linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-02 22:07:15 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added new images, rm'd server as its unneeded, and modified css files

Browse Source
This commit is contained in:
Zeckmathederg 2024-05-14 16:53:45 -06:00
parent ef7cc35ec3
commit 3b1c39102c
30 changed files with 9 additions and 9910 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
images/caution.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
images/important.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 722 B

After

Width:  |  Height:  |  Size: 31 KiB

BIN
images/note.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 490 B

After

Width:  |  Height:  |  Size: 49 KiB

BIN
images/tip.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 449 B

After

Width:  |  Height:  |  Size: 40 KiB

BIN
images/warning.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 36 KiB

29
server/databases/databases.xml
View File

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
<chapter id="server-databases">
<?dbhtml filename="databases.html"?>
<title>Databases</title>
<para>
This chapter includes databases that range from single-user
read/write to industrial database servers with transaction support.
Generally, you will be sent here to satisfy dependencies to other
applications although building a SQL server on a base LFS system is
entirely possible.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="upgradedb.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="db.xml"/>-->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="lmdb.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mariadb.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="postgresql.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sqlite.xml"/>
</chapter>

163
server/databases/lmdb.xml
View File

@ -1,163 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY lmdb-download-http "https://github.com/LMDB/lmdb/archive/LMDB_&lmdb-version;.tar.gz">
<!ENTITY lmdb-download-ftp " ">
<!ENTITY lmdb-md5sum "9d7f059b1624d0a4d4b2f1781d08d600">
<!ENTITY lmdb-size "144 KB">
<!ENTITY lmdb-buildsize "4.7 MB">
<!ENTITY lmdb-time "less than 0.1 SBU">
]>
<sect1 id="lmdb" xreflabel="lmdb-&lmdb-version;">
<?dbhtml filename="lmdb.html"?>
<title>lmdb-&lmdb-version;</title>
<indexterm zone="lmdb">
<primary sortas="a-lmdb">lmdb</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to lmdb</title>
<para>
The <application>lmdb</application> package is a fast, compact, key-value
embedded data store. It uses memory-mapped files, so it has the read
performance of a pure in-memory database while still offering the
persistence of standard disk-based databases, and is only limited to the
size of the virtual address space
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&lmdb-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&lmdb-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &lmdb-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &lmdb-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &lmdb-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &lmdb-time;
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 role="installation">
<title>Installation of lmdb</title>
<note>
<para>
This package extracts to lmdb-LMDB_&lmdb-version;.
</para>
</note>
<para>
Install <application>lmdb</application> by running the following
commands:
</para>
<screen><userinput>cd libraries/liblmdb &amp;&amp;
make &amp;&amp;
sed -i 's| liblmdb.a||' Makefile</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make prefix=/usr install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<!--para>
<command>sed ... prefix ... Makefile</command>: The Makefile creates the
man pages directory during install if it is not present.
This fixes the directory location.
</para-->
<para>
<command>sed ... liblmdb.a ... Makefile</command>: The package executables
use a static library so it must be created. This command suppresses installation
of the static library.
</para>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Program</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
mdb_copy, mdb_dump, mdb_load, and mdb_stat
</seg>
<seg>
liblmdb.so
</seg>
<seg>
None
</seg>
</seglistitem>
</segmentedlist>
<!-- TODO
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="lmdb_copy">
<term><command>lmdb_copy</command></term>
<listitem>
<para>
A tool to copy an LMDB environment.
</para>
<indexterm zone="lmdb lmdb_copy">
<primary sortas="b-lmdb_copy">lmdb_copy</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
-->
</sect2>
</sect1>

1218
server/databases/mariadb.xml
View File

File diff suppressed because it is too large Load Diff

1025
server/databases/postgresql.xml
View File

File diff suppressed because it is too large Load Diff

239
server/databases/sqlite.xml
View File

@ -1,239 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!-- moved to packages.ent because they are often forgotten...
<!ENTITY sqlite-dl-version "3360000">
<!ENTITY sqlite-doc-version "3360000">
When updating, do not forget the above entities... They are anyway -->
<!ENTITY sqlite-download-http "https://sqlite.org/&sqlite-year;/sqlite-autoconf-&sqlite-dl-version;.tar.gz">
<!ENTITY sqlite-download-ftp " ">
<!ENTITY sqlite-md5sum "27436d5446f3e2afa6bc2e82f9c4f6ba">
<!ENTITY sqlite-size "3.0 MB">
<!ENTITY sqlite-buildsize "79 MB">
<!ENTITY sqlite-time "0.4 SBU (Using parallelism=4)">
<!ENTITY sqlite-docs-download "https://sqlite.org/&sqlite-year;/sqlite-doc-&sqlite-doc-version;.zip">
<!ENTITY sqlite-docs-md5sum "49ade97b2d352aacf64aebd0a7882d84">
<!ENTITY sqlite-docs-size "10.2 MB">
]>
<sect1 id="sqlite" xreflabel="SQLite-&sqlite-version;">
<?dbhtml filename="sqlite.html"?>
<title>SQLite-&sqlite-version;</title>
<indexterm zone="sqlite">
<primary sortas="a-SQLite">SQLite</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to SQLite</title>
<para>
The <application>SQLite</application> package is a software library that
implements a self-contained, serverless, zero-configuration, transactional
SQL database engine.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&sqlite-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&sqlite-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &sqlite-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &sqlite-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &sqlite-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &sqlite-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<title>Optional Documentation</title>
<listitem>
<para>
Download (HTTP): <ulink url="&sqlite-docs-download;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &sqlite-docs-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &sqlite-docs-size;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">SQLite Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<ulink url="https://www.thrysoee.dk/editline/">libedit</ulink> and
<xref linkend="unzip"/> (required to unzip the documentation)
</para>
</sect2>
<sect2 role="installation">
<title>Installation of SQLite</title>
<para>
If you downloaded the optional documentation, issue the following command
to install the documentation into the source tree:
</para>
<screen><userinput>unzip -q ../sqlite-doc-&sqlite-doc-version;.zip</userinput></screen>
<para>
Install <application>SQLite</application> by running the following
commands:
</para>
<screen><userinput>./configure --prefix=/usr \
--disable-static \
--enable-fts{4,5} \
CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1 \
-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 \
-DSQLITE_ENABLE_DBSTAT_VTAB=1 \
-DSQLITE_SECURE_DELETE=1 \
-DSQLITE_ENABLE_FTS3_TOKENIZER=1" &amp;&amp;
make</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install</userinput></screen>
<para>
If you downloaded the optional documentation, issue the following commands
as the <systemitem class="username">root</systemitem> user to install it:
</para>
<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/sqlite-&sqlite-version; &amp;&amp;
cp -v -R sqlite-doc-&sqlite-doc-version;/* /usr/share/doc/sqlite-&sqlite-version;</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
<para>
<parameter>--enable-fts{4,5}</parameter>: These switches enable
support for version 3, 4 and 5 of the full text search (FTS)
extension. Note that the <option>--enable-fts4</option> switch
enables support for both FTS version 4 and FTS version 3.
</para>
<para>
<parameter>CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1 ... </parameter>:
Applications such as
<application>SeaMonkey</application> require these options
to be turned on.
The only way to do this is to include them in
the <envar>CFLAGS</envar> or <envar>CPPFLAGS</envar>.
We use the latter so the default value (or any value set by the user)
of <envar>CFLAGS</envar> won't be affected.
For further information on what can be specified see <ulink
url="https://www.sqlite.org/compile.html"/>.
</para>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Program</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directory</segtitle>
<seglistitem>
<seg>
sqlite3
</seg>
<seg>
libsqlite3.so
</seg>
<seg>
/usr/share/doc/sqlite-&sqlite-version;
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="sqlite3">
<term><command>sqlite3</command></term>
<listitem>
<para>
is a terminal-based front-end to the <application>SQLite</application>
library that can evaluate queries interactively and display the
results
</para>
<indexterm zone="sqlite sqlite3">
<primary sortas="b-sqlite3">sqlite3</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libsqlite3">
<term><filename class="libraryfile">libsqlite3.so</filename></term>
<listitem>
<para>
contains the <application>SQLite</application> API functions
</para>
<indexterm zone="sqlite libsqlite3">
<primary sortas="c-libsqlite3">libsqlite3.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

283
server/databases/upgradedb.xml
View File

@ -1,283 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
<sect1 id="upgradedb" xreflabel="Upgrade Database">
<?dbhtml filename="upgradedb.html"?>
<title>Important Notes About Upgrading Database Server Software</title>
<note><para>This section is about reinstalling database software
when an existing database is in use. It is not applicable for
initial installations or if there is no existing database for
the package being updated, but users should read through it
to become aware of issues that can arise in the future.</para></note>
<para>Let's start this chapter with a dramatic screenshot of an error that
really happened. This error will not occur if you are installing database
software for the first time:</para>
<screen>$ sudo systemctl status postgresql
-- postgresql.service - PostgreSQL database server
Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2021-10-26 17:11:53 CDT; 2min 49s ago
Process: 17336 ExecStart=/usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 (code=exited, status=1/FAILURE)
CPU: 7ms
Oct 26 17:11:53 SVRNAME systemd[1]: Starting PostgreSQL database server...
Oct 26 17:11:53 SRVNAME postgres[17338]: 2021-10-26 17:11:53.420 CDT [17338] FATAL:
database files are incompatible with server
Oct 26 17:11:53 SRVNAME postgres[17338]: 2021-10-26 17:11:53.420 CDT [17338] DETAIL:
The data directory was initialized by PostgreSQL version 13,
which is not compatible with this version 14.0.
Oct 26 17:11:53 SRVNAME postgres[17336]: pg_ctl: could not start server
Oct 26 17:11:53 SRVNAME postgres[17336]: Examine the log output.
Oct 26 17:11:53 SRVNAME systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE
Oct 26 17:11:53 SRVNAME systemd[1]: postgresql.service: Failed with result 'exit-code'.
Oct 26 17:11:53 SRVNAME systemd[1]: Failed to start PostgreSQL database server.</screen>
<para>
To avoid situations like this (i.e., your database server
software refuses to start), read the following discussion of the best way to
upgrade a DBMS (Database Management System).
</para>
<para>
The root cause of the error shown above was an upgrade
of the server software to a newer major version which left the
data files untouched. In this case, the administrator was able to recover
the DBMS without any loss of data.
</para>
<para>
Even if you are doing an initial DBMS install, read through this
section. It provides information about implementing backup
and restore procedures (or at least a strategy for creating
them) which will satisfy your needs and guarantee the safety
of your data.
</para>
<sect2>
<title>Upgrade Database Server Packages</title>
<para>
Database systems work on files which hold the database metadata and the
data itself. The internal structure of these files is optimized for use
by the server software. When such server software is upgraded,
the new software may utilize a different file format than
had previously been used. Sometimes the new software can
work with the old format as well as the new one&mdash;but without the
performance improvements the new format provides.
Other times, the new server software will
reformat the data files automatically after the upgrade.
</para>
<para>
Unfortunately, the most likely case is that the new server software
complains about out of date file formats and exits. When this happens,
and you have overwritten the old server software, you may end up
with a broken system and lost data.
</para>
<para>
Changes in data file formats usually happen at major version changes, but
they can also occur at other times. Before upgrading any DBMS
software, check the documentation to see if this upgrade makes changes which
require reformatting the database.
</para>
<para>
Of course, if you have databases with content that is not easily
rebuilt, it is always a good idea to create backups of the database from
time to time. Before upgrading the server software, you should run
another backup.
</para>
<sect3>
<title>Upgrade by Backup and Restore</title>
<note>
<para>
A backup is useless if there is no verified process
to restore the data from this backup. When running a
database server, you should not only create backups; you
should also verify that the restore process
really works. The time to test the restore procedure
is <emphasis>before</emphasis> you urgently need
to recover lost data.
</para>
</note>
<para>
Most database server software provides some basic
tools to create backups of your data. Usually the backups created with
those tools can be read by newer versions of the software (via a
restore tool). Using older restore tools with newer backup data is
a bad idea; you should <emphasis>never</emphasis> blindly assume that
it will work. It might, but usually it doesn't.
</para>
<para>
The easiest way to upgrade your database files is to
</para>
<itemizedlist>
<listitem>
<para>Create a full database backup using the old tools.</para>
<para>This step creates an offline copy of the database files&mdash;for
long term archiving, for disaster recovery, or as
preparation for an upgrade. This offline backup consists of either (1) a full
one-to-one copy of the current database files, or (2) a full backup of the
database files from a certain point in time, plus all the journal data (that is
Oracle&reg; terminology, it is called "Continuous Archiving" or
"write ahead log (WAL)" in Postgresql) describing the
changes made after that point in time. This second form takes less time to create
(if the DB software provides this type of journaling) because you only have
to save the data that have changed since the last full backup was created.</para>
<para>When upgrading database server software, a full backup
(which can be used for subsequent incremental backups) should be
created; but if there is a lot of data, an incremental backup will
suffice. The best strategy for you depends on
the amount of data stored in your database (is it a few hundred table
rows, or is it hundreds of terabytes?). A full backup in the latter case
can't be done quickly. To
fully protect your data, create a backup of the old
programs (and/or their sources) and save it, along with the data
files, to be certain there is a fallback solution if
the new software cannot read the old data.</para>
</listitem>
<listitem>
<para>Upgrade the server software</para>
<para>In this step, instructions to build the database server
software are executed just as they are shown in subsequent sections
talking about the DBMs like MariaDB or Postgresql. That is, build
the software as usual using BLFS instructions.</para>
</listitem>
<listitem>
<para>Restore the database by using the new tools.</para>
<para>To restore the data, the tools of the newly installed server
software should be used. During the restoration process, the new
tools will create and/or upgrade the data files in the format the
new software requires. It is assumed that newer software is capable of
reading old data.</para>
</listitem>
</itemizedlist>
<para>
Since you already have a backup procedure in place (and you
have tested your restore procedure, right?), this might
be the easiest way to upgrade as you can use your well known
processes to upgrade just as you always do&mdash;at least in terms
of the backup and restore.
</para>
</sect3>
<sect3>
<title>Upgrade the Database Files by Using System Tools</title>
<para>
Some database systems (for instance Postgresql) provide
a tool which can reformat (upgrade) the existing database
files to the new format.
If you need to restore from a backup (for example, running
the upgrade tool failed) you will have to reinstall the old software
to recover your data.
</para>
<para>
Even though the reformatting tools might work as advertised,
you should create a full backup before running them. A failure
could cause serious damage to the database.
</para>
</sect3>
</sect2>
<sect2>
<title>Notes for Specific DBMS</title>
<sect3>
<title>PostgreSQL</title>
<!-- might add some advanced notes for the DBMS here -->
<para>Upstream documentation for Backup/Restore:
<ulink url="https://www.postgresql.org/docs/current/backup.html"/>
</para>
</sect3>
<sect3>
<title>MariaDB</title>
<!-- might add some advanced notes for the DBMS here -->
<para>Upstream documentation for Backup/Restore:
<ulink url="https://mariadb.com/kb/en/backup-and-restore-overview/"/>
</para>
</sect3>
<sect3>
<title>Sqlite</title>
<!-- might add some advanced notes for the DBMS here -->
<para>Do not underestimate <application>Sqlite</application>. It is a
feature-rich DBMS. The main difference from the two big players above is
that Sqlite does not provide access via a network API. Sqlite databases
are always stored on the machine running the program which
uses the database. The manipulation of data content is done via API calls
to library functions directly within the program.</para>
<para>In the upstream documentation you may find the following
useful:</para>
<para>Documentation of the sqlite3 command line tool:
<ulink url="https://www.sqlite.org/cli.html"/>
</para>
<para>Documentation of backup API calls:
<ulink url="https://www.sqlite.org/backup.html"/>
</para>
<para>Unfortunately, there is no dedicated chapter in the
upstream documentation talking about backup/restore, but
there are several articles about it on the
Internet. Here is an example.</para>
<para>Documentation for Backup/Restore:
<ulink url="https://database.guide/backup-sqlite-database/"/>
</para>
</sect3>
<sect3>
<title>LMDB</title>
<!-- might add some advanced notes for the DBMS here -->
<para>Like <application>Sqlite</application>, this
software acts on local database files; there is no
network interface.</para>
<para>The relevant resources to back up/restore a LMDB database
are the man pages for <filename>mdb_dump</filename> and its
counterpart <filename>mdb_load</filename>.</para>
</sect3>
</sect2>
</sect1>

