已经ROOT的安卓手机
RE管理器
由于CentOS7默认安装的是MariaDB,所以要添加MySQL的yum源,有些编译需要的devel包只有epel有,所以我们把epel源也一并添加
yum install -y wget
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum clean all
yum makecache
yum -y install samba samba-client samba-common
smbpasswd -a root
1,命令模式
systemctl set-default multi-user.target
2,图形模式
systemctl set-default graphical.target
1、防止不必要的麻烦关闭 Selinux
setenforce 0
永久关闭,可以修改配置文件/etc/selinux/config,将SELINU置为disabled
sudo reboot
sudo passwd root
1、编辑/etc/gdm/custom.conf,修改以下两行:
[daemon]
AutomaticLoginEnable=true 这个修改为 true
AutomaticLogin=root 这个修改为 root
2、登录到桌面时,不要直接点击用户名,而是选择“not list",然后输入root,输入密码即可进入
root 帐号通过 SSH 登录
vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
systemctl restart sshd.service
1. CentOS7.0 telnet-server 启动的问题。
解决方法:
①、先检查CentOS7.0是否已经安装以下两个安装包:telnet-server、xinetd。命令如下:
rpm -qa telnet-server
rpm -qa xinetd
如果没有安装,则先安装。安装命令:
[root@master ~]# yum list |grep telnet
telnet-server.x86_64 1:0.17-59.el7 @base
telnet.x86_64 1:0.17-59.el7 base
[root@master ~]# yum install telnet-server.x86_64
[root@master ~]# yum install telnet.x86_64
[root@master ~]# yum list |grep xinetd
xinetd.x86_64 2:2.3.15-12.el7 @base
[root@master ~]# yum install xinetd.x86_64
安装完成后,将xinetd服务加入开机自启动:
systemctl enable xinetd.service
将telnet服务加入开机自启动:
systemctl enable telnet.socket
最后,启动以上两个服务即可:
systemctl start telnet.socket
systemctl start xinetd(或service xinetd start)
# default: yes
# description: The telnet server servestelnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
[root@CentOS-Slave1 pam.d]# pwd
/etc/pam.d
[root@CentOS-Slave1 pam.d]# cat remote
#%PAM-1.0
#telent 远程root登陆允许
#auth required pam_securetty.so
auth substack password-auth
auth include postlogin
CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙。
1、关闭firewall:
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
2、安装iptables防火墙
yum install iptables-services -y #安装
vi /etc/sysconfig/iptables #编辑防火墙配置文件
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8888 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq! #保存退出
systemctl restart iptables.service #最后重启防火墙使配置生效
systemctl enable iptables.service #设置防火墙开机启动
5). 复制
「yw」:将光标所在之处到字尾的字符复制到缓冲区中。
「#yw」:复制#个字到缓冲区 www.2cto.com
「yy」:复制光标所在行到缓冲区。
「#yy」:例如,「6yy」表示拷贝从光标所在的该行"往下数"6行文字。
「p」:将缓冲区内的字符贴到光标所在位置。注意:所有与"y"有关的复制命令都必须与"p"配合才能完成复制与粘贴功能。
安装webmin
yum -y install openssl perl perl-Encode-Detect perl-Net-SSLeay perl-IO-Tty perl-Crypt-SSLeay
删除perl模块时先用如下命令查看perl的文件夹,然后直接删除文件或文件夹:
perl -e 'print join "\n",@INC'
测试perl模块是是否安装成功,用下面命令,无提示表示成功:
perl -e 'use Net::SSLeay'
wget https://prdownloads.sourceforge.net/webadmin/webmin-1.881-1.noarch.rpm
rpm -ivh webmin-1.881-1.noarch.rpm
二、安装postfix
1、安装编译及其他所需要的包,我这总共有124个包需要安装,mysql-server比较大,速度也比较慢
yum install -y nginx vim gcc gcc-c++ openssl openssl-devel ntpdate db4-devel bzip2 php-mysql cyrus-sasl-md5 perl-GD perl-DBD-MySQL perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl cyrus-sasl-devel libtool-ltdl-devel telnet mail libicu-devel mysql mysql-devel mysql-server
Error: Package: akonadi-mysql-1.9.2-4.el7.x86_64 (@anaconda)
Requires: mariadb-server
Removing: 1:mariadb-server-5.5.44-2.el7.centos.x86_64 (@anaconda)
mariadb-server = 1:5.5.44-2.el7.centos
Obsoleted By: mysql-community-server-5.6.34-2.el7.x86_64 (mysql56-community)
Not found
Updated By: 1:mariadb-server-5.5.50-1.el7_2.x86_64 (updates)
mariadb-server = 1:5.5.50-1.el7_2
Available: 1:mariadb-server-5.5.47-1.el7_2.x86_64 (updates)
mariadb-server = 1:5.5.47-1.el7_2
yum -y remove mariadb-libs
然后重新安装
yum install -y nginx vim gcc gcc-c++ openssl openssl-devel ntpdate db4-devel bzip2 php-mysql cyrus-sasl-md5 perl-GD perl-DBD-MySQL perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl cyrus-sasl-devel libtool-ltdl-devel telnet mail libicu-devel mysql mysql-devel mysql-server
2、编译安装postfix
1、卸载系统自带的postfix,删除postfix用户,重新指定uid、gid创建新用户postfix,postdrop
yum remove postfix -y
userdel postfix
groupdel postdrop
groupadd -g 2525 postfix
useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
2、下载源码包并解压编译
wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-3.3.0.tar.gz
tar xf postfix-3.3.0.tar.gz
cd postfix-3.3.0
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lrt -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
make && make install
make install的时候会有个交互式的界面,自定义一些目录,我们这里只更改第二项临时文件目录,其他的全部默认。
Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/]
Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/root/postfix-3.0.1] /tmp/extmail
…………………………
…………………………
shlib_directory: [no]
Please specify the final destination directory for non-executable files
that are shared among multiple Postfix instances, such as postfix-files,
dynamicmaps.cf, as well as the multi-instance template files main.cf.proto
and master.cf.proto.
