全力打造多功能FreeBSD伺服器

火星人 @ 2014-03-29 , reply:0



硬體:賽揚566、128MB內存、20GB硬碟9(/ /home /usr /var /tmp四個分區),8029兼容網卡等等;
軟體:最小安裝的FreeBsd 4.7

還是按由淺到深的順序來講吧;

1、安裝webmin:
# tar -zxvf webmin-version.tar.gz
# mv webmin-version /usr/local/webmin
# cd webmin
# chmod 755 setup.sh
# ./setup.sh
然後基本上一路回車就能搞定,不要說這些簡單E文你也不懂啊:)

2、apache+mysql+php的安裝;
需要的軟體包:
httpd-2.0.43.tar.gz
mysql-3.23.53.tar.gz
php-4.3.2.tar.gz
假設這些軟體包存放在/home/down目錄下

a、安裝Mysql
# pw groupadd mysql
# pw useradd mysql -g mysql -s /nonexitent
# tar -zxvf mysql-3.23.53.tar.gz
# mv mysql-3.23.53 mysql
# cd mysql
# ./configure --prefix=/usr/local/mysql
# make
# make install
# scripts/mysql_install_db
# chown -R root /usr/local/mysql
# chown -R mysql /usr/local/mysql/var
# chgrp -R mysql /usr/local/mysql
# cp support-files/my-medium.cnf /etc/my.cnf
# /usr/local/mysql/bin/safe_mysqld --user=mysql &
# echo "/usr/local/mysql/bin/safe_mysqld --user=mysql &" >> /etc/rc.local
# cd /usr/local/mysql/bin
# ./mysqladmin -u root -p password "your-password"

b、安裝apache
# cd /home/down
# tar -zxvf httpd-2.0.43.tar.gz
# mv httpd-2.0.43 apache
# cd apache
# ./configure --prefix=/usr/local/apache --with-mysql=/usr/local/mysql --enable-shared=max --enable-module=so
# make
# make install
# mv /usr/local/apache/htdocs/index.html.en /usr/local/apache/htdocs/index.html
# /usr/local/apache/bin/apachectl start

c、安裝php
# cd /home/down
# tar -zxvf php-4.3.0.tar.gz
# mv php-4.3.0 php
# cd php
# ./configure --prefix=/usr/local/php4 --with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs
# make
# make install
# ee /usr/local/apache/conf/httpd.conf
在其中加上下面三行代碼,就可以使apache支持php了,然後保存退出。
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
然後在httpd.conf文件查找DirectoryIndex index.html,在它後面加上index.htm index.php。
到此apache+mysql+php已經配置完畢!!

3、Proftpd的安裝,並使之與mysql整合
需要的軟體包,存放在/home/down
proftpd-1.2.7.tar.gz
mod_sql-4.0.8.tar.gz
# cd /home/down
# tar ?zxvf proftpd-1.2.7.tar.gz
# mv proftpd-1.2.7 proftpd
# cp mod_sql-4.0.8.tar.gz proftpd/contrib/
# cd proftpd/contrib/
# tar -zxvf mod_sql-4.0.8.tar.gz
# ee mod_sql_mysql.c
將#include 改成#include
這裡假設你的Mysql安裝在/usr/local/mysql
# cd ..

配置使Proftpd支持MySQL認證:
#./configure --prefix=/usr/local/proftpd \
--with-modules=mod_sql:mod_sql_mysql \
--with-includes=/usr/local/mysql/include/mysql \
--with-libraries=/usr/local/mysql/lib/mysql
# make
# make install
安裝完之後,可以按下列步驟進行測試,Proftpd是否能正常工作:
# sh sample-configurations/PFTEST.install
測試的所需要的臨時文件被放置在/tmp/PFTEST目錄中,運行命令:
# ./proftpd -n -d 5 -c /tmp/PFTEST/PFTEST.conf
如果能正常運行,你可以發現有很多的信息而且最後一行會出現:
ProFTPD 1.2.6 (built ***) standalone mode STARTUP
說明服務啟動了,它用的埠是2021,你可以用用戶proftpd與密碼 proftpd進行登錄測試。如果正常,你可以做下列準備;否則要檢查安裝是否正確。

為FTP服務建立相應的資料庫及其表。
1、你可以為此服務建立專門的資料庫,也可以放在其它的資料庫中。在此我專門建立一個專門的資料庫FTP:

> create database proftpd;

