实现以下需求:
1、baidu公司提供www.baidu.com网站服务,页面显示内容“It’s www.baidu.com”,网站根目录在/www/html目录,网站通过www2.baidu.com也可以正常访问;
2、baidu公司同时提供邮件服务,邮件服务器地址为mail.baidu.com;
3、baidu公司有三个用户,xixi,maomao和haha可以和qq公司的邮件互相收发。
4、要求每次发给xixi用户的所有邮件同时haha用户也可以收到。
5、qq公司提供www.qq.com网站服务,页面显示内容“It’s www.qq.com”,网站根目录在/www/html目录,网站通过web.qq.com也可以正常访问;
6、qq公司同时提供邮件服务,邮件服务器地址为mail.qq.com,可以和baidu公司的邮件服务器互相收发;
7、qq公司有三个用户,zhangsan,lisi和wangwu,
8、baidu公司和qq公司通过第三方DNS服务器进行域名解析,该域名解析服务同时需要同时满足两个公司的解析需求。
9、baidu和qq提供的所有服务器均走加密协议,包括web服务器和mail服务器
10、创建一个dhcp服务,该服务为该练习中的所有虚拟主机提供固定ip地址分配
对于baidu公司的所有配置:
http服务配置
[root@ns certs]# vim /etc/httpd/conf.d/vhost.conf
[root@ns conf.d]# echo “It’s www.baidu.com” > /www/html/index.html
[[root@ns certs]# make www.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > www.key
Generating RSA private key, 2048 bit long modulus
……………………………………………………………………………………………………..+++
…..+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key www.key -x509 -days 365 -out www.crt
Enter pass phrase for www.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
**If you enter ‘.’, the field will be left blank.
—–**
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxin
Locality Name (eg, city) [Default City]:xianan
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server’s hostname) []:yaya
Email Address []:yaya@163.com
[root@ns certs]# systemctl restart httpd
Enter SSL pass phrase for www2.baidu.com:443 (RSA) : **
修改hosts文件 C:\Windows\System32\drivers\etc
172.16.50.37 www.baidu.com
172.16.50.37 www2.baidu.com
[root@ns ~]# systemctl restart httpd
Enter SSL pass phrase for www2.baidu.com:443 (RSA) : **
root@ns conf.d]# useradd haha
[root@ns conf.d]# echo redhat |passwd –stdin haha
Changing password for user haha.
passwd: all authentication tokens updated successfully. root@ns conf.d]# useradd haha
[root@ns conf.d]# echo redhat |passwd –stdin xixi
Changing password for user xixi.
passwd: all authentication tokens updated successfully.
root@ns conf.d]# useradd maomao
[root@ns conf.d]# echo redhat |passwd –stdin haha
Changing password for user maomao.
passwd: all authentication tokens updated successfully.
邮件服务配置
一、配置baidu.com域
配置postfix服务
[root@localhost ~]# vi /etc/postfix/main.cf
76 myhostname = mail.baidu.com
83 mydomain = baidu.com
99myorigin=$mydomain
113 inet_interfaces = all
164 mydestination =
mydomain,
m
y
d
o
m
a
i
n
,
myhostname
264 mynetworks = 172.16.50.0/24
296 relay_domains = $mydestination
开启SASL认证
编辑postfix配置文件
[root@localhost ~]# vi /etc/postfix/main.cf
追加如下内容:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
配置dovecot服务
配置dovecot主配置文件
[root@localhost ~]# vi /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 172.16.50.0/24
配置dovecot子配置文件
[root@localhost ~]# vi /etc/dovecot/conf.d/10-mail.conf
30 mail_location = mbox:~/mail:INBOX=/var/mail/%
注意:有的系统可能没有权限;
chmod 0600 /var/mail/*
支持SSL访问
[root@localhost ~]# cd /etc/postfix/
[root@localhost postfix]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Generating a 2048 bit RSA private key
…………………..+++
………………………………………..+++
**writing new private key to ‘smtpd.pem’
—–**
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
**If you enter ‘.’, the field will be left blank.
—–**
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server’s hostname) []:mail.baidu.com
Email Address []:ping
编辑/etc/postfix/main.cf文件
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
编辑/etc/postfix/master.cf文件,去掉以下内容的注释:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
重启服务
[root@localhost postfix]# systemctl restart postfix
baidu域的虚拟别名
[root@mail postfix]# vim /etc/postfix/virtual
@group.com @baidu.com
@work.com @qq.com
123@group.com haha@group.com,xixi@group.com
admin@group.com haha@group.com,xixi@group.com,maomao@group.com,zhangsan,wangwu,lisi
[root@localhost postfix]# systemctl restart postfix
对于qq公司的所有配置:
http服务配置
[root@mail ~]# vim /etc/httpd/conf.d/vhosts.conf
[root@mail certs]# mkdir -p /www/html
[root@mail certs]# echo “It’s www.qq.com” >/www/html/index.html
root@mail ~]# cd /etc/pki/tls/certs/
[root@mail certs]# make qq.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > qq.key
Generating RSA private key, 2048 bit long modulus
………………………..+++
……………….+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key qq.key -x509 -days 365 -out qq.crt
Enter pass phrase for qq.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
**If you enter ‘.’, the field will be left blank.
—–**
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian’
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server’s hostname) []:lala
Email Address []:lala@163.com
修改hosts文件 C:\Windows\System32\drivers\etc
172.16.50.60 www.qq.com
172.16.50.60 web.qq..com
[root@mail certs]# systemctl restart httpd
Enter SSL pass phrase for web.qq.com:443 (RSA) : **
二、配置qq.com域
[root@ns certs]# useradd zhangsan
[root@ns certs]# useradd lisi
[root@ns certs]# useradd wangwu
[root@ns certs]# echo redhat |passwd –stdin zhangsan
Changing password for user zhangsan.
passwd: all authentication tokens updated successfully.