meta_directory: [/etc/postfix]
3、更改目录属主属组
chown -R postfix:postdrop /var/spool/postfix
chown -R postfix:postdrop /var/lib/postfix/
chown root /var/spool/postfix
chown -R root /var/spool/postfix/pid
4,修改postfix的配置文件
[root@localhost ~]# vim /etc/postfix/main.cf
myhostname = mail.everyoo.com //设置主机名
mydomain = everyoo.com //指定域名
myorigin = $mydomain //指明发件人所在的域名
inet_interfaces = //all指定postfix系统监听的网络接口
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain //指定postfix接收邮件时收件人的域名 [使用虚拟域需要禁用]
mynetworks_style = host //指定信任网段类型
mynetworks = 192.168.1.0/24, 127.0.0.0/8 //指定信任的客户端
relay_domains = $mydestination //指定允许中转邮件的域名
alias_maps = hash:/etc/aliases //设置邮件的别名
三、安装dovecot
yum install -y dovecot dovecot-mysql
2、配置dovecot
[root@localhost ~]# cd /etc/dovecot/
[root@localhost dovecot]# vim dovecot.conf //直接在配置文件最后添加即可
protocols = imap pop3
!include conf.d/*.conf
listen = *
base_dir = /var/run/dovecot/
[root@localhost dovecot]# cd conf.d/
[root@localhost conf.d]# vim 10-auth.conf
disable_plaintext_auth = no
[root@localhost conf.d]# vim 10-mail.conf
mail_location = maildir:~/Maildir
mail_location = maildir:/var/mailbox/%d/%n/Maildir
mail_privileged_group = mail
[root@localhost conf.d]# vim 10-ssl.conf
ssl = no
[root@localhost conf.d]# vim 10-logging.conf
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.info
log_timestamp = "%Y-%m-%d %H:%M:%S "
[root@localhost conf.d]# cp auth-sql.conf.ext auth-sql.conf
[root@localhost conf.d]# vim auth-sql.conf
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
3、编辑dovecot通过mysql认证的配置文件
[root@localhost conf.d]# vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
四、安装courier-authlib
courier-unicode-1.2并编译安装。
[root@localhost ~]# wget https://jaist.dl.sourceforge.net/project/courier/courier-unicode/2.0/courier-unicode-2.0.tar.bz2
[root@localhost ~]# tar xf courier-unicode-2.0.tar.bz2
[root@localhost ~]# cd courier-unicode-2.0
[root@localhost courier-unicode-2.0]# ./configure
[root@localhost courier-unicode-2.0]# make && make install
1、下载解压并并编译
[root@localhost ~]# wget https://jaist.dl.sourceforge.net/project/courier/authlib/0.68.0/courier-authlib-0.68.0.tar.bz2
[root@localhost ~]# tar xf courier-authlib-0.68.0.tar.bz2
[root@localhost ~]# cd courier-authlib-0.68.0
[root@localhost ~]# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/lib64/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-mailuser=postfix --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon
[root@localhost courier-authlib-0.66.2] make && make install
2、配置 courier-authlib
[root@localhost courier-authlib-0.66.2]# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
[root@localhost courier-authlib-0.66.2]# cp /etc/authdaemonrc.dist /etc/authdaemonrc
[root@localhost courier-authlib-0.66.2]# cp /etc/authmysqlrc.dist /etc/authmysqlrc
[root@localhost courier-authlib-0.66.2]# vim /etc/authdaemonrc //配置文件里的验证方法比较多,我们这里只使用authmysql
authmodulelist="authmysql"
authmodulelistorig="authmysql"
[root@localhost courier-authlib-0.66.2]#cat /etc/authmysqlrc |grep -v ^#| grep -v ^$
[root@localhost courier-authlib-0.66.2]# vim /etc/authmysqlrc
//直接添加到配置文件尾部,然后去上面将响应系统默认的注视掉,或者删除即可
MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
DEFAULT_DOMAIN haose888.org
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
3、 courier-authlib 添加服务启动脚本及其他
[root@localhost courier-authlib-0.66.2]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@localhost courier-authlib-0.66.2]# chmod +x /etc/init.d/courier-authlib
[root@localhost courier-authlib-0.66.2]# chkconfig --add courier-authlib
[root@localhost courier-authlib-0.66.2]# chkconfig courier-authlib on
[root@localhost courier-authlib-0.66.2]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
[root@localhost courier-authlib-0.66.1]# ldconfig
[root@localhost courier-authlib-0.66.1]# service courier-authlib start
Starting Courier authentication services: authdaemond
4、smtp以及虚拟用户相关的设置
[root@localhost ~]# vim /usr/lib64/sasl2/smtpd.conf //文件不存在,要自己创建
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /usr/local/courier-authlib/var/spool/authdaemon/socket
[root@localhost ~]# vim /etc/postfix/main.cf
##postfix支持SMTP##
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients=yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
##postfix支持虚拟用户##
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#这里的配置文件需在后面extman里复制过来
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
重启服务
service courier-authlib restart
二、mysql安装
一般网上给出的资料都是
#yum install mysql -y
#yum install mysql-server -y
#yum install mysql-devel -y
安装mysql和mysql-devel都成功,但是安装mysql-server失败,如下:
复制代码
[root@yl-web yl]# yum install mysql-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.sina.cn
* extras: mirrors.sina.cn
* updates: mirrors.sina.cn
No package mysql-server available.
Error: Nothing to do
复制代码
查资料发现是CentOS 7 版本将MySQL数据库软件从默认的程序列表中移除,用mariadb代替了。
有两种解决办法:
1、方法一:安装mariadb
MariaDB数据库管理系统是MySQL的一个分支,主要由开源社区在维护,采用GPL授权许可。开发这个分支的原因之一是:甲骨文公司收购了MySQL后,有将MySQL闭源的潜在风险,因此社区采用分支的方式来避开这个风险。MariaDB的目的是完全兼容MySQL,包括API和命令行,使之能轻松成为MySQL的代替品。
安装mariadb,大小59 M。
[root@yl-web yl]# yum install mariadb-server mariadb -y
mariadb数据库的相关命令是:
systemctl start mariadb #启动MariaDB
systemctl stop mariadb #停止MariaDB
systemctl restart mariadb #重启MariaDB
systemctl enable mariadb #设置开机启动
所以先启动数据库
[root@yl-web yl]# systemctl start mariadb
