Postfix邮箱(十一)：Webmail支持FCGI和SSL

ewr21

一、增加FCGI支持
说明：为了获得优异的web效能，克服CGI不能应付大量访问及低效率的缺陷
1、安装apache的mod_fastcgi模块

1 2 3 4 5 6 7 8 9

[iyunv@mail ~]# yum install -y httpd-devel [iyunv@mail ~]# cd /usr/local/src [iyunv@mail src]# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz [iyunv@mail src]# tar zxvf mod_fastcgi-2.4.6.tar.gz [iyunv@mail src]# cd mod_fastcgi-2.4.6 [iyunv@mail mod_fastcgi-2.4.6]# cp Makefile.AP2 Makefile #搜索~httpd/build目录路径，赋值给top_dir进行安装 [iyunv@mail mod_fastcgi-2.4.6]# find / -name "build" -type d [iyunv@mail mod_fastcgi-2.4.6]# make top_dir=/usr/lib64/httpd/ install

2、查看模块是否生成

1 2	[iyunv@mail mod_fastcgi-2.4.6]# ls /etc/httpd/modules/mod_fastcgi.so /etc/httpd/modules/mod_fastcgi.so

3、安装Extmail需要的perl-FCGI模块

1	[iyunv@mail mod_fastcgi-2.4.6]# yum install perl-FCGI

4、配置虚拟主机文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14

[iyunv@mail mod_fastcgi-2.4.6]# vi /etc/httpd/conf.d/extmail.conf LoadModule fastcgi_module modules/mod_fastcgi.so         FastCgiExternalServer /usr/bin/dispatch.fcgi -host 127.0.0.1:8888 -idle-timeout 240     #ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/ Alias /extmail/cgi/ /usr/bin/dispatch.fcgi/ ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/ Alias /extman/cgi/ /usr/bin/dispatch.fcgi/           SetHandler fastcgi-script

说明：上面的/usr/bin/dispatch.fcgi并不存在，但是必须按上面的写。

5、启动
修改启动脚本：

1 2 3

[iyunv@mail mod_fastcgi-2.4.6]# vi /var/www/extsuite/extmail/dispatch-init SU_UID=vmail SU_GID=vmail

启动进程：

1 2 3 4 5 6 7 8 9 10

[iyunv@mail mod_fastcgi-2.4.6]# /var/www/extsuite/extmail/dispatch-init start [iyunv@mail mod_fastcgi-2.4.6]# echo "/var/www/extsuite/extmail/dispatch-init start" >> /etc/rc.d/rc.local [iyunv@mail mod_fastcgi-2.4.6]# service httpd restart [iyunv@mail mod_fastcgi-2.4.6]# ps aux|grep dispatch.fcgi vmail    18737  0.0  0.5 139048  5588 ?        SNs  11:00   0:00 dispatch.fcgi (master) vmail    18738  0.0  0.5 139048  5432 ?        SN   11:00   0:00 dispatch.fcgi (idle) vmail    18739  0.0  0.5 139048  5432 ?        SN   11:00   0:00 dispatch.fcgi (idle) root     18762  0.0  0.0 103256   864 pts/2    S+   11:02   0:00 grep dispatch.fcgi [iyunv@mail mod_fastcgi-2.4.6]# netstat -tnlp|grep 8888 tcp        0      0 127.0.0.1:8888              0.0.0.0:*                   LISTEN      18737/dispatch.fcgi

说明：这里没有对extman启用FCGI，因为启用后会出现一个错误，详见：
http://www.extmail.org/forum/thread-12859-1-1.html

---

二、增加SSL登陆
1、安装ssl模块

1	[iyunv@mail ~]# yum install mod_ssl

2、创建密钥、证书
（1）查看本地密钥和证书位置

1 2 3

[iyunv@mail ~]# vi /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

（2）重建本地密钥

1 2 3

[iyunv@mail ~]# cd /etc/pki/tls/private [iyunv@mail private]# rm -f localhost.key [iyunv@mail private]# openssl genrsa 1024 > localhost.key

（3）重建本地证书

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

[iyunv@mail private]# cd ../certs [iyunv@mail certs]# rm -rf localhost.crt [iyunv@mail certs]# openssl req -new -x509 -days 365 -key ../private/localhost.key -out localhost.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:zhejiang Locality Name (eg, city) [Default City]:hangzhou Organization Name (eg, company) [Default Company Ltd]:yourmail    Organizational Unit Name (eg, section) []:it Common Name (eg, your name or your server s hostname) []: Email Address []:

3、配置虚拟主机
说明：将conf.d下的extmail.conf内容移至ssl.conf中，使用SSL的443端口进行WEB连接。

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

[iyunv@mail certs]# cd /etc/httpd/conf.d [iyunv@mail conf.d]# mv extmail.conf extmail.conf.bak [iyunv@mail conf.d]# vi ssl.confLoadModule fastcgi_module modules/mod_fastcgi.so FastCgiExternalServer /usr/bin/dispatch.fcgi -host 127.0.0.1:8888 -idle-timeout 240 #在下行之上添加以上内容 #在上行之下添加以下内容 ServerName mail.yourmail.com:443 DocumentRoot /var/www/extsuite/extmail/html/ #ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/ Alias /extmail/cgi/ /usr/bin/dispatch.fcgi/      SetHandler fastcgi-script    Alias /extmail /var/www/extsuite/extmail/html/ ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/ Alias /extman /var/www/extsuite/extman/html/ SuexecUserGroup vmail vmail

注释掉根目录:
    否则错误日志中会显示File does not exist: /var/www/html/favicon.ico
    网页标签中会显示d图标（DSPAM的）

1 2	[iyunv@mail conf.d]# vi ../conf/httpd.conf #DocumentRoot "/var/www/html"

4、重启服务

1 2 3 4 5

[iyunv@mail ~]# service httpd restart [iyunv@mail ~]# iptables -I INPUT -p tcp --dport 443 -j ACCEPT [iyunv@mail ~]# service iptables save [iyunv@mail ~]# netstat -tnlp|grep 443 tcp        0      0 :::443                      :::*                        LISTEN      19691/httpd

5、访问页面
http://的页面已经无法访问了：

https://的页面会提示证书不安全，不用管，点继续浏览：

Extmail成功支持SSL，这里标签上显示的是DSPAM的图标，因为我没有将其删除导致的。

DSPAM的页面也可以使用SSL了：
而DSPAM的原页面无法看到历史数据了：