OpenBSD2.8 Server Configuration Practice Manual

xiaoxiao2021-03-06  102

From: http://www.freebsdchina.org The first lesson, install OpenBSD 2.8   If your computer does not support the CD startup, first make the following steps under DOS, make the boot floppy disk, then start the computer from the floppy disk. (Where E: is the drive letter where the disc is located. E: /2.8/tools/fdimage E: /2.8/i386/fdimage e: /2.8/i386/floppy28.fs A:   If your computer supports the disc boot, after startup from the CD, follow the prompt step by step After the installation, the following is a brief description of the installation process: Section 1, create a partition startup computer until the following prompt appears: (i) NSTALL, (u) pgrade or (s) Hell? Where (i) represents a new system (U) represents the old version of the original OpenBSD, (s) represents the exit to the command line status. We have to install a new system, so enter i and enter. After a message, the system is inquiry what terminal type: Specify Terminal Type [PCVT25]: Don't pay attention to it, go directly to the bus, continue after the steps. The system will detect the available hard drive, and ask the hard drive to process: available disks are: wd0 Which disk is the root disk? [Wd0] The above prompt indicates that only one IDE hard drive is only one IDE hard drive, if it is a SCSI hard disk, will be displayed SD0. Because the system has only one hard drive, the installer has helped us choose a hard disk. If there is a plurality of hard drives, you must enter the name of the hard disk, such as WD1. Now use directly to enter the next step. The system is asked if the entire hard disk is used to openbsd: do you want openbsd? [No] default is NO, but the manual is to do server, so enter Yes and enter! But first, please confirm that there is no important data on this hard disk! The system will now enter FDISK (a partition program, input? And enter the use help). First use the D command to delete the original partition (note that the C partition is reserved by the OpenBSD system, can not delete or change), then use a command to create a new partition, you will get the following information: Offset: [xxxxxx] size: OFFSET: [XXXXXX] Size: [xxxxxxxxxx] Rounding to nearest Cylinder: xxxxxxx fs type: [4.2bsd] mount point: [none] where the offset refers to the offset address of each partition. Don't pay attention to it, go directly to you, the system will automatically process. SIZE is the size of the partition, and the brackets are the remaining available disk space size. The size of the partition is 80MB directly with an input of 80M. Rounding to nearest Cylinder is returned by the system, which is converted into a column head, and it is not necessary. FS Type is a file system type, only 4.2BSD and SWAP options. By default, the B partition uses the SWAP option. The SWAP partition is recommended for 2 times the size of the memory size. Mount Point is equivalent to the directory of the DOS system, the system must have only one root directory "/", the SWAP partition does not require Mount Point. It can be easily defined as "/" other than the SWAP partition, but it is not recommended, because once the disk has problems, it is difficult to fix it according to partition.

If you have a 15GB hard drive, and there is 128MB of memory, then it is recommended to divide the following: A 80M 4.2BSD /; root directory B 300M SWAP; swap partition D 80M 4.2BSD / TMP; Temporary file directory E 800M 4.2BSD / usr; Application Directory F 2000M 4.2BSD / VAR; Application Data Directory G Space 4.2BSD / Home; User Directory If you install MySQL database service, you can easily manage, then you can separate the / var / mysql from a partition (will be behind Mention). After dividing the partition, save the partition information with the W command, Q command exits the FDISK program. The Following Partitions Will Be Used for the root filesystem and swap: WD0A / WD0B SWAP MOUNT POINT FOR WD0D (SIZE = 98967k) [/ TMP, RET, NONE, OR DONE] system will confirm the directory allocation again, you can give careful An amended opportunity, if you have no mistakes, enter DONE and enter your business. The system will prompt whether other hard drives are processed. If there is no other hard disk or no processing, enter DONE and enter the next step, if other hard drives are configured, according to the above steps. Note that do not configure the already configured hard drive. System Ask is formatted: The next step Will Overwrite Any Existing Data ON: WD0A WD0D WD0E WD0F WD0G Are You Really Sure You 'Ready To Proceed? [N] Of course, enter Y and carries back, so much, Don't you continue? In the second section, after the network is configured, the system will ask if the network is configured: configure the network [y] Since it is a server, of course, it is necessary to support the network, and the carriage return began to configure the network. Enter System Hostname (Short Form): [] Enter DNS Domain Name: [] Enter HostName (Host Name) and Domain Name (domain name), if you have legitimate international domain names, use international domain names. First, Hostname is MOO, Domain Name is 01Tech.nat (avoiding conflicts with international domain). The system prompts to configure the NIC. The manual example is used by the DE-530TX 10 / 100Mbps adaptive network card. The device under OpenBSD is named VR0. If it is a NE2000 compatible network card, it may be displayed as NE0, and the system will automatically detect: You May Configure The Following Network Interfaces (The Interfaces Marked with "" VR0 Configure Which Interface? (or, Enter 'DONE') [VR0] In this example, there is only one network card and has been selected. , Directly enter the configured, if not selected, enter the device name and enter the custom.