然后就可以正常使用mysql了
复制代码
[root@yl-web yl]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>
复制代码
安装mariadb后显示的也是 MariaDB [(none)]> ,可能看起来有点不习惯。下面是第二种方法。
2、方法二:官网下载安装mysql-server
# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
# rpm -ivh mysql-community-release-el7-5.noarch.rpm
# yum install mysql-community-server
安装成功后重启mysql服务。
# service mysqld restart
初次安装mysql,root账户没有密码。
复制代码
[root@yl-web yl]# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.26 MySQL Community Server (GPL)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.01 sec)
mysql>
复制代码
设置密码
mysql> set password for 'root'@'localhost' =password('password');
Query OK, 0 rows affected (0.00 sec)
mysql>
不需要重启数据库即可生效。
在mysql安装过程中如下内容:
复制代码
Installed:
mysql-community-client.x86_64 0:5.6.26-2.el7 mysql-community-devel.x86_64 0:5.6.26-2.el7
mysql-community-libs.x86_64 0:5.6.26-2.el7 mysql-community-server.x86_64 0:5.6.26-2.el7
Dependency Installed:
mysql-community-common.x86_64 0:5.6.26-2.el7
Replaced:
mariadb.x86_64 1:5.5.41-2.el7_0 mariadb-devel.x86_64 1:5.5.41-2.el7_0 mariadb-libs.x86_64 1:5.5.41-2.el7_0
mariadb-server.x86_64 1:5.5.41-2.el7_0
复制代码
所以安装完以后mariadb自动就被替换了,将不再生效。
[root@yl-web yl]# rpm -qa |grep mariadb
[root@yl-web yl]#
三、配置mysql
1、编码
mysql配置文件
vim /etc/my.cnf
最后加上编码配置
[mysql]
default-character-set =utf8
这里的字符编码必须和/usr/share/mysql/charsets/Index.xml中一致。
2、远程连接设置
把在所有数据库的所有表的所有权限赋值给位于所有IP地址的root用户。
mysql> grant all privileges on *.* to root@'%'identified by 'password';
如果是新用户而不是root,则要先新建用户
mysql>create user 'extmail'@'localhost' identified by 'password';
mysql> set password for 'extmail'@'localhost' =password('123456');
此时就可以进行远程连接了。
我装的系统是centos7,nginx有很多版本的,下面我给个链接http://nginx.org/packages/mainline/centos/7/x86_64/RPMS/
下载对应当前系统版本的nginx包(package)
# wget http://nginx.org/packages/mainline/centos/7/x86_64/RPMS/nginx-1.13.3-1.el7.ngx.x86_64.rpm
建立nginx的yum仓库
# rpm -ivh nginx-1.13.3-1.el7.ngx.x86_64.rpm
下载并安装nginx
# yum install nginx
查看nginx服务状态,如下:
# systemctl status nginx.service
nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: inactive (dead) //服务未开启
# systemctl start nginx.service /启动nginx服务
# systemctl restart nginx.service /重新启动
# systemctl stop nginx.service /停止服务
# systemctl enable nginx.service /开机启动
# systemctl disable nginx.service /禁止开机启动
CentOS 7 默认是firewall
添加防火墙规则如下:
# firewall-cmd --add-port=80/tcp //http协议基于TCP传输协议,放行80端口
如果添加以上的命令还不行,那么就关闭firewalld
停止
# systemctl stop firewalld.service
禁止开机启动
# systemctl disable firewalld.service
配置
默认的配置文件在 /etc/nginx 路径下,使用该配置已经可以正确地运行nginx;
如需要自定义,修改其下的 nginx.conf 或conf.d/default.conf等文件即可。
测试
在浏览器地址栏中输入部署nginx环境的机器的IP,如果一切正常,应该能看到如下字样的内容。
配置yum源,事先确认yum源的链接是不是有效的。
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
确认安装的php版本。
# yum list --enablerepo=remi --enablerepo=remi-php56 | grep php
安装php5.6---php-opcache及php-pecl-apcu会有效的提高php执行速度。
# yum install --enablerepo=remi --enablerepo=remi-php56 php php-opcache php-pecl-apcu php-devel php-mbstring php-mcrypt php-mysqlnd php-phpunit-PHPUnit php-pecl-xdebug php-pecl-xhprof php-pdo php-pear php-fpm php-cli php-xml php-bcmath php-process php-gd php-common -y
此处省略n行...正在安装,遇到输入,选y就是了。
最后,确认php版本。命令:php -v
重启httpd,大功告成!收工!
重启命令:systemctl restart nginx
systemctl restart php-fpm.service
yum install php-fpm php-cli php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy php-pecl-apc -y
yum install php54-php-fpm
yum --enablerepo=remi install php-fpm -y
配置 PHP
打开 PHP 配置文件:vi /etc/php.ini
设置 cgi.fix_pathinfo=1:(此处有坑~!)
date.timezone = PRC
打开:vi /etc/php-fpm.d/www.conf
; RPM: apache Choosed to be able to access some dir as httpd
user = www
; RPM: Keep a group allowed to write in log dir.
group = www
;listen = 127.0.0.1:9000
改为
listen = /var/run/php-fpm/php-fpm.socket
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
;php_value[session.save_path] = /var/lib/php/session
3.安装PHP的mcrypt扩展
CentOS 7运行Laravel的一个不方便的地方就是yum没有php的mcrypt扩展,需要手动编译安装一个。
首先需要编译安装libmcrypt。
yum -y install libmcrypt libmcrypt-devel php-mcrypt php-mbstring libmhash
wget https://superb-dca2.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make & make install
然后再编译mcrypt.so,编译完成之后放到/usr/lib64/modules目录下。
wget https://pilotfiber.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
configure: error: "You need at least libmhash 0.8.15 to compile this program. http://mhash.sf.net/"
export LD_LIBRARY_PATH=/usr/local/lib/libmcrypt/lib:/usr/local/lib/mhash/lib
export LDFLAGS="-L/usr/local/lib/mhash/lib/ -I/usr/local/lib/mhash/include/"
export CFLAGS="-I/usr/local/lib/mhash/include/"
./configure --prefix=/usr/local/lib/mcrypt/ --with-libmcrypt-prefix=/usr/local/lib/libmcrypt
打开/etc/ld.so.conf,在文件之后,添加一行:
/usr/local/lib
然后,执行 ldconfig ,重新编译即可。
make & make install
再到/etc/php.d路径下新建mcrypt.ini文件,内容如下
; Enable mcrypt extension module
extension=mcrypt.so
重启php-fpm之后即可加载了。
# chmod 0660 /var/run/php-fpm/php-fpm.socket
# chown nginx:nginx /var/run/php-fpm/php-fpm.socket
systemctl restart php-fpm.service
或者源码安装PHP
1、从官网下载PHP源码包 (php-5.5.38)
2、安装依赖包
yum install libxml2 libxml2-devel bzip2-devel libcurl-devel -y
yum install openssl openssl-devel -y
yum install libjpeg-devel libpng-devel freetype-devel -y
yum install libmcrypt libmcrypt-devel -y
3、编译安装
$ tar -xzvf php-7.2.5.tar.gz
$ cd php-7.2.5
$ ./configure --prefix=/usr/local/php ...