433
server/mail/dovecot.xml
View File

@ -1,433 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY dovecot-download-http
"https://www.dovecot.org/releases/&dovecot-major;.&dovecot-minor;/dovecot-&dovecot-version;.tar.gz">
<!ENTITY dovecot-download-ftp " ">
<!ENTITY dovecot-md5sum "8961c3dafd845a25fd55e7903ffc3755">
<!ENTITY dovecot-size "7.5 MB">
<!ENTITY dovecot-buildsize "237 MB">
<!ENTITY dovecot-time "4.8 SBU">
]>
<sect1 id="dovecot" xreflabel="Dovecot-&dovecot-version;">
<?dbhtml filename="dovecot.html"?>
<title>Dovecot-&dovecot-version;</title>
<indexterm zone="dovecot">
<primary sortas="a-Dovecot">Dovecot</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Dovecot</title>
<para>
<application>Dovecot</application> is an Internet Message Access Protocol
(IMAP) and Post Office Protocol (POP) server, written primarily with
security in mind. <application>Dovecot</application> aims to be
lightweight, fast and easy to set up as well as highly configurable and
easily extensible with plugins.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&dovecot-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&dovecot-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &dovecot-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &dovecot-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &dovecot-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &dovecot-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/dovecot-&dovecot-version;-openssl3_fixes-1.patch"/>
</para>
</listitem>
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/dovecot-&dovecot-version;-security_fix-1.patch"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Dovecot Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="libtirpc"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="clucene"/>,
<xref linkend="icu"/>,
<xref linkend="libcap-pam"/>,
<xref linkend="libunwind"/>,
<xref linkend="linux-pam"/>,
<xref linkend="lua"/>,
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
<xref linkend="openldap"/>,
<xref linkend="postgresql"/>,
<xref linkend="sqlite"/>,
<xref linkend="valgrind"/>,
<xref linkend="xfsprogs"/>,
<ulink url="https://cassandra.apache.org/">Cassandra</ulink>,
<ulink url="https://github.com/shibukawa/snowball_py">stemmer</ulink> and
<ulink url="https://libsodium.gitbook.io/doc/">libsodium</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Dovecot</title>
<para>
There should be dedicated users and groups for unprivileged Dovecot
processes and for processing users' logins. Issue the following commands
as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 42 dovecot &amp;&amp;
useradd -c "Dovecot unprivileged user" -d /dev/null -u 42 \
-g dovecot -s /bin/false dovecot &amp;&amp;
groupadd -g 43 dovenull &amp;&amp;
useradd -c "Dovecot login user" -d /dev/null -u 43 \
-g dovenull -s /bin/false dovenull</userinput></screen>
<para>
First, apply a patch to fix problems with OpenSSL-3:
</para>
<screen><userinput remap="pre">patch -Np1 -i ../dovecot-&dovecot-version;-openssl3_fixes-1.patch</userinput></screen>
<para>
Next, apply a patch to fix a security vulnerability:
</para>
<screen><userinput remap="pre">patch -Np1 -i ../dovecot-&dovecot-version;-security_fix-1.patch</userinput></screen>
<para>
Install <application>Dovecot</application> by running the following
commands:
</para>
<screen revision="sysv"><userinput>CPPFLAGS="-I/usr/include/tirpc" \
LDFLAGS+=" -ltirpc" \
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-systemd=no \
--docdir=/usr/share/doc/dovecot-&dovecot-version; \
--disable-static &amp;&amp;
make</userinput></screen>
<screen revision="systemd"><userinput>CPPFLAGS="-I/usr/include/tirpc" \
LDFLAGS+=" -ltirpc" \
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--docdir=/usr/share/doc/dovecot-&dovecot-version; \
--disable-static &amp;&amp;
make</userinput></screen>
<para>
To test the results, issue <command>make -k check</command>. <!-- An error
may be reported if <xref linkend="valgrind"/> is present when running
the test.-->
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>CPPFLAGS=... LDFLAGS+=...</command>: build with libtirpc
instead of the recently removed RPC code provided by GlibC.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
<!-- With merged-/usr, /usr/lib/systemd/system is set by default.
<para revision="systemd">
<parameter>- -with-systemdsystemunitdir=/lib/systemd/system</parameter>:
This switch is used to set the correct installation directory for
systemd units.
</para>
-->
<para>
<option>--with-ldap</option>: This switch enables
<application>OpenLDAP</application> authentication support.
</para>
<para>
<option>--with-pgsql</option>: This switch enables
<application>PostgreSQL</application> database support.
</para>
<para>
<option>--with-mysql</option>: This switch enables
<application>MySQL</application> database support.
</para>
<para>
<option>--with-sqlite</option>: This switch enables
<application>SQLite</application> database support.
</para>
<para>
<option>--with-lucene</option>: This switch enables
<application>CLucene</application> full text search support.
</para>
<para>
<option>--with-lua</option>: This switch enables
<application>Lua</application> plugin support. This includes
a mail and push notification plugin.
</para>
<!--
<para>
<option>- -with-krb5</option>: This switch enables
GSSAPI authentication support.
</para>
-->
</sect2>
<sect2 role="configuration">
<title>Configuring Dovecot</title>
<sect3 id="dovecot-config">
<title>Config Files</title>
<para>
<filename>/etc/dovecot/dovecot.conf</filename>,
<filename>/etc/dovecot/conf.d/*</filename>, and
<filename>/etc/dovecot/local.conf</filename>
</para>
<indexterm zone="dovecot dovecot-config">
<primary sortas="e-etc-dovecot-dovecot.conf">/etc/dovecot/dovecot.conf</primary>
</indexterm>
<indexterm zone="dovecot dovecot-config">
<primary sortas="e-etc-dovecot-conf.d">/etc/dovecot/conf.d/*</primary>
</indexterm>
<indexterm zone="dovecot dovecot-config">
<primary sortas="e-etc-dovecot-local.conf">/etc/dovecot/local.conf</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
Copy an example configuration, which you can use as a starting point:
</para>
<screen role="root"><userinput>cp -rv /usr/share/doc/dovecot-&dovecot-version;/example-config/* /etc/dovecot</userinput></screen>
<para>
The following configuration is a simple proof of concept with IMAP
service using local users for authentication and mailbox location.
Reading files from the <filename class="directory">conf.d</filename>
directory is commented out since the included example configuration
requires <application>OpenSSL</application> and
<application>Linux PAM</application>.
</para>
<screen role="root"><userinput>sed -i '/^\!include / s/^/#/' /etc/dovecot/dovecot.conf &amp;&amp;
chmod -v 1777 /var/mail &amp;&amp;
cat &gt; /etc/dovecot/local.conf &lt;&lt; "EOF"
<literal>protocols = imap
ssl = no
# The next line is only needed if you have no IPv6 network interfaces
listen = *
mail_location = mbox:~/Mail:INBOX=/var/mail/%u
userdb {
driver = passwd
}
passdb {
driver = shadow
}</literal>
EOF</userinput></screen>
<para>
You will definitely want to read the official documentation at <ulink
url="https://wiki2.dovecot.org/"/> if you plan to use
<application>Dovecot</application> in a production environment.
</para>
</sect3>
<sect3 id="dovecot-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para revision="sysv">
If you want the <application>Dovecot</application>
server to start automatically when the system is booted, install the
<filename>/etc/rc.d/init.d/dovecot</filename> init script included in
the <xref linkend="bootscripts"/> package.
</para>
<para revision="systemd">
To start the <command>dovecot</command>
daemon at boot, enable the previously installed systemd unit with the
following command:
</para>
<indexterm zone="dovecot dovecot-init">
<primary sortas="f-dovecot">dovecot</primary>
</indexterm>
<screen role="root" revision="sysv"><userinput>make install-dovecot</userinput></screen>
<screen role="root" revision="systemd"><userinput>systemctl enable dovecot</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
doveadm, doveconf, dovecot, dovecot-sysreport, and dsync (symbolic link)
</seg>
<seg>
various internal plugins in
<filename class="directory">/usr/lib/dovecot</filename>
</seg>
<seg>
/etc/dovecot,
/usr/{include,lib,libexec,share}/dovecot and
/usr/share/doc/dovecot-&dovecot-version;
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="doveadm">
<term><command>doveadm</command></term>
<listitem>
<para>
is the <application>Dovecot</application> administration tool
</para>
<indexterm zone="dovecot doveadm">
<primary sortas="b-doveadm">doveadm</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="doveconf">
<term><command>doveconf</command></term>
<listitem>
<para>
is <application>Dovecot</application>'s configuration dumping
utility
</para>
<indexterm zone="dovecot doveconf">
<primary sortas="b-doveconf">doveconf</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dovecot-prog">
<term><command>dovecot</command></term>
<listitem>
<para>
is the IMAP and POP server
</para>
<indexterm zone="dovecot dovecot-prog">
<primary sortas="b-dovecot">dovecot</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dovecot-sysreport">
<term><command>dovecot-sysreport</command></term>
<listitem>
<para>
prints system information that is useful to the Dovecot developers
when submitting bug reports upstream
</para>
<indexterm zone="dovecot dovecot-sysreport">
<primary sortas="b-dovecot-sysreport">dovecot-sysreport</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dsync">
<term><command>dsync</command></term>
<listitem>
<para>
is <application>Dovecot</application>'s mailbox synchronization
utility
</para>
<indexterm zone="dovecot dsync">
<primary sortas="b-dsync">dsync</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