然後在這個資料庫中建立一個用戶表ftpusers,這個表是必須的:

> use proftpd;
> create table ftpusers (
> userid TEXT NOT NULL,
> passwd TEXT NOT NULL,
> uid INT NOT NULL,
> gid INT NOT NULL,
> home TEXT,
> shell TEXT
> );
此表格是為了用戶認證所需要的,其中userid、passwd是必不可少的,userid是用做FTP服務的用戶名;passwd是指此用戶的密碼; uid是系統用戶的ID,也就是所映射的系統用戶;gid是所屬系統組的ID;home是該用戶所在的HOME目錄;shell可以為該用戶指定相應的 shell。當然你可以建立更多的欄位,例如:用來記錄用戶登錄次數的count,或者是日期的date,如果你對配置熟悉了之後,你可以根據自己的喜歡添加更多的功能。在此就不多講。
3、如果你想需要所有的功能,你還可以添加另外一個需要的表:ftpgroups,也就是確定組的表格,當然也可以不用,這裡講一個它的格式:
create table ftpgroups (
groupname TEXT NOT NULL,
gid SMALLINT NOT NULL,
members TEXT NOT NULL
);
其中groupname是組的名稱,gid是系統組的ID,members是組的成員。注意:多成員,他們之間要用逗號隔開,不能使用空格。

為空表格插入記錄:
INSERT INTO ftpusers (userid, passwd, uid, gid, home, shell)
values ('test', 'test', '2000', 『2000』, '/home/ftp/test', ' ');

按此格式你可以插入這每一個用戶添加一個記錄。
如果你要想應用到更多的功能,且建立了組的表格,你也要為此添加記錄,不過一定要注意在members的欄位多個成員一定要用逗號隔開。

為FTP用戶建立相應的系統用戶。
在本例中,只整個FTP服務只提供一個有效的系統用戶ftpusers和組ftpgroups,當然你也可以設置多個系統用戶。但出於安全的考慮,我只設一個,用他來啟動FTP daemon,並把所有的FTP用戶映射到這個用戶。

先建立FTPGRP組:
# pw groupadd ftpgroups ?g 2000
建立FTPUSR用戶:
# pw adduser ftpusers ?u 2000 ?g 2000 ?d /home/ftp ?s /nonexistent

為FTPUSR建立HOME,把所有的FTP user 活動空間全放在此目錄下:
# mkdir /home/ftp
# chown ftpusers /home/ftp
# chgrp ftpgroups /home/ftp

現在可以在mysql的FTP資料庫中建立磁碟限制數據表了,呵呵,利用phpmyadmin幫忙就可以了:

CREATE TABLE quotalimits (
name VARCHAR(30),
quota_type ENUM("user", "group", "class", "all") NOT NULL,
per_session ENUM("false", "true") NOT NULL,
limit_type ENUM("soft", "hard") NOT NULL,
bytes_in_avail FLOAT NOT NULL,
bytes_out_avail FLOAT NOT NULL,
bytes_xfer_avail FLOAT NOT NULL,
files_in_avail INT UNSIGNED NOT NULL,
files_out_avail INT UNSIGNED NOT NULL,
files_xfer_avail INT UNSIGNED NOT NULL
);

CREATE TABLE quotatallies (
name VARCHAR(30) NOT NULL,
quota_type ENUM("user", "group", "class", "all") NOT NULL,
bytes_in_used FLOAT NOT NULL,
bytes_out_used FLOAT NOT NULL,
bytes_xfer_used FLOAT NOT NULL,
files_in_used INT UNSIGNED NOT NULL,
files_out_used INT UNSIGNED NOT NULL,
files_xfer_used INT UNSIGNED NOT NULL
);

說明一下,quotatallies表不需要作修改,它記錄了用戶當前的磁碟使用情況,由程序自動記錄
要注意的是quotalimits 表中一些欄位的含意
quota_type 磁碟限額的鑒別,可以設置單各用戶,也可以設置一各組中的全部用戶,還可以設置全部用戶
bytes_in_avail 上傳最大位元組數,就是FTP用戶空間容量 (設置個欄位的時候是以byte(位元組)為單位,如果要限額在10M,那就是10240000,下面也一樣)
bytes_out_avail 下載最大位元組數,需要注意的是,這個欄位中記錄的是用戶總共能從伺服器上下載多少數據,數據是累計的。
bytes_xfer_avail 總共可傳輸的文件的最大位元組數(上傳和下載流量)需要注意的是,這個欄位中記錄的是用戶總共能傳輸文件的最大位元組數,數據是累計的。
files_in_avail INT 總共能上傳文件的數目
files_out_avail INT 能從伺服器上下載文件的總數目
files_xfer_avail INT 總共可傳輸文件的數目(上傳和下載)