./configure --prefix=/usr/local/php725 --with-config-file-path=/usr/local/php725/etc --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-opcache --enable-fpm --with-mysql --with-mysqli --with-pdo-mysql --with-gettext --enable-mbstring --with-iconv --with-mcrypt --with-mhash --with-openssl --enable-bcmath --enable-soap --with-libxml-dir --enable-pcntl --enable-shmop --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-sockets --with-curl --with-zlib --enable-zip --with-bz2 --with-gd --with-freetype-dir --with-jpeg-dir --with-png-dir
make && make install
安装成功的打印信息:
Installing shared extensions: /usr/local/php/lib/php/extensions/no-debug-non-zts-20121212/
Installing PHP CLI binary: /usr/local/php/bin/
Installing PHP CLI man page: /usr/local/php/php/man/man1/
Installing PHP FPM binary: /usr/local/php/sbin/
Installing PHP FPM config: /usr/local/php/etc/
Installing PHP FPM man page: /usr/local/php/php/man/man8/
Installing PHP FPM status page: /usr/local/php/php/php/fpm/
Installing PHP CGI binary: /usr/local/php/bin/
Installing PHP CGI man page: /usr/local/php/php/man/man1/
Installing build environment: /usr/local/php/lib/php/build/
Installing header files: /usr/local/php/include/php/
Installing helper programs: /usr/local/php/bin/
program: phpize
program: php-config
Installing man pages: /usr/local/php/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment: /usr/local/php/lib/php/
[PEAR] Archive_Tar - installed: 1.4.0
[PEAR] Console_Getopt - installed: 1.4.1
[PEAR] Structures_Graph- installed: 1.1.1
[PEAR] XML_Util - installed: 1.3.0
[PEAR] PEAR - installed: 1.10.1
Wrote PEAR system config file at: /usr/local/php/etc/pear.conf
You may want to add: /usr/local/php/lib/php to your php.ini include_path
/opt/software/php-5.5.38/build/shtool install -c ext/phar/phar.phar /usr/local/php/bin
ln -s -f phar.phar /usr/local/php/bin/phar
Installing PDO headers: /usr/local/php/include/php/ext/pdo/
安装成功之后进入/usr/local/php/bin目录查看php版本
[root@docker bin]# php -v
PHP 5.5.38 (cli) (built: Feb 28 2017 20:24:05)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
4、移动配置文件
$ cp php.ini-production /usr/local/php725/etc/php.ini //将源码文件中的php.ini-production移动到php配置文件夹下作为php的配置文件
$ cp /usr/local/php725/etc/php-fpm.conf.default /usr/local/php725/etc/php-fpm.conf
5、将php-fpm配置为系统服务,并设置为开机启动
cp sapi/fpm/php-fpm /usr/local/bin
然后设置php.ini,使用: vim /usr/local/php725/lib/php.ini 打开php配置文件找到cgi.fix_pathinfo配置项,这一项默认被注释并且值为1,根据官方文档的说明,这里为了当文件不存在时,阻止Nginx将请求发送到后端的PHP-FPM模块,从而避免恶意脚本注入的攻击,所以此项应该去掉注释并设置为0
php_value[session.save_path] = "/tmp/php725"
cp /usr/local/php725/etc/php-fpm.d/www.conf.default /usr/local/php725/etc/php-fpm.d/www.conf
vim /usr/local/php725/etc/php-fpm.d/www.conf
默认user和group的设置为nobody,将其改为www
listen = /var/run/php-fpm725/php-fpm.socket
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
# chmod 0660 /var/run/php-fpm725/php-fpm.socket
# chown nginx:nginx /var/run/php-fpm725/php-fpm.socket
启动
/usr/local/bin/php-fpm
$ cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm //php源码目录下
$ chmod +x /etc/init.d/php-fpm
$ chkconfig --add php-fpm
$ chkconfig php-fpm on
$ service php-fpm restart
[root@client fpm]# service php-fpm start
Starting php-fpm done
[root@client fpm]# ps -ef |grep php
root 4586 1 0 10:32 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf)
nobody 4587 4586 0 10:32 ? 00:00:00 php-fpm: pool www
nobody 4588 4586 0 10:32 ? 00:00:00 php-fpm: pool www
root 4590 2526 0 10:32 pts/0 00:00:00 grep --color=auto php
[root@client fpm]# netstat -nat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.56.202:22 192.168.56.1:55794 ESTABLISHED
tcp 0 52 192.168.56.202:22 192.168.56.1:55757 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
配置一下nginx虚拟主机nginx.conf
静态解析
静态解析按照nginx提供的virtual.conf里面提供的例子解析即可
动态解析,因为nginx本身不能解析php,所以它会把php转发到9000端口,提交给php-fpm去解析,这里我贴出我的配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 10240;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name test.com;
index index.html index.htm index.php;
set $root_path /var/www;
root $root_path;
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php?_url=/$1;
}
location ~ .*\.(php|php5)?$
{
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.cgi$ {
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
-这里有一个地方需要注意,如果你在重启nginx的时候,出现无法识别$document_root,你需要将你的 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;里面的$document_root换成你项目入口文件位置,我就在这个地方纠结了好久,弄半天才整出来,这个解析规则基本能满足大部分php项目解析
cd ~
curl -L https://files.phpmyadmin.net/phpMyAdmin/4.8.0.1/phpMyAdmin-4.8.0.1-all-languages.zip -o phpmyadmin.zip
yum install -y unzip zip
unzip phpmyadmin.zip
mv phpMyAdmin-4.8.0.1-all-languages /var/www/phpmyadmin
现在,打开浏览器,输入为 nginx 服务器绑定的主机名,后面加上 phpMyAdmin 所在的目录名,http://127.0.0.1/phpmyadmin 。显示了一个错误:
session_start(): open(SESSION_FILE, O_RDWR) failed: Permission denied (13)
引起这个错误的原因是 php 没有权限把 session 写到指定的目录里,这些 session 文件保存的位置是在 php 的配置文件里定义的,用我们前面测试 php 创建的 phpinfo.php 可以查看这个目录的位置,在浏览器里打开这个文件,搜索 session.save_path:
phpmyadmin/libraries/session.inc.php
session.save_path /var/lib/php-fpm/session
这个 /var/lib/php-fpm/session 是保存 session 用的目录,这个目录现在属于 root 这个用户,我们的 php-fpm 是用 vagrant 用户运行的,所以,你可以把这个目录的拥有者改成 vagrant :
chown nginx /var/lib/php-fpm/session
cp config.sample.inc.php config.inc.php
openssl rand -base64 32
返回:
AhONip2q+KmANQJfbzx7NC+j+hsGRKuhuQi8ClJG4mk=
复制返回来的随机密码,然后打开 config.inc.php,搜索 $cfg['blowfish_secret'] ,把复制的密码粘贴到这个配置的后面。
$cfg['blowfish_secret'] = 'AhONip2q+KmANQJfbzx7NC+j+hsGRKuhuQi8ClJG4mk=';