IP address (or 'dhcp')? [] Symbolic (Host) Name? [MOO] NETMASK? [255.255.255.0] Enter DHCP in IP Address and enter the dynamically assigned IP address, which should be fixed as a server. The IP address, so you should enter 192.168.32.1 and Enter (for knowledge about IP addresses and mask, please refer to other articles). Symbolic (Host) Name It is Hostname! The system will automatically use the Hostname just entered, it can be used directly. Netmask default is 255.255.255.0, use this, enter the carriage return. . Your use of the network interface may require non-default media directives The default media is: media: Ethernet autoselect (100baseTX full-duplex) This is a list of supported media: media autoselect media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT mediaopt Full-Duplex Media 10Baset If the Default Is Not Satisfactory, and You wish to use one another media, copy triatx ") Media Directives? [] Don't look at so much information, actually do something, choose The network card is connected to the network. The easiest way is to choose Media AutoSelect and enter. The system will ask if other network cards are configured. If there is only one network card, it will automatically select Done, and you can enter the next step only if you need to enter. Other NIC configurations are as configured above. Enter IP Address of Default Route: [NONE] Enter ip address of primary Nameserver: [NONE] WOULD You like to use the name ip? [Y] Routing Route does not need to be entered unless you are linked to a machine in different domains. Because the domain name interpretation service is to be provided on this server, Nameserver points to yourself, that is, enter 192.168.32.1. It is not called whether it is now starting NAMSERVER. Enter continuation. Section III, set the administrator password please enter the initial password That the root account will have. The system requires the input administrator password, and confirms once, remember, otherwise it will not enter the system after the computer is restarted. Here, the password is assumed to be 123456, and there should be such a password in the actual application, but should use the password of letters, characters, and digital mixing. Section IV, install the application and then the installer is asked if it will run x window: do you expert? [Y] Of course, it will not, enter N and enter the next step. Select the installation media medium. INSTALL FROM (F) TP, (H) TTP, (T) APE, (C) D-ROM, (N) FS or LOCAL (D) ISK? There are a variety of ways to install the system, we only choose (c), pass CD-ROM installation.

The following CD-ROM devices are installed on your system; please make sure the CD is in the CD-ROM drive and select the device containing the CD with the installation sets: cd0 Which CD-ROM contains the installation media [cd0] system? The available CD-ROM will be detected, and give the selected, here is only one CD-ROM state, if more than one CD-ROM condition, select the correctly put the CD-ROM where the disc is installed, otherwise the installer will Halt is there and cannot continue. Enter The Directory Relative To The Mount Point That Contains The File. [/2.8/i386] Confirm the directory where the installation file is located. If you use the discs provided above 01Tech, you can use it to confirm. The Following Sets Are Available for Extra FileName, `List ',` All', or `DONE '. You May De-select a set by prepending a' - 'to it28.tgz [x] Base28.tgz [x] Etc28.tgz [] comp28.tgz [x] man28.tgz [] game28.tgz [] xbase28.tgz [] xShare28.tgz [] xServ28.tgz [x] barv28.tgz [x] BSD file name ? [] Because of the installation of the server, we only need to play "X" package above, in addition, because some programs must be compiled by the source program, so you must select Comp28.tgz. That is to say, there must be Base28.tgz, etc28.tgz, comp28.tgz, man28.tgz and BSD. After confirming that the five items are playing "X", enter DONE and enter the car, ask: Ready to extract selected file sets? [Y] Of course, I want to unpack, this problem is a bit mentally wisdom! Extract more sets? [N] um? God said, give you a chance to repent? Don't worry about him, continue to enter! Section 5, set the time zone then select time zone: What timezone is you in? [`? 'For list] [GMT] Can you use what you can choose, but you have no Beijing time, choose Hong Kong. Enter Hongkong and enter. After the system is automatically handled, the prompt "#" of the command line mode is finally appeared. Congratulations, OpenBSD 2.8 is completed here. Enter the Reboot Enter to restart your computer! Remember to change it to hard drive! It can now be rest. After restarting the computer, use root as the username, 123456 As the password, you can log in to your OpenBSD 2.8 system. In the second lesson, set the domain name interpretation service to explain the role of the DNS-Domain Name Server. In fact, a computer that is linked to the network, only needs to know the IP address to be accessed. But who will remember 129.128.5.191 This IP address is the server representing OpenBSD? Of course, www.openbsd.org is much easier to memorize.