然後再把下面一些SQL語句copy到proftpd.conf中即可,無須改動:

#以下是SQL調用語句,不用修改直接拷貝過去

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, \
bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits \
WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, \
bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies \
WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, \
bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, \
files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, \
files_xfer_used = files_xfer_used + %{5} \
WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally


設置proftpd的主配置文件。
Proftpd的配置文件proftpd.conf在/usr/local/etc/目錄下,針對不用的認證可以使用不同的配置文件。使用MySQL認證,可以把mod_sql.conf拷貝到/usr/local/etc下面並將其改名為proftpd.conf。
修改proftpd.conf文件,具體內容如下:

#設置FTP伺服器的名稱:
ServerName 「My FTP Server」

#設置FTP伺服器的類型:
ServerType standalone
DefaultServer on

#設置根,可以限制用戶在某個地方活動,增強伺服器的安全性。
DefaultRoot ~

#設置FTP服務埠號,標準的FTP服務埠是21。
Port 21

#設置新建文件或目錄時,設置許可權的掩碼:
Umask 022

#設置系統日誌文件:
SystemLog /var/log/ftp.syslog

#設置記錄文件傳輸的日誌文件:
TransferLog /var/log/ftp.transferlog

#設置最大的嘗試登錄的次數,如果超過自動斷開連接:
MaxLoginAttempts 3

#設置斷點繼傳
AllowRetrieveRestart on

#針對IP的速率限制(以BPS為單位,下面是80KB/S)
RateReadBPS 80000
RateWriteBPS 80000

#設置MySQL認證:

#資料庫聯接的信息,DatabaseName是資料庫名, HostName是主機名,
#Port是埠號,UserName是連接資料庫的用戶名,Password是密碼。
SQLConnectInfo DatabaseName@HostName:Port UserName Password
#我的實例是SQLConnectInfo FTP@localhost:3306 root ******
#資料庫認證的類型:
SQLAuthTypes Backend Plaintext
#指定用來做用戶認證的表的有關信息。
SQLUserInfo FTPUSERS userid passwd uid gid home shell
#設置如果shell為空時允許用戶登錄:
RequireValidShell off
#資料庫的鑒別,這裡是用於用戶的方式:
SQLAuthenticate users
#如果home目錄不存在,則系統會為根據它的home項新建一個目錄:
SQLHomedirOnDemand on


#防止DoS攻擊,設置最大的了進程:
MaxInstances 30

#設置正常服務的系統用戶與組:
User ftpusers
Group ftpgroups

#設置用戶登錄時顯示的信息及進入各個子目錄中的信息:
DisplayLogin welcome.msg
DisplayFirstChdir .message
#設置最大的登錄數:
MaxClients10
#支持斷點續傳:
AllowRetrieveRestart on
AllowStoreRestart on

測試:
完成了文件的配置,你可以啟動Proftpd服務了,用來測試是否成功:
修改apahce的配置文件,使通過mysql添加的proftpd用戶目錄能被web瀏覽
將UserDir public_html
改為UserDir /home/ftp/*/
然後重啟apache使改動生效,再啟動proftpd用test帳號登陸,進行測試。
# /usr/local/proftpd/sbin/proftpd ?n &

注意:在FreeBSd4.7和5.0下運行Proftpd,這時可能會提示下面的錯誤
/usr/local/ftp/sbin/proftpd: error while loading shared libraries: libmysqlclient.so.10: cannot open shared object file:
No such file or directory
解決方案如下:
安裝mysql時,將mysql庫所在的目錄添加進配置文件中,例如
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
然後執行ldconfig -v|grep libmysqlclient ,再試試!