保存配置文件,回到浏览器,重新登录,警告就会消失了
五、安装extmail
extmail和extman可通过这两个链接下载
wget http://7xivyw.com1.z0.glb.clouddn.com/extmail-1.2.tar.gz
wget http://7xivyw.com1.z0.glb.clouddn.com/extman-1.1.tar.gz
1、创建目录并解压
[root@localhost ~]# mkdir -p /var/www/extsuite
[root@localhost ~]# tar xf extmail-1.2.tar.gz -C /var/www/extsuite/
[root@localhost ~]# mv /var/www/extsuite/extmail-1.2/ /var/www/extsuite/extmail
2、更改extmail的配置文件
[root@localhost ~]# cd /var/www/extsuite/extmail
[root@localhost extmail]# cp webmail.cf.default webmail.cf
[root@localhost extmail]# vim webmail.cf
# sys_config, the config file and webmail programe root
SYS_CONFIG = /var/www/extsuite/extmail/
# sys_langdir, the i18n dir
SYS_LANGDIR = /var/www/extsuite/extmail/lang
# sys_templdir, the template dir
SYS_TEMPLDIR = /var/www/extsuite/extmail/html
# sys_http_cache, a switch to enable or disable http cache via http header
SYS_HTTP_CACHE = 0
# sys_smtp_host
SYS_SMTP_HOST = 127.0.0.1
# sys_smtp_port
SYS_SMTP_PORT = 25
# sys_smtp_timeout
SYS_SMTP_TIMEOUT = 5
# sys_spam_report_on = 1 | 0 - enable spam reporting or not
SYS_SPAM_REPORT_ON = 0
# sys_spam_report_type = dspam | spamassassin - spam reporting type
SYS_SPAM_REPORT_TYPE = dspam
# sys_warn, show system warning or not, default to yes
SYS_SHOW_WARN = 0
# sys_ip_security_on = 1 | 0 - enable login ip security or not
SYS_IP_SECURITY_ON = 1
# sys_permit_noquota, permit an account without qouta?
SYS_PERMIT_NOQUOTA = 1
# sys_sess_dir, the session dir
SYS_SESS_DIR = /tmp/extmail
# sys_upload_tmpdir, the temp directory for file uploading
SYS_UPLOAD_TMPDIR = /tmp/extmail/upload
# sys_log_on = 1 | 0 - enable logging or not
SYS_LOG_ON = 1
# sys_log_type = file|syslog|nsyslog, syslog will save login
# or error info into mail.*, nsyslog is a replacement to syslog
# that will send log message to network syslogd
SYS_LOG_TYPE = syslog
# sys_log_file - path to log file, if sys_log_type = file
SYS_LOG_FILE = /var/log/extmail.log
# sys_sess_timeout, session timeout, default 3 hours (3h) format:
# number+(s|m|h|d|M|y); or only number, the 0 means that the
# session will last for 0 seconds, but if you specify the
# sys_sess_cookie_only = 1 then it means the session will expire
# after you close your browser :)
SYS_SESS_TIMEOUT = 0
# sys_sess_cookie_only = 0|1 use cookie only or include cgi "sid"
# parameter ? if set to true(1), the session will be expired after
# sys_sess_timeout if there is no any active request from browser
SYS_SESS_COOKIE_ONLY = 1
# sys_user_psize, user default page_size
SYS_USER_PSIZE = 10
# sys_user_tsize, user mail subject truncate size, valid type:
# auto => full text
# screen1 => 800x600
# screen2 => 1024x768
# screen3 => 1280x1024
SYS_USER_SCREEN = auto
# sys_user_lang, user default language
SYS_USER_LANG = zh_CN
# sys_app_type, the app type: WebMail or ExtMan? It must be the same
# as prefix part of language package name, eg: WebMail::en_US
SYS_APP_TYPE = WebMail
# sys_user_template, user default template
SYS_USER_TEMPLATE = default
# sys_user_charset, user default charset
#SYS_USER_CHARSET = utf-8
SYS_USER_CHARSET = gb2312
# sys_user_trylocal, user default outgoing encoding mechanism
SYS_USER_TRYLOCAL = 1
# sys_user_timezone, user default timezone
SYS_USER_TIMEZONE = +0800
# sys_user_* default parameters
SYS_USER_CCSENT = 1
SYS_USER_SHOW_HTML = 1
SYS_USER_COMPOSE_HTML = 1
SYS_USER_CONV_LINK =1
SYS_USER_ADDR2ABOOK = 1
# sys_message_size_limit, default message size limit per user
# count as byte(s), eg: 5242880 means 5MB
SYS_MESSAGE_SIZE_LIMIT = 5242880
# sys_min_pass_len, minimal password length, default 2
SYS_MIN_PASS_LEN = 3
# sys_mfilter_on, default is off
SYS_MFILTER_ON = 1
# sys_netdisk_on, default is off
SYS_NETDISK_ON = 1
# sys_show_signup, default is on, this feature need extman
# 0.2.2 or higher version, built with signup serivce
SYS_SHOW_SIGNUP = 1
# sys_debug_on, default is off
SYS_DEBUG_ON = 1
# sys auth type, mysql/ldap/authlib
SYS_AUTH_TYPE = mysql
# maildir_base, the base dir of user maildir, use absolute path
# if not set.
SYS_MAILDIR_BASE = /var/mailbox
# sys_auth_schema, vpopmail1/vpopmail2/virtual
# vpopmail1 => all user accounts in one table
# vpopmail2 => accounts in per domain table
SYS_AUTH_SCHEMA = virtual
# crypt_type, the default encrypt type of password, possible type
# currently is crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1
SYS_CRYPT_TYPE = md5crypt
# if mysql, all relate parameters should prefix as SYS_MYSQL
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = 123456
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
# table name
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
# sys_mysql_attr_clearpw - attribute to save clear password, useful for
# postmaster withdraw the original passwd if the end user forgot, but
# we highly recommend that you don't enable it for security reason
SYS_MYSQL_ATTR_CLEARPW = clearpwd
SYS_MYSQL_ATTR_QUOTA = quota
SYS_MYSQL_ATTR_NDQUOTA = netdiskquota
SYS_MYSQL_ATTR_HOME = homedir
SYS_MYSQL_ATTR_MAILDIR = maildir
# service enable/disable attributes
# comment them out if you don't want their function
SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail
SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk
SYS_MYSQL_ATTR_DISABLEPWDCHANGE = disablepwdchange
SYS_MYSQL_ATTR_ACTIVE = active
# password retrieve attributes
# comment them out if you don't want such function
SYS_MYSQL_ATTR_PWD_QUESTION = question
SYS_MYSQL_ATTR_PWD_ANSWER = answer
# if ldap, all relate parameters should prefix as SYS_LDAP
SYS_LDAP_BASE = o=extmailAccount,dc=example.com
SYS_LDAP_RDN = cn=Manager,dc=example.com
SYS_LDAP_PASS = secret
SYS_LDAP_HOST = localhost
# ldif attributes
SYS_LDAP_ATTR_USERNAME = mail
SYS_LDAP_ATTR_DOMAIN = virtualDomain
SYS_LDAP_ATTR_PASSWD = userPassword
# sys_ldap_attr_clearpw - attribute to save clear password, useful for
# postmaster withdraw the original passwd if the end user forgot, but
# we highly recommend that you don't enable it for security reason
SYS_LDAP_ATTR_CLEARPW = clearPassword
SYS_LDAP_ATTR_QUOTA = mailQuota
SYS_LDAP_ATTR_NDQUOTA = netdiskQuota
SYS_LDAP_ATTR_HOME = homeDirectory
SYS_LDAP_ATTR_MAILDIR = mailMessageStore
# service enable/disable attributes
# comment them out if you don't want their function
SYS_LDAP_ATTR_DISABLEWEBMAIL = disablewebmail
SYS_LDAP_ATTR_DISABLENETDISK = disablenetdisk
SYS_LDAP_ATTR_DISABLEPWDCHANGE = disablePasswdChange
SYS_LDAP_ATTR_ACTIVE = active
# password retrieve attributes
# comment them out if you don't want such function
SYS_LDAP_ATTR_PWD_QUESTION = question
SYS_LDAP_ATTR_PWD_ANSWER = answer
# if authlib, all relate parameters should prefix as AUTHLIB
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