The role of the domain name service is to convert the names such as www.openbsd.org into the IP address of 129.128.5.191 that can be identified by the computer. So the domain name interpretation service should include two conversion processes: from the name to the IP address (forward interpretation); from the IP address to the name (revealed). Understand these basic ideas, configuring the domain name interpretation service is easier. In the first quarter, set the named.boot file  pOpenBSD 2.8 system There is already a domain name interpretation service Named 4.9.7-REL after the installation is complete, just need to be manually set. Named configuration file inside / var / named directory, the file name is named.boot. A simple, can be used (of course, an example of the manual is linked!) Named.boot's file content is as follows: Directory / Namedb Cache. Root.cache primary 0.0.127.in-addr.arpa localhost.rev primary 32.168.192.in-addr.arpa 01Tech.rev Primary 01Tech.nat 01Tech   You can edit this file with VI tools (please refer to "Appendix 4"). Explain the meaning of this file: The first line is used to specify the directory where the domain name interpretation file is located. In fact, the real domain interpretation file is placed in the / var / named / namedb directory because we will use Chroot's way (executable) When switching to the user required by the program, and performs NAMED as the root directory of the user as the root of the root, so here is / namedb. The second line specifies the cache file. For the domain names that have been accessed, they will be recorded in the cache file, and they will be much faster when they queries. The file name of the cache file is root.cache. The third line specifies the domain name refinement file for this unit. 0.0.127.in-addr.arpa is actually the corresponding name of 127.0.0.x (X is 1 ~ 255) in turn. The relevant interpretation file is LocalHost.rev, the fourth line, the third line, is the corresponding name of 192.168.32.x. The relevant interpretation file is 01Tech.rev. The fifth line is positive solution, specifying that the name of the domain name 01Tech.nat is given to the 01TECH file for explanation.

Section 2, configure the domain name interpretation file, then we look at the contents of the file in the / var / namedb directory, when the system does not configure the domain name interpretation service, the default is only two files: localhost.rev and root.cache, Where the localhost.rev is not what we need, it is necessary to rewrite itself, and the contents rewritten are as follows: @ in soa moo.01tech.nat. Root.moo.01tech.nat. (14; serial 3600; refresh 900; Retry 3600000; EXPIRE 3600); minimum in ns moo.01tech.nat. 1 in ptr localhost. Explains the composition of this file! In fact, this document is composed of three RR (Resource Record), or we analyze it in a form of form, it will be easier to understand: [Name] [TTL] [Class] Type Data @ 省 略 in SOA ... 省 省 省 省 n ... ... 1 omitting in ptr ... name must be a host name or domain name, when using @ 时代 sheet abbreviations, the same as the named.boot file, represents 127.0.0.x here. TTL means that the effective storage period of this data is usually ignored, and the default TTL value is used. Class Specifies the network type, INTERNET, basically does not use other types. Type commonly available with SOA, NS, A, PTR, MX, CNAME, etc. Soa (Start of Authority) follows the host, administrator mailbox, serial number, deputy interval update interval, deputy interpreter update failed, and the main interpretation domain fails, and the main interpretation field provides the validity period of the secondary interpretation domain. Other Domain Name Interpretation The server retains the time of the domain name interpret the server. It should be noted that it must not be missing after the host and administrator mailbox, otherwise the system will automatically add a complete domain name. For example, if only MOO is written, the system will be added to moo.01tech.nat. So you can simply write the SOA Moo Root.moo (...). The host name PTR (POINTER) of the NS (Name Server) is followed by the host name PTR (POINTER) of the domain name interpretation service is a name corresponding to the previous IP address. A (address) is an IP address corresponding to the previous name. It is necessary to note that the record of the A and the releasive PTR of the positive solution must match, otherwise the DNS query will not be normal, the system slows down. CNAME is used to establish an alias so that when accessing the alias, it will be turned to access the official name. MX records a list of destination addresses for telling the priority of the mail server to transfer letters. For A, CNAME, MX will be seen in the back of the positive solution file, will not be explained later.

