使用FreeBSD 12在家创建服务器,Web服务器部分
はじめに
FreeBSD 12を使用した自宅サーバの構築を行った。FreeBSD 12はリリースされて間もない状態ですが、カーネルに標準でVIMAGEが取り込まれDNSの外向きと、内向きを別々のシステム(jail+VIMAGE)が同一ホストで構築できることから採用することにしました。その時の構築手順を備忘録の意味も含め、具体的にいくつかに渡り説明する。
基本システム編その1
背景
基本のインストール
日本語環境の設定
基本システム編その2
セキュリティ
ftpサーバ
基本システム編その3
jail
基本システム編おわり
jail内基本システム編
基本の設定(jail1・jail2共通)
DNS編
DNSの構築におけるこれまでの問題
bind9インストール
NTPサーバ
Let’s Encrypt編
Let’s Encryptについて
certbotのインストール
各種設定
証明書の取得
Webサーバ編(この記事)
インストール(apache2.4・webalizer・php7.3・postgresql11.2・mysql8.0)
設定
メールサーバ編
インストール(cyrus-sasl・postfix・dovecot・procmail・pflogsumm・policyd-spf)
設定・起動
spfレコード送信設定
ファイルサーバ編
sambaの選択
samba3のインストール
メールサーバ編その2
概要
OpenDKIM
OpenDMARC
ClamAV (clamav-milter)
Spamassasin (spamass-milter)
安装
pkgを使い、apache2.4・php7.3・postgresql11.2・mysql8.0と最新バージョンをインストールする。
しかし、php73-pgsqlがpostgresql95に依存関係があるため、php73-pgsqlをインストールするとportgresql11が削除されpostgresql95がインストールされてしまう。そこでphp73-pgsqlはソースからmakeする必要ある。
Apacheのインストール
jail1 /root # pkg install apache24
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 7 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
apache24: 2.4.38
libnghttp2: 1.36.0
expat: 2.2.6_1
perl5: 5.28.1
pcre: 8.42_1
apr: 1.6.5.1.6.1_1
gdbm: 1.18.1
Number of packages to be installed: 7
The process will require 97 MiB more space.
21 MiB to be downloaded.
(以下省略)
安装PostgreSQL
jail1 /root # pkg install postgresql11-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
postgresql11-server: 11.2
icu: 63.1_1,1
postgresql11-client: 11.2
Number of packages to be installed: 3
The process will require 79 MiB more space.
7 MiB to be downloaded.
(以下省略)
MySQL的安装
jail1 /root # pkg install mysql80-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
mysql80-server: 8.0.14
re2: 20190101
protobuf: 3.6.1_1,1
libevent: 2.1.8_2
mysql80-client: 8.0.14
liblz4: 1.8.3,1
Number of packages to be installed: 6
The process will require 250 MiB more space.
19 MiB to be downloaded.
(以下省略)
安装PHP
jail1 /root # pkg install php73 php73-extensions php73-gd php73-mbstring php73-pear php73-gettext php73-iconv
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 38 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
php73: 7.3.2
php73-extensions: 1.0
php73-gd: 7.3.2
php73-mbstring: 7.3.2
php73-pear: 1.10.6
php73-gettext: 7.3.2
php73-iconv: 7.3.2
libargon2: 20171227_1
pcre2: 10.32
php73-session: 7.3.2
php73-opcache: 7.3.2
php73-xmlwriter: 7.3.2
php73-xmlreader: 7.3.2
php73-dom: 7.3.2
php73-xml: 7.3.2
php73-simplexml: 7.3.2
php73-ctype: 7.3.2
php73-posix: 7.3.2
php73-hash: 7.3.2
php73-filter: 7.3.2
php73-tokenizer: 7.3.2
php73-json: 7.3.2
php73-sqlite3: 7.3.2
sqlite3: 3.26.0
php73-pdo_sqlite: 7.3.2
php73-pdo: 7.3.2
php73-phar: 7.3.2
freetype2: 2.9.1
png: 1.6.36
jpeg-turbo: 2.0.1
libgd: 2.2.5_1,1
fontconfig: 2.12.6,1
webp: 1.0.2
tiff: 4.0.10
jbigkit: 2.1_1
giflib: 5.1.4
oniguruma: 6.9.0
php73-zlib: 7.3.2
Number of packages to be installed: 38
The process will require 62 MiB more space.