# Global Abook support
# sys_g_abook_type, global abook type, valid is ldap|file
SYS_G_ABOOK_TYPE = file
# if ldap, all relate parameters should prefix as SYS_G_ABOOK_LDAP
SYS_G_ABOOK_LDAP_HOST = localhost
SYS_G_ABOOK_LDAP_BASE = ou=AddressBook,dc=example.com
SYS_G_ABOOK_LDAP_ROOTDN = cn=Manager,dc=example.com
SYS_G_ABOOK_LDAP_ROOTPW = secret
SYS_G_ABOOK_LDAP_FILTER = objectClass=OfficePerson
# if file, all relate parameters should prefix as SYS_G_ABOOK_FILE
SYS_G_ABOOK_FILE_PATH = /var/www/extsuite/extmail/globabook.cf
SYS_G_ABOOK_FILE_LOCK = 1
SYS_G_ABOOK_FILE_CONVERT = 0
SYS_G_ABOOK_FILE_CHARSET = gb2312
3、建立临时文件目录与session目录
[root@localhost extmail]# mkdir -p /tmp/extmail/upload
[root@localhost extmail]# chown -R postfix.postfix /tmp/extmail/
六、安装extman
1、解压extman
[root@localhost ~]# tar xf extman-1.1.tar.gz -C /var/www/extsuite/
[root@localhost ~]# cd /var/www/extsuite/
[root@localhost extsuite]# mv extman-1.1/ extman
2、更改extman配置文件
[root@localhost extsuite]# cd extman/
[root@localhost extman]# cp webman.cf.default webman.cf
[root@localhost extman]# vim webmail.cf
# sys_config, the config file and webman programe root
SYS_CONFIG = /var/www/extsuite/extman/
# sys_langdir, the i18n dir
SYS_LANGDIR = /var/www/extsuite/extman/lang
# sys_templdir, the template dir
SYS_TEMPLDIR = /var/www/extsuite/extman/html
# maildir_base, the base dir of user maildir, use absolute path
# if not set.
SYS_MAILDIR_BASE = /var/mailbox
# sys_warn, show system warning or not, default to yes
SYS_SHOW_WARN = 0
# sys_sess_dir, the session dir
SYS_SESS_DIR = /tmp/extman/
# sys_captcha_on 1|0 - to enable captcha feature or not
SYS_CAPTCHA_ON = 0
# sys_captcha_key
SYS_CAPTCHA_KEY = r3s9b6a7
# sys_captcha_len
SYS_CAPTCHA_LEN = 6
# sys_purge_data - to completely destroy user's mailbox or not?
SYS_PURGE_DATA = 0
# sys_sess_timeout, session timeout in seccond, default 6 hours
# SYS_SESS_TIMEOUT = 21600
# sys_user_psize, user default page_size
SYS_PSIZE = 20
# sys_user_lang, user default language
SYS_LANG = zh_CN
# sys_app_type, the app type: WebMail or ExtMan? It must be the same
# as prefix part of language package name, eg: WebMail::en_US
SYS_APP_TYPE = ExtMan
# sys_template_name, the template name
SYS_TEMPLATE_NAME = default
# web management related restritions
# sys_default_expire, valid value: ?y ?m ?d
SYS_DEFAULT_EXPIRE = 1y
# sys_groupmail_sender - sender for groupmail, this account must
# exist or postfix or other mta will complain error
SYS_GROUPMAIL_SENDER = postmaster@extmail.org
# sys_default_services, valid value: smtpd, smtp, webmail, netdisk,
# imap and pop3, concatenate with "," as multiple values, eg: webmail,smtpauth
SYS_DEFAULT_SERVICES = webmail,smtpd,smtp,pop3,netdisk
# sys_isp_mode, yes|no - if yes, use our HashDir to spread
# storage to multiple directories
SYS_ISP_MODE = no
# sys_domain_hashdir = yes|no, if yes we will enable domain hashdir
# depend on sys_isp_mode = yes
SYS_DOMAIN_HASHDIR = yes
# sys_domain_hashdir_depth, the hash length and depth, format:
# length x depth, eg: 2x1 => length =2, depth =1
# depend on sys_isp_mode = yes
SYS_DOMAIN_HASHDIR_DEPTH = 2x2
# sys_user_hashdir = yes|no, if yes we will enable user hashdir
# depend on sys_isp_mode = yes
SYS_USER_HASHDIR = yes
# sys_user_hashdir_depth, similar to sys_hashdir_domain_depth
SYS_USER_HASHDIR_DEPTH = 2x2
# XXX FIXME
# experimental feature, per domain tranport/routing capability
# same config style as SYS_USER_ROUTING_LIST
# SYS_DOMAIN_ROUTING_LIST = lmtp:mx1.extmail.org,lmtp:mx2.extmail.org
# XXX FIXME
# experimental feature, per user routing capability
# please specify routing info, concatenate with "," as multiple list
# members, eg: smtp:mx1.abc.com,smtp:mx2.abc.com
# SYS_USER_ROUTING_LIST = smtp:[192.168.2.130],smtp:[192.168.2.128]
# sys_min_uid, the minimal uid
SYS_MIN_UID = 500
# sys_min_gid, the minimal gid
SYS_MIN_GID = 100
# sys_default_uid, if not set, webman will ignore it
SYS_DEFAULT_UID = 2525
# sys_default_gid, if not set, webman will ignore it
SYS_DEFAULT_GID = 2525
# sys_quota_multiplier, in bytes, default to 1 MB
SYS_QUOTA_MULTIPLIER = 1048576
# sys_quota_type, valid type: vda|courier
SYS_QUOTA_TYPE = courier
# maxquota, alias, users and netdisk quota for domain
SYS_DEFAULT_MAXQUOTA = 500
SYS_DEFAULT_MAXALIAS = 100
SYS_DEFAULT_MAXUSERS = 100
SYS_DEFAULT_MAXNDQUOTA = 500
# per user default quota, netdisk quota and expire
SYS_USER_DEFAULT_QUOTA = 5
SYS_USER_DEFAULT_NDQUOTA = 5
SYS_USER_DEFAULT_EXPIRE = 1y
# sys_backend_type mysql|ldap
SYS_BACKEND_TYPE = mysql
# sys_crypt_type: crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1
SYS_CRYPT_TYPE = md5crypt
# if mysql, all relate paramters should prefix as SYS_MYSQL
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = 123456
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
# table name
SYS_MYSQL_TABLE = manager
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_PASSWD = password
# comment it if you only want to save crypted password
# we highly recommend that you disable the following line :)
# SYS_MYSQL_ATTR_CLEARPW = clearpwd
# if ldap, all relate paramters should prefix as SYS_LDAP
SYS_LDAP_BASE = dc=extmail.org
SYS_LDAP_RDN = cn=Manager,dc=extmail.org
SYS_LDAP_PASS = secret
SYS_LDAP_HOST = localhost
# ldif attributes
SYS_LDAP_ATTR_USERNAME = mail
SYS_LDAP_ATTR_PASSWD = userPassword
# comment it if you only want to save crypted password
# we highly recommend that you disable the following line :)
# SYS_LDAP_ATTR_CLEARPW = clearPassword
# sys_rrd_datadir, the full path of rrd data
SYS_RRD_DATADIR = /var/lib
# sys_rrd_tmpdir, the temp dir for graph
SYS_RRD_TMPDIR = /tmp/viewlog
# sys_rrd_queue_on, yes|no, show queue or not
SYS_RRD_QUEUE_ON = yes
# sys_cmdserver_sock
SYS_CMDSERVER_SOCK = /tmp/cmdserver.sock
# sys_cmdserver_maxconn
SYS_CMDSERVER_MAXCONN = 5
# sys_cmdserver_pid
SYS_CMDSERVER_PID = /var/run/cmdserver.pid
# sys_cmdserver_log
SYS_CMDSERVER_LOG = /var/log/cmdserver.log
# sys_cmdserver_authcode
SYS_CMDSERVER_AUTHCODE = your_auth_code_here
# sys_disable_server_list
SYS_IGNORE_SERVER_LIST = web
3、更改cgi目录属主属组
[root@localhost extman]# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
[root@localhost extman]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
4、导入数据库
由于数据库不能识别TYPE= MyISAM ,所以这里直接导入会出错,先编辑extmail.sql数据库文件,将TYPE=MyISAM更改为ENGINE=MyISAM
[root@localhost extman]# vim docs/extmail.sql
:% s/TYPE/ENGINE/g
共有五处修改
导入还是会报错
[root@localhost extman]# mysql -uroot -p < docs/extmail.sql
ERROR 1364 (HY000) at line 31: Field 'ssl_cipher' doesn't have a default value
此处需要修改my.cnf配置文件
[root@localhost extman]# vim /etc/my.cnf
# Recommended in standard MySQL setup
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES //将这行注视掉,重启mysql,这里需要注意的是,等数据库导入成功后,这项是不可以去掉注释的,不然mysql就启动不起来了。再次导入数据库