736
server/mail/exim.xml
View File

@ -1,736 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY exim-download-http "https://ftp.exim.org/pub/exim/exim4/exim-&exim-version;.tar.xz">
<!ENTITY exim-download-ftp " ">
<!-- if above don't work, please use one of the official mirrors at
http://www.exim.org/mirmon/ftp_mirrors.html -->
<!ENTITY exim-md5sum "3fd68ae37720767619dd305b047fe8f9">
<!ENTITY exim-size "1.9 MB">
<!ENTITY exim-buildsize "18 MB">
<!ENTITY exim-time "0.1 SBU">
<!ENTITY exim-daemon-version "&exim-version;-2">
]>
<sect1 id="exim" xreflabel="Exim-&exim-version;">
<?dbhtml filename="exim.html"?>
<title>Exim-&exim-version;</title>
<indexterm zone="exim">
<primary sortas="a-Exim">Exim</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Exim</title>
<para>
The <application>Exim</application> package contains a Mail
Transport Agent written by the University of Cambridge, released
under the GNU Public License.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&exim-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&exim-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &exim-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &exim-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &exim-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &exim-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Additional formats of the documentation (text-based docs are
shipped with the sources) can be downloaded by following the links
shown at <ulink url="https://exim.org/docs.html"/>.
</para>
</listitem>
<!-- Applied in 4.96
<listitem>
<para>
Required patch when building with <application>PAM</application> support:
<ulink url="&patch-root;/exim-&exim-version;-call_pam-1.patch"/>
</para>
</listitem>
<listitem>
<para>
Required patch to build with openssl-3:
<ulink url="&patch-root;/exim-&exim-version;-openssl3_fix-1.patch"/>
</para>
</listitem>
-->
</itemizedlist>
<bridgehead renderas="sect3">Exim Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="libnsl"/>,
<xref linkend="perl-file-fcntllock"/> and
<xref linkend="pcre2"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<ulink url="https://sourceforge.net/projects/tdb">TDB</ulink>
(alternative to GDBM, built in LFS),
<xref linkend="cyrus-sasl"/>,
<xref linkend="libidn"/>,
<xref linkend="linux-pam"/>,
<xref linkend="mariadb"/> or
<ulink url="https://www.mysql.com/">MySQL</ulink>,
<xref linkend="openldap"/>,
<xref linkend="gnutls"/>,
<xref linkend="postgresql"/>,
<xref linkend="sqlite"/>,
<xref linkend="x-window-system"/>,
<ulink url="https://github.com/heimdal/heimdal">Heimdal GSSAPI</ulink>,
<ulink url="https://github.com/shevek/libspf2/">libspf2</ulink>, and
<ulink url="http://www.trusteddomain.org/opendmarc/">OpenDMARC</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Exim</title>
<para>
Before building <application>Exim</application>, as the
<systemitem class="username">root</systemitem> user you should create
the group and user <systemitem class="username">exim</systemitem> which
will run the <command>exim</command> daemon:
</para>
<screen role="root"><userinput>groupadd -g 31 exim &amp;&amp;
useradd -d /dev/null -c "Exim Daemon" -g exim -s /bin/false -u 31 exim</userinput></screen>
<para>
Configure <application>Exim</application> with the following commands:
</para>
<screen><userinput>sed -e 's,^BIN_DIR.*$,BIN_DIRECTORY=/usr/sbin,' \
-e 's,^CONF.*$,CONFIGURE_FILE=/etc/exim.conf,' \
-e 's,^EXIM_USER.*$,EXIM_USER=exim,' \
-e '/# USE_OPENSSL/s,^#,,' src/EDITME > Local/Makefile &amp;&amp;
printf "USE_GDBM = yes\nDBMLIB = -lgdbm\n" >> Local/Makefile
</userinput></screen>
<para>
If you want to add <application>Linux PAM</application> support, also run the following commands:
</para>
<screen role="nodump"><userinput>sed -i '/# SUPPORT_PAM=yes/s,^#,,' Local/Makefile
echo "EXTRALIBS=-lpam" >> Local/Makefile
</userinput></screen>
<para>
Build <application>Exim</application> with the following command:
</para>
<screen><userinput>make</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<!-- dev note: make INSTALL_ARG=-no_chown DESTDIR=<DESTDIR> install -->
<screen role="root"><userinput>make install &amp;&amp;
install -v -m644 doc/exim.8 /usr/share/man/man8 &amp;&amp;
install -vdm 755 /usr/share/doc/exim-&exim-version; &amp;&amp;
cp -Rv doc/* /usr/share/doc/exim-&exim-version; &amp;&amp;
ln -sfv exim /usr/sbin/sendmail &amp;&amp;
install -v -d -m750 -o exim -g exim /var/spool/exim</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>sed -e ... > Local/Makefile</command>: Most of
<application>Exim</application>'s configuration options are defined
in <filename>Local/Makefile</filename>, which is created from
the <filename>src/EDITME</filename> file. This command specifies the
minimum set of options. Descriptions for the options are listed below.
</para>
<para>
<command>printf ... > Local/Makefile</command>: Setting those
variables allows to use GDBM instead of the default Berkeley DB. Remove
this command if you have installed &berkeley-db;.
</para>
<para>
<parameter>BIN_DIRECTORY=/usr/sbin</parameter>: This installs all of
<application>Exim</application>'s binaries and scripts in
<filename class='directory'>/usr/sbin</filename>.
</para>
<para>
<parameter>CONFIGURE_FILE=/etc/exim.conf</parameter>: This installs
<application>Exim</application>'s main configuration file in
<filename class='directory'>/etc</filename>.
</para>
<para>
<parameter>EXIM_USER=exim</parameter>: This tells
<application>Exim</application> that after the daemon no longer needs
<systemitem class="username">root</systemitem> privileges, the process
needs to hand off the daemon to the <systemitem
class="username">exim</systemitem> user.
</para>
<!-- obsolete: now default
<para>
<option>SUPPORT_TLS=yes</option>: This allows to support
STARTTLS connections. If you use this option, you need to select
whether <application>OpenSSL</application> or
<application>GnuTLS</application> is used (see
<filename>src/EDITME</filename>).
</para>
-->
<para>
<parameter>USE_OPENSSL</parameter>: uncommenting
<option>USE_OPENSSL=yes</option> and <option>USE_OPNSSL_PC=yes</option>
tells the
build system to use <application>OpenSSL</application>, and to
find the needed libraries with <application>pkg-config</application>.
</para>
<para>
Uncomment <option>EXIM_MONITOR</option>: This allows building the
<application>Exim</application> monitor program, which requires
<application>X Window System</application> support, and is commented out
by default.
</para>
<para>
<command>ln -sfv exim /usr/sbin/sendmail</command>: Creates a link to
<command>sendmail</command> for applications which need it.
<application>Exim</application> will accept most
<application>Sendmail</application> command-line options.
</para>
<para>
<command>install -v -m750 -o exim -g exim /var/spool/exim</command>:
Since /var/spool is owned by root and this version of
<command>exim</command> drops
<systemitem class="username">root</systemitem> privileges early, to run
as user <systemitem class="username">exim</systemitem>, it cannot create
the <filename class="directory">/var/spool/exim</filename> directory. As
a work around, it is created manually.
</para>
</sect2>
<sect2 role="commands">
<title>Adding Additional Functionality</title>
<para>
To utilize some or all of the dependency packages, you'll need to
modify <filename>Local/Makefile</filename> to include the appropriate
directives and parameters to link additional libraries before you build
<application>Exim</application>. <filename>Local/Makefile</filename> is
heavily commented with instructions on how to do this. Listed below is
additional information to help you link these dependency packages or
add additional functionality.
</para>
<para>
If you wish to build and install the
<filename class='extension'>.info</filename> documentation, refer to
<ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch04.html#SECTinsinfdoc"/>.
</para>
<para>
If you wish to build in Exim's interfaces for calling virus and spam
scanning software directly from access control lists, uncomment the
<option>WITH_CONTENT_SCAN=yes</option> parameter and review the
information found at <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch45.html"/>.
</para>
<para>
To use a backend database other than <application>GDBM
</application>, see the instructions at <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch04.html#SECTdb"/>.
</para>
<para>
For SSL functionality, see the instructions at <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch04.html#SECTinctlsssl"/>
and <ulink url="
https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch42.html"/>.
</para>
<para>
For <application>tcpwrappers</application> functionality, see the
instructions at <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch04.html#SECID27"/>.
</para>
<para>
For information about adding authentication mechanisms to the
build, see chapters 33&mdash;41 of <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/index.html"/>.
</para>
<para>
For information about linking <application>Linux-PAM</application>,
refer to the instructions <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch11.html#SECTexpcond"/>.
</para>
<para>
For information about linking database engine libraries used for
<application>Exim</application> name lookups, see the instructions at
<ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch09.html"/>.
</para>
<para>
If you wish to add <application>Readline</application> support to
<application>Exim</application> when invoked in <quote>test
expansion</quote> (<option>-be</option>) mode, see the information in
the <option>-be</option> section of <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch05.html#id2525974"/>.
</para>
<para>
You may wish to modify the default configuration and send log files to
syslog instead of the default
<filename class='directory'>/var/spool/exim/log</filename> directory. See
the information at <ulink url=
"https://exim.org/exim-html-&exim-version;/doc/html/spec_html/ch-log_files.html"/>.
</para>
<para>
A wealth of information can be also found at the <ulink url=
"https://github.com/Exim/exim/wiki">Exim Wiki</ulink>.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring Exim</title>
<sect3 id="exim-config">
<title>Config Files</title>
<para>
<filename>/etc/exim.conf</filename> and
<filename>/etc/aliases</filename>
</para>
<indexterm zone="exim exim-config">
<primary sortas="e-etc-exim.conf">/etc/exim.conf</primary>
</indexterm>
<indexterm zone="exim exim-config">
<primary sortas="e-etc-aliases">/etc/aliases</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
Review the file <filename>/etc/exim.conf</filename>, and modify any
settings to suit your needs. Note that the default configuration
assumes that the <filename class="directory">/var/mail</filename>
directory is world writable, but has the sticky bit set. If you want
to use the default configuration, issue as the <systemitem
class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>chmod -v a+wt /var/mail</userinput></screen>
<para>
A default (nothing but comments) <filename>/etc/aliases</filename>
file is installed during the package installation if this file did not
exist on your system. Create the necessary aliases and start the
<application>Exim</application> daemon using the following commands:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/aliases &lt;&lt; "EOF"
<literal>postmaster: root
MAILER-DAEMON: root</literal>
EOF
/usr/sbin/exim -bd -q15m</userinput></screen>
<note>
<para>
To protect an existing <filename>/etc/aliases</filename> file,
the command above appends these aliases to it. This file should be
checked and duplicate aliases removed, if present.
</para>
</note>
<para>
The <command>/usr/sbin/exim -bd -q15m</command> command starts
the <application>Exim</application> daemon with a 15 minute interval
in processing the mail queue. Adjust this parameter to suit your
desires.
</para>
</sect3>
<sect3>
<title>Linux PAM Configuration</title>
<para>
If you have built <application>Exim</application> with
<application>Linux PAM</application> support, you need to create a
<application>PAM</application> configuration file to get it working
correctly with BLFS.
</para>
<para>
Issue the following command as the <systemitem
class="username">root</systemitem> user to create the configuration
file for <application>Linux PAM</application>:
</para>
<screen role="root"><userinput>cat &gt; /etc/pam.d/exim &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/exim
auth include system-auth
account include system-account
session include system-session
# End /etc/pam.d/exim</literal>
EOF</userinput></screen>
</sect3>
<sect3 id="exim-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
To automatically start <command>exim</command> at boot, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/exim</filename>
init script</phrase>
<phrase revision="systemd"><filename>exim.service</filename>
unit</phrase>
included in the <xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<indexterm zone="exim exim-init">
<primary sortas="f-exim">exim</primary>
</indexterm>
<screen role="root"><userinput>make install-exim</userinput></screen>
<para revision="sysv">
The bootscript also starts the <application>Exim</application> daemon
and dispatches a queue runner process every 15 minutes. Modify the
<option>-q<replaceable>&lt;time interval&gt;</replaceable></option>
parameter in <filename>/etc/rc.d/init.d/exim</filename>, if necessary
for your installation.
</para>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>exicyclog, exigrep, exim, exim-&exim-daemon-version;, exim_checkaccess,
exim_dbmbuild, exim_dumpdb, exim_fixdb, exim_lock, exim_tidydb,
eximstats, exinext, exipick, exiqgrep, exiqsumm, exiwhat, and
optionally, eximon, eximon.bin, and sendmail (symlink)</seg>
<seg>None</seg>
<seg>/usr/share/doc/exim-&exim-version; and /var/spool/exim</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="exicyclog">
<term><command>exicyclog</command></term>
<listitem>
<para>
cycles <application>Exim</application> log files
</para>
<indexterm zone="exim exicyclog">
<primary sortas="b-exicyclog">exicyclog</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exigrep">
<term><command>exigrep</command></term>
<listitem>
<para>
searches <application>Exim</application> log files
</para>
<indexterm zone="exim exigrep">
<primary sortas="b-exigrep">exigrep</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim-prog">
<term><command>exim</command></term>
<listitem>
<para>
is a symlink to the <command>exim-&exim-daemon-version;</command>
MTA daemon
</para>
<indexterm zone="exim exim-prog">
<primary sortas="b-exim">exim</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim-current_version">
<term><command>exim-&exim-daemon-version;</command></term>
<listitem>
<para>
is the <application>Exim</application> mail transport agent daemon
</para>
<indexterm zone="exim exim-current_version">
<primary sortas="b-exim-&exim-daemon-version;">exim-&exim-daemon-version;</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim_checkaccess">
<term><command>exim_checkaccess</command></term>
<listitem>
<para>
states whether a given recipient address from a given host is
acceptable or not
</para>
<indexterm zone="exim exim_checkaccess">
<primary sortas="b-exim_checkaccess">exim_checkaccess</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim_dbmbuild">
<term><command>exim_dbmbuild</command></term>
<listitem>
<para>
creates and rebuilds <application>Exim</application> databases
</para>
<indexterm zone="exim exim_dbmbuild">
<primary sortas="b-exim_dbmbuild">exim_dbmbuild</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim_dumpdb">
<term><command>exim_dumpdb</command></term>
<listitem>
<para>
writes the contents of <application>Exim</application>
databases to the standard output
</para>
<indexterm zone="exim exim_dumpdb">
<primary sortas="b-exim_dumpdb">exim_dumpdb</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim_fixdb">
<term><command>exim_fixdb</command></term>
<listitem>
<para>
modifies data in <application>Exim</application> databases
</para>
<indexterm zone="exim exim_fixdb">
<primary sortas="b-exim_fixdb">exim_fixdb</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim_lock">
<term><command>exim_lock</command></term>
<listitem>
<para>
locks a mailbox file
</para>
<indexterm zone="exim exim_lock">
<primary sortas="b-exim_lock">exim_lock</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exim_tidydb">
<term><command>exim_tidydb</command></term>
<listitem>
<para>
removes old records from <application>Exim</application>
databases
</para>
<indexterm zone="exim exim_tidydb">
<primary sortas="b-exim_tidydb">exim_tidydb</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="eximstats">
<term><command>eximstats</command></term>
<listitem>
<para>
generates mail statistics from <application>Exim</application>
log files
</para>
<indexterm zone="exim eximstats">
<primary sortas="b-eximstats">eximstats</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exinext">
<term><command>exinext</command></term>
<listitem>
<para>
queries remote host retry times
</para>
<indexterm zone="exim exinext">
<primary sortas="b-exinext">exinext</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exipick">
<term><command>exipick</command></term>
<listitem>
<para>
selects messages based on various criteria
</para>
<indexterm zone="exim exipick">
<primary sortas="b-exipick">exipick</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exiqgrep">
<term><command>exiqgrep</command></term>
<listitem>
<para>
is a utility for selective queue listing
</para>
<indexterm zone="exim exiqgrep">
<primary sortas="b-exiqgrep">exiqgrep</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exiqsumm">
<term><command>exiqsumm</command></term>
<listitem>
<para>
produces a summary of the messages in the mail queue
</para>
<indexterm zone="exim exiqsumm">
<primary sortas="b-exiqsumm">exiqsumm</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="exiwhat">
<term><command>exiwhat</command></term>
<listitem>
<para>
queries running <application>Exim</application> processes
</para>
<indexterm zone="exim exiwhat">
<primary sortas="b-exiwhat">exiwhat</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="eximon">
<term><command>eximon</command></term>
<listitem>
<para>
is a start-up shell script for <command>eximon.bin</command>
used to set the required environment variables before running the
program
</para>
<indexterm zone="exim eximon">
<primary sortas="b-eximon">eximon</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="eximon.bin">
<term><command>eximon.bin</command></term>
<listitem>
<para>
is a monitor program which displays current information in an
<application>X</application> window, and also contains a menu
interface to <application>Exim</application>'s command line
administration options
</para>
<indexterm zone="exim eximon.bin">
<primary sortas="b-eximon.bin">eximon.bin</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