11 MiB to be downloaded.
(以下省略)
jail1 /root # pkg install php73-exif php73-fileinfo php73-ftp php73-pdo_mysql php73-mysqli php73-zip
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 7 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
php73-exif: 7.3.2
php73-fileinfo: 7.3.2
php73-ftp: 7.3.2
php73-pdo_mysql: 7.3.2
php73-mysqli: 7.3.2
php73-zip: 7.3.2
libzip: 1.5.1
Number of packages to be installed: 7
The process will require 6 MiB more space.
553 KiB to be downloaded.
(以下省略)
php73-pgsql・php73-pdo-pgsqlをコンパイルするためのツールのインストール
jail1 /root # pkg install m4 help2man gmake texinfo autoconf
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 10 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
m4: 1.4.18_1,1
help2man: 1.47.8_1
gmake: 4.2.1_3
texinfo: 6.5_4,1
autoconf: 2.69_2
p5-Locale-gettext: 1.07
p5-Unicode-EastAsianWidth: 1.40
p5-Locale-libintl: 1.31
p5-Text-Unidecode: 1.30
autoconf-wrapper: 20131203
Number of packages to be installed: 10
The process will require 16 MiB more space.
545 KiB to be downloaded.
(以下省略)
编译
jail1 /root # portinstall php73-pgsql php73-pdo_pgsql
[Updating the portsdb <format:bdb_btree> in /var/db/pkg ... - 32801 port entries found .........1000.........2000.........3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........11000.........12000.........13000.........14000.........15000.........16000.........17000.........18000.........19000.........20000.........21000.........22000.........23000.........24000.........25000.........26000.........27000.........28000.........29000.........30000.........31000.........32000........ ..... done]
[Reading data from pkg(8) ... - 136 packages found - done]
---> Installing 'php73-pdo_pgsql-7.3.2' from a port (databases/php73-pdo_pgsql)
---> Building '/usr/ports/databases/php73-pdo_pgsql'
===> Cleaning for php73-pdo_pgsql-7.3.2
===> License PHP301 accepted by the user
===> php73-pdo_pgsql-7.3.2 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by php73-pdo_pgsql-7.3.2 for building
===> Extracting for php73-pdo_pgsql-7.3.2
=> SHA256 Checksum OK for php-7.3.2.tar.xz.
===> Patching for php73-pdo_pgsql-7.3.2
===> php73-pdo_pgsql-7.3.2 depends on file: /usr/local/bin/phpize - found
===> php73-pdo_pgsql-7.3.2 depends on package: autoconf>0 - found
===> php73-pdo_pgsql-7.3.2 depends on file: /usr/local/lib/php/20180731/pdo.so - found
===> php73-pdo_pgsql-7.3.2 depends on shared library: libpq.so.5 - found (/usr/local/lib/libpq.so.5)
===> PHPizing for php73-pdo_pgsql-7.3.2
===> Configuring for php73-pdo_pgsql-7.3.2
(途中省略)
---> Installing 'php73-pgsql-7.3.2' from a port (databases/php73-pgsql)
---> Building '/usr/ports/databases/php73-pgsql'
===> Cleaning for php73-pgsql-7.3.2
===> License PHP301 accepted by the user
===> php73-pgsql-7.3.2 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by php73-pgsql-7.3.2 for building
===> Extracting for php73-pgsql-7.3.2
=> SHA256 Checksum OK for php-7.3.2.tar.xz.