[root@localhost extman]# mysql -uroot -p < docs/extmail.sql
[root@localhost extman]# mysql -uroot -p < docs/init.sql
5、创建数据库用户extmail并授予权限
mysql -uroot -p
mysql> GRANT ALL ON extmail.* to extmail@'%' identified by 'extmail'; //这里直接在授权任何权限在任意地址上了
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
6、复制四-4提到的配置文件
[root@localhost ~]# cd /var/www/extsuite/extman/docs/
[root@localhost docs]# cp mysql_virtual_* /etc/postfix/
修改extmail数据库密码
6、为extman创建临时目录
[root@localhost extman]# mkdir /tmp/extman
[root@localhost extman]# chown -R postfix.postfix /tmp/extman/
yum install postfix
7、启动postfix、dovecot、saslauthd
systemctl restart postfix
systemctl restart dovecot
systemctl restart saslauthd
[root@localhost extman]# ss -tnluo | grep :25
tcp LISTEN 0 100 *:25 *:*
[root@localhost extman]# ps aux | grep dovecot
root 2220 0.1 0.3 15616 1508 ? Ss 03:02 0:00 /usr/sbin/dovecot -F
dovecot 2223 0.0 0.1 9312 1004 ? S 03:02 0:00 dovecot/anvil
root 2224 0.0 0.2 9440 1172 ? S 03:02 0:00 dovecot/log
root 2226 0.0 0.4 12428 2184 ? S 03:02 0:00 dovecot/config
root 2240 0.0 0.1 112640 972 pts/0 R+ 03:02 0:00 grep --color=auto dovecot
[root@localhost extman]# ps aux | grep saslauthd
root 2230 0.0 0.1 71944 916 ? Ss 03:02 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 2231 0.0 0.1 71944 676 ? S 03:02 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 2232 0.0 0.1 71944 676 ? S 03:02 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 2233 0.0 0.1 71944 676 ? S 03:02 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 2234 0.0 0.1 71944 676 ? S 03:02 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 2242 0.0 0.1 112640 668 pts/0 R+ 03:03 0:00 grep --color=auto saslauthd
但使用用户登陆失败:
root@controller:~# mysql -h localhost -uextmail -p123456
ERROR 1045 (28000): Access denied for user 'extmail'@'localhost' (using password: YES)
解决方法:
增加普通用户后,执行:
mysql> use mysql
mysql> delete from user where user='';
mysql> flush privileges;
意思是删除匿名用户。
OK,搞定,enjoy!
七、测试
1、测试虚拟用户
/usr/local/courier-authlib/sbin/authtest -s login test@haose888.org 123
[root@localhost courier-authlib-0.66.2]# /usr/local/courier-authlib/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded. //显示这个表示成功,测试时使用的是postmaster@extmail.org,因为我们导入的数据库init.sql里面自带了这个。
Authenticated: postmaster@extmail.org (uid 2525, gid 2525)
Home Directory: /var/mailbox/extmail.org/postmaster //这里需要注意/var/mailbox这个目录现在我们还没有创建,后面web访问的时候如果没有会报错,所以提前创建。
Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
Quota: (none)
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
[root@localhost courier-authlib-0.66.2]# mkdir /var/mailbox
[root@localhost courier-authlib-0.66.2]# chown -R postfix.postfix /var/mailbox/
2、测试smtp发信
printf "test@haose888.org" | openssl base64
dGVzdEBoYW9zZTg4OC5vcmc=
printf "123" | openssl base64
MTIz
[root@localhost ~]# printf "postmaster@extmail.org" | openssl base64
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
[root@localhost ~]# printf "extmail" | openssl base64
ZXh0bWFpbA==
[root@localhost ~]# telnet 127.0.0.1 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.daen.com ESMTP Postfix
HELO haose888.xyz
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.7.0 Authentication successful //成功
quit
221 2.0.0 Bye
Connection closed by foreign host.
八、启动nginx实现web访问
1、nginx本身并不能解析cgi,extmail自带了解析cgi的程序,但是有些地方需要修改下
[root@localhost ~]# vim /var/www/extsuite/extmail/dispatch-init
SU_UID=postfix
SU_GID=postfix
启动dispatch-init
[root@localhost ~]# /var/www/extsuite/extmail/dispatch-init start
Starting extmail FCGI server...
启动cmdserver,不启动会出现Connection refused
[root@localhost ~]# /var/www/extsuite/extman/daemon/cmdserver -v -d
loaded ok
vi /etc/rc.d/rc.local
添加开机启动
/var/www/extsuite/extmail/dispatch-init start
/var/www/extsuite/extman/daemon/cmdserver -v -d
2、添加nginx虚拟主机
[root@localhost ~]# vim /etc/nginx/conf.d/extmail.conf
server {
listen 8080;
server_name mail.test.com;
index index.html index.htm index.php index.cgi;
root /var/www/extsuite/;
location /extmail/cgi/ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/extsuite/extmail/cgi/$fastcgi_script_name;
include fcgi.conf;
}
location /extmail/ {
alias /var/www/extsuite/extmail/html/;
}
location / {
alias /var/www/extsuite/extmail/html/;
}
location /extman/cgi/ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/extsuite/extman/cgi/$fastcgi_script_name;
include fcgi.conf;
}
location /extman/ {
alias /var/www/extsuite/extman/html/;
}
access_log /var/log/extmail_access.log;
}
生成fcgi.conf
[root@localhost ~]# vim /etc/nginx/fcgi.conf
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
重启nginx,访问
http://127.0.0.1:8080/extman
出错,需要安装Unix::Syslog
安装Unix::Syslog
[root@localhost ~]# wget http://www.cpan.org/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz
[root@localhost ~]# tar xf Unix-Syslog-1.1.tar.gz
[root@localhost ~]# cd Unix-Syslog-1.1
[root@localhost Unix-Syslog-1.1]# perl Makefile.PL
[root@localhost Unix-Syslog-1.1]# make && make install
yum install perl-Unix-Syslog -y
再次访问就可以了,extman的登录账户为root@extmail.org密码为extmail*123*,首次使用需要先添加域,添加之后再修改域,改为可自由注册,再注册用户就可以登录发邮件了
图形日志
Can't locate RRDs.pm in @INC (@INC 错误
yum install perl-rrdtool -y
Attempt to reload Ext/MgrApp/ViewLog.pm aborted
2、到cpan的官方站点下载CPAN模块
[root@fc9 ~]#wget http://www.cpan.org/authors/id/A/AN/ANDK/CPAN-2.14.tar.gz
3、解压,编绎,安装
[root@fc9 ~]# tar -zxvf CPAN-2.14.tar.gz
[root@fc9 ~]# cd CPAN-2.14
[root@fc9 CPAN-2.14]# perl Makefile.PL
[root@fc9 CPAN-2.14]# make
[root@fc9 CPAN-2.14]# make install
4、成功进入CPAN的shell模式
[root@fc9 CPAN-2.14]# perl -MCPAN -e shell
Undefined subroutine &Ext::Utils::sort2name called at /var/www/extsuite/extmail/libs/Ext/App/Folders.pm line 387
问题一旦确定是搜索路径下Utils.pm缺少sort2name的定义,那么解决就很容易了,无非有几个:
1)将extmail的Utils拷贝到extman目录下,保持两边同步
2)将Webmail和后台公共用到的模块抽出来放到一个公共目录,避免名字空间重叠的现象
3)模块改名,例如extman/libs/Ext/Utils.pm可以改为extman/libs/Ext/ManUtils.pm,避免名字空间重叠
centos7 nginx Failed to read PID from file /run/nginx.pid: Invalid argument 解决方法
在centos7上,配置nginx代理服务后,
systemctl status nginx.service
提示错误
Failed to read PID from file /run/nginx.pid: Invalid argument
看到好多说删掉改nginx.pid 文件的,试之,无效。
后来找到了一个方法:
mkdir -p /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
然后
systemctl daemon-reload
systemctl restart nginx.service
解决了问题
SASL LOGIN authentication failed: authentication failure
现象:
本地extmail能正常登陆并发送邮件出去。通过telnet登陆出现错误:
1.SASL LOGIN authentication failed: authentication failure
通过foxmail,php的smtp类登陆同样报此错。
分析:
查看验证配置文件:
cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
且 /usr/local/courier-authlib/var/spool/authdaemon/socket文件存在,权限为
srwxrwxrwx 1 daemon daemon 0 Apr 30 15:44 /var/spool/authdaemon/socket也正常啊,难道本地的exmail不走验证机制?