28
server/mail/mail.xml
View File

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
<chapter id="server-mail" xreflabel="MTA">
<?dbhtml filename="mail.html"?>
<title>Mail Server Software</title>
<para>
MTAs are the programs which transport mail from one machine to the
other. The traditional MTA is <application>Sendmail</application>, however
there are several other choices.
</para>
<para>
In addition to the SMTP servers, there is also a POP/IMAP server (Dovecot).
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dovecot.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="exim.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="postfix.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sendmail.xml"/>
</chapter>

760
server/mail/postfix.xml
View File

@ -1,760 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!-- editors: upstream postfix is ftp only, some of the mirrors offer
https - http://www.porcupine.org/mirmon/postfix-source.html lists the
mirror status, some of the mirrors shown as http are actually https -->
<!ENTITY postfix-download-http "https://ghostarchive.org/postfix/postfix-release/official/postfix-&postfix-version;.tar.gz">
<!ENTITY postfix-download-ftp " ">
<!ENTITY postfix-md5sum "3eda9b945ed6cdf11ef58a731c574a04">
<!ENTITY postfix-size "4.7 MB">
<!ENTITY postfix-buildsize "208 MB">
<!ENTITY postfix-time "0.1 SBU (Using parallelism=4)">
]>
<sect1 id="postfix" xreflabel="Postfix-&postfix-version;">
<?dbhtml filename="postfix.html"?>
<title>Postfix-&postfix-version;</title>
<indexterm zone="postfix">
<primary sortas="a-Postfix">Postfix</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Postfix</title>
<para>
The <application>Postfix</application> package contains a Mail Transport
Agent (MTA). This is useful for sending email to other users of your host
machine. It can also be configured to be a central mail server for your
domain, a mail relay agent or simply a mail delivery agent to your local
Internet Service Provider.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&postfix-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&postfix-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &postfix-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &postfix-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &postfix-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &postfix-time;
</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/postfix-&postfix-version;-glibc230_fix-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">Postfix Dependencies</bridgehead>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="cyrus-sasl"/>,
<xref linkend="libnsl"/>, and
<xref linkend="lmdb"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="icu"/> for Email Address Internationalization (SMTPUTF8) support,
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
<xref linkend="openldap"/>,
<xref linkend="pcre2"/>,
<xref linkend="postgresql"/>,
<xref linkend="sqlite"/>,
&berkeley-db;, and
<ulink url="https://cr.yp.to/cdb.html">CDB</ulink> or
<ulink url="https://www.corpit.ru/mjt/tinycdb.html">TinyCDB</ulink>
</para>
<para>
Note that <application>SQLite</application>,
<application>MySQL</application>, <application>PostgreSQL</application>
and <application>CDB</application> are only useful if there is a known
need for them.
</para>
<para condition="html" role="usernotes">
Editor Notes: <ulink url="&blfs-wiki;/postfix"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Postfix</title>
<sect3>
<title>Adding Users and Groups</title>
<para>
Before you compile the program, you need to create users and groups that
will be expected to be in place during the installation. Add the users
and groups with the following commands issued by the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 32 postfix &amp;&amp;
groupadd -g 33 postdrop &amp;&amp;
useradd -c "Postfix Daemon User" -d /var/spool/postfix -g postfix \
-s /bin/false -u 32 postfix &amp;&amp;
chown -v postfix:postfix /var/mail</userinput></screen>
</sect3>
<sect3>
<title>Configuring the Build</title>
<para>
The README files are formatted to be read with a pager like
<application>less</application> or <application>more</application>.
If you want to use a text editor, make them legible with the
following sed:
</para>
<screen><userinput>sed -i 's/.\x08//g' README_FILES/*</userinput></screen>
<para>
The <application>Postfix</application> source tree does not contain a
<filename>configure</filename> script, rather the makefile in the
top-level directory contains a <option>makefiles</option> target that
regenerates all the other makefiles in the build tree. If you wish to
use additional software such as a database back-end for virtual users,
or TLS/SSL authentication, you will need to regenerate the makefiles
using one or more of the appropriate <envar>CCARGS</envar> and
<envar>AUXLIBS</envar> settings listed below.
</para>
<note>
<para>
For all variants of the CCARGS you should ensure that -DNO_NIS is
specified so that the build does not attempt to access an rpcsvc
header which do not exist in BLFS. If &berkeley-db; is
not installed, -DNO_DB needs to be specified as well.
</para>
</note>
<para>
For more details read the readme files.
</para>
<para>
Initialize the <envar>CCARGS</envar> and <envar>AUXLIBS</envar>
according to the note above:
</para>
<screen><userinput>CCARGS="-DNO_NIS -DNO_DB"
AUXLIBS=""</userinput></screen>
<para>
Next, the <envar>CCARGS</envar> and the <envar>AUXLIBS</envar>
variables are filled with settings depending on the actual
system configuration. If an optional package is installed but
should <emphasis>not</emphasis> be included in the
<application>Postfix</application> build, simply skip the
corresponding <code>if [ ... ]; then</code> scriptlets.
</para>
<sect4>
<title>Cyrus-SASL</title>
<para>
To use <application>Cyrus-SASL</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/libsasl2.so ]; then
CCARGS="$CCARGS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
AUXLIBS="$AUXLIBS -lsasl2"
fi</userinput></screen>
</sect4>
<sect4>
<title>LMDB</title>
<para>
To use <application>LMDB</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/liblmdb.so ]; then
CCARGS="$CCARGS -DHAS_LMDB"
AUXLIBS="$AUXLIBS -llmdb"
fi</userinput></screen>
</sect4>
<sect4>
<title>OpenLDAP</title>
<para>
To use <application>OpenLDAP</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/libldap.so -a -r /usr/lib/liblber.so ]; then
CCARGS="$CCARGS -DHAS_LDAP"
AUXLIBS="$AUXLIBS -lldap -llber"
fi</userinput></screen>
</sect4>
<sect4>
<title>Sqlite</title>
<para>
To use <application>Sqlite</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/libsqlite3.so ]; then
CCARGS="$CCARGS -DHAS_SQLITE"
AUXLIBS="$AUXLIBS -lsqlite3 -lpthread"
fi</userinput></screen>
</sect4>
<sect4>
<title>MySQL</title>
<para>
To use <application>MySQL</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/libmysqlclient.so ]; then
CCARGS="$CCARGS -DHAS_MYSQL -I/usr/include/mysql"
AUXLIBS="$AUXLIBS -lmysqlclient -lz -lm"
fi</userinput></screen>
</sect4>
<sect4>
<title>PostgreSQL</title>
<para>
To use <application>PostgreSQL</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/libpq.so ]; then
CCARGS="$CCARGS -DHAS_PGSQL -I/usr/include/postgresql"
AUXLIBS="$AUXLIBS -lpq -lz -lm"
fi</userinput></screen>
</sect4>
<sect4>
<title>CDB/TinyCDB</title>
<para>
To use <application>CDB</application> or
<application>TinyCDB</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><literal>if [ -r <replaceable>&lt;/path/to/CDB&gt;</replaceable>/libcdb.a ]; then
CCARGS="$CCARGS -DHAS_CDB"
AUXLIBS="$AUXLIBS <replaceable>&lt;/path/to/CDB&gt;</replaceable>/libcdb.a"
fi</literal></screen>
</sect4>
<sect4>
<title>StartTLS Authentication</title>
<para>
To use <application>OpenSSL</application> with
<application>Postfix</application>, use the following arguments:
</para>
<screen><userinput>if [ -r /usr/lib/libssl.so -a -r /usr/lib/libcrypto.so ]; then
CCARGS="$CCARGS -DUSE_TLS -I/usr/include/openssl/"
AUXLIBS="$AUXLIBS -lssl -lcrypto"
fi</userinput></screen>
<para>
<application>OpenSSL</application> is installed by LFS so it
should be always there. The <code>if ... then</code> is here
just for consistency.
</para>
</sect4>
</sect3>
<sect3>
<title>Installing Postfix</title>
<para>
There might be duplicate settings in <envar>AUXLIBS</envar>
like <code>-lm</code> when both, <application>MariaDB</application>
and <application>PostgreSQL</application> are used. They do
not harm. Install <application>Postfix</application> by
running the following commands:
</para>
<screen><userinput>make CCARGS="$CCARGS" AUXLIBS="$AUXLIBS" makefiles &amp;&amp;
make</userinput></screen>
<!-- There is a test suite, but it fails a lot. It seems to need
the host to be specifically setup for the tests.
Run with `make tests' and `make root_tests' -->
<para>
This package does not come with a useful test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<!-- dev note: sh postfix-install -non-interactive install_root=<DESTDIR> ... -->
<screen role="root"><userinput>sh postfix-install -non-interactive \
daemon_directory=/usr/lib/postfix \
manpage_directory=/usr/share/man \
html_directory=/usr/share/doc/postfix-&postfix-version;/html \
readme_directory=/usr/share/doc/postfix-&postfix-version;/readme</userinput></screen>
</sect3>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>make makefiles</command>: This command rebuilds the makefiles
throughout the source tree to use the options contained in the
<envar>CCARGS</envar> and <envar>AUXLIBS</envar> variables.
</para>
<para>
<command>sh postfix-install -non-interactive</command>: This keeps the
install script from asking any questions, thereby accepting default
destination directories in all but the few cases. If the
<option>html_directory</option> and <option>readme_directory</option>
options are not set then the documentation will not be installed.
</para>
<para>
<option>CCARGS="-DNO_EAI ..."</option>: this will turn off SMTPUTF8
support, for example if the rest of your email address infrastructure
cannot handle UTF-8 email addresses and message header values.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring Postfix</title>
<sect3 id="postfix-config">
<title>Config Files</title>
<para>
<filename>/etc/aliases</filename>,
<filename>/etc/postfix/main.cf</filename>, and
<filename>/etc/postfix/master.cf</filename>
</para>
<indexterm zone="postfix postfix-config">
<primary sortas="e-etc-aliases">/etc/aliases</primary>
</indexterm>
<indexterm zone="postfix postfix-config">
<primary sortas="e-etc-postfix-star">/etc/postfix/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
Create (or append to an existing) <filename>/etc/aliases</filename>
with the following command. Change
<replaceable>&lt;LOGIN&gt;</replaceable> to your non-root login
identity so mail addressed to
<systemitem class="username">root</systemitem> can be forwarded to you.
As the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/aliases &lt;&lt; "EOF"
<literal># Begin /etc/aliases
MAILER-DAEMON: postmaster
postmaster: root
root: <replaceable>&lt;LOGIN&gt;</replaceable>
# End /etc/aliases</literal>
EOF</userinput></screen>
<para>
To protect an existing <filename>/etc/aliases</filename> file,
the above command appends these aliases to it if it exists. This file
should be checked and duplicate aliases removed, if present.
</para>
<para>
The BLFS editors recommend to use LMDB instead of Berkeley DB for
Postfix tables. Add three lines into
<filename>/etc/postfix/main.cf</filename> to make
<command>postmap</command> encode the lookup tables in the LMDB
format by default and to change the default hash setting of the
alias tables:
</para>
<screen role="root"><userinput>echo 'default_database_type = lmdb' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
echo 'alias_database = lmdb:/etc/aliases' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
echo 'alias_maps = lmdb:/etc/aliases' &gt;&gt; /etc/postfix/main.cf</userinput></screen>
<para>
To protect your server against the recent SMTP smuggling attacks,
additional steps are required. Add two lines into
<filename>/etc/postfix/main.cf</filename> to disconnect remote SMTP
clients that send bare newlines in the DATA section, while also
allowing clients on your network with non-standard SMTP implementations
to still send mail:
</para>
<screen role="root"><userinput>echo 'smtpd_forbid_bare_newline = normalize' &gt;&gt; /etc/postfix/main.cf &amp;&amp;
echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' &gt;&gt; /etc/postfix/main.cf</userinput></screen>
<para>
Note that if you are following an online tutorial to configure
Postfix, the tutorial may refer to a lookup table with
<literal>hash:/path/to/lookup_table</literal>. You should replace
<literal>hash</literal> with <literal>lmdb</literal> in order to use
a lookup table encoded in the LMDB format.
</para>
<note>
<para>
The <filename>/etc/postfix/main.cf</filename> and
<filename>/etc/postfix/master.cf</filename> files must be personalized
for your system. The <filename>main.cf</filename> file needs your
fully qualified hostname. You will find that
<filename>main.cf</filename> is self documenting, so load it into your
editor to make the changes you need for your situation.
</para>
</note>
<note>
<para>
<application>Postfix</application> can also be set up to
run in a chroot jail. See the file in the source
<filename>examples/chroot-setup/LINUX2</filename> for details.
</para>
</note>
<para>
To ensure that all permissions are set properly, <application>postfix</application>
provides a tool which is to be run as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="nodump"><userinput>/usr/sbin/postfix -c /etc/postfix set-permissions</userinput></screen>
<para>
If you have an existing configuration, you can run the
<command>postfix</command> utility to add any necessary definitions to
your existing files. As the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="nodump"><userinput>/usr/sbin/postfix upgrade-configuration</userinput></screen>
<para>
Before starting <application>Postfix</application>, you should check
that your configuration and file permissions will work properly. Run the
following commands as the <systemitem class="username">root</systemitem>
user to check and start your <application>Postfix</application> server:
</para>
<screen role="nodump"><userinput>/usr/sbin/postfix check &amp;&amp;
/usr/sbin/postfix start</userinput></screen>
</sect3>
<sect3 id="postfix-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
To automate the running of Postfix at startup, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/postfix</filename>
init script</phrase>
<phrase revision="systemd"><filename>postfix.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<indexterm zone="postfix postfix-init">
<primary sortas="f-postfix">postfix</primary>
</indexterm>
<screen role="root"><userinput>make install-postfix</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
mailq (symlink), newaliases (symlink), postalias, postcat, postconf,
postdrop, postfix, postkick, postlock, postlog, postmap, postmulti,
postqueue, postsuper, and sendmail
</seg>
<seg>
None
</seg>
<seg>
/{etc,usr/lib}/postfix,
/usr/share/doc/postfix-&postfix-version; and
/var/{lib,spool}/postfix
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="mailq">
<term><command>mailq</command></term>
<listitem>
<para>
A symlink to <filename>sendmail</filename>
</para>
<indexterm zone="postfix mailq">
<primary sortas="b-mailq">mailq</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="newaliases">
<term><command>newaliases</command></term>
<listitem>
<para>
A symlink to <filename>sendmail</filename>
</para>
<indexterm zone="postfix newaliases">
<primary sortas="b-newaliases">newaliases</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postalias">
<term><command>postalias</command></term>
<listitem>
<para>
is a utility for <application>Postfix</application> alias database
maintenance
</para>
<indexterm zone="postfix postalias">
<primary sortas="b-postalias">postalias</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postcat">
<term><command>postcat</command></term>
<listitem>
<para>
Prints the contents of files from the
<application>Postfix</application> queue in human readable format
</para>
<indexterm zone="postfix postcat">
<primary sortas="b-postcat">postcat</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postconf">
<term><command>postconf</command></term>
<listitem>
<para>
Displays or changes the value of
<application>Postfix</application> configuration parameters
</para>
<indexterm zone="postfix postconf">
<primary sortas="b-postconf">postconf</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postdrop">
<term><command>postdrop</command></term>
<listitem>
<para>
Creates a file in the maildrop directory and copies its standard
input to the file
</para>
<indexterm zone="postfix postdrop">
<primary sortas="b-postdrop">postdrop</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postfix-bin">
<term><command>postfix</command></term>
<listitem>
<para>
is the <application>Postfix</application> control program
</para>
<indexterm zone="postfix postfix-bin">
<primary sortas="b-postfix">postfix</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postkick">
<term><command>postkick</command></term>
<listitem>
<para>
Sends requests to the specified service over a local transport
channel
</para>
<indexterm zone="postfix postkick">
<primary sortas="b-postkick">postkick</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postlock">
<term><command>postlock</command></term>
<listitem>
<para>
Locks a mail folder for exclusive use, and executes commands passed
to it
</para>
<indexterm zone="postfix postlock">
<primary sortas="b-postlock">postlock</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postlog">
<term><command>postlog</command></term>
<listitem>
<para>
A <application>Postfix</application>-compatible logging interface
for use in, for example, shell scripts
</para>
<indexterm zone="postfix postlog">
<primary sortas="b-postlog">postlog</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postmap">
<term><command>postmap</command></term>
<listitem>
<para>
Creates or queries one or more Postfix lookup tables, or updates an
existing one
</para>
<indexterm zone="postfix postmap">
<primary sortas="b-postmap">postmap</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postmulti">
<term><command>postmulti</command></term>
<listitem>
<para>
is the <application>Postfix</application> multi-instance manager.
It allows a system administrator to manage multiple
<application>Postfix</application> instances on a single host
</para>
<indexterm zone="postfix postmulti">
<primary sortas="b-postmulti">postmulti</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postqueue">
<term><command>postqueue</command></term>
<listitem>
<para>
The <application>Postfix</application> user interface for
queue management
</para>
<indexterm zone="postfix postqueue">
<primary sortas="b-postqueue">postqueue</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="postsuper">
<term><command>postsuper</command></term>
<listitem>
<para>
The <application>Postfix</application> user interface for
superuser queue management
</para>
<indexterm zone="postfix postsuper">
<primary sortas="b-postsuper">postsuper</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="sendmail-postfix">
<term><command>sendmail</command></term>
<listitem>
<para>
is the <application>Postfix</application> to
<application>Sendmail</application> compatibility interface
</para>
<indexterm zone="postfix sendmail-postfix">
<primary sortas="b-sendmail">sendmail</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

