转自:http://blog.sina.com.cn/s/blog_5e7987700100dgx8.html
Freedsd部署web服务器
系统版本:freebsd 6.4 32位
一:系统安装:
1, 分区
/ 512MB
/db 57344mb
/tmp 2048MB
/usr 8192MB
/var 4096MB
swap 2048MB
2,最小化安装(with ssh)
3,ifconfig rl0 inet 10.100.68.228 netmask 255.255.255.0 up 配置网络
ifconfig rl0 up/down
4:系统本身优化sysctl(?)
二:软件安装(make FORCE_PKG_REGISTER=yes install clean强制覆盖安装)
1:关盘安装 sys, ports, man, gmake, cvsup-without-gui2
2:安装socks5
A)上传socks5-v1.0r11.tar.gz到服务器/usr/ports/distfiles下面
B)#whereis socks5
#cd /usr/ports/net/socks5
#make install clean
#rehash
#cd /usr/local/etc/ 创建libsocks5.conf文件,编辑该文件添加下面信息:
noproxy – 10.100. – –
socks4 – – – – 10.100.101.6:1081
#echo ‘socks5_enable=”YES”’>> /etc/rc.conf
3:使用cvsup更新ports
cvs-supfile cvsup本身的升级文件
doc-supfile 操作系统文档升级文件
gnats-supfile FreeBSD的bug数据库
ports-supfile ports升级文档
stable-supfile 稳定的操作系统升级
standard-supfile 当前最新版的FreeBSD升级
#cd /usr/share/examples/cvsup
#ee ports-supfile 编辑ports的更新源为
*default host=cvsup.freebsdchina.org
#runsocks cvsup -g -L 2 ports-supfile(由于代理的关系使用runsocks)
cvsup -gL 2 -h cvsup.freebsdchina.org /usr/share/examples/cvsup/ports-supfile手动指定更新源
4:#echo‘UseDNS no’>> /etc/ssh/sshd_config (网络优化)—
5:安装openssl
#whereis openssl
#cd /usr/ports/security/openssl
#make install clean
#rehash
6:安装apache22
#whereis apache22
#cd /usr/ports/www/apache22
[X] THREADS Enable threads support in APR
[X] AUTH_BASIC Enable mod_auth_basic
[X] AUTH_DIGEST Enable mod_auth_digest
[X] AUTHN_FILE Enable mod_authn_file
[X] AUTHN_DBM Enable mod_authn_dbm
[X] AUTHN_ANON Enable mod_authn_anon
[X] AUTHN_DEFAULT Enable mod_authn_default
[X] AUTHN_ALIAS Enable mod_authn_alias
[X] AUTHZ_HOST Enable mod_authz_host
[X] AUTHZ_GROUPFILE Enable mod_authz_groupfile
[X] AUTHZ_USER Enable mod_authz_user
[X] AUTHZ_DBM Enable mod_authz_dbm
[X] AUTHZ_OWNER Enable mod_authz_owner
[X] AUTHZ_DEFAULT Enable mod_authz_default
[X] CACHE Enable mod_cache
[X] DISK_CACHE Enable mod_disk_cache
[X] FILE_CACHE Enable mod_file_cache
[X] DAV Enable mod_dav
[X] DAV_FS Enable mod_dav_fs
[X] ACTIONS Enable mod_actions
[X] ALIAS Enable mod_alias
[X] ASIS Enable mod_asis
[X] AUTOINDEX Enable mod_autoindex
[X] CERN_META Enable mod_cern_meta
[X] CGI Enable mod_cgi
[X] CHARSET_LITE Enable mod_charset_lite
[X] DEFLATE Enable mod_deflate
[X] DIR Enable mod_dir
[X] DUMPIO Enable mod_dumpio
[X] ENV Enable mod_env
[X] EXPIRES Enable mod_expires
[X] HEADERS Enable mod_headers
[X] IMAGEMAP Enable mod_imagemap
[X] INCLUDE Enable mod_include
[X] INFO Enable mod_info
[X] LOG_CONFIG Enable mod_log_config
[X] LOGIO Enable mod_logio
[X] MIME Enable mod_mime
[X] MIME_MAGIC Enable mod_mime_magic
[X] NEGOTIATION Enable mod_negotiation
[X] REWRITE Enable mod_rewrite
[X] SETENVIF Enable mod_setenvif
[X] SPELING Enable mod_speling
[X] STATUS Enable mod_status
[X] UNIQUE_ID Enable mod_unique_id