1./usr/local/sbin/authtest -s login pass
这里的验证通过了。怪怪。。
仔细想了下这次邮局的配置,与以前大不同的是使用了不少RPM,减少编译过程。所以把怀疑对象定在了cyrus-sasl。
1.rpm -qa|grep cyrus-sasl
发现没有cyrus-sasl,于是
1.yum install cyrus-sasl
重新启动postfix,再次测试登陆。依然失败。
saslauthd -v
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap支持的验证机制方法里怎么没有authdaemond。。看来RPM的默认是没有。。
解决:
下载二进制cyrus-sasl包编译。ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
yum remove cyrus-sasl
yum remove cyrus-sasl-plain
yum remove cyrus-sasl-devel
yum remove cyrus-sasl-md5
tar zvfx cyrus-sasl-2.1.22.tar.gz
cd cyrus-sasl-2.1.22
tar zvfx cyrus-sasl-2.1.23.tar.gz
cd cyrus-sasl-2.1.23
tar zvfx cyrus-sasl-2.1.26.tar.gz
cd cyrus-sasl-2.1.26
export LDFLAGS="-lpthread"
./configure --with-mysql --enable-anon --enable-plain --enable-login --disable-krb4 --disable-otp --disable-cram --disable-digest --disable-gssapi --with-pam --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon
make&&make install
rm -rf /usr/lib/sasl
rm -rf /usr/lib/sasl2
ln -s /usr/local/lib/sasl2 /usr/lib/
#为了让postfix能找到sasl,请运行如下命令:
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
cat /usr/lib/sasl2/smtpd.conf
cat > /usr/lib/sasl2/smtpd.conf <<EOT
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
EOT
service courier-authlib restart
systemctl restart saslauthd
再次登陆发信,成功!
Size of a request header field exceeds server limit
有时浏览网页时会出现
Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.
意思为:错误的请求。您的浏览器发送一个请求,该服务器无法理解。一个请求头域的大小超过服务器的限制.
一般情况为cookie设置的太多了,导致请求头信息过大。
1.先清下本地浏览器缓存历史,cookie记录。
firefox 在选项-隐私-显示cookie,然后搜要访问的网址,移除选中,然后刷新网站看。
2.这个也跟服务器的设置有关
LimitRequestLine指令用来限制接收客户端发送的HTTP请求行的字节数,允许服务器管理员增加或减少客户端
HTTP请求行允许大小的限制。因为请求行包括HTTP方法、URI、协议版本,所以LimitRequestLine指令会限制请
求URI的长度。服务器会需要这个值足够大以装载 它所有的资源名,包括可能在GET请求中所传递的查询部分的所
有信息。
LimitRequestFieldSize指令用来限制客户端发送的请求头的字节数,允许服务器管理员增加,或减少HTTP请求
头域大小的限制。一般来 说,服务器需要此值足够大,以适应普通客户端的任何请求的头域大小。一个普通头域
的大小对于不同的客户端来说是有很大差别的,一般与用户配置他们的浏览器 以支持更多的内容协议密切相关。
LimitRequestLine和LimitRequestFieldSize指令给了服务器管理员更大的可控性,以控制客户端不正常的请求
行为。这有助于避免某些形式的拒绝服务攻击。默认值为“8190”。
解决办法:
1、技术人员可以修改配置文件
在Apache的httpd.conf配置文件中添加
LimitRequestLine 40940
LimitRequestFieldSize 40940
来自于23.227.193.227美国伊利诺斯芝加哥网友评分!
来自于42.119.148.32越南胡志明市网友评分!
来自于85.237.206.197英国英格兰伦敦网友评分!
来自于60.246.51.76澳门特别行政区网友评分!
来自于43.249.50.166印度网友评分!
来自于106.113.13.179河北省石家庄市 电信网友评分!
来自于101.94.224.43上海市上海市 电信网友评分!
来自于124.126.3.110北京市北京市 电信网友评分!
来自于106.87.116.73重庆市重庆市 电信网友评分!
来自于49.157.47.254菲律宾网友评分!
来自于183.200.16.191山西省太原市 移动网友评分!
来自于111.58.68.171广西壮族自治区贵港市 移动网友评分!
来自于94.66.59.128希腊网友评分!
来自于94.66.59.128希腊网友评分!
来自于103.151.173.102亚太地区网友评分!
来自于39.109.191.32新加坡网友评分!
来自于106.87.116.73重庆市重庆市 电信网友评分!
来自于106.87.116.73重庆市重庆市 电信网友评分!
来自于153.3.60.41江苏省南京市 联通网友评分!
来自于3.112.41.223日本东京网友评分!
来自于104.251.178.50美国德克萨斯达拉斯网友评分!
来自于104.251.178.50美国德克萨斯达拉斯网友评分!
来自于111.55.11.245中国 移动网友评分!
来自于103.205.179.169巴基斯坦网友评分!
来自于183.200.16.191山西省太原市 移动网友评分!
来自于183.200.16.191山西省太原市 移动网友评分!
来自于176.97.73.32英国网友评分!
来自于46.232.121.89俄罗斯莫斯科网友评分!
来自于114.45.39.108台湾省台北市网友评分!
来自于164.155.132.208南非网友评分!