information.
# If unspecified (the default), the scoreboard will be stored in an
# anonymous shared memory segment, and will be unavailable to third-party
# applications.
# If specified, ensure that no two invocations of Apache share the same
# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
#
#ScoreBoardFile run/httpd.scoreboard
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile "/var/run/httpd.pid"
#
# Timeout: The number of seconds before receives and sends time out.
#
TimeOut 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive false
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
MaxClients 150
MaxRequestsPerChild 100
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
# perchild MPM
# NumServers: constant number of server processes
# StartThreads: initial number of worker threads in each server process
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# MaxThreadsPerChild: maximum number of worker threads in each server process
# MaxRequestsPerChild: maximum number of connections per server process
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen *:80
#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
ServerName http://www.aeolus.com/
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName on
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/etc/httpd/html"
#
# Disable autoindex for the root directory, and present a
# default Welcome page if no other index page is present.
#
<LocationMatch "^/$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir "disable"
#
# To enable requests to /~user/ to serve the user's public_html
# directory, use this directive instead of "UserDir disable":
#
#UserDir public_html
</IfModule>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex
#
# AccessFileName: The name of the file to look for in each directory
# for access control information. See also the AllowOverride directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^/.ht">
Order allow,deny
Deny from all
</Files>
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
TypesConfig "/etc/mime.types"
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., http://www.apache.org/ (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostNameLookups Off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t /"%r/" %>s %b /"%{Referer}i/" /"%{User-Agent}i/"" combined
LogFormat "%h %l %u %t /"%r/" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# CustomLog logs/access_log common
CustomLog logs/access_log combined
#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog logs/access_log combined
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature on
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/var/www/icons/"
#
# This should be changed to the ServerRoot/manual/. The alias provides
# the manual, even if you choose to move your DocumentRoot. You may comment
# this out if you do not care for the documentation.
#
Alias /manual "/var/www/manual"
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<IfModule mod_cgid.c>
#
# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
# for setting UNIX socket for communicating with cgid.
#
#Scriptsock logs/cgisock
</IfModule>
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Directives controlling the display of server-generated directory listings.
#
#
# FancyIndexing is whether you want fancy directory indexing or standard.
# VersionSort is whether files containing version numbers should be
# compared in the natural way, so that `apache-1.3.9.tar' is placed before
# `apache-1.3.12.tar'.
#
IndexOptions FancyIndexing VersionSort NameWidth=*
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
#
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Danish (da) - Dutch (nl) - English (en) - Estonian (et)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Norwegian (no) - Norwegian Nynorsk (nn) - Korean (kr)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru) - Croatian (hr)
#
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage he .he
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage kr .kr
AddLanguage pt .pt
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw
AddLanguage hr .hr
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ltz ca es sv tw
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
#
# Specify a default charset for all pages sent out. This is
# always a good idea and opens the door for future internationalisation
# of your web site, should you ever want it. Specifying it as
# a default does little harm; as the standard dictates that a page
# is in iso-8859-1 (latin1) unless specified otherwise i.e. you
# are merely stating the obvious. There are also some security
# reasons in browsers, related to javascript and URL parsing
# which encourage you to always set a default char set.
#
AddDefaultCharset ISO-8859-1
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets for
# the official list of charset names and their respective RFCs
#
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
# The set below does not map to a specific (iso) standard
# but works on a fairly wide range of browsers. Note that
# capitalization actually matters (it should not, but it
# does for some browsers).
#
# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets
# for a list of sorts. But browsers support few.
#
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
AddType application/x-tar .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For server-parsed imagemap files:
#
AddHandler imap-file map
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddOutputFilter INCLUDES .shtml
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
Alias /error/ "/var/www/error/"
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4/.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4/.0" force-response-1.0
BrowserMatch "Java/1/.0" force-response-1.0
BrowserMatch "JDK/1/.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your-domain.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#</Location>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your-domain.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
### Section 3: Virtual Hosts
#
# <VirtualHost *>
# ServerAdmin webmaster@aeolus.com
# DocumentRoot /etc/httpd/html1
# ServerName www1.aeolus.com
# ErrorLog logs/aeolus-error_log
# CustomLog logs/dummy-aeolus.com-access_log commom
# </virtualHost>
因为我没必要设置虚拟主机,所以第三部分只给出了示例。
然后把自己做好的web站点(假设只有一个index.htm文件)放进配置文件设置的路径:
# mkdir /etc/httpd/html
# mv -rf index.htm /etc/httpd/html/
开启守护进程
# service httpd start [ ok ]
六、 FTP
porftpd是一个配置方法与APACHE相类似的FTP服务器,有两种运行方式,独立服务器与超级服务器的子服务器。无论从安全性还是稳定性还 是可配置性来说都是非常好的选择。一般来说redhat上的wu-ftp的问题太多,为了安全起见用proftpd还好一些.