    @ in SOA moo.01tech.nat. Root.moo.01tech.nat. (14; serial 3600; refresh 900; refer 3600000; Expire 3600) Minimum in ns moo.01tech.nat. 1 in ptr moo.01tech.nat. @ In SOA MOO.01TECH.NAT. Root.moo.01tech.nat. (14; serial 3600; refresh) 900; RETRY 3600000; EXPIRE 3600); Minimum in ns moo.01tech.nat. In mx 5 pop.01tech.nat. Moo in A 192.168.32.1 WWW in CName Moo Pop in CNAME MOO SMTP IN CNAME MOO LOCALHOST. IN CNAME MOO 01Tech.nat. In CNAME MOO Section III, test DNS                                                                                                                                         -T / var / named then uses nslookup to check if DNS is normal. The following is the result of the NSLookup run, if the domain name cannot be explained, can interrupt the query by pressing Ctrl C. nslookup Default Server: moo.01tech.nat Address: 192.168.32.1> pop Server: moo.01tech.nat Address: 192.168.32.1 Name: moo.01tech.nat Address: 192.168.32.1 Aliases: pop.01tech.nat> exit   If you fully configure your DNS in full accordance with the example of the manual, the query does not have such a result, then you need to re-come again, eat the above description. In the fourth quarter, automatically start the DNS when the system is started. To make the system start the DNS service when starting, the related items in the /etc/rc.conf file can be changed to Named_Flags = NO to Named_Flags = " "Third lesson, configure database services" If you don't need a database service, you can slightly, but there is a considerable part of the course and this lesson, so even if you don't intend to configure database services, you should also look at the contents of this lesson. . The Mysql database is currently the most popular free database, because of the excellent efficiency and concise control methods, it is adopted by many service providers. Although it still has some shortcomings, such as transaction and subsection, these defects can be solved by programming. When you start writing in this manual, MySQL's latest stability version is 3.23.32, there is no OpenBSD port (each application in OpenBSD is a port), so we contain its source code in the manual CD. Package, and write this lesson to teach you how to compile and install MySQL below OpenBSD.