或者將/usr/local/mysql/lib/mysql/下的文件全部copy到/usr/lib中即可。

如果test登陸成功的話,在test用戶根目錄里放置一個index.html文件
通http://yourserver/~test/看能否訪問。

未完待續,希望起到拋磚引玉的作用,大家可以接著寫啊,偶技術太爛了,已經好一陣子沒玩過BSD了,555~~~~
我的proftpd.conf配置文件:

ServerName "白狐狸's FTP Server"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

#limit the user in his owner directory
DefaultRoot ~

#put the proftpd log files in /var/log/ftp.syslog
SystemLog /var/log/ftp.syslog

#TransferLog log files
TransferLog /var/log/ftp.transferlog

#set The maxtimes user Attempts times
MaxLoginAttempts 3

#setup the Restart
AllowRetrieveRestart on

#setup the download and upload speed
RateReadBPS 80000
RateWriteBPS 80000

#setup the disk quota
QuotaDirectoryTally on

#quota b"|"Kb"|"Mb"|"Gb"
#setup the disk quota
QuotaDirectoryTally on

#quota b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits Kb
QuotaEngine on
QuotaLog /var/ftp/Quota.log
QuotaShowQuotas on


# We put our mod_sql directives in a block so they'll be
# inherited by the block below, and any other
# blocks we may want to add. For a simple server these don't need to
# be in a block but it won't hurt anything.


# Specify our connection information. Both mod_sql_mysql and
# mod_sql_postgres use the same format, other backends may specify a
# different format for the first argument to SQLConnectInfo. By not
# specifying a fourth argument, we're defaulting to 'PERSESSION'
# connections -- a connection is made to the database at the start of
# the session and closed at the end. This should be fine for most
# situations.

# SQLConnectInfo dbname@host:port username password
SQLConnectInfo ftp@localhost:3306 root 12345678

# Specify our authentication schemes. Assuming we're using
# mod_sql_mysql, here we're saying 'first try to authenticate using
# mysql's password scheme, then try to authenticate the user's
# password as plaintext'. Note that 'Plaintext' isn't a smart way to
# store passwords unless you've got your database well secured.
SQLAuthTypes Backend Plaintext

# Specify the table and fields for user information. If you've
# created the database as it specifies in 'README.mod_sql', you don't
# need to have this directive at all UNLESS you've elected not to
# create some fields. In this case we're telling mod_sql to look in
# table 'users' for the fields 'username','password','uid', and
# 'gid'. The 'homedir' and 'shell' fields are specified as 'NULL' --
# this will be explained below.

# SQLUserInfo users username password uid gid NULL NULL
SQLUserInfo ftpusers userid passwd uid gid home shell


# Here we tell mod_sql that every user it authenticates should have
# the same home directory. A much more common option would be to
# specify a homedir in the database and leave this directive out. Note
# that this directive is necessary in this case because we specified
# the homedir field as 'NULL', above. mod_sql needs to get homedir
# information from *somewhere*, otherwise it will not allow access.

# SQLDefaultHomedir "/tmp"

# This is not a mod_sql specific directive, but it's here because of
# the way we specified 'SQLUserInfo', above. By setting this to
# 'off', we're telling ProFTPD to allow users to connect even if we
# have no (or bad) shell information for them. Since we specified the
# shell field as 'NULL', above, we need to tell ProFTPD to allow the
# users in even though their shell doesn't exist.

RequireValidShell off

# Here we tell mod_sql how to get out group information. By leaving
# this commented out, we're telling mod_sql to go ahead and use the
# defaults for the tablename and all the field names.
# SQLGroupInfo groups groupname gid members

# For small sites, the following directive will speed up queries at
# the cost of some memory. Larger sites should read the complete
# description of the 'SQLAuthenticate' directive; there are options
# here that control the use of potentially expensive database
# queries. NOTE: these arguments to 'SQLAuthoritative' limit the way
# you can structure your group table. Check the README for more
# information.

SQLAuthenticate users

# Finally, some example logging directives. If you have an integer
# field named 'count' in your users table, these directives will
# automatically update the field each time a user logs in and display
# their current login count to them.
# SQLNamedQuery getcount SELECT "count, userid from users where userid='%u'"
# SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users
# SQLShowInfo PASS "230" "You've logged on %{getcount} times, %u"
# SQLLog PASS updatecount

SQLHomedirOnDemand on


#...SQL...............

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"


SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"


SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally


# close our block.



# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the normal user and group permissions for the server.
User ftpusr
Group ftpgrp

# Normally, we want files to be overwriteable.

AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on


# A basic anonymous configuration, no upload directories. If you
# don't want to support anonymous access, simply remove this
# ... block.


User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot

DenyAll






[火星人 via ] 全力打造多功能FreeBSD伺服器已經有165次圍觀

http://www.coctec.com/docs/linux/show-post-204564.html