網站服務管理班筆記phpMyAdmin-Mysql-DNS-proxy-openwebmail


【proftpd】

本款ftp比較專業。可以自動Big5與UTF8互轉。但可惜無法yum安裝,請自行下載套件來安裝。

下載網址http://ftp.kh.edu.tw/APPL/proftp-fix/1.3.1-1.rf/

proftpd-1.3.1-1.rf.iconv.x86_64.rpm
proftpd-debuginfo-1.3.1-1.rf.iconv.x86_64.rpm
proftpd-devel-1.3.1-1.rf.iconv.x86_64.rpm
proftpd-ldap-1.3.1-1.rf.iconv.x86_64.rpm
proftpd-mysql-1.3.1-1.rf.iconv.x86_64.rpm
proftpd-postgresql-1.3.1-1.rf.iconv.x86_64.rpm

【php】

vi /etc/php.ini
default_charset = "utf8"

upload_max_filesize = 180M

post_max_size = 80M

register_globals = On

【mysql】

四版以後,有多語言版的需求。之前版本全為拉丁文。

安裝
yum -y install mysql-server php-mysql

初始化(啟動)

service mysqld start

設定密碼

mysqladmin -u root password 'new-password'

設定utf8萬國碼,新增以下兩個敘述句

vi /etc/my.cnf

[mysqld]
default-character-set=utf8 

[client]
default-character-set=utf8

忘記密碼(沒有重要資料)
service mysqld stop
rm -rf /var/lib/mysql
service mysqld start

修改密碼

mysqladmin password 新密碼

防火牆設定,限定使用來源。

vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.10.0/24 --dport 3306 -j ACCEPT(網段)

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.10.1 --dport 3306 -j ACCEPT(單機)

管理者登入

mysql -u root -p

資料庫備份指令

mysqldump -uroot -p -A --default-character-set=utf8 > mysql.sql(全部資料庫)

mysqldump -uroot -p -a --default-character-set=utf8 school > school.sql(單筆資料庫school)

mysql -uroot -p < database.sql (資料庫還原)

【重新安裝 MySQL】

/etc/rc.d/init.d/mysqld stop
yum -y remove mysql
rm -rf /var/lib/mysql
yum -y install php mysql mysql-server php-mysql php-gd
/etc/rc.d/init.d/mysqld start

設定密碼:mysqladmin -u root password '密碼'

 

【phpMyAdmin】

方便、安全、穩定,建議yum來安裝。

yum -y install phpmyadmin php-mbstring php-gd

設定檔

vi /usr/share/phpmyadmin/config.inc.php

將cookie改為http認證方式

$cfg['blowfish_secret'] = 'http://web.shsps.kh.edu.tw/phpmyadmin'

$cfg['Servers'][$i]['auth_type'] = 'http';

別名設定,讓網頁讀取的到位址

vi /etc/httpd/conf.d/phpmyadmin.conf

<Directory "/usr/share/phpmyadmin">
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1
  Allow from 192.168.10.x #建議指定IP,安全性考量
</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /pa              /usr/share/phpmyadmin #有機器人會掃瞄phpmyadmin,建議用冷門字!

完成後,先修改權限,然後重新啟動

chmod 755  /usr/share/phpmyadmin

service httpd restart

接著,測試網站是否順利啟用

http://IP/pa

建立資料庫時,建建議用編碼

uft8_general.ci

 

【DNS伺服器】

安裝

yum install bind bind-chroot bind-libs bind-utils caching-nameserver system-config-bind

參考文件

cd /usr/share/doc/bind-9.3.X/sample/

檢查內容是否有以下敘述,若無在最後一行加上該描述

vi /etc/sysconfig/named

ROOTDIR=/var/named/chroot

設定文件檔

vi /var/named/chroot/etc/named.conf

主要伺服器路徑

/var/named/chroot/var/named/

次要伺服器路徑

/var/named/chroot/var/named/slave

完整設定內容,可直接複製貼上,並稍作修改來使用(以下為--次要伺服器用)

vi /var/named/chroot/etc/named.conf

-------------------主要伺服器-----

options {
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

    forwarders {
                163.28.136.14;
                163.28.136.2;
                163.28.136.10;
        };


  allow-transfer {
                163.28.136.14;
                163.28.136.2;
                163.28.136.10;
        };

