Postfix邮箱(十一):Webmail支持FCGI和SSL
一、增加FCGI支持
说明:为了获得优异的web效能,克服CGI不能应付大量访问及低效率的缺陷
1、安装apache的mod_fastcgi模块
[root@mail ~]# yum install -y httpd-devel [root@mail ~]# cd /usr/local/src [root@mail src]# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz [root@mail src]# tar zxvf mod_fastcgi-2.4.6.tar.gz [root@mail src]# cd mod_fastcgi-2.4.6 [root@mail mod_fastcgi-2.4.6]# cp Makefile.AP2 Makefile #搜索~httpd/build目录路径,赋值给top_dir进行安装 [root@mail mod_fastcgi-2.4.6]# find / -name "build" -type d [root@mail mod_fastcgi-2.4.6]# make top_dir=/usr/lib64/httpd/ install
2、查看模块是否生成
[root@mail mod_fastcgi-2.4.6]# ls /etc/httpd/modules/mod_fastcgi.so /etc/httpd/modules/mod_fastcgi.so
3、安装Extmail需要的perl-FCGI模块
[root@mail mod_fastcgi-2.4.6]# yum install perl-FCGI
4、配置虚拟主机文件
[root@mail mod_fastcgi-2.4.6]# vi /etc/httpd/conf.d/extmail.conf LoadModule fastcgi_module modules/mod_fastcgi.so <Ifmodule mod_fastcgi.c> FastCgiExternalServer /usr/bin/dispatch.fcgi -host 127.0.0.1:8888 -idle-timeout 240 </Ifmodule> <VirtualHost *:80> #ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/ Alias /extmail/cgi/ /usr/bin/dispatch.fcgi/ ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/ Alias /extman/cgi/ /usr/bin/dispatch.fcgi/ <Location "/extman/cgi"> SetHandler fastcgi-script </Location> </VirtualHost>
说明:上面的/usr/bin/dispatch.fcgi并不存在,但是必须按上面的写。
5、启动
修改启动脚本:
[root@mail mod_fastcgi-2.4.6]# vi /var/www/extsuite/extmail/dispatch-init SU_UID=vmail SU_GID=vmail
启动进程:
[root@mail mod_fastcgi-2.4.6]# /var/www/extsuite/extmail/dispatch-init start [root@mail mod_fastcgi-2.4.6]# echo "/var/www/extsuite/extmail/dispatch-init start" >> /etc/rc.d/rc.local [root@mail mod_fastcgi-2.4.6]# service httpd restart [root@mail mod_fastcgi-2.4.6]# ps aux|grep dispatch.fcgi vmail 18737 0.0 0.5 139048 5588 ? SNs 11:00 0:00 dispatch.fcgi (master) vmail 18738 0.0 0.5 139048 5432 ? SN 11:00 0:00 dispatch.fcgi (idle) vmail 18739 0.0 0.5 139048 5432 ? SN 11:00 0:00 dispatch.fcgi (idle) root 18762 0.0 0.0 103256 864 pts/2 S+ 11:02 0:00 grep dispatch.fcgi [root@mail mod_fastcgi-2.4.6]# netstat -tnlp|grep 8888 tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 18737/dispatch.fcgi
说明:这里没有对extman启用FCGI,因为启用后会出现一个错误,详见:
http://www.extmail.org/forum/thread-12859-1-1.html
二、增加SSL登陆
1、安装ssl模块
[root@mail ~]# yum install mod_ssl
2、创建密钥、证书
(1)查看本地密钥和证书位置
[root@mail ~]# vi /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
(2)重建本地密钥
[root@mail ~]# cd /etc/pki/tls/private [root@mail private]# rm -f localhost.key [root@mail private]# openssl genrsa 1024 > localhost.key
(3)重建本地证书
[root@mail private]# cd ../certs [root@mail certs]# rm -rf localhost.crt [root@mail certs]# openssl req -new -x509 -days 365 -key ../private/localhost.key -out localhost.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:zhejiang Locality Name (eg, city) [Default City]:hangzhou Organization Name (eg, company) [Default Company Ltd]:yourmail Organizational Unit Name (eg, section) []:it Common Name (eg, your name or your server s hostname) []: Email Address []:
3、配置虚拟主机
说明:将conf.d下的extmail.conf内容移至ssl.conf中,使用SSL的443端口进行WEB连接。
[root@mail certs]# cd /etc/httpd/conf.d [root@mail conf.d]# mv extmail.conf extmail.conf.bak [root@mail conf.d]# vi ssl.confLoadModule fastcgi_module modules/mod_fastcgi.so <Ifmodule mod_fastcgi.c> FastCgiExternalServer /usr/bin/dispatch.fcgi -host 127.0.0.1:8888 -idle-timeout 240 </Ifmodule> #在下行之上添加以上内容 <VirtualHost _default_:443> #在上行之下添加以下内容 ServerName mail.yourmail.com:443 DocumentRoot /var/www/extsuite/extmail/html/ #ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/ Alias /extmail/cgi/ /usr/bin/dispatch.fcgi/ <Location "/extmail/cgi"> SetHandler fastcgi-script </Location> Alias /extmail /var/www/extsuite/extmail/html/ ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/ Alias /extman /var/www/extsuite/extman/html/ SuexecUserGroup vmail vmail
注释掉根目录:
否则错误日志中会显示File does not exist: /var/www/html/favicon.ico
网页标签中会显示d图标(DSPAM的)
[root@mail conf.d]# vi ../conf/httpd.conf #DocumentRoot "/var/www/html"
4、重启服务
[root@mail ~]# service httpd restart [root@mail ~]# iptables -I INPUT -p tcp --dport 443 -j ACCEPT [root@mail ~]# service iptables save [root@mail ~]# netstat -tnlp|grep 443 tcp 0 0 :::443 :::* LISTEN 19691/httpd
5、访问页面
http://的页面已经无法访问了:
https://的页面会提示证书不安全,不用管,点继续浏览:
Extmail成功支持SSL,这里标签上显示的是DSPAM的图标,因为我没有将其删除导致的。
而DSPAM的原页面无法看到历史数据了:
本文出自 “月晴星飞” 博客,请务必保留此出处http://ywzhou.blog.51cto.com/2785388/1594601
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。