521
server/mail/sendmail.xml
View File

@ -1,521 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY sendmail-download-http "https://ftp.sendmail.org/sendmail.&sendmail-version;.tar.gz">
<!ENTITY sendmail-download-ftp " ">
<!ENTITY sendmail-md5sum "b6b332295b5779036d4c9246f96f673c">
<!ENTITY sendmail-size "2.3 MB">
<!ENTITY sendmail-buildsize "21 MB">
<!ENTITY sendmail-time "0.1 SBU">
]>
<sect1 id="sendmail" xreflabel="sendmail-&sendmail-version;">
<?dbhtml filename="sendmail.html"?>
<title>sendmail-&sendmail-version;</title>
<indexterm zone="sendmail">
<primary sortas="a-sendmail">sendmail</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to sendmail</title>
<para>
The <application>sendmail</application> package contains a Mail
Transport Agent (MTA).
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&sendmail-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&sendmail-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &sendmail-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &sendmail-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &sendmail-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &sendmail-time;
</para>
</listitem>
</itemizedlist>
<!-- Sendmail 8.16.1 does have official support for OpenSSL 1.1
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/sendmail.&sendmail-version;-openssl-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">sendmail Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="openldap"/> (client)
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="cyrus-sasl"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="gs"/> (for creating PDF documentation),
<xref linkend="procmail"/> (the configuration proposed below requires
that <command>procmail</command> be present at run-time), and
<ulink url="https://github.com/chaos/nph">nph</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of sendmail</title>
<para>
Before building <application>sendmail</application>, create the
required user, group and directory with the following commands issued as
the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 26 smmsp &amp;&amp;
useradd -c "Sendmail Daemon" -g smmsp -d /dev/null \
-s /bin/false -u 26 smmsp &amp;&amp;
chmod -v 1777 /var/mail &amp;&amp;
install -v -m700 -d /var/spool/mqueue</userinput></screen>
<note>
<para>
See the source tree <filename>sendmail/README</filename> file
for information on linking optional packages into the build. Use the
example below, which adds support for SASL, StartTLS
(<application>OpenSSL</application>) and
<application>OpenLDAP</application>, as a starting point. Of course,
modify it to suit your particular needs.
</para>
</note>
<screen><userinput>cat &gt;&gt; devtools/Site/site.config.m4 &lt;&lt; "EOF"
<literal>APPENDDEF(`confENVDEF',`-DSTARTTLS -DSASL -DLDAPMAP -DHASFLOCK')
APPENDDEF(`confLIBS', `-lssl -lcrypto -lsasl2 -lldap -llber')
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')</literal>
EOF</userinput></screen>
<para>
Install <application>sendmail</application> with the following commands:
</para>
<screen><userinput>cat &gt;&gt; devtools/Site/site.config.m4 &lt;&lt; "EOF"
<literal>define(`confMANGRP',`root')
define(`confMANOWN',`root')
define(`confSBINGRP',`root')
define(`confUBINGRP',`root')
define(`confUBINOWN',`root')</literal>
EOF
sed -i 's|/usr/man/man|/usr/share/man/man|' \
devtools/OS/Linux &amp;&amp;
cd sendmail &amp;&amp;
sh Build &amp;&amp;
cd ../cf/cf &amp;&amp;
cp generic-linux.mc sendmail.mc &amp;&amp;
sh Build sendmail.cf</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<!-- When doing a DESTDIR= build, for example, for an update to check for new
installed files, you need to create $DEST/usr/{bin,sbin,share/man/man{1,5,8}
first. "sh Build" is a wrapper for Make, so it will accept DESTDIR=
as an argument. -->
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>install -v -d -m755 /etc/mail &amp;&amp;
sh Build install-cf &amp;&amp;
cd ../.. &amp;&amp;
sh Build install &amp;&amp;
install -v -m644 cf/cf/{submit,sendmail}.mc /etc/mail &amp;&amp;
cp -v -R cf/* /etc/mail &amp;&amp;
install -v -m755 -d /usr/share/doc/sendmail-&sendmail-version;/{cf,sendmail} &amp;&amp;
install -v -m644 CACerts FAQ KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES \
/usr/share/doc/sendmail-&sendmail-version; &amp;&amp;
install -v -m644 sendmail/{README,SECURITY,TRACEFLAGS,TUNING} \
/usr/share/doc/sendmail-&sendmail-version;/sendmail &amp;&amp;
install -v -m644 cf/README /usr/share/doc/sendmail-&sendmail-version;/cf &amp;&amp;
for manpage in sendmail editmap mailstats makemap praliases smrsh
do
install -v -m644 $manpage/$manpage.8 /usr/share/man/man8
done &amp;&amp;
install -v -m644 sendmail/aliases.5 /usr/share/man/man5 &amp;&amp;
install -v -m644 sendmail/mailq.1 /usr/share/man/man1 &amp;&amp;
install -v -m644 sendmail/newaliases.1 /usr/share/man/man1 &amp;&amp;
install -v -m644 vacation/vacation.1 /usr/share/man/man1</userinput></screen>
<para>
Install the <application>sendmail</application> Installation and
Operations Guide with the following commands:
</para>
<note>
<para>
Remove <filename>op.pdf</filename> from the <command>make</command>
and <command>install</command> commands below if
you don't have <application>Ghostscript</application> installed.
</para>
</note>
<screen remap="doc"><userinput>cd doc/op &amp;&amp;
sed -i 's/groff/GROFF_NO_SGR=1 groff/' Makefile &amp;&amp;
make op.txt op.pdf</userinput></screen>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"
remap="doc"><userinput>install -v -d -m755 /usr/share/doc/sendmail-&sendmail-version; &amp;&amp;
install -v -m644 op.ps op.txt op.pdf /usr/share/doc/sendmail-&sendmail-version; &amp;&amp;
cd ../..</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>cat &gt; devtools/Site/site.config.m4 &lt;&lt; "EOF"</command>:
This creates a configuration file changing some of the default settings.
</para>
<para>
<command>sed ... devtools/OS/Linux</command>: The site.config.m4
does not honor a change to the man directory, so fix it in the OS
definitions.
</para>
<!-- No longer valid with 8.16.1
<para>
<command>sed ... include/sm/bdb.h</command>: This allows sendmail to
build properly with <xref linkend='db'/> versions 5 and above.
</para>
-->
<para>
<command>sh Build; sh Build sendmail.cf; sh Build install-cf;
sh Build install</command>: <application>sendmail</application> uses an
<application>m4</application> based build script to create the various
<filename>Makefile</filename>s. These commands build and install the
package.
</para>
<para>
<command>for manpage in...;do...;done; install ...</command>: The man
pages are installed already formatted and <command>man</command> displays
them somewhat garbled. These commands replace the formatted pages with
pages <command>man</command> can display properly.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring sendmail</title>
<sect3 id="sendmail-config">
<title>Config Files</title>
<para>
<filename>/etc/mail/*</filename>
</para>
<indexterm zone="sendmail sendmail-config">
<primary sortas="e-etc-mail">/etc/mail/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<note>
<para>
Ensure you have a fully qualified domain name defined
in <filename>/etc/hosts</filename> for your system before proceeding.
</para>
</note>
<para>
Create the <filename>/etc/mail/local-host-names</filename> and
<filename>/etc/mail/aliases</filename> files using the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>echo $(hostname) > /etc/mail/local-host-names
cat &gt; /etc/mail/aliases &lt;&lt; "EOF"
<literal>postmaster: root
MAILER-DAEMON: root</literal>
EOF
# Does not work if there is no database backend compiled in:
#newaliases</userinput></screen>
<para>
<application>sendmail</application>'s primary configuration file,
<filename>/etc/mail/sendmail.cf</filename>, is complex and not meant to
be directly edited. The recommended method for changing it is to modify
<filename>/etc/mail/sendmail.mc</filename> and various
<application>m4</application> files, then run the <command>m4</command>
macro processor from within
<filename class='directory'>/etc/mail</filename> as follows:
</para>
<screen role="root"><userinput>cd /etc/mail &amp;&amp;
m4 m4/cf.m4 sendmail.mc > sendmail.cf</userinput></screen>
<para>
A full explanation of the files to modify, and the available
parameters can be found in <filename>/etc/mail/README</filename>.
</para>
</sect3>
<sect3 id="sendmail-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
To automate the running of <application>sendmail</application>
at startup, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/sendmail</filename>
init script</phrase>
<phrase revision="systemd"><filename>sendmail.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<indexterm zone="sendmail sendmail-init">
<primary sortas="f-sendmail-init">sendmail</primary>
</indexterm>
<screen role="root"><userinput>make install-sendmail</userinput></screen>
<note>
<para>
The -qNm option to <command>sendmail</command>, where N is number
of minutes, controls how often <application>sendmail</application>
will process the mail queue. A default of 5 minutes is used in the
<phrase revision="sysv">init script.</phrase>
<phrase revision="systemd">systemd unit.</phrase> Individual
workstation users may want to set this as low as 1 minute, large
installations handling more mail may want to set it higher.
</para>
</note>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>editmap, mailstats, makemap, praliases, sendmail, smrsh,
and vacation; symlinks to /usr/sbin/sendmail: hoststat, mailq,
newaliases, and purgestat</seg>
<seg>None</seg>
<seg>/etc/mail, /usr/share/doc/sendmail-&sendmail-version;,
and /var/spool/clientmqueue</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="editmap">
<term><command>editmap</command></term>
<listitem>
<para>
queries and edits <application>sendmail</application> map files
</para>
<indexterm zone="sendmail editmap">
<primary sortas="b-editmap">editmap</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="hoststat">
<term><command>hoststat</command></term>
<listitem>
<para>
prints <application>sendmail</application>'s persistent host status
</para>
<indexterm zone="sendmail hoststat">
<primary sortas="b-hoststat">hoststat</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="mailstats">
<term><command>mailstats</command></term>
<listitem>
<para>
displays <application>sendmail</application> statistics
</para>
<indexterm zone="sendmail mailstats">
<primary sortas="b-mailstats">mailstats</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="mailq-sendmail">
<term><command>mailq</command></term>
<listitem>
<para>
prints a summary of outbound mail messages waiting for delivery
</para>
<indexterm zone="sendmail mailq-sendmail">
<primary sortas="b-mailq">mailq</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="makemap">
<term><command>makemap</command></term>
<listitem>
<para>
creates <application>sendmail</application> map files
</para>
<indexterm zone="sendmail makemap">
<primary sortas="b-makemap">makemap</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="newaliases-sendmail">
<term><command>newaliases</command></term>
<listitem>
<para>
rebuilds <filename>/etc/mail/aliases.db</filename> from the
contents of <filename>/etc/mail/aliases</filename>
</para>
<indexterm zone="sendmail newaliases-sendmail">
<primary sortas="b-newaliases">newaliases</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="praliases">
<term><command>praliases</command></term>
<listitem>
<para>
displays current <application>sendmail</application> aliases
</para>
<indexterm zone="sendmail praliases">
<primary sortas="b-praliases">praliases</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="purgestat">
<term><command>purgestat</command></term>
<listitem>
<para>
causes <application>sendmail</application> to clear (purge)
all its host-status information
</para>
<indexterm zone="sendmail purgestat">
<primary sortas="b-purgestat">purgestat</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="sendmail-prog-sendmail">
<term><command>sendmail</command></term>
<listitem>
<para>
is the <application>sendmail</application> mail transport agent
</para>
<indexterm zone="sendmail sendmail-prog-sendmail">
<primary sortas="b-sendmail">sendmail</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="smrsh">
<term><command>smrsh</command></term>
<listitem>
<para>
is a restricted shell for <application>sendmail</application>
</para>
<indexterm zone="sendmail smrsh">
<primary sortas="b-smrsh">smrsh</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="vacation-sendmail">
<term><command>vacation</command></term>
<listitem>
<para>
is an email auto responder
</para>
<indexterm zone="sendmail vacation-sendmail">
<primary sortas="b-vacation">vacation</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