In the first quarter, expand the mysql source package   First, you need to let the system can read the disc (because the source package is in the disc!), The method is very simple, just do the following command: mount / dev / cd0c / MNT then transfer to the / usr / src directory, extracts the source code packet of MySQL-3.23.32, CD / USR / SRC TAR ZXVF / MNT/Packages/mysql-3.23.32.tar.gz      The USR / SRC directory will have a directory named mysql-3.23.32, which is the source code of MySQL-3.23.32. In order to continue the work behind, we need to enter this directory. CD MYSQL-3.23.32 Section 2, establishing the required groups and users to establish and install the MySQL database service for the MySQL service program, need to establish a MySQL group and a MySQL user belonging to the MySQL group. In the future, you also need them, the work is also required, and the method is as follows: GroupAdd MySQL UserAdd -g MySQL MySQL Section 3, the Run Configuration Program must be obtained and systematically related information, including compilation The thread mode supported by the system (OpenBSD is a system that supports multi-threaded systems). Therefore, you need to run the configuration program to get this information. ./configure --prefix = / usr / local / --LocalStatedir = / var / mysql / --with-low-memory / --without-bench / --without-debug   We explain the rows in the configuration program meaning. ./configure is the configuration program to be executed; - prefix = / usr / local means that the compiled MySQL database service will be installed in the / usr / local / bin directory, and the library file is installed to / usr / In the local / lib / mysql directory, the header will be installed into the / usr / local / incrude directory; - localStatedir = / var / mysql indicates that the data used by the database will be installed into the / var / mysql directory (we are installed) When OpenBSD is mentioned, if you need it, you can build a separate partition for / var / mysql is this reason, which can be easily managed); - with-low-memory This sentence is critical, no it, basically don't It is expected to be compiled above your machine unless you have more than 1GB of memory, this sentence will guide the compiler to use the exchange partition as virtual memory; - without-bench and -without-debug tell the compiler and installation scripts do not require test programs and Debug information. Ok, is it clear enough? Section IV, compile and install MySQL   This step is very simple, just execute the following command, other things are done by the computer. Because the process of compilation is long, you can drink a break in a break. Make Make Install Make Init-DB Section 5, Test MySQL   Sorry, the title of this section is a bit vague. The test here refers to whether the compilation and installation of MySQL is normal. In order to test if Mysql is compiled and installed, you need to do the following command: / usr / local / bin / safe_mysqld> / dev / null & / usr / local / bin / mysqladmin -u root password '123456' If the second The command is unscrupulous, then Mysql can be used normally.

By the way, the second order is actually a password to change the system administrator! So do you know if you need a password when using the MySQL program? Section 6, let MySQL automatically start when the system is started, we need to do some work to let MySQL start automatically when the system is started. First we modify the /etc/rc.conf file, add the following row: mysqld_flags = "", then you need to modify the / etc / rc file, find the code that starts NAMED (171 line), add the following code: IF [ "X $ {mysqld_flags}"! = X "no"]; then echo 'start mySQLD' / usr / local / bin / safe_mysqld> / dev / null & fi                             It can be passed smoothly, you need to add the following code to the /etc/rc.local file: IF ["x $ {mysqld_flags}"! = X "no"]; life / sbin / ldconfig -m / usr / local / lib / MySQL Fi fourth lesson, configure mail service   actually OpenBSD 2.8 After the system installation is complete, the mail service Sendmail is already installed. We need to find a mail service for OpenBSD to be more secure, easier to use and efficient than Sendmail, and we have selected qmail (using QMail plus vpopmail to separate system users and mail users, and use virtual mail fields. Plus Mysql can implement mail user's database port to verify, this is the reason I choose QMAIL). In the first quarter, closing Sendmail   Because Qmail as a replacement service program of Sendmail, you must work with Sendmail, so you must first close the Sendmail program. Perform the following command to close the Sendmail program being executed. Kill -9 `cat / var / run / sendmail.pid` More images of sendmail, renamed SENMAIL Create CHMOD 0 / USR / SBIN / Sendmail /usr/sbin/sendmail.old. You must modify the /etc/rc.conf file, change Sendmail_Flags to avoid the system to start when the system is restarted. Sendmail_flags = "- q 30m" is changed to Sendmail_Flags = NO 2, installing qmail   If you have been exercised in accordance with the example of the manual, then you should now access the CD-ROM, if the system has been restarted, then follow the third lesson The content of the first section is to access the CD-ROM. Enter / MNT / PACKAGES directory and install QMAIL execution code package: CD / MNT / PACKAGES PKG_ADD QMAIL-1.03.tgz will ask if you add some groups and users during installation, the default choice Y, do not change, directly The car will continue. Be sure to record QMAild's UID and Nofiles GID, because when SMTP and POP are started in later courses, they need them (for example, QmAild's UID is 2850, and Nofiles GID is 32750). Qmail is installed to / var / qmail directory. Section III, Configuring QMAIL   To configure and run require DNS correctly, if you have not configured DNS service, configure it according to the contents of the second lesson.