[X] USERDIR Enable mod_userdir #
[X] USERTRACK Enable mod_usertrack
[X] VHOST_ALIAS Enable mod_vhost_alias
[X] FILTER Enable mod_filter
[X] VERSION Enable mod_version
[X] SSL Enable mod_ssl
#make install clean
#rehash
# echo‘apache22_enable=”YES”’>> /etc/rc.conf
#cd /usr/local/etc/apache22
#ee httpd.conf 编辑
ServerName,DocumentRoot,Directory根据需求修改
<IfModule dir_module>
DirectoryIndex index.php index.phtml index.shtml default.shtml index.html index.htm
</IfModule>
SSI部分:
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php .php3 .phtml .conf .inf
AddType application/x-httpd-php-source .phps
#/usr/local/etc/rc.d/apache22 restart
#netstat –an | grep 80
7:安装mysql 4
#cd /usr/ports/databases/mysql41-server
#make install clean
#rehash
#echo‘mysql_enable=”YES”’>> /etc/rc.conf
#cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf
#mysqladmin –u root password “sw10”
8:安装php4
#cd /usr/ports/lang/php4
[X] CLI Build CLI version
[X] CGI Build CGI version
[X] APACHE Build Apache module
[X] FASTCGI Enable fastcgi support (CGI only)
[X] PATHINFO Enable path-info-check support (CGI only)
#cd /usr/ports/lang/php4-extensions
#make WITHOUT_X11=YES install clean ; rehash
#cp /usr/local/etc/php.ini-dist usr/local/etc/php.ini
#ee /usr/local/etc/php/extensions.ini 添加如下内容
extension=apc.so—————-php使用apc缓存
9:安装APC(pecl-APC)
#cd /usr/ports/www/pecl-APC
[X] PHP4_OPT Little optimization to PHP4 (php4的一个小优化)
#make install clean ;rehash
apc配置
/usr/local/share/doc/APC下面的apc.php拷贝到apache的路径下面,效果类似于phpinfo
#ee /usr/local/etc/php/extensions.ini 自动添加如下内容
extension=apc.so—————-php使用apc缓存
10:JDK 1.4安装配置
#cd /usr/ports/java/jdk14
修改 Makefile和distinfo更改版本信息
#make install clean ; rehash
时间比较长
#java -version检查jdk安装是否成功
11:tomcat5.5安装
#cd /usr/ports/www/tomcat55
#ee distinfo加上下面的验证文件(apache-tomcat-5.5.27-compat.tar.gz依赖包)
D5 (apache-tomcat-5.5.27-compat.tar.gz) = 028f3f8bb750b83e6e56d7417488d372
SHA256 (apache-tomcat-5.5.27-compat.tar.gz) = 0d0f4c5db1ede55474c002a7440df516cf277bbd7fb5663c067ba929d7daa9a5
SIZE (apache-tomcat-5.5.27-compat.tar.gz) = 1650784
#make install clean ; rehash
#echo‘tomcat55_enable=”YES”’>> /etc/rc.conf
#netstat 检查下tomcat的端口
#ps 查看tomcat的进程
12:安装mod_jk然后mod_jk整合apache和tomcat
#cd /usr/ports/www/mod_jk
#make install clean ; rehash
此时在/usr/local/etc/apache22/httpd.conf 文件里面多了关于mod_jk的so文件
#LoadModule jk_module libexec/apache22/mod_jk.so 默认是注释掉的
#ee /usr/local/etc/apache22/httpd.conf将#LoadModule jk_module libexec/apache22/mod_jk.so前面的#去掉
#cd /usr/local/etc/apache22/
#cp workers.properties.sample workers.properties
#ee workers.properties 内容更改如下:
worker.list=jsp-hostname
worker.jsp-hostname.port=8009
worker.jsp-hostname.host=localhost
worker.jsp-hostname.type=ajp13
worker.jsp-hostname.lbfactor=1
#cp mod_jk.conf.sample mod_jk.conf
#mv mod_jk.conf Includes(注意)
#ee Includes/mod_jk.conf更改为如下内容:
<IfModule mod_jk.c>
JkWorkersFile etc/apache22/workers.properties
JkLogFile /var/log/jk.log
JkShmFile /var/log/jk-runtime-status
JkLogLevel error
# Sample JkMounts. Replace these with the paths you would
# like to mount from your JSP server.
JkMount 5 * * * * /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
#cd /usr/local/etc/mrtg
ee cpu.cfg加入下面内容(cpu监控)
用的是snmpV3的版本配置文件里面加上这句话—-EnableSnmpV3: yes
WorkDir: /db/web/mrtg
LoadMIBs: /usr/local/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[cpu]:ssCpuRawUser.0&ssCpuRawUser.0:public@localhost + ssCpuRawSystem.0&ssCpuRawSystem.0:public@localhost + ssCpuRawNice.0&ssCpuRawNice.0:public@localhost
RouterUptime[cpu]: public@localhost
MaxBytes[cpu]: 100
Title[cpu]: CPU LOAD
PageTop[cpu]: <H1>CPU (user and system) Load %</H1>
ShortLegend[cpu]: %
YLegend[cpu]: CPU Utilization
Legend1[cpu]: User CPU in % (Load)
Legend2[cpu]: System CPU in % (Load)
Legend3[cpu]:
Legend4[cpu]:
LegendI[cpu]: Active
LegendO[cpu]:
Options[cpu]: growright,nopercent
ee ram.cfg (mem监控)
WorkDir: /db/web/mrtg
LoadMIBs: /usr/local/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[ramswap]: memAvailReal.0&memAvailSwap.0:public@localhost
Options[ramswap]: nopercent,growright,gauge,noinfo
Title[ramswap]: RAM & SWAP Status
PageTop[ramswap]: <H1>RAM & SWAP Status</H1>
MaxBytes[ramswap]: 1000000000
kMG[ramswap]: k,M,G,T,P,X
Ylegend[ramswap]: Octets
ShortLegend[ramswap]: octets
LegendI[ramswap]: RAM Free
LegendO[ramswap]: Swap Free
Legend1[ramswap]: RAM Free
Legend2[ramswap]: Swap Free
20:awstats
#cd /usr/ports/www/awstats
#make install clean ; rehash
#ee /usr/local/etc/apache22/httpd.conf加入awstats部分
# Directives to allow use of AWStats as a CGI
#
Alias /awstatsclasses “/usr/local/www/awstats/classes/”
Alias /awstatscss “/usr/local/www/awstats/css/”
Alias /awstatsicons “/usr/local/www/awstats/icons/”
ScriptAlias /awstats/ “/usr/local/www/awstats/cgi-bin/”
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory “/usr/local/www/awstats/”>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#cd /usr/local/www/awstats/tools
#./awstats_configure.pl执行配置
a)首先根据提示输入httpd.conf的文件完整路径,如/usr/local/etc/apache22/httpd.conf
b)默认log文件格式为common,它建议用combined格式,问是否要改,combined格式的LOG文件记录的信息更多,所以选Y
c)提示Do you want me to build a new AWStats config/profile file?(y/N),问是否要建一个新的awstats的配置文件,选y(当然选N可能也没关系,而且选N的话,下一步问文件名也没有了)
d)问What is the name of your web site or profile analysis?问网站名称,就随便填一个如dreye.com
e)问In which directory do you plan to store your config file?/usr/local/etc/awstats
f)重启apache
g)系统提示“configure.pl does not support automatic add to cron,需要手工把/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.sxszjzx.com加入cron,也可以手工执行/usr/local/awstats/tools/awstats_updateall.pl”,不用管它,直接操作一下即可。
修改/etc/awstats/awstats.www.mydomain.conf文件
根据需要修改LogFile=”/var/log/httpd/mylog.log”,如我的改为LogFile=”/etc/httpd/logs/access_log”
建立目录mkdir /var/lib/awstat
手工生成统计库/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.sxszjzx.com -update。如果想把/var/log/httpd/access_log.1234等也转换过来,可以先把/etc/awstats/awstats.doman.conf中的Logfile的值改为access_log.4,执行awstats.pl命令,再把Logfile的值改为access_log.3,执行awstats.pl,依次类推,最后把Logfile的值改回access_log
通过cron让系统每天自动更新统计数据。在/etc/cron.daily目录,建一个awstats.sh文件,内容如下:/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.sxszjzx.com>;/dev/null,别忘了把文件属性改为755
至此,awstats配置完成,我们可能通过http://www.myserver.mydomain/awstats/awstats.pl?config=myvirtualhostname。