548
server/major/apache.xml
View File

@ -1,548 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY apache-download-http
"https://archive.apache.org/dist/httpd/httpd-&apache-version;.tar.bz2">
<!ENTITY apache-download-ftp " ">
<!ENTITY apache-md5sum "30377ec4d7fb8361e1d1f2ab3158b467">
<!ENTITY apache-size "7.1 MB">
<!ENTITY apache-buildsize "88 MB">
<!ENTITY apache-time "0.3 SBU (Using parallelism=4)">
]>
<sect1 id="apache" xreflabel="Apache-&apache-version;">
<?dbhtml filename="apache.html"?>
<title>Apache-&apache-version;</title>
<indexterm zone="apache">
<primary sortas="a-Apache">Apache</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Apache HTTPD</title>
<para>
The <application>Apache HTTPD</application> package contains an open-source HTTP
server. It is useful for creating local intranet web sites or running huge
web serving operations.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&apache-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&apache-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &apache-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &apache-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &apache-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &apache-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/httpd-&apache-version;-blfs_layout-1.patch"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Apache HTTPD Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="apr-util"/> and
<xref linkend="pcre2"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="brotli"/>,
<xref linkend="doxygen"/>,
<xref linkend="jansson"/>,
<xref linkend="libxml2"/>,
<xref linkend="lua"/>,
<xref linkend="lynx"/> or
<xref linkend="Links"/> or
<ulink url="&elinks-url;">ELinks</ulink>,
<xref linkend="nghttp2"/>,
<xref linkend="openldap"/> (<xref linkend="apr-util"/> needs to be
installed with ldap support),
<xref linkend="rsync"/>,
&berkeley-db;, and
<ulink url="https://sourceforge.net/projects/distcache">Distcache</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Apache HTTPD</title>
<para>
For security reasons, running the server as an unprivileged user and group
is strongly encouraged. Create the following group and user using the
following commands as <systemitem class="username">root</systemitem>:
</para>
<screen role="root"><userinput>groupadd -g 25 apache &amp;&amp;
useradd -c "Apache Server" -d /srv/www -g apache \
-s /bin/false -u 25 apache</userinput></screen>
<para>
Build and install <application>Apache HTTPD</application> by running the
following commands:
</para>
<screen><userinput>patch -Np1 -i ../httpd-&apache-version;-blfs_layout-1.patch &amp;&amp;
sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in &amp;&amp;
sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:' \
-e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::' \
-e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
-i configure &amp;&amp;
sed -e '/encoding.h/a # include &lt;libxml/xmlstring.h&gt;' \
-i modules/filters/mod_xml2enc.c &amp;&amp;
./configure --enable-authnz-fcgi \
--enable-layout=BLFS \
--enable-mods-shared="all cgi" \
--enable-mpms-shared=all \
--enable-suexec=shared \
--with-apr=/usr/bin/apr-1-config \
--with-apr-util=/usr/bin/apu-1-config \
--with-suexec-bin=/usr/lib/httpd/suexec \
--with-suexec-caller=apache \
--with-suexec-docroot=/srv/www \
--with-suexec-logfile=/var/log/httpd/suexec.log \
--with-suexec-uidmin=100 \
--with-suexec-userdir=public_html &amp;&amp;
make</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<!-- changing the patch allows doing DESTDIR install as a normal user
<note>
<para>
This package does not install properly using <envar>DESTDIR</envar>
techniques as an unpriviledged user.
</para>
</note>
-->
<screen role="root"><userinput>make install &amp;&amp;
mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &amp;&amp;
chgrp apache /usr/lib/httpd/suexec &amp;&amp;
chmod 4754 /usr/lib/httpd/suexec &amp;&amp;
chown -v -R apache:apache /srv/www</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>sed '/dir.*CFG_PREFIX/s@^@#@'...</command>: Forces the
<application>apxs</application> utility to use absolute pathnames for
modules, when instructed to do so.
</para>
<para>
<command>sed -e '/HTTPD_ROOT/s ...</command>: Fixes some paths.
</para>
<para>
<command>sed -e '/encoding.h/a ...</command>; Fix building against
libxml-2.12.x.
</para>
<para>
<parameter>--enable-authnz-fcgi</parameter>: Build FastCGI
authorizer-based authentication and authorization (mod_authnz_fcgi.so
fast CGI module).
</para>
<para>
<parameter>--enable-mods-shared="all cgi"</parameter>: The modules should be
compiled and used as Dynamic Shared Objects (DSOs) so they can be included
and excluded from the server using the run-time configuration directives.
</para>
<para>
<parameter>--enable-mpms-shared=all</parameter>: This switch ensures that
all MPM (Multi Processing Modules) are built as Dynamic Shared Objects
(DSOs), so the user can choose which one to use at runtime.
</para>
<para>
<parameter>--enable-suexec</parameter>: This switch enables building of the
<application>Apache</application> suEXEC module which can be used to allow
users to run CGI and SSI scripts under user IDs different from the user ID
of the calling web server.
</para>
<para>
<parameter>--with-suexec-*</parameter>: These switches control suEXEC module
behavior, such as default document root, minimal UID that can be used to
run the script under the suEXEC. Please note that with minimal UID 100, you
can't run CGI or SSI scripts under suEXEC as the
<systemitem class="username">apache</systemitem> user.
</para>
<para>
<command>... /usr/lib/httpd/suexec</command>: These commands put
<command>suexec</command> wrapper into proper location, since it
is not meant to be run directly. They also adjust proper
permissions of the binary, making it setgid
<systemitem class="username">apache</systemitem>.
</para>
<para>
<command>chown -R apache:apache /srv/www</command>: By default, the
installation process installs files (documentation, error messages,
default icons, etc.) with the ownership of the user that extracted the
files from the tar file. If you want to change the ownership to another
user, you should do so at this point. The only requirement is that the
document directories need to be accessible by the <command>httpd</command>
process with (r-x) permissions and files need to be readable (r--) by the
<systemitem class="username">apache</systemitem> user.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring Apache</title>
<sect3 id="apache-config">
<title>Config Files</title>
<para>
<filename>/etc/httpd/httpd.conf</filename> and
<filename>/etc/httpd/extra/*</filename>
</para>
<indexterm zone="apache apache-config">
<primary sortas="e-etc-httpd-httpd.conf">/etc/httpd/httpd.conf</primary>
</indexterm>
<indexterm zone="apache apache-config">
<primary sortas="e-etc-httpd-extra-star">/etc/httpd/extra/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
See <ulink url="file:///usr/share/httpd/manual/configuring.html"/>
for detailed instructions on customising your
<application>Apache</application> HTTP server configuration file.
</para>
<para>
There is no reason, at least for internet facing sites, not
to use SSL encryption. Setting up a secured website does not cost
anything except installing one additional small tool and a few
minutes of configuration work. Use this guideline at
<ulink url="&blfs-wiki;/Securing_a_website"/> to create
world-wide accepted certificates and renew them on a regular basis.
</para>
</sect3>
<sect3 id="httpd-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
If you want the <application>Apache</application> server to
start automatically when the system is booted, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/httpd</filename>
init script</phrase>
<phrase revision="systemd"><filename>httpd.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<indexterm zone="apache httpd-init">
<primary sortas="f-apache">apache</primary>
</indexterm>
<screen role="root"><userinput>make install-httpd</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter,
htcacheclean, htdbm, htdigest, htpasswd, httpd,
httxt2dbm, logresolve, and rotatelogs
<!-- not executable from path, and suexec -->
</seg>
<seg>
Several libraries under /usr/lib/httpd/modules/
</seg>
<seg>
/etc/httpd,
/srv/www,
/usr/include/httpd,
/usr/lib/httpd,
/usr/share/httpd,
/var/log/httpd, and
/var/run/httpd
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="ab">
<term><command>ab</command></term>
<listitem>
<para>
is a tool for benchmarking your <application>Apache</application>
HTTP server
</para>
<indexterm zone="apache ab">
<primary sortas="b-ab">ab</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="apachectl">
<term><command>apachectl</command></term>
<listitem>
<para>
is a front end to the <application>Apache</application> HTTP server
which is designed to help the administrator control the functioning
of the <application>Apache</application> httpd daemon
</para>
<indexterm zone="apache apachectl">
<primary sortas="b-apachectl">apachectl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="apxs">
<term><command>apxs</command></term>
<listitem>
<para>
is a tool for building and installing extension modules for the
<application>Apache</application> HTTP server
</para>
<indexterm zone="apache apxs">
<primary sortas="b-apxs">apxs</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="checkgid">
<term><command>checkgid</command></term>
<listitem>
<para>
is a program that checks whether it can setgid to the group
specified. This is to see if it is a valid group for Apache2 to use
at runtime. If the user (should be run as superuser) is in that
group, or can setgid to it, it will return 0
</para>
<indexterm zone="apache checkgid">
<primary sortas="b-checkgid">checkgid</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dbmmanage">
<term><command>dbmmanage</command></term>
<listitem>
<para>
is used to create and update the DBM format files used to store
usernames and passwords for basic authentication of HTTP users
</para>
<indexterm zone="apache dbmmanage">
<primary sortas="b-dbmmanage">dbmmanage</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="fcgistarter">
<term><command>fcgistarter</command></term>
<listitem>
<para>
is a tool to start a FastCGI program
</para>
<indexterm zone="apache fcgistarter">
<primary sortas="b-fcgistarter">fcgistarter</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="htcacheclean">
<term><command>htcacheclean</command></term>
<listitem>
<para>
is used to clean up the disk cache
</para>
<indexterm zone="apache htcacheclean">
<primary sortas="b-htcacheclean">htcacheclean</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="htdbm">
<term><command>htdbm</command></term>
<listitem>
<para>
is used to manipulate the DBM password databases
</para>
<indexterm zone="apache htdbm">
<primary sortas="b-htdbm">htdbm</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="htdigest">
<term><command>htdigest</command></term>
<listitem>
<para>
is used to create and update the flat-files used to store usernames,
realms and passwords for digest authentication of HTTP users
</para>
<indexterm zone="apache htdigest">
<primary sortas="b-htdigest">htdigest</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="htpasswd">
<term><command>htpasswd</command></term>
<listitem>
<para>
is used to create and update the flat-files used to store usernames
and passwords for basic authentication of HTTP users
</para>
<indexterm zone="apache htpasswd">
<primary sortas="b-htpasswd">htpasswd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="httpd">
<term><command>httpd</command></term>
<listitem>
<para>
is the <application>Apache</application> HTTP server program
</para>
<indexterm zone="apache httpd">
<primary sortas="b-httpd">httpd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="httxt2dbm">
<term><command>httxt2dbm</command></term>
<listitem>
<para>
is used to generate DBM files from text, for use in RewriteMap
</para>
<indexterm zone="apache httxt2dbm">
<primary sortas="b-httxt2dbm">httxt2dbm</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="logresolve">
<term><command>logresolve</command></term>
<listitem>
<para>
is a post-processing program to resolve IP-addresses in
<application>Apache</application>'s access log files
</para>
<indexterm zone="apache logresolve">
<primary sortas="b-logresolve">logresolve</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="rotatelogs">
<term><command>rotatelogs</command></term>
<listitem>
<para>
is a simple program for use in conjunction with
<application>Apache</application>'s piped log file feature
</para>
<indexterm zone="apache rotatelogs">
<primary sortas="b-rotatelogs">rotatelogs</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="suexec">
<term><command>suexec</command></term>
<listitem>
<para>
allows users to run CGI and SSI applications as a different user
</para>
<indexterm zone="apache suexec">
<primary sortas="b-suexec">suexec</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

