Step 2: a. Config Static IP: 192.168.1.10 + Default gateway + DNS server ping yahoo.com ok! b. Synchonoirous Time: yum install -y ntp* ntpdate time.nist.gov c. Disable FireWall + SeLinux d. Config hostname [vim /etc/sysconfig/network] NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=server.hbn.local GATEWAY=192.168.1.1 [vim /etc/hosts] 192.168.1.10 server.hbn.local server 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 Step 3: Install DNS-Bind a. yum -y install bind caching-nameserver b. Test [vim /etc/named.conf] options { directory "/var/named"; forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 2 10.245.0.58; 208.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;}; }; zone "localdomain" IN { type master; file "localdomain.zone"; }; zone "localhost" IN { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; }; [vim /etc/resolv.conf] #Edit DNS server nameserver 192.168.1.10 nameserver 192.168.1.1 [/etc/init.d/named start] #Test Starting named: [ OK ] c. Config: [vim /var/named/192.168.1.0.db] $TTL 86400 @ IN SOA hbn.local. root.hbn.local. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns1.hbn.local. 10 IN PTR dns.hbn.local. [vim /var/named/hbn.local.db] $TTL 14400 @ IN SOA root.hbn.local. hostmaster.hbn.loca l. ( 2009102800 14400 3600 1209600 86400 ) IN NS hbn.local. IN NS hbn.local. ftp IN A 192.168.1.10 hbn.local. IN A 192.168.1.10 localhost IN A 127.0.0.1 mail IN A 192.168.1.10 pop IN A 192.168.1.10 smtp IN A 192.168.1.10 www IN A 192.168.1.10 hbn.local. IN MX 10 mail hbn.local. 14400 IN TXT "v=spf1 a mx ip4:192.168.1 .10 ~all" [vim /etc/named.conf] #Add below zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.0.db"; }; zone "hbn.local" { type master; file "hbn.local.db"; };
nslookup hbn.local #Test
chkconfig named on Step 4: Apache with PHP, SSL a. Install yum -y install httpd php php-mbstring php-pear mod_ssl php-gd service httpd start chkconfig httpd on b. Config [vim /etc/httpd/conf/httpd.conf] ServerTokens Prod // line 44: change KeepAlive On // line 74: change to ON ServerAdmin root@hbn.local // line 250: Admin's add ress ServerName www.hbn.local:80 // line 264: ser ver's name Options FollowSymLinks // line 319: cha nge (disable Indexes) AllowOverride All // line 326: change #UserDir disable // line 354: mak e it comment UserDir public_html // line 361: make valid // line 369 - 380 : remove # and make valid <Directory /home/*/public_html> AllowOverride All // change Options None <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory> // line 390: add file name that it can access only with director y's name DirectoryIndex index.html index.php ServerSignature Off // line 523: change ########################################################## cd /var/www/html echo "Test hbn.local" > index.html echo "<?php print Date("Y/m/d"); ?>" > index.php c. SSL cd /etc/pki/tls/certs make server.key openssl rsa -in server.key -out server.key make server.csr openssl x509 -in server.csr -out server.crt -req -signkey server .key -days 3650 chmod 400 server.* [vim /etc/httpd/conf.d/ssl.conf] DocumentRoot "/var/www/html" // line 84: make valid ServerName www.hbn.local:443 // line 85: make valid and change SSLCertificateFile /etc/pki/tls/certs/server.crt // line 112: change SSLCertificateKeyFile /etc/pki/tls/certs/server.key // line 119: change service httpd restart https://192.168.1.10 d. Virtual Hosting Reg one account in no-ip.org. My domain: http://namhb.no-ip.org/ Use client to update your ip. Edit DNS: Create like hbn.local. [/etc/named.conf] Add bellow zone "namhb.no-ip.org" IN { type