修改配置文件awstats.www.mydomain.conf主要有下面几个地方
LogFile=””
SiteDomain=””
HostAliases=”localhost 127.0.0.1″
DNSLookup=0
DirData=””
DirIcons=””
SaveDatabaseFilesWithPermissionsForEveryone=0
DefaultFile=”index.php index.html”
21:Postfix+Cyrus-sasl+vm-pop3d安装配置
#cd /usr/ports/mail/vm-pop3d
#make install clean ;rehash
#cd /usr/ports/mail/postfix
[X] PCRE Perl Compatible Regular Expressions
[X] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[ ] DOVECOT Dovecot SASL authentication method
[ ] SASLKRB If your SASL req. Kerberos select this option
[ ] SASLKRB5 If your SASL req. Kerberos5 select this option
[ ] SASLKMIT If your SASL req. MIT Kerberos5 select this option
[X] TLS Enable SSL and TLS support
[ ] BDB Berkeley DB (choose version with WITH_BDB_VER)
[X] MYSQL MySQL maps (choose version with WITH_MYSQL_VER) (不要)
[ ] PGSQL PostgreSQL maps (choose with DEFAULT_PGSQL_VER)
[ ] OPENLDAP OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)
[ ] CDB CDB maps lookups
[ ] NIS NIS maps lookups
[ ] VDA VDA (Virtual Delivery Agent) (需要)
[ ] TEST SMTP/LMTP test server and generator
#make install clean ;rehash
#ee /etc/rc.conf添加以下内容
postfix_enable=”YES”
sendmail_enable=”NO”
sendmail_submit_enable=”NO”
sendmail_outbound_enable=”NO”
sendmail_msp_queue_enable=”NO”
#cd /usr/ports/security/cyrus-sasl2
[X] BDB Use Berkeley DB
[X] MYSQL Use MySQL (用数据库的选项,使用虚拟域时需要)
[ ] PGSQL Use PostgreSQL
[ ] SQLITE Use SQLite
[ ] DEV_URANDOM Use /dev/urandom
[ ] ALWAYSTRUE Enable the alwaystrue password verifier
[ ] KEEP_DB_OPEN Keep handle to Berkeley DB open
[X] AUTHDAEMOND Enable use of authdaemon (用数据库的选项,使用虚拟域时需要)
[X] LOGIN Enable LOGIN authentication
[X] PLAIN Enable PLAIN authentication
[X] CRAM Enable CRAM-MD5 authentication
[X] DIGEST Enable DIGEST-MD5 authentication
[X] OTP Enable OTP authentication
[X] NTLM Enable NTLM authentication
#make install clean ;rehash
建立postfix作smtpd用户认证的配置文件
#ee /usr/local/lib/sasl2/smtpd.conf 添加以下内容
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
#ee /usr/local/etc/postfix/main.cf 添加如下内容
myhostname = www.dreye.com.cn
mydomain = dreye.com.cn
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain
mynetworks = 127.0.0.0/8, 10.100.0.0/16
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
alias_maps = hash:/usr/local/etc/postfix/aliases
default_privs = nobody
allow_mail_to_commands = alias,forward,include
allow_mail_to_files = alias,forward,include
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject
#smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject
#cd /usr/local/etc
#mv sasldb2 sasldb2.db
saslpasswd2 -c -u wangzhongyuan.com test
添加能够通过验证的邮箱名和密码。由于我们使用虚拟域进行配置,所以我们在添加能通过验证的用户时,需要指定完整的邮箱名:
sasldblistusers2
查看这个验证数据库文件中已经有哪些用户
#cd /usr/local/etc/postfix
#ee virtual添加以下内容
# xxxxxxx1.com anything
# test@xxxxxxxn1.com test.xxxxxxx1.com 邮件服务器中添加虚拟域了,使用虚拟域就可以在一台服务器上为多个域名配置邮件服务功能,类似Apache中的虚拟主机一样
dreye.com.cn anything
vicky@dreye.com.cn vicky.dreye.com.cn
hanic@dreye.com.cn hanic.dreye.com.cn
service@dreye.com.cn vicky@dreye.com.cn
#postmap virtual 生成virtual.db虚拟域数据库,这时ls就会在当前目录下多了个virtual.db的目录
#ee aliases添加内容
#test.xxxxxxx1.com:/var/spool/virtual/xxxxxxx1.com/test
vicky.dreye.com.cn:/var/spool/virtual/dreye.com.cn/vicky
hanic.dreye.com.cn:/var/spool/virtual/dreye.com.cn/hanic
irina.dreye.com.cn:/var/spool/virtual/dreye.com.cn/irina
#postalias aliases 生成aliases.db别名数据库,这时ls就会在当前目录下多了个aliases.db的目录
评论