980
server/major/bind.xml
View File

@ -1,980 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
<!ENTITY bind-download-ftp " ">
<!ENTITY bind-md5sum "&bind-md5;">
<!ENTITY bind-size "5.3 MB">
<!ENTITY bind-buildsize "127 MB (21 MB installed)">
<!ENTITY bind-time "0.5 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
]>
<sect1 id="bind" xreflabel="BIND-&bind-version;">
<?dbhtml filename="bind.html"?>
<title>BIND-&bind-version;</title>
<indexterm zone="bind">
<primary sortas="a-BIND">BIND</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to BIND</title>
<para>
The <application>BIND</application> package provides a DNS server
and client utilities. If you are only interested in the utilities, refer
to the <xref linkend="bind-utils"/>.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&bind-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&bind-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &bind-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &bind-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &bind-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &bind-time;
</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="libuv"/>
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="json-c"/>,
<xref linkend="libcap-pam"/>, and
<xref linkend="nghttp2"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="curl"/>,
<xref linkend="libidn2"/>,
<xref linkend="libxml2"/>,
<xref linkend="lmdb"/>,
<xref linkend="mitkrb"/>,
<xref linkend="pytest"/>,
<xref linkend="sphinx"/> (required to build documentation),
<ulink url="https://cmocka.org/">cmocka</ulink>,
<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
<ulink url="&w3m-url;">w3m</ulink>
</para>
<bridgehead renderas="sect4">Optional database backends</bridgehead>
<para role="optional">
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
<xref linkend="openldap"/>,
<xref linkend="postgresql"/>,
<xref linkend="unixodbc"/>, and
&berkeley-db;
</para>
<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
<para role="optional">
<xref linkend="perl-net-dns"/>
</para>
<para condition="html" role="usernotes">
Editor Notes: <ulink url="&blfs-wiki;/bind"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of BIND</title>
<!--
<para>
To ensure <application>BIND</application> will build dnssec-keymgr,
install a python module as the <systemitem
class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>pip3 install ply</userinput></screen>
-->
<note>
<para>
Starting with bind-9.18.20, the IP addresses for B.ROOT-SERVERS.NET
have changed.
</para>
</note>
<para>
Install <application>BIND</application> by running the
following commands:
</para>
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--mandir=/usr/share/man \
--disable-static &amp;&amp;
make</userinput></screen>
<para>
Issue the following commands to run the complete suite of tests.
First, as the <systemitem class="username">root</systemitem> user, set up
some test interfaces:
</para>
<note>
<para>
If IPv6 is not enabled in the kernel, there will be several
error messages: "RTNETLINK answers: Operation not permitted". These
messages do not affect the tests.
</para>
</note>
<screen role="root"
remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
<para>
The test suite may indicate some skipped tests depending on
what configuration options are used. Some tests are marked
<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
is not installed. Two tests, <filename>resolver</filename> and
<filename>dispatch</filename>, are known to fail.
To run the tests, as an unprivileged user, execute:
</para>
<screen remap="test"><userinput>make -k check</userinput></screen>
<para>
Again as <systemitem class="username">root</systemitem>, clean up the
test interfaces:
</para>
<screen role="root"
remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
<para>
Finally, install the package as the <systemitem
class="username">root</systemitem> user:
</para>
<!-- Documentation is an issue - The docs are now all in .rst format and appear
to be sphinx based. install source .rst files for now...
leave docs untouched as they does only use disk space when not
used to recreate the docs via Sphinx. I've added a note regarding
the documentation. (thomas)
<screen role="root"><userinput>make install &amp;&amp;
install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &amp;&amp;
install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &amp;&amp;
install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
-->
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<parameter>--sysconfdir=/etc</parameter>: This parameter forces
<application>BIND</application> to look for configuration
files in <filename class='directory'>/etc</filename> instead of
<filename class='directory'>/usr/etc</filename>.
</para>
<!-- Seems to be removed in 9.18.0
<para>
<parameter>- -with-libtool</parameter>: This parameter forces the
building of dynamic libraries and links the installed binaries to these
libraries.
</para>
-->
<para>
<option>--with-libidn2</option>: This parameter enables
the IDNA2008 (Internationalized Domain Names in Applications)
support.
</para>
<para>
<option>--enable-fetchlimit</option>: Use this option if you want
to be able to limit the rate of recursive client queries. This may be
useful on servers which receive a large number of queries.
</para>
<para>
<option>--disable-linux-caps</option>: BIND can also be built without
capability support by using this option, at the cost of some loss of
security.
</para>
<para>
<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
one (or more) of those options to add Dynamically Loadable Zones support.
For more information refer to <ulink
url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
</para>
<para>
<option>--disable-doh</option>: Use this option if you do not have
<xref linkend="nghttp2" role="nodep"/> installed and do not need support
for DNS over HTTPS.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
</sect2>
<sect2 role="configuration">
<title>Configuring BIND</title>
<sect3 id="bind-config">
<title>Config files</title>
<para>
<filename>named.conf</filename>,
<filename>root.hints</filename>,
<filename>127.0.0</filename>,
<filename>rndc.conf</filename>, and
<filename>resolv.conf</filename>
</para>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary
sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary
sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
<application>BIND</application> will be configured to run in a
<command>chroot</command> jail as an unprivileged user (<systemitem
class="username">named</systemitem>). This configuration is more secure
in that a DNS compromise can only affect a few files in the <systemitem
class="username">named</systemitem> user's <envar>HOME</envar>
directory.
</para>
<para>
Create the unprivileged user and group <systemitem
class="username">named</systemitem>:
</para>
<screen role="root"><userinput>groupadd -g 20 named &amp;&amp;
useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &amp;&amp;
install -d -m770 -o named -g named /srv/named</userinput></screen>
<para>
Set up some files, directories and devices needed by
<application>BIND</application>:
</para>
<screen role="root"><userinput>mkdir -p /srv/named &amp;&amp;
cd /srv/named &amp;&amp;
mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &amp;&amp;
mknod /srv/named/dev/null c 1 3 &amp;&amp;
mknod /srv/named/dev/urandom c 1 9 &amp;&amp;
chmod 666 /srv/named/dev/{null,urandom} &amp;&amp;
cp /etc/localtime etc</userinput></screen>
<para>
The <filename>rndc.conf</filename> file contains information for
controlling <command>named</command> operations with the
<command>rndc</command> utility. Generate a key for use in the
<filename>named.conf</filename> and <filename>rndc.conf</filename>
with the <command>rndc-confgen</command> command:
</para>
<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
<para>
Create the <filename>named.conf</filename> file from which
<command>named</command> will read the location of zone files, root
name servers and secure DNS keys:
</para>
<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
<literal>options {
directory "/etc/named";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
// Bind 9 now logs by default through syslog (except debug).
// These are the default logging rules.
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
channel default_syslog {
syslog daemon; // send to syslog's daemon
// facility
severity info; // only send priority info
// and higher
};
channel default_debug {
file "named.run"; // write to named.run in
// the working directory
// Note: stderr is used instead
// of "named.run"
// if the server is started
// with the '-f' option.
severity dynamic; // log at the server's
// current debug level
};
channel default_stderr {
stderr; // writes to stderr
severity info; // only send priority info
// and higher
};
channel null {
null; // toss anything sent to
// this channel
};
};</literal>
EOF</userinput></screen>
<para>
Create a zone file with the following contents:
</para>
<screen role="root"><userinput>cat &gt; /srv/named/etc/named/pz/127.0.0 &lt;&lt; "EOF"
<literal>$TTL 3D
@ IN SOA ns.local.domain. hostmaster.local.domain. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.local.domain.
1 PTR localhost.</literal>
EOF</userinput></screen>
<para>
Create the <filename>root.hints</filename> file with the following
commands:
</para>
<note>
<para>
Caution must be used to ensure there are no leading spaces in
this file.
</para>
</note>
<screen role="root"><userinput>cat &gt; /srv/named/etc/named/root.hints &lt;&lt; "EOF"
<literal>. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 6D IN A 170.247.170.2
B.ROOT-SERVERS.NET. 6D IN AAAA 2801:1b8:10::b
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
EOF</userinput></screen>
<para>
The <filename>root.hints</filename> file is a list of root name
servers. This file must be updated periodically with the
<command>dig</command> utility. A current copy of root.hints can be
obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
For details, consult the "BIND 9 Administrator Reference Manual".
</para>
<para>
Create or modify <filename>resolv.conf</filename> to use the new
name server with the following commands:
</para>
<note>
<para>
Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
your own valid domain name.
</para>
</note>
<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
cat &gt; /etc/resolv.conf &lt;&lt; "EOF"
<literal>search <replaceable>&lt;yourdomain.com&gt;</replaceable>
nameserver 127.0.0.1</literal>
EOF</userinput></screen>
<para>
Set permissions on the <command>chroot</command> jail with the
following command:
</para>
<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
</sect3>
<sect3 id="bind-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
To start the DNS server at boot, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
script</phrase>
<phrase revision="systemd"><filename>named.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<indexterm zone="bind bind-init">
<primary sortas="f-bind">bind</primary>
</indexterm>
<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
<para>
Now start <application>BIND</application> with the following command:
</para>
<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
</sect3>
<sect3>
<title>Testing BIND</title>
<para>
Test out the new <application>BIND</application> 9 installation.
First query the local host address with <command>dig</command>:
</para>
<screen><userinput>dig -x 127.0.0.1</userinput></screen>
<para>
Now try an external name lookup, taking note of the speed
difference in repeated lookups due to the caching. Run the
<command>dig</command> command twice on the same address:
</para>
<screen><userinput>dig www.&lfs-domainname; &amp;&amp;
dig www.&lfs-domainname;</userinput></screen>
<para>
You can see almost instantaneous results with the named caching
lookups. Consult the <application>BIND</application> Administrator
Reference Manual (see below) for further configuration options.
</para>
</sect3>
</sect2>
<sect2>
<title>Administrator Reference Manual (ARM)</title>
<para>
The ARM documentation (do not confuse with the processor architecture)
is included in the source package. The documentation is in .rst
format which means that it can be converted in human readable formats
if <xref linkend="sphinx"/> is installed.
</para>
<para>
When <application>BIND</application> is set up, especially if it is going
to be operating in a real live scenario, it is <emphasis>highly</emphasis>
recommended to consult the ARM documentation. ISC provides an
updated set of excellent documentation along with every release
so it can be easily viewed and/or downloaded &ndash; so there is
no excuse to not read the docs. The formats ISC provides are PDF,
epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
</para>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>arpaname, ddns-confgen, delv, dig, dnssec-cds,
dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
dnssec-revoke, dnssec-settime, dnssec-signzone,
dnssec-verify, host, mdig, named, named-checkconf,
named-checkzone, named-compilezone, named-journalprint,
named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
rndc-confgen, and tsig-keygen (symlink)</seg>
<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
libisccfg.so, and libns.so</seg>
<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
/usr/lib/bind,
and /srv/named</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="arpaname">
<term><command>arpaname</command></term>
<listitem>
<para>
translates IP addresses to the corresponding ARPA names
</para>
<indexterm zone="bind arpaname">
<primary sortas="b-arpaname">arpaname</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ddns-confgen">
<term><command>ddns-confgen</command></term>
<listitem>
<para>
generates a key for use by nsupdate and named
</para>
<indexterm zone="bind ddns-confgen">
<primary sortas="b-ddns-confgen">ddns-confgen</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="delv">
<term><command>delv</command></term>
<listitem>
<para>
is a new debugging tool that is a successor to
<command>dig</command>
</para>
<indexterm zone="bind delv">
<primary sortas="b-delv">delv</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dig">
<term><command>dig</command></term>
<listitem>
<para>
interrogates DNS servers
</para>
<indexterm zone="bind dig">
<primary sortas="b-dig">dig</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-cds">
<term><command>dnssec-cds</command></term>
<listitem>
<para>
changes DS records for a child zone based on
CDS/CDNSKEY
</para>
<indexterm zone="bind dnssec-cds">
<primary sortas="b-dnssec-cds">dnssec-cds</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-dsfromkey">
<term><command>dnssec-dsfromkey</command></term>
<listitem>
<para>
outputs the Delegation Signer (DS) resource record (RR)
</para>
<indexterm zone="bind dnssec-dsfromkey">
<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-importkey">
<term><command>dnssec-importkey</command></term>
<listitem>
<para>
reads a public DNSKEY record and generates a pair of
.key/.private files
</para>
<indexterm zone="bind dnssec-importkey">
<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-keyfromlabel">
<term><command>dnssec-keyfromlabel</command></term>
<listitem>
<para>
gets keys with the given label from a cryptography hardware device
and builds key files for DNSSEC
</para>
<indexterm zone="bind dnssec-keyfromlabel">
<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-keymgr">
<term><command>dnssec-keymgr</command></term>
<listitem>
<para>
ensures correct DNSKEY coverage based on a defined policy
</para>
<indexterm zone="bind dnssec-keymgr">
<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-revoke">
<term><command>dnssec-revoke</command></term>
<listitem>
<para>
sets the REVOKED bit on a DNSSEC key
</para>
<indexterm zone="bind dnssec-revoke">
<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-settime">
<term><command>dnssec-settime</command></term>
<listitem>
<para>
sets the key timing metadata for a DNSSEC key
</para>
<indexterm zone="bind dnssec-settime">
<primary sortas="b-dnssec-settime">dnssec-settime</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-signzone">
<term><command>dnssec-signzone</command></term>
<listitem>
<para>
generates signed versions of zone files
</para>
<indexterm zone="bind dnssec-signzone">
<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-verify">
<term><command>dnssec-verify</command></term>
<listitem>
<para>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete
</para>
<indexterm zone="bind dnssec-verify">
<primary sortas="b-dnssec-verify">dnssec-verify</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="host">
<term><command>host</command></term>
<listitem>
<para>
is a utility for DNS lookups
</para>
<indexterm zone="bind host">
<primary sortas="b-host">host</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="mdig">
<term><command>mdig</command></term>
<listitem>
<para>
is a version of dig that allows multiple queries at once
</para>
<indexterm zone="bind mdig">
<primary sortas="b-mdig">mdig</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named">
<term><command>named</command></term>
<listitem>
<para>
is the name server daemon
</para>
<indexterm zone="bind named">
<primary sortas="b-named">named</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-checkconf">
<term><command>named-checkconf</command></term>
<listitem>
<para>
checks the syntax of <filename>named.conf</filename>
files
</para>
<indexterm zone="bind named-checkconf">
<primary sortas="b-named-checkconf">named-checkconf</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-checkzone">
<term><command>named-checkzone</command></term>
<listitem>
<para>
checks zone file validity
</para>
<indexterm zone="bind named-checkzone">
<primary sortas="b-named-checkzone">named-checkzone</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-compilezone">
<term><command>named-compilezone</command></term>
<listitem>
<para>
is similar to <command>named-checkzone</command>, but it always
dumps the zone contents to a specified file in a specified format
</para>
<indexterm zone="bind named-compilezone">
<primary sortas="b-named-compilezone">named-compilezone</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-journalprint">
<term><command>named-journalprint</command></term>
<listitem>
<para>
prints the zone journal in human-readable form
</para>
<indexterm zone="bind named-journalprint">
<primary sortas="b-named-journalprint">named-journalprint</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-rrchecker">
<term><command>named-rrchecker</command></term>
<listitem>
<para>
reads an individual DNS resource record from standard input and
checks if it is syntactically correct
</para>
<indexterm zone="bind named-rrchecker">
<primary sortas="b-named-rrchecker">named-rrchecker</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-nzd2nzf">
<term><command>named-nzd2nzf</command></term>
<listitem>
<para>
converts an NZD database to NZF text format
</para>
<indexterm zone="bind named-nzd2nzf">
<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nsec3hash">
<term><command>nsec3hash</command></term>
<listitem>
<para>
generates an NSEC3 hash based on a set of NSEC3 parameters
</para>
<indexterm zone="bind nsec3hash">
<primary sortas="b-nsec3hash">nsec3hash</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nslookup">
<term><command>nslookup</command></term>
<listitem>
<para>
is a program used to query Internet domain nameservers
</para>
<indexterm zone="bind nslookup">
<primary sortas="b-nslookup">nslookup</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nsupdate">
<term><command>nsupdate</command></term>
<listitem>
<para>
is used to submit DNS update requests
</para>
<indexterm zone="bind nsupdate">
<primary sortas="b-nsupdate">nsupdate</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="rndc">
<term><command>rndc</command></term>
<listitem>
<para>
controls the operation of <application>BIND</application>
</para>
<indexterm zone="bind rndc">
<primary sortas="b-rndc">rndc</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="rndc-confgen">
<term><command>rndc-confgen</command></term>
<listitem>
<para>
generates <filename>rndc.conf</filename> files
</para>
<indexterm zone="bind rndc-confgen">
<primary sortas="b-rndc-confgen">rndc-confgen</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="tsig-keygen">
<term><command>tsig-keygen</command></term>
<listitem>
<para>
is a symlink to <command>ddns-confgen</command>
</para>
<indexterm zone="bind tsig-keygen">
<primary sortas="b-tsig-keygen">tsig-keygen</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

