一.要求
二.做实验
2.1配置百度网站
1在虚拟机上建库,进入/etc/yum.repos.d/目录,编辑 baser.repo 配置文件
[baseos]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appTream
baseurl=/mnt/AppStream
gpgcheck=0
2 在虚拟机上安装 httpd 包.
mount /dev/sr0 /mnt
dnf install httpd -y #安装 httpd 包
3 配置host.conf 配置文件
<directory /www>
allowoverride none
require all granted
</directory /www>
<virtualhost 192.168.118.136:443>
servername www.baidu.com
documentroot /www/baidu
ErrorLog “logs/error_baidu_log”
CustomLog “logs/error_baidu_log” combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/baidu.crt
SSLCertificateKeyFile /etc/pki/tls/private/baidu.key
4自定义网站内容
mkdir /www/baidu -p
echo “It’s this www.baidu.com” > /www/baidu/index.html
5.证书加密
cd /etc/pki/tls/certs #进入其配置文件
rz #使用 rz 命令将 MakeFile 文件放在此路径下,若没有 MakeFile 文件可使用wget http://www.kittod.com/Makefile命令即可下载
dnf install make -y #下载make包
make baidu.crt #使用 make 命令制作证书
dnf install mod_ssl -y #安装 https 模块
mv baidu.key …/private/ #把钥匙移到默认路径
6.将本地ip改为百度ip
192.168.223.133 www.baidu.com #本地主机IP地址
192.168.223.133 www2.baidu.com
7.关闭防火墙
setenforce 0 #关闭权限
systemctl stop httpd #关闭防火墙
systemctl restart httpd #重启服务
8.查看是否创建成功
curl -k https://www.baidu.com
curl -k https://www2.baidu.com
三.创建百度邮件服务器
3.1 安装邮件服务器相关软件,并编辑 postfix 服务的主配置文件
dnf install postfix mailx -y #安装 postfix、mailx包
vim /etc/postfix/main.cf #编辑 postfix 服务的主配置文件
(1)
92 # other configuration parameters.
93 #
94 #myhostname = virtual.domain.tld
95 myhostname = mail.baidu.com
96 # The mydomain parameter specifies the local internet domain name.
(2)
100 # parameters.
101 #
102 mydomain = baidu.com
104 # SENDING MAIL
105 #
106 # The myorigin parameter specifies the domain that locally-posted
(3)
115 # to recipient addresses that have no @domain part.
116 #
117 #myorigin = $myhostname
118 myorigin = $mydomain
120 # RECEIVING MAIL
(4)
130 # Note: you need to stop/start Postfix when this parameter changes.
131 #
132 inet_interfaces = all
152 # The mydestination parameter specifies the list of domains that this
153 # machine considers itself the final destination for.
(5)
183 mydestination =
m
y
h
o
s
t
n
a
m
e
,
l
o
c
a
l
h
o
s
t
.
myhostname, localhost.
myhostname,localhost.mydomain, localhost, $mydomain
(6)
283 mynetworks = 192.168.118.0/24, 127.0.0.0/8
(7)
315 relay_domains = $mydestination
3.2邮件认证收发配置
dnf install cyrus-sasl dovecot sasl -y #安装cyrus-sasl dovecot sasl包
vim /etc/postfix/main.cf # 编辑postfix 主配置文件,在末尾追加如下内容
broken_sasl_auth_clients = yes #启用 SASL 对客户端进行认证
smtpd_sasl_auth_enable = yes #启用 SASL 认证
smtpd_sasl_security_options = noanonymous #禁用匿名用户
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination #定义收件人限定
vim /etc/dovecot/dovecot.conf # 编辑 dovecot 配置文件
(1)
24 #protocols = imap pop3 lmtp submission
25 protocols = imap pop3 lmtp
45 # Space separated list of trusted network ranges. Connections from these
46 # IPs are allowed to override their IP addresses and ports (for logging and
(2)
48 # these networks. Typically you’d specify your IMAP proxy servers here.
