If you'd like to start it at boot time automatically, edit the /etc/rc.conf file and replace the NO with "" in this line: httpd_flags=NO # for normal use: "" or "-DSSL" after reading ssl
Trang 1 mod_log_agent
mod_speling
mod_auth_db
mod_digest
mod_log_referer
mod_unique_id
mod_auth_dbm
mod_expires
mod_mime_magic
mod_usertrack
mod_auth_digest
mod_headers
mod_mmap_static
mod_vhost_alias
mod_ssl
If you need to add more modules, you can do so through the Ports tree, generally in the /usr/ports/www directory
You can start the Apache HTTP daemon manually by typing apachectl start and pressing Enter If you'd like to start it at boot time automatically, edit the
/etc/rc.conf file and replace the NO with "" in this line:
httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8))
Obviously if you need to use mod_ssl, you need to use the -DSSL flag inside the quotes See the httpd manpage for more information on loading extra modules here Specific Apache modules may have their own manpages as well
By default, Apache runs in a chrooted environmentin other words, Apache operates
as though nothing exists outside of the ServerRoot, which is by default /var/www
So if you have extra Apache modules installed that need to use programs or
configuration files in any directory outside of /var/www and its subdirectories, then they will not be able to function properly More details are available in the httpd manpage, but if you just need to get this working right now by eliminating the chroot jail, start Apache with the -u flag, either from the command line, or in the quotes in the previously mentioned Apache section of /etc/rc.conf Circumventing the chroot jail will make your system less secure if Apache is compromised For
Trang 2optimal security, the www user should not be able to write to any files or
directories in ServerRoot
The Apache 1.3 configuration files are kept not in /etc, but in /var/www/conf/ You should look over httpd.conf and adjust it for optimal performance on your
computer By default, the settings may be a little too limited for web sites that get thousands of visitors per day
7.3 Databases
No databases are installed by default in OpenBSD, but you can find MySQL, SQLite, and PostgreSQL in /usr/ports/databases along with several
database-specific Perl modules and other extras and add-ons
7.3.1 MySQL
Once installed, you can find the global MySQL configuration in /etc/my.cnf, but if you want to set server-specific configuration options, you can create an override my.cnf in /var/mysql User-specific configurations can be stored in each user's home directory
Be warned that the default my.cnf is designed for old, low-power, low-memory servers and does not scale well under moderately heavy loads This is more or less the standard default configuration for MySQL, though, so if you've configured it before, you should already know what you're doing
To make mysqld start automatically at boot time, add these lines (or something similar that fits your needs) to /etc/rc.conf.local:
if [ -x /usr/local/bin/mysqld_safe ]; then
echo -n ' mysql'; /usr/local/bin/mysqld_safe &
fi
7.3.2 SQLite
There are two versions of SQLite available for OpenBSD: 2.8.17 and 3.3.6, and they can be installed from /usr/ports/sqlite and /usr/ports/sqlite3, respectively
Trang 3The sqlite or sqlite3 executable is located in /usr/local/bin, and there is no
configuration file because SQLite is by definition "zero-configuration."
7.3.3 PostgreSQL
You can install the PostgreSQL client via Ports from
/usr/ports/databases/postgresql, but if you want the server and documentation, you'll have to add them yourself:
pkg_add postgresql-server postgresql-docs
Automatically starting and stopping PostgreSQL is not quite as easy Add these lines to /etc/rc.local to start it at boot time (that's one line between the if and the fi, not two, so be careful when you copy and paste this text):
if [ -x /usr/local/bin/pg_ctl ];
then su -l _postgresql -c "nohup /usr/local/bin/pg_ctl start -D /var/postgresql/data -l /var/postgresql/logfile -o '-D
/var/postgresql/data'" echo -n ' postgresql'
fi
And to automatically shut it down cleanly when the system shuts down, add these lines (this time it's two lines between the if and the fi) to /etc/rc.shutdown:
if [ -f /var/postgresql/data/postmaster.pid ]; then
su -l _postgresql -c "/usr/local/bin/pg_ctl stop -m fast -D /var/postgresql/data"
rm -f /var/postgresql/data/postmaster.pid
fi
You can find the PostgreSQL configuration files in /var/postgresql/data/ By
default, the system is not tuned to accept a large number of database connections,
so you'll have to modify some kernel parameters if you're expecting a fair amount
of database usage Check out the documentation in the
/usr/local/share/doc/postgresql directory for more details Of particular interest is the README.OpenBSD file, which has the aforementioned advice on system tuning for PostgreSQL
Trang 47.4 Mail Transfer Agents
OpenBSD has a security-audited version of Sendmail built into the base system, but it does support Postfix as well The configuration procedures are detailed
below
7.4.1 Sendmail
This is the default MTA on OpenBSD; it's actually part of the base system, and thus has undergone extensive security auditing and includes OpenBSD-specific patches In other words, it may differ technologically from Sendmail
implementations on other operating systems, but in terms of functionality it should
be largely the same as what you're used to elsewhere
Unless you have a really good reason to use a different MTA, you should probably stick with Sendmail because of its integration with the operating system and the fact that it has OpenBSD's stellar reputation for security behind it Sendmail is also the most thoroughly documented MTA for OpenBSD, so if you're new to Unix-like mail servers, it will probably be easier for you to set up and use Sendmail than any other MTA
The Sendmail configuration files are in /etc/mail, but that's not where you should change them If you want to generate configuration files (.cf files), you need to go
to /usr/share/sendmail/cf and edit the mc files that are appropriate to your
situation For most people, this should be openbsd-proto.mc, though to be sure that you do everything right the first time around, you should definitely read the
sendmail manpage and maybe the relevant sections of the
/usr/share/sendmail/README file as well
If you wish to use TLS, see the starttls manpage for details, and make sure you uncomment the TLS-specific sections of openbsd-proto.mc before you create your .cf files
Sendmail is ordinarily started through /etc/rc.conf and is not configured to accept incoming network traffic by default, so you'll have to change the sendmail_flags setting to whatever you need it to be to work with your network configuration (an example is given in a comment in rc.conf, and all relevant flags are explained in the sendmail manpage)
Trang 57.4.2 Postfix
Postfix can be installed from /usr/ports/mail/postfix, but you'll have to hack the Makefile first so that you can specify which authentication method you want: local (just plain Postfix), LDAP, SASL2, or MySQL Regardless of which package you choose, the configuration files will be kept in /etc/postfix
Next you need to replace OpenBSD's Sendmail implementation with Postfix's by running this command:
/usr/local/sbin/postfix-enable
(You can of course switch back to OpenBSD's Sendmail by running
postfix-disable.)
Next you have to stop the cron job that runs sendmail every 30 minutes and change the daemon startup options:
1 Edit the root account's cron table (you must be logged in as root):
2 crontab -e
3 Comment out or delete the line below this comment:
4 # sendmail clientmqueue runner
5 Save and exit the cron table; then edit /etc/rc.conf and change the
sendmail_flags line to this:
6 sendmail_flags="-bd -q30m"
7 Since Postfix runs chrooted in the /var/spool/postfix directory, you may want
to modify some of the files there, specifically in /var/spool/postfix/etc
7.5 Mail Delivery Agents