取得:
http://www.proftpd.net/是其公司网站上有大量资料,到ftp://ftp.proftpd.net/pub/proftpd/可以下载最新的proftpd-1.2.9.tar.gz
安装:
# tar proftpd-1.2.9.tar.gz
# cd proftpd-1.2.9
设定安装到/www/protpd目录中
# ./configure --prefix=/www/proftpd
# make
# make install
设定:
几个文件的功能及路径:
/www/proftpd/sbin/proftpd 执行程序
/www/proftpd/etc/proftpd.conf 设置文件
/www/proftpd/var/proftpd.pid proftpd做为一个服务的ID号
配置proftpd.conf文件:(./doc目录内有proftpd.conf的说明)
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
Port 21
User nobody
Group ftp
DefaultRoot ~
〈Directory /*>
AllowOverwrite on
〈/Directory>
〈Anonymous ~ftp>
User ftp
Group ftp
UserAlias anonymous ftp
MaxClients 10
DisplayLogin welcome.msg
DisplayFirstChdir .message
RequireValidShell no
〈Limit WRITE>
DenyAll
〈/Limit>
〈/Anonymous>
在默认的"/www/proftpd/etc/proftpd.conf/"文件中有一行文字"ServerType standalone",指 定"/www/proftpd/sbin/proftpd"以一个服务的式来工作,可以放"/www/proftpd/sbin/proftpd"到 "/etc/rc.d/rc.local"文件中,以便开机起动. 也可以改变"ServerType standalone"为"ServerType inetd", 并修改"/etc/inetd.conf"中的
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
改变为 tp stream tcp nowait root /www/proftpd/sbin/proftpd proftpd
但是因为我没有随机开启ftp的必要,所以我没有设定这些,只是将启动脚本放在/etc/rc.d/init.d/目录下,进行手动开启:
# cp ./contrib/dist/rpm/proftpd.init.d /etc/rc.d/init.d/proftpd
# chmod o+x /etc/rc.d/init.d/proftpd
添加in.proftpd:
# vi /etc/rc.d/init.d/fuctions
在PATH后面添加 /usr/local/sbin
试验启动:
# /etc/rc.d/init.d/proftpd start [ OK ]
七、 DHCP
大多数的情况下Linux作为DHCP服务器而windows 95/98作为DHCP客户。Linux也可以作为DHCP客户,但你要安装dhcpcd rpm 软件包 ,Linux作为DHCP服务器,只需要安装dhcpd rpm 包。RH9.0自带的dhcp版本比较低,所以我从网上下载新版本。下载两个软件包:dhcp-3.0pll-23.i386.rpm和dhcp-devel-3.0pll-23.i386.rpm,然后:
# rpm -e dcp
# rpm -ivh dhcp-3.0pll-23.i386.rpm
# rpm -ivh dhcp-devel-3.0pll-23.i386.rpm
使DHCP服务器为windows机器服务,需要创建一个到地址255.255.255.255的路由,加这条路由命令到/etc/rc.d/rc.local使得每次启动后自动运行。
# route add -host 255.255.255.255 dev eth0
但是报告错误消息:255.255.255.255:Unkown host
于是,我试着加下面的入口到/etc/hosts文件:
# route add -host dhcp dev eth0 。
DHCPd后台程序总是读取配置文件/etc/dhcpd.conf, 下面就是DHCP配置文件的例子:
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.0.1,202.100.100.100;
option time-offset -18000;
range dynamic-bootup 192.168.0.10 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
}
ok,可以启动dhcp了:
# service dhcpd start
然后在另一台windows机器上测试,成功!
八、 DNS
RH9默认就安装了BIND9.2.1,所以我的主要动作就在修改配置文件上,首先:
# vi /etc/resolv.conf
nameserver 127.0.0.1
nameserver 202.100.100.100
nameserver 202.100.100.1
然后:
# vi /etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "aeolus.com" IN {
type master;
file "aeolus.com";
allow-update { none;};
};
include "/etc/rndc.key";
接着:
# vi /var/named/localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root.localhost (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
1D IN NS @
@ IN A 127.0.0.1
最后:
# vi /var/named/aeolus.com
@ IN SOA aeolus.com. root.localhost (
200211131 ; serial, todays date + todays serial
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
NS ns.aeolus.com.
@ IN A 192.168.0.1
www IN A 192.168.0.1
mail IN 192.168.0.1
ftp IN A 192.168.0.1
@ MX 10 www
ok了,配置文件就是这些,至于原理我就不讲了。
# service named start [ OK ]
试验一下,用客户端机器设置网络地址为192.168.0.99,DNS设为192.168.0.1和202.100.100.100,然后在DOS窗口试着ping随便一个常用网址,比如http://www.sohu.com/,只要能ping通就说明解析成功。
(未完,待续)
8897
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