49 #login_trusted_networks =
50 login_trusted_networks = 192.168.118.0/24
vim /etc/dovecot/conf.d/10-mail.conf
26 # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
27 #
28 # <doc/wiki/MailLocation.txt>
29 #
30 #mail_location =
31 mail_location = mbox:~/mail:INBOX=/var/mail/%u
3.3邮件加密
创建密钥
**cd /etc/postfix/
openssl req -new -x509 -nodes -out smtpd.pem -keyout
smtpd.pem -days 3650
编辑 foxmail 客户端的服务器配置:
Generating a RSA private key
.+++++
…+++++
writing new private key to ‘smtpd.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:chongqing
Locality Name (eg, city) [Default City]:yongchuan
Organization Name (eg, company) [Default Company Ltd]:chengke
Organizational Unit Name (eg, section) []:xuexizhongxin
Common Name (eg, your name or your server’s hostname) []:mail.xixi.com
Email Address []:admin@xixi.com**
3.4主配置文件
[root@baidu postfix]# vim /etc/postfix/main.cf #在末尾添加以下配置
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
3.5功能配置文件
[root@baidu postfix]# vim /etc/postfix/master.cf
29 smtps inet n - n - - smtpd
30 # -o syslog_name=postfix/smtps
31 -o smtpd_tls_wrappermode=yes
32 -o smtpd_sasl_auth_enable=yes
3.6重启服务
[root@baidu postfix]# systemctl restart postfix
[root@baidu postfix]# systemctl restart saslauthd
[root@baidu postfix]# systemctl restart dovecot
3.7创建用户来收发邮件
**useadd xixi
passwd 123456
useadd redhat
passwd 123456
useadd haha
passwd 123456
vim /etc/aliases #修改别名数据库
在最后一行添加 workgroup:xixi,haha,redhat
发邮件
[root@baidu ~]# mail xixi@baidu.com
Subject: asdwada
awdwda
EOT
切换到 haha 用户查看邮件
[root@baidu ~]# su – haha
[haha@baidu ~]$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
“/var/spool/mail/maomao”: 1 message
1 root Mon Oct 25 17:57 21/624 “test03”
xixi 和 haha 两个用户会同时收到该邮件**
ok,这样第一台虚拟机就配置完成了。
四、新建第二台虚拟机,并对第二台虚拟机进行QQ网站服务配置
配置如上文所示
五、编辑百度和QQ的DNS服务配置
5.1配置文件
vim /etc/named.conf
options {
listen-on port 53 { 192.168.118.136; };
directory “/var/named”;
};
zone “baidu.com” IN {
type master;
file “named.baidu.com”;
};
zone “qq.com” IN {
type master;
file “named.qq.com”;
};
vim /var/named/named.baidu.com
$TTL 1D
@ IN SOA @ admin.baidu.com. (
0
4
2
8
12)
IN NS ns.baidu.com.
IN MX 10 mail.baidu.com.
ns IN A 192.168.118.136
mail IN A 192.168.118.136
www IN A 192.168.132.164
www IN A 192.168.132.155
ftp IN CNAME www
vim /var/named/named.qq.com
$TTL 1D
@ IN SOA @ admin.qq.com. (
0
4
5
8
12)
IN NS ns.qq.com.
IN MX 10 mail.qq.com.
ns IN A 192.168.118.136
mail IN A 192.168.132.12
www IN A 192.168.132.65
www IN A 192.168.132.99
ftp IN CNAME www
5.2解析
dig -t MX baidu.com @192.168.118.136
5.3查看本地dns
nmcli device show | grep DNS
5.4配置第二胎虚拟机的dns
nmcli connection modify ens160 ipv4.addresses 192.168.132.22/24
nmcli connection modify ens160 ipv4.method manual
nmcli connection modify ens160 connection.autoconnect yes
nmcli connection modify ens160 ipv4.dns 192.168.132.33
nmcli connection up ens160
六.创建dhcp固定IP地址
host baidu {
hardware ethernet 00:0C:29:7F:32:06;
fixed-address 192.168.223133; }
host qq {
hardware ethernet 00:0c:29:7f:32:10;
fixed-address 192.168.223.130; }