[root@ns certs]# echo redhat |passwd –stdin lisi
Changing password for user lisi.
passwd: all authentication tokens updated successfully.
[root@ns certs]# echo redhat |passwd –stdin wangwu
Changing password for user wangwu.
passwd: all authentication tokens updated successfully.
配置postfix服务
[root@localhost ~]# vi /etc/postfix/main.cf
76 myhostname = mail.qq.com
83 mydomain = qq.com
99myorigin=
mydomain113inetinterfaces=all164mydestination=
m
y
d
o
m
a
i
n
113
i
n
e
t
i
n
t
e
r
f
a
c
e
s
=
a
l
l
164
m
y
d
e
s
t
i
n
a
t
i
o
n
=
mydomain,
myhostname264mynetworks=172.16.50.0/24296relaydomains=
m
y
h
o
s
t
n
a
m
e
264
m
y
n
e
t
w
o
r
k
s
=
172.16.50.0
/
24
296
r
e
l
a
y
d
o
m
a
i
n
s
=
mydestination
开启SASL认证
编辑postfix配置文件
[root@localhost ~]# vi /etc/postfix/main.cf
追加如下内容:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
配置dovecot服务
配置dovecot主配置文件
[root@localhost ~]# vi /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 172.16.50.0/24
配置dovecot子配置文件
[root@localhost ~]# vi /etc/dovecot/conf.d/10-mail.conf
30 mail_location = mbox:~/mail:INBOX=/var/mail/%n
支持SSL访问
[root@localhost ~]# cd /etc/postfix/
[root@localhost postfix]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Generating a 2048 bit RSA private key
…………………..+++
………………………………………..+++
**writing new private key to ‘smtpd.pem’
—–**
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
**If you enter ‘.’, the field will be left blank.
—–**
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server’s hostname) []:mail.baidu.com
Email Address []:ping
编辑/etc/postfix/main.cf文件
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
编辑/etc/postfix/master.cf文件,去掉以下内容的注释:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
重启服务
[root@localhost postfix]# systemctl restart postfix
qq域的虚拟别名
[root@mail postfix]# vim /etc/postfix/virtual
@group.com @baidu.com
@work.com @qq.com
123@group.com haha@group.com,xixi@group.com
admin@group.com haha@group.com,xixi@group.com,maomao@group.com,zhangsan,wangwu,lisi
配置DNS服务器
两边手动设置DNS服务器地址(网卡必须指定dns服务器的地址)
[root@localhost ~]# nmcli connection modify ens33 ipv4.dns 172.16.50.37
[root@localhost ~]# nmcli connection up ens33
连接已成功激活(D-Bus活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@localhost postfix]# vim /etc/named.conf
options {
listen-on port 53 { 172.16.50.37; };
directory “/var/named”;
allow-transfer { 172.16.50.60; };
};
zone “baidu.com” IN {
type master;
file “baidu.com.zone”;
};
zone “50.16.172.in-addr.arpa” IN {
type master;
file “hehe.com.zone”;
};
zone “qq.com” IN {
type master;
file “qq.com.zone”;
};
“/etc/named.conf” 30L, 707C
配置baidu.com域
[root@localhost postfix]# vim /var/named/baidu.com.zone
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0
1D
1H
1W
3H )
IN NS ns.baidu.com.
IN MX 10 mail.baidu.com.
ns IN A 172.16.50.37
mail IN A 172.16.50.37
配置qq.com域
~[root@localhost postfix]# vim /var/named/qq.com.zone
$TTL 1D
@ IN SOA ns.qq.com. admin.qq.com. (
0
1D
1H
1W
3H )
IN NS ns.qq.com.
IN MX 10 mail.qq.com.
ns IN A 172.16.50.37
mail IN A 172.16.50.60
反向区域配置文件
[root@localhost postfix]# vim /var/named/hehe.com.zone
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.baidu.com.
37 IN PTR ns.baidu.com.
37 IN PTR mail.baidu.com.
60 IN PTR mail.qq.com.
虚拟主机提供固定ip地址分配
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 172.16.50.0 netmask 255.255.255.0 {
option routers 172.16.50.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 114.114.114.114;
range dynamic-bootp 172.16.50.2 172.16.50.100;
default-lease-time 60;
max-lease-time 60;
}
host localhost.localdomain {
hardware ethernet 00:0c:29:5d:f2:21;
fixed-address 172.16.50.37;
}
host mail.qq.com {
hardware ethernet 00:0c:29:fe:79:9b;
fixed-address 172.16.50.60;
}
“/etc/dhcp/dhcpd.conf” 25L, 687C