master; file "namhb.no-ip.org.hb"; }; [/var/named/namhb.no-ip.org.hb] $TTL 14400 @ IN SOA root.namhb.no-ip.org. hostmaster.na mhb.no-ip.org. ( 2009102800 14400 3600 1209600 86400 ) IN NS namhb.no-ip.org. IN NS namhb.no-ip.org. ftp IN A 192.168.1.10 namhb.no-ip.org. IN A 192.168.1.10 localhost IN A 127.0.0.1 mail IN A 192.168.1.10 pop IN A 192.168.1.10 smtp IN A 192.168.1.10 www IN A 192.168.1.10 namhb.no-ip.org. IN MX 10 mail namhb.no-ip.org. 14400 IN TXT "v=spf1 a mx ip4:192 .168.1.10 ~all" Add user: useradd hbn mkdir /home/hbn/public_html [/etc/httpd/conf.d/httpd.conf] NameVirtualHost *:80 // line 971: make valid <VirtualHost *:80> // bottom: add these lin es DocumentRoot /var/www/html ServerName www.hbn.local ErrorLog logs/hbn.local-error_log CustomLog logs/hbn.local-access_log common </VirtualHost> <VirtualHost *:80> DocumentRoot /home/hbn/public_html SuexecUserGroup hbn hbn ServerName namhb.no-ip.org ErrorLog logs/namhb.no-ip.org-error_log CustomLog logs/namhb.no-ip.org-access_log common </VirtualHost> Similar like https 443 [/etc/httpd/conf.d/ssl.conf] NameVirtualHost *:443 <VirtualHost *:443> // line 81: change SuexecUserGroup hbn hbn // add in the bottom of the file: configuration for namh b.no-ip.org for SSL <VirtualHost *:443> DocumentRoot "/home/cent/public_html" ServerName namhb.no-ip.org:443 ErrorLog logs/namhb.no-ip.org_ssl_error_log TransferLog logs/namhb.no-ip.org_ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+ HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/certs/server. key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b " </VirtualHost> e. Finish: /etc/rc.d/init.d/httpd restart Step 5: FTP Server: a. Install vsftpd: yum -y install vsftpd b. Config [/etc/vsftpd/vsftpd.conf] anonymous_enable=NO // line 12: no anonymous ascii_upload_enable=YES // line 79: make valid ascii_download_enable=YES //(permit ascii mode transfer) chroot_list_enable=YES // line 94: make valid chroot_list_file=/etc/vsftpd/chroot_list // line 96: make valid ls_recurse_enable=YES // line 102: make valid chroot_local_user=YES // bottom: enable chroot local_root=public_html // root directory use_localtime=YES // use local time [/etc/vsftpd/chroot_list] //Add user you permit. User hbn hbn e. Finish: /etc/rc.d/init.d/vsftpd start chkconfig vsftpd on Step 6: Install Mail. a. Install: yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus- sasl-md5 cyrus-sasl-plain postfix dovecot b. Config: postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenti cated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' postconf -e 'mynetworks = 127.0.0.0/8' [/usr/lib/sasl2/smtpd.conf] pwcheck_method: saslauthd mech_list: plain login Generation keys: mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -o ut smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 Then: postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server.hbn.local' [ /etc/dovecot.conf] .. protocols = imap imaps pop3 pop3s .. postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart chkconfig --levels 235 sendmail off chkconfig --levels 235 postfix on chkconfig --levels 235 saslauthd on chkconfig --levels 235 dovecot on /etc/init.d/sendmail stop /etc/init.d/postfix start /etc/init.d/saslauthd start /etc/init.d/dovecot start c. Virtual Hosting [/etc/postfix/main.cf] mydestination = /etc/postfix/local-host-names [/etc/postfix/local-host-names] localhost localhost.localdomain server.hbn.local hbn.local namhb.no-ip.org [/etc/postfix/virtualusesrtb] hbn@hbn.local root hbn@namhb.no-ip.org hbn postmap /etc/postfix/virtualusesrtb Finish my tutorial.