===> Patching for php73-pgsql-7.3.2
===> php73-pgsql-7.3.2 depends on file: /usr/local/bin/phpize - found
===> php73-pgsql-7.3.2 depends on package: autoconf>0 - found
===> php73-pgsql-7.3.2 depends on shared library: libpq.so.5 - found (/usr/local/lib/libpq.so.5)
===> PHPizing for php73-pgsql-7.3.2
===> Configuring for php73-pgsql-7.3.2
(以下省略)
pkg upgradeでインストールされないようにロックする
jail1 /root # pkg lock php73-pgsql
Locking php73-pgsql-7.3.2
jail1 /root # pkg lock php73-pdo_pgsql
Locking php73-pdo_pgsql-7.3.2
webalizerのインストール
一部文字化け対策として、WEBALIZER_CONVオプションを追加するため、portsからインストールする。
jail1 /root # portinstall japanese/webalizer
[Updating the portsdb <format:bdb_btree> in /var/db/pkg ... - 32801 port entries found .........1000.........2000.........3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........11000.........12000.........13000.........14000.........15000.........16000.........17000.........18000.........19000.........20000.........21000.........22000.........23000.........24000.........25000.........26000.........27000.........28000.........29000.........30000.........31000.........32000........ ..... done]
[Reading data from pkg(8) ... - 138 packages found - done]
---> Installing 'ja-webalizer-2.23.8_10' from a port (japanese/webalizer)
---> Building '/usr/ports/japanese/webalizer'
===> Cleaning for ja-webalizer-2.23.8_10
设置和启动
折角最新バージョンにした、eventMPMをphp-fpmにより連携する。
Apache的配置
用宣言
apache24_enable="YES"
服务器信息
ServerRoot "/usr/local"
Listen 80
<IfModule unixd_module>
User www
Group www
</IfModule>
ServerAdmin hoge@example.jp
ServerName www.example.jp:80
添加模块
mpm関連・php-fpm関連とssl関連のモジュール追加削除して、機能を追加する
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
结果如下(包括注释部分)。
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
#LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
#LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
LoadModule proxy_module libexec/apache24/mod_proxy.so
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so
#LoadModule http2_module libexec/apache24/mod_http2.so
#LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
#LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
#LoadModule rewrite_module libexec/apache24/mod_rewrite.so
添加DirectoryIndex。
ディレクトリーを参照されたときにindex.htmlに加えてindex.phpも参照するようにする。今回は、index.phpが優先されるようにする。
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
php-fpm連携
当调用php脚本时,使用php-fpm进行处理。
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>
Directoryアクセス設定
如果目录下没有index.php或index.html文件,则禁止显示文件。允许通过.htaccess文件进行覆写。
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Files ".ht*">
Require all denied
</Files>
日志保存设置
1日に一回、ログのローテーションを行う。タイムゾーンが+9のためオフセット(分設定)を+540と設定する
webalizerにリファーの情報を与えるため、フォーマットをcombinedにする。
ErrorLog "| /usr/local/sbin/rotatelogs /var/log/httpd/httpd-error%Y%m%d.log 86400 +540"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "| /usr/local/sbin/rotatelogs /var/log/httpd/httpd-access%Y%m%d.log 86400 +540" combined
</IfModule>
cgi設定
今回は未使用のためデフォルトのままで設定する
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/www/apache24/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
设置支持HTTP请求头。
因为没有完全理解,所以保持默认设置。
<IfModule headers_module>
RequestHeader unset Proxy early
</IfModule>
打扮成默劇演員。
保持默认设置使用
<IfModule mime_module>
TypesConfig etc/apache24/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
SSL设置
Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
因为使用了Webalizer,所以将日志记录在同一个日志文件中。同时,使用rotatelogs实用工具,即使日志文件名相同也不会导致错误。
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/apache24/data"
ServerName www.example.jp:443
ServerAdmin hoge@example.jp
ErrorLog "| /usr/local/sbin/rotatelogs /var/log/httpd/httpd-ssl_error%Y%m%d.log 86400 +540"
#TransferLog "/var/log/httpd-access.log"
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/example.jp/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/example.jp/privkey.pem"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#CustomLog "| /usr/local/sbin/rotatelogs /var/log/httpd/httpd-ssl_request%Y%m%d.log 86400 +540" \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
CustomLog "| /usr/local/sbin/rotatelogs /var/log/httpd/httpd-access%Y%m%d.log 86400 +540" combined
</VirtualHost>
Apache的启动
ログを保存するディレクトリーを作成し、開始する。
jail1 /root # mkdir /var/log/httpd
jail1 /root # service apache24 start
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
php-fpm的配置
运用声明
php_fpm_enable="YES"
将/usr/local/etc/php.ini-production复制到php.ini中,并添加以下行
date.timezone = Asia/Tokyo
启动php-fpm
jail1 /root # service php-fpm start
Performing sanity check on php-fpm configuration:
[24-Feb-2019 16:54:42] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful
Starting php_fpm.