};

controls {
        inet 127.0.0.1 allow {  localhost; } keys { rndckey; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};


zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};


zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};


zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};


zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

zone "x.kh.edu.tw" IN {
        type master;
        file "named.x";
        allow-update { none; };
};

zone "x.32.163.in-addr.arpa" IN {
        type master;
        file "named.x.rev";
        allow-update { none; };
        };

include "/etc/rndc.key";

 

-------------------次要伺服器-----

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
       
    forwarders {
                163.28.136.14;
                163.28.136.2;
                163.28.136.10;
        };

};

controls {
        inet 127.0.0.1 allow {  localhost; } keys { rndckey; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};


zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};


zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};


zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};


zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

zone "機關.kh.edu.tw" IN {
        type slave;
        file "slave/
named.x.rev";
        masters{
              163.32.
代號.1;           
        };
};

zone "代號.32.163.in-addr.arpa" IN {
        type slave;
        file "slave/
named.x.rev";
        masters{
               163.32.代號.1;          
        };
};

include "/etc/rndc.key";

完成後,重新啟動。

service named restart

檢查是否有named.x.rev反解  和  named.x 正解兩個檔案

cd /var/named/chroot/var/named/

次要伺服器的內容會跟隨主要伺服器更新,當然要記得維護主要伺服器,次要伺服器為救急用!

----------named.shsps----------設定格式

$TTL          86400
@ IN SOA x.kh.edu.tw. root.x.kh.edu.tw(
        2010052730 ; serial
        1H ; refresh
        15 ; retry
        14D ; expire
        12H ; Minimum
)


@               IN     MX   1                          mail.x.kh.edu.t
@               IN     NS   x.kh.edu.tw.
@               IN     NS   dns.x.kh.edu.tw.
@               IN     A    163.32.x.1
dns             IN     A    163.32.x.1
ftp             IN     A    163.32.x.2

www         IN   CNAME  ftp.x.kh.edu.tw.

 ----------named.shsps.rev----------設定格式

$TTL          86400
@ IN SOA x.kh.edu.tw. root.x.kh.edu.tw. (
2010052710 ; serial
1H ; refresh
15 ; retry
14D ; expire
12H ; Minimum
)
@ IN NS x.kh.edu.tw.
@ IN NS dns.x.kh.edu.tw.
1 IN PTR x.kh.edu.tw.
2 IN PTR www.x.kh.edu.tw.
 

 

 

【proxy加速瀏覽國外網站的速度方法】

 在瀏覽器加入
http://proxypac.kh.edu.tw/open.pac

 

【dovecot】POP、IMAP

yum -y install dovecot
service dovecot start

 

【openwebmail快速安裝法】

cd /etc/yum.repos.d
lftpget http://openwebmail.org/openwebmail/download/redhat/rpm/release/openwebmail.repo

編輯openwebmail.repo,讓網路安裝速度更快!

vi  openwebmail.repo 

proxy = http://open.kh.edu.tw:3128
timeout = 300

執行安裝

/var/www/cgi-bin/openwebmail/openwebmail-tool.pl –init

重新啟用httpd

service httpd restart

預設環境為中文環境

vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf

default_language zh_TW.Big5

default_iconset Cool3D.Chinese.Traditional

default_fontsize            12pt

default_msgformat         both

newmailsound               YouGotMail.English.wav

 

簡化網址

vi /etc/httpd/conf/httpd.conf

ScriptAlias /mail "/var/www/cgi-bin/openwebmail/openwebmail.pl"

重新啟用httpd

service httpd restart 

【加速openwebmail的perl】

yum -y install perl-CGI-SpeedyCGI

從speedy主程式再複製一份,root-suid執行權限的執行檔speedy_suid

cd  /usr/bin
cp   speedy   speedy_suidperl
chmod   u+s   speedy_suidper
l

將/var/www/cgi-bin/openwebmail/底下所有的執行檔中的第一行,將suidperl改成speedy_suid

vi chspeedy.sh

for name in open*.pl ; do
cp -a $name ${name}.old
sed -e "s/suidperl -T/speedy_suidperl/" < ${name}.old > ${name}
done

執行 ./chspeedy.sh

大功告成!