CentOS 7 server 架設筆記


mini基本設定(文字版)
設定網路可以上網 
vi /etc/sysconfig/network-scripts/ifcfg-e
ONBOOT=YES 
安裝常用指令 
yum -y install man lftp wget net-tools epel-release ntsysv system-config-*
net-tools:網路指令ifconfig
epel-release:套件的拓展包,提供額外的安裝套件

升級套件 
yum -y update 
關閉seLinux 
setenforce 0 
getenforce 
Permissive
vi /etc/php.ini
memory_limit = 128M
upload_max_filesize = 50M
max_file_uploads = 20
post_max_size = 20M

vsftp伺服器


systemctl start vsftpd

systemctl stop vsftpd

systemctl restart vsftpd

systemctl enable vsftpd


限制使用者離開家目錄,設定chroot_list,管理者才可以離開家目錄

vi /etc/vsftpd/vsftpd.conf

anonymous_enable=NO

下列前面 # 的刪除

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES 
 

讓使用者可用檔案總管方式上傳檔案
connect_from_port_20=NO
pasv_enable=YES

外部新增檔案chroot_list加入管理者名單

vi /etc/vsftpd/chroot_list
user1
user2

 

httpd伺服器

systemctl start httpd

systemctl stop httpd

systemctl restart httpd

systemctl enable httpd

 

mariadb資料庫

yum install mariadb mariadb-server php-mysql

systemctl start mariadb.service
systemctl enable mariadb.service
初始化MariaDB的環境
mysql_secure_installation

Enter current password for root (enter for none): #輸入目前MariaDB 的root密碼(第一次設定應該是空的,所以直接按Enter即可)
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y #是否要設定新的MariaDBroot密碼?在此是按Y
New password: #設定第一次新的MariaDB root密碼
Re-enter new password: #設定第二次

Remove anonymous users? [Y/n] Y #是否要移除anonymous user的資料?預設是Y
Disallow root login remotely? [Y/n]  Y #設定是否讓root只能從localhost登入,不能從其他的網路登入!(預設是Y)
Remove test database and access to it? [Y/n] Y #是否要移除test的資料庫?預設是移除
Reload privilege tables now? [Y/n]  Y #是否要重新載入權限的table資訊?預設是Y

登入使用

mysql -u root -p

Enter password:設定的密碼

查詢資料庫

show databases;

安裝MariaDB管理工具

yum install phpMyAdmin
vi /etc/httpd/conf.d/phpMyAdmin.conf 
#加入以下內容,允許從其他的網段登入
<Directory /usr/share/phpMyAdmin/>
Options none
AllowOverride Limit
Require all granted
</Directory>
vi /etc/phpMyAdmin/config.inc.php
「cookie」改為「http」 
$cfg['Servers'][$i]['auth_type']     = 'http'; 
systemctl restart httpd.service

 

postifx dovecot 郵件伺服器

移除sendmail

yum remove sendmail 

安裝

yum -y install postfix dovecot

設定主要郵件傳輸代理

alternatives --config mta

設定

vi /etc/postfix/main.cf

myhostname = mai.shsps.kh.edu.tw
mydomain = shsps.kh.edu.tw
myorigin = $mydomain
mynetworks_style = class
mynetworks = 127.0.0.0/8, 163.32.244.0/24

inet_interfaces = all
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
mail_spool_directory = /var/mail

home_mailbox = Maildir/
mailbox_size_limit = 0 
message_size_limit = 0 

(0為無限制,若要設定為1GB,範例為1024000000)

vi /etc/dovecot/dovecot.conf
protocols = imap pop3
vi /etc/dovecot/conf.d/10-mail.conf 
mail_location = mbox:~/mail:INBOX=/var/mail/%u
啟動
systemctl enable postfix systemctl enable dovecot systemctl start postfix systemctl start dovecot 
chmod 600 /var/mail/*
 
Roundcube Webmail 線上郵件服務系統
安裝相關套件
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm 
yum install  mysql-community-server
yum -y install httpd php-mysql php70w php70w-mysql php-mcrypt
systemctl restart mysqld 
建立給 Roundcube 使用的資料庫、資料庫連線帳號 
mysql -u root -p 
mysql> create database roundcube;
mysql> CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON roundcube.* TO 'roundmail'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
安裝主要程式 
yum install roundcubemail 
安裝路徑 /usr/share/roundcubemail/  
設定檔在 /etc/roundcubemail/
記錄檔在 /var/log/roundcubemail/
Web 增加 /etc/httpd/conf.d/roundcubemail.conf
預設 web 路徑 http://server_name_ip/roundcubemail
完成後,刪除安裝設定路徑 http://server_name_ip/roundcubemail/installer/
設定遠端瀏覽 與 安裝設定 
http://163.32../roundcubemail/installer 
vi /etc/httpd/conf.d/roundcubemail.conf 
<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>
systemctl restart httpd.service
※本篇技術參考
http://blog.xuite.net/tolarku/blog/542972521-Webmail+%E7%B6%B2%E9%A0%81%E4%BF%A1%E7%AE%B1+roundcube+%E8%A8%AD%E5%AE%9A%E5%AE%89%E8%A3%9D+-+CentOS7