Webalizer的设置
复制雏形
jail1 /root # cd /usr/local/etc
jail1 /usr/local/etc # cp ja-webalizer.conf-dist ja-webalizer.conf
我已经进行了以下的更改和添加。
OutputDir /usr/local/www/apache24/data/access_log/
HistoryName webalizer.hist
Incremental yes
IncrementalName webalizer.current
HostName www.example.jp
PageType php
DNSCache dns_cache.db
DNSChildren 5
ReallyQuiet no
IgnoreSite 192.168.1.*
IgnoreURL /access_log/*
创建输出目录
jail1 /root # mkdir /usr/local/www/apache24/data/access_log/
由于日志文件名是动态变化的,因此需要按照以下方式编写脚本并使用cron进行创建。
日志文件将以前一天的创建日期为目标。
#!/bin/sh
#Webalizer for an apache logfile of date format.
log="/var/log/httpd/httpd-access"`date -v -1d +%Y%m%d`".log"
/bin/echo $log
/usr/local/bin/ja-webalizer ${log}
45 1 * * * root /usr/local/sbin/webalizer.sh
postgresqlの設定
用宣言表达
postgresql_enable="YES"
postgresql_data="/var/db/postgres/data11"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=EUC_JP --lc-collate=C"
初始化PostgreSQL数据库
由于qjail的默认配置(/usr/local/etc/qjail.config/*)无法操作共享内存(system V IPC资源),因此会出现以下错误。
running bootstrap script ... FATAL: could not create shared memory segment: Function not implemented
因此,为了允许共享内存操作,需要在server1:/usr/local/etc/qjailconfig/jail1中添加以下行并重新启动jail(已修改基本系统部分3)。
allow.sysvipc = "1";
jail1 /root # service postgresql initdb
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "C".
The default text search configuration will be set to "english".
Data page checksums are disabled.
creating directory /var/db/postgres/data10 ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
/usr/local/bin/pg_ctl -D /var/db/postgres/data10 -l logfile start
这次不考虑外部连接,所以不需要更改/var/db/postgres/data10/pg_hba.conf。
启动PostgreSQL。
jail1 /root # service postgresql start
2019-02-24 17:33:58.690 JST [4500] LOG: listening on IPv6 address "::1", port 5432
2019-02-24 17:33:58.691 JST [4500] LOG: listening on IPv4 address "127.0.0.1", port 5432
2019-02-24 17:33:58.692 JST [4500] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2019-02-24 17:33:58.697 JST [4500] LOG: ending log output to stderr
2019-02-24 17:33:58.697 JST [4500] HINT: Future log output will go to log destination "syslog".
添加用户
jail1 /root # createuser -U postgres www
创建数据库
jail1 /root # createdb -U postgres -O www www
确认
jail1 /root # psql -U www
psql (11.2)
Type "help" for help.
www=> \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+---------+-------+-----------------------
postgres | postgres | EUC_JP | C | C |
template0 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
www | www | EUC_JP | C | C |
(4 rows)
www=> \q
MySQL的配置
运用宣言
mysql_enable="YES"
mysql_dbdir="/var/db/mysql/data"
指定认证插件
[mysqld]
default_authentication_plugin = mysql_native_password
MySQL的启动
jail1 /root # service mysql-server start
Starting mysql.
请设置密码(请指定要设置为********的密码)。
jail1 /root # mysqladmin password ******** -u root
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
