1. Trang chủ
  2. » Công Nghệ Thông Tin

Professional Information Technology-Programming Book part 131 pdf

5 217 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 30,46 KB

Nội dung

 mod_log_agent  mod_speling  mod_auth_db  mod_digest  mod_log_referer  mod_unique_id  mod_auth_dbm  mod_expires  mod_mime_magic  mod_usertrack  mod_auth_digest  mod_headers  mod_mmap_static  mod_vhost_alias  mod_ssl If you need to add more modules, you can do so through the Ports tree, generally in the /usr/ports/www directory. You can start the Apache HTTP daemon manually by typing apachectl start and pressing Enter. If you'd like to start it at boot time automatically, edit the /etc/rc.conf file and replace the NO with "" in this line: httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8)) Obviously if you need to use mod_ssl, you need to use the -DSSL flag inside the quotes. See the httpd manpage for more information on loading extra modules here. Specific Apache modules may have their own manpages as well. By default, Apache runs in a chrooted environmentin other words, Apache operates as though nothing exists outside of the ServerRoot, which is by default /var/www. So if you have extra Apache modules installed that need to use programs or configuration files in any directory outside of /var/www and its subdirectories, then they will not be able to function properly. More details are available in the httpd manpage, but if you just need to get this working right now by eliminating the chroot jail, start Apache with the -u flag, either from the command line, or in the quotes in the previously mentioned Apache section of /etc/rc.conf. Circumventing the chroot jail will make your system less secure if Apache is compromised. For optimal security, the www user should not be able to write to any files or directories in ServerRoot. The Apache 1.3 configuration files are kept not in /etc, but in /var/www/conf/. You should look over httpd.conf and adjust it for optimal performance on your computer. By default, the settings may be a little too limited for web sites that get thousands of visitors per day. 7.3. Databases No databases are installed by default in OpenBSD, but you can find MySQL, SQLite, and PostgreSQL in /usr/ports/databases along with several database- specific Perl modules and other extras and add-ons. 7.3.1. MySQL Once installed, you can find the global MySQL configuration in /etc/my.cnf, but if you want to set server-specific configuration options, you can create an override my.cnf in /var/mysql. User-specific configurations can be stored in each user's home directory. Be warned that the default my.cnf is designed for old, low-power, low-memory servers and does not scale well under moderately heavy loads. This is more or less the standard default configuration for MySQL, though, so if you've configured it before, you should already know what you're doing. To make mysqld start automatically at boot time, add these lines (or something similar that fits your needs) to /etc/rc.conf.local: if [ -x /usr/local/bin/mysqld_safe ]; then echo -n ' mysql'; /usr/local/bin/mysqld_safe & fi 7.3.2. SQLite There are two versions of SQLite available for OpenBSD: 2.8.17 and 3.3.6, and they can be installed from /usr/ports/sqlite and /usr/ports/sqlite3, respectively. The sqlite or sqlite3 executable is located in /usr/local/bin, and there is no configuration file because SQLite is by definition "zero-configuration." 7.3.3. PostgreSQL You can install the PostgreSQL client via Ports from /usr/ports/databases/postgresql, but if you want the server and documentation, you'll have to add them yourself: pkg_add postgresql-server postgresql-docs Automatically starting and stopping PostgreSQL is not quite as easy. Add these lines to /etc/rc.local to start it at boot time (that's one line between the if and the fi, not two, so be careful when you copy and paste this text): if [ -x /usr/local/bin/pg_ctl ]; then su -l _postgresql -c "nohup /usr/local/bin/pg_ctl start -D /var/postgresql/data -l /var/postgresql/logfile -o '-D /var/postgresql/data'" echo -n ' postgresql' fi And to automatically shut it down cleanly when the system shuts down, add these lines (this time it's two lines between the if and the fi) to /etc/rc.shutdown: if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c "/usr/local/bin/pg_ctl stop -m fast -D /var/postgresql/data" rm -f /var/postgresql/data/postmaster.pid fi You can find the PostgreSQL configuration files in /var/postgresql/data/. By default, the system is not tuned to accept a large number of database connections, so you'll have to modify some kernel parameters if you're expecting a fair amount of database usage. Check out the documentation in the /usr/local/share/doc/postgresql directory for more details. Of particular interest is the README.OpenBSD file, which has the aforementioned advice on system tuning for PostgreSQL. 7.4. Mail Transfer Agents OpenBSD has a security-audited version of Sendmail built into the base system, but it does support Postfix as well. The configuration procedures are detailed below. 7.4.1. Sendmail This is the default MTA on OpenBSD; it's actually part of the base system, and thus has undergone extensive security auditing and includes OpenBSD-specific patches. In other words, it may differ technologically from Sendmail implementations on other operating systems, but in terms of functionality it should be largely the same as what you're used to elsewhere. Unless you have a really good reason to use a different MTA, you should probably stick with Sendmail because of its integration with the operating system and the fact that it has OpenBSD's stellar reputation for security behind it. Sendmail is also the most thoroughly documented MTA for OpenBSD, so if you're new to Unix-like mail servers, it will probably be easier for you to set up and use Sendmail than any other MTA. The Sendmail configuration files are in /etc/mail, but that's not where you should change them. If you want to generate configuration files (.cf files), you need to go to /usr/share/sendmail/cf and edit the .mc files that are appropriate to your situation. For most people, this should be openbsd-proto.mc, though to be sure that you do everything right the first time around, you should definitely read the sendmail manpage and maybe the relevant sections of the /usr/share/sendmail/README file as well. If you wish to use TLS, see the starttls manpage for details, and make sure you uncomment the TLS-specific sections of openbsd-proto.mc before you create your .cf files. Sendmail is ordinarily started through /etc/rc.conf and is not configured to accept incoming network traffic by default, so you'll have to change the sendmail_flags setting to whatever you need it to be to work with your network configuration (an example is given in a comment in rc.conf, and all relevant flags are explained in the sendmail manpage). 7.4.2. Postfix Postfix can be installed from /usr/ports/mail/postfix, but you'll have to hack the Makefile first so that you can specify which authentication method you want: local (just plain Postfix), LDAP, SASL2, or MySQL. Regardless of which package you choose, the configuration files will be kept in /etc/postfix. Next you need to replace OpenBSD's Sendmail implementation with Postfix's by running this command: /usr/local/sbin/postfix-enable (You can of course switch back to OpenBSD's Sendmail by running postfix- disable.) Next you have to stop the cron job that runs sendmail every 30 minutes and change the daemon startup options: 1. Edit the root account's cron table (you must be logged in as root): 2. crontab -e 3. Comment out or delete the line below this comment: 4. # sendmail clientmqueue runner 5. Save and exit the cron table; then edit /etc/rc.conf and change the sendmail_flags line to this: 6. sendmail_flags="-bd -q30m" 7. Since Postfix runs chrooted in the /var/spool/postfix directory, you may want to modify some of the files there, specifically in /var/spool/postfix/etc. 7.5. Mail Delivery Agents . use mod_ssl, you need to use the -DSSL flag inside the quotes. See the httpd manpage for more information on loading extra modules here. Specific Apache modules may have their own manpages. Check out the documentation in the /usr/local/share/doc/postgresql directory for more details. Of particular interest is the README.OpenBSD file, which has the aforementioned advice on system tuning. procedures are detailed below. 7.4.1. Sendmail This is the default MTA on OpenBSD; it's actually part of the base system, and thus has undergone extensive security auditing and includes OpenBSD-specific

Ngày đăng: 07/07/2014, 03:20