First, the following commands are executed to create a new Sendmail link to implement compatible with Sendmail: ln -s / var / qmail / bin / sendmail / usr / sbin / sendmail then established the foundation domain information, use the following command To do: / var / qmail / setup / config-fast 01Tech.nat   Of course, you can also set the infrastructure information through / var / qmail / setup / config, but since DNS is normal, why not use faster ways? ? Please refer to the documentation inside / var / qmail / doc. Copy the RC file and modify it to make it compatible with Sendmail: cp / var / qmail / boot / home / var / qmail / rc   Qmail defaults to use Mailbox, while Sendmail uses maildir by default, a lot of programs Written according to Sendmail rules, you need to use maildir, so you need to change the RC file, make the following changes: Mailbox is changed to Maildir Section IV, and after the QMAIL is installed, it is necessary to test whether the qmail operation is normal, execute The following command launches QMAIL service: csh -cf '/ var / null / rc &'> / dev / null &   then use the following command to view whether there is qmail-lspawn ./mAildir. If there is already, it is proved that the QMAIL service has been started normally. If not found, you need to reconfigure according to the contents of the third quarter. PS -X Section 5, automatically run the QMAIL service when the system is started, first modify the /etc/rc.conf file, add the following content: qmail_flags = "" and then modify the / etc / rc file, find the startup code of Sendmail Add the following code to the following: IF ["x $ {qmail_flags}"! = X "no"]; then echo -n 'qmail'; csh -cf '/ var / qmail / rc &'> / dev / null & Fi Fifth lesson, Isolation system users and mail users We use vpopmail to separate system users and email users, which can improve system security. And Vpopmail can also use the virtual domain name, which is the mailbox of different domain names of the same IP. In the first quarter, expand the source code package to enter the / usr / src directory, extract the VPOPMAIL-4.9.8 source package, then enter the vpopmail-4.9.8 directory: CD / USR / SRC TAR ZXVF / MNT / Packages / vPopmail -4.9.8.Tar.gz CD VPOPMAIL-4.9.8 2 In the second section, use mysql support   If your system does not provide mysql support, skip this step. Modify the VMYSQL.H file, find one of the rows of content as: #define mysql_password "gipgap"                      can access Mysql 123456: #define mysql_password "123456" Section III, Add Group and users compile and run VPopmail, requiring VPOPMAIL users belonging to the vchkpw group.

Add a group and user using the following command: GroupAdd vchkpw useeradd -g vchkpw vpopmail Section 4, prepared /etc/tcp.smtp file   To compile vpopmail, you need to have TCP.SMTP files, the default storage path is / etc directory, through generating the following command file: echo '127.0.0.:allow,RELAYCLIENT= ""'> /etc/tcp.smtp V, running the configuration program running the configuration program  configure, obtaining needed to compile the compiler, External environment and other information: ./configure --enable-default-domain = 01Tech.nat / --enable-admin-email=zenz-h@01tech.nat / --Nable-mysql = y / --enable-sqlincdir = / usr / local / --enable-sqllibdir = / usr / local / --enable-large-site = y / --enable-passwd = n / --enable-hardquota = 8000000   explanate the meaning of each item: --enable-default-domain = 01Tech.nat Specifies the default mail domain is 01Tech.nat; - Enable-admin-email=zenz-hu@01tech.nat Description Administrator's mailbox; - enable-mysql = y tells The compiler should use the MySQL database to make a password check service; - enable-sqlincdir = / usr / local and -enable-sqllibdir = / usr / local tells the compiler to find MySQL header files and library files; - Enable-Large -site = y is used to save domain information into the MySQL database, but if there is too much virtual domain, it is not appropriate to adopt this item; - enable-passwd = n tells the system not in / etc / passwd password file to find mailbox users Password; - enable-hardquota = 8000000 Limits each user's mailbox size is 8MB. Section 6, compile and install vpopmail   only a simple command, you can compile and install vpopmail: make make install-strip to the installed VPopmail in the / home / vpopmail directory. Section 7, add mail domains and changes Postmaster password   now Vpopmail has no mail domain, even if you specify the default mail domain, you need to add a mail domain by performing the following programs: / Home / vpopmail / BIN / VADDDOMAIN 01TECH.NAT will ask the password of this domain and ask for confirmation, enter 123456 as a password (remember, any password used here should not appear in practical applications, otherwise your system will Have a lot of security issues)! If you have an error prompt in this step, you are likely to re-perform this lesson.

转载请注明原文地址:https://www.9cbs.com/read-124701.html

New Post(0)