10
server/major/kea-kernel.xml
View File

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE note PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- Automatically generated by kernel-config.py
DO NOT EDIT! -->
<screen>[*] N<emphasis role='blue'>e</emphasis>tworking support ---&gt; [NET]
N<emphasis role='blue'>e</emphasis>tworking options ---&gt;
&lt;*/M&gt; <emphasis role='blue'>P</emphasis>acket socket [PACKET]
[*] <emphasis role='blue'>T</emphasis>CP/IP networking [INET]
&lt;*&gt; <emphasis role='blue'>T</emphasis>he IPv6 protocol ---&gt; [IPV6]</screen>

807
server/major/kea.xml
View File

@ -1,807 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY kea-download-http "https://downloads.isc.org/isc/kea/&kea-dhcp-version;/kea-&kea-dhcp-version;.tar.gz">
<!ENTITY kea-download-ftp " ">
<!ENTITY kea-md5sum "ad23d02b3ce0475eb077da05b0ae2429">
<!ENTITY kea-size "10 MB">
<!ENTITY kea-buildsize "1.5 GB (332 MB installed; add 4 GB for tests)">
<!ENTITY kea-time "4.1 SBU (with parallelism=4; add 12 SBU for tests)">
<!ENTITY kea-arm-vers "&kea-dhcp-version;">
]>
<sect1 id="kea" xreflabel="Kea-&kea-dhcp-version; DHCP Server">
<?dbhtml filename="kea.html"?>
<title>Kea &kea-dhcp-version; DHCP Server</title>
<indexterm zone="kea">
<primary sortas="a-KEA">Kea DHCP Server</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to ISC Kea DHCP Server</title>
<para>
The <application>ISC Kea</application> package contains the
server programs for DHCP. It is the successor of the
old ISC DHCP server which is end-of-life since December 2022.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&kea-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&kea-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &kea-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &kea-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &kea-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &kea-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Kea Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="boost"/> and
<xref linkend="log4cplus"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="mitkrb"/>,
<xref linkend="valgrind"/>; for documentation:
<xref linkend="doxygen"/>,
<xref linkend="graphviz"/>, and
<xref linkend="sphinx_rtd_theme"/>; for tests:
<ulink url="https://google.github.io/googletest/">GoogleTest</ulink>
</para>
<bridgehead renderas="sect4">Optional database backends</bridgehead>
<para role="optional">
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>, and
<xref linkend="postgresql"/>
</para>
<!--
<para condition="html" role="usernotes">Editor Notes:
<ulink url="&blfs-wiki;/kea"/>
</para>
-->
</sect2>
<sect2 role="kernel" id="kea-dhcp-kernel">
<title>Kernel Configuration</title>
<para>
You must have Packet Socket support. IPv6 support is optional.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="kea-kernel.xml"/>
<indexterm zone="kea kea-dhcp-kernel">
<primary sortas="d-KEA">Kea</primary>
</indexterm>
</sect2>
<sect2 role="installation">
<title>Installation of ISC Kea DHCP Server</title>
<para>
First fix detection of Python-3.12 by the build system:
</para>
<screen><userinput>sed -e 's/:3/:4/' \
-i configure</userinput></screen>
<para>
Remove one installation step that uses an obsolete python module:
</para>
<screen><userinput>sed -e '/dlist="/d' \
-i src/bin/shell/Makefile.in</userinput></screen>
<para>
Install <application>ISC Kea DHCP Server</application> by running
the following commands:
</para>
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--enable-shell \
--with-openssl \
--disable-static \
--docdir=/usr/share/doc/kea-&kea-dhcp-version; &amp;&amp;
make</userinput></screen>
<para>
To test the results, you must have installed GoogleTest and kept
its source. You should also have passed
<option>--with-gtest-source=/path/to/googletest/sourcedir</option> to
<command>configure</command> above. Run the tests with
<command>make check</command>. Three tests in the TLSTest suite are
known to fail.
</para>
<para>
To install the <application>ISC Kea DHCP Server</application> suite,
issue the following commands as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make -j1 install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<parameter>--enable-shell</parameter>: Allows building
<command>kea-shell</command>, a command line interface for
the control agent.
</para>
<para>
<parameter>--with-openssl</parameter>: Allows using OpenSSL for
communicating with the control-agent and for DNS updates.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
<para>
<option>--with-pgsql</option> or <option>--with-mysql</option>:
<application>ISC Kea</application> can store the leases on a
database. This might be useful in large environments running
a cluster of DHCP servers. Using the <emphasis>memfile</emphasis>
backend (which is a CSV file stored locally) is possible anyhow.
</para>
<para>
<option>--enable-generate-docs</option>:
If documentation is to be rebuilt, add that option. Several
dependencies must be installed for generating the documentation.
</para>
<para>
<command>make -j1 install</command>: ISC does not recommend
any form of parallel or job server options when doing the install.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring ISC Kea DHCP Server</title>
<para>
The support of IPv4, IPv6 and DDNS has been split into
separate servers which runs independently from each other. Each
of them has its own configuration file.<phrase revision="sysv">
Additional configuration files come from the keactrl agent which
is used to control the servers in an easy way.</phrase>
</para>
<para>
Consult the <ulink
url="https://kea.readthedocs.io/en/kea-&kea-arm-vers;/">
Kea Administrator Reference Manual</ulink>
for detailed information about the configuration of
<application>ISC Kea</application> as it is a quite capable system.
The configuration shown below is a bare minimum to get a DHCP server
running but it already includes configuration for DDNS (Dynamic DNS).
That setup might be working for small networks with a few clients and
low traffic. For greater installations with thousands of clients,
<application>ISC Kea</application> can be configured to use databases
(mariadb or postgresql) to store the leases and build a cluster with
multiple nodes. It can be integrated to
<ulink url="https://www.isc.org/categories/stork/">ISC Stork</ulink>
which is a management dashboard to <application>ISC Kea</application>.
</para>
<para>
If you want to start the DHCP Server at boot, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/kea-dhcpd</filename>
init script</phrase>
<phrase revision="systemd"><filename>kea-dhcpd.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/>
package:
</para>
<screen role="root"><userinput>make install-kea-dhcpd</userinput></screen>
<sect3 id="kea-dhcp-config">
<title>Config Files</title>
<para>
<phrase revision="sysv">
<filename>/etc/kea/keactrl.conf</filename>,
</phrase>
<filename>/etc/kea/kea-ctrl-agent.conf</filename>,
<filename>/etc/kea/kea-dhcp4.conf</filename>,
<filename>/etc/kea/kea-dhcp6.conf</filename>, and
<filename>/etc/kea/kea-dhcp-ddns.conf</filename>
</para>
<indexterm zone="kea keactrl-config" revision="sysv">
<primary sortas="e-etc-kea-keactrl.conf">/etc/kea/keactrl.conf</primary>
</indexterm>
<indexterm zone="kea kea-ctrl-agent-config">
<primary sortas="e-etc-kea-kea-ctrl-agent.conf">/etc/kea/kea-ctrl-agent.conf</primary>
</indexterm>
<indexterm zone="kea kea-dhcp4-config">
<primary sortas="e-etc-kea-dhcp4.conf">/etc/kea/kea-dhcp4.conf</primary>
</indexterm>
<indexterm zone="kea kea-dhcp6-config">
<primary sortas="e-etc-kea-dhcp6.conf">/etc/kea/kea-dhcp6.conf</primary>
</indexterm>
<indexterm zone="kea kea-dhcp-ddns-config">
<primary sortas="e-etc-kea-dhcp-ddns.conf">/etc/kea/kea-dhcp-ddns.conf</primary>
</indexterm>
</sect3>
<sect3 id="keactrl-config" revision="sysv">
<title>Kea Control Configuration</title>
<para><command>keactrl</command> is used to control the
independent servers (IPv4, IPv6, DDNS). Its configuration file
<filename>/etc/kea/keactrl.conf</filename> is installed by
default and includes many path settings which are defined
due to the <command>configure</command> at build time. It also
includes settings to specify which of the servers should be
started.</para>
<itemizedlist>
<listitem>
<para>Control Agent</para>
<para>The Control Agent is a daemon which allows the
(re)configuration of the Kea DHCP service via REST API.
Set <literal>ctrl_agent=yes</literal> to start the
control agent (service providing a REST API), set
<literal>ctrl_agent=no</literal> in case the control agent
is not needed.</para>
</listitem>
<listitem>
<para>IPv4 DHCP server</para>
<para>This daemon handles requests for IPv4 addresses.
Set <literal>dhcp4=yes</literal> to start it, set
<literal>dhcp4=no</literal> in case DHCP service for IPv4
is not wanted.</para>
</listitem>
<listitem>
<para>IPv6 DHCP server</para>
<para>This daemon handles requests for IPv6 addresses.
Set <literal>dhcp6=yes</literal> to start it, set
<literal>dhcp6=no</literal> in case DHCP service for IPv6
is not wanted.</para>
</listitem>
<listitem>
<para>Dynamic DNS</para>
<para>This daemon is used to update a DNS server dynamically
when Kea assigns an IP address to a device.
Set <literal>dhcp_ddns=yes</literal> to enable it, set
<literal>dhcp_ddns=no</literal> in case dynamic DNS updates
are not wanted.</para>
</listitem>
</itemizedlist>
<para>
The Netconf service is not installed because required
dependencies are not covered by the current BLFS book.
. </para>
<para>
With the following command, Kea will be configured to
start the dhcp service for IPv4 and the
dynamic DNS update, while the control agent and
the dhcp service for IPv6 remain down. Tweak the command to
match your needs on started services and execute as the
&root; user:
</para>
<screen role="root"><userinput>sed -e "s/^dhcp4=.*/dhcp4=yes/" \
-e "s/^dhcp6=.*/dhcp6=no/" \
-e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \
-e "s/^ctrl_agent=.*/ctrl_agent=no/" \
-i /etc/kea/keactrl.conf
</userinput></screen>
</sect3>
<sect3 id="kea-sysd-config" revision="systemd">
<title>Kea Configuration Using Systemd Units</title>
<para>
Four service units are used to start various daemons
provided by Kea:
</para>
<itemizedlist>
<listitem>
<para>Control Agent</para>
<para>
The Control Agent is a daemon which allows the
(re)configuration of the Kea DHCP service via REST API.
Run <command>systemctl enable kea-ctrl-agent</command>
if this daemon is needed.
</para>
</listitem>
<listitem>
<para>IPv4 DHCP server</para>
<para>
This daemon handles requests for IPv4 addresses.
Run <command>systemctl enable kea-dhcp4-server</command> to
have it started by systemd.
</para>
</listitem>
<listitem>
<para>IPv6 DHCP server</para>
<para>
This daemon handles requests for IPv6 addresses.
Run <command>systemctl enable kea-dhcp6-server</command> to
have it started by systemd.
</para>
</listitem>
<listitem>
<para>Dynamic DNS</para>
<para>
This daemon is used to update a DNS server dynamically
when Kea assigns an IP address to a device.
Run <command>systemctl enable kea-ddns-server</command> to
have it started by systemd.
</para>
</listitem>
</itemizedlist>
<para>The Netconf service is not installed because required
dependencies are not covered by the current BLFS book.</para>
</sect3>
<sect3 id="kea-ctrl-agent-config">
<title>Control Agent Configuration</title>
<para>
The provided configuration could be used without changes
but in BLFS, objects like sockets are stored in
<filename class="directory">/run</filename>
rather than in
<filename class="directory">/tmp</filename>.
</para>
<screen role="nodump"><userinput>cat &gt; /etc/kea/kea-ctrl-agent.conf &lt;&lt; "EOF"
<literal>// Begin /etc/kea/kea-ctrl-agent.conf
{
// This is a basic configuration for the Kea Control Agent.
// RESTful interface to be available at http://127.0.0.1:8000/
"Control-agent": {
"http-host": "127.0.0.1",
"http-port": 8000,
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/run/kea4-ctrl-socket"
},
"dhcp6": {
"socket-type": "unix",
"socket-name": "/run/kea6-ctrl-socket"
},
"d2": {
"socket-type": "unix",
"socket-name": "/run/kea-ddns-ctrl-socket"
}
},
"loggers": [
{
"name": "kea-ctrl-agent",
"output_options": [
{
"output": "/var/log/kea-ctrl-agent.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-ctrl-agent.conf</literal>
EOF</userinput></screen>
</sect3>
<sect3 id="kea-dhcp4-config">
<title>IPv4 DHCP Server Configuration</title>
<para>
A sample configuration file is created in <filename>/etc/kea/kea-dhcp4.conf</filename>.
Adjust the file to suit your needs or overwrite it by running
the following command as the &root; user (you'll need to edit this
file anyway: at least the <emphasis>interfaces</emphasis> field,
the <emphasis>ddns-qualifying-suffix</emphasis> field, and almost
all the fields in <emphasis>Subnet4</emphasis>:
</para>
<screen role="nodump"><userinput>cat &gt; /etc/kea/kea-dhcp4.conf &lt;&lt; "EOF"
<literal>// Begin /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
"interfaces": [ "eth0", "eth2" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
// Enable DDNS - Kea will dynamically update the DNS
"ddns-send-updates" : true,
"ddns-qualifying-suffix": "your.domain.tld",
"dhcp-ddns" : {
"enable-updates": true
},
"subnet4": [
{
"subnet": "192.168.56.0/24",
"pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
"option-data": [
{
"name": "domain-name",
"data": "your.domain.tld"
},
{
"name": "domain-name-servers",
"data": "192.168.56.2, 192.168.3.7"
},
{
"name": "domain-search",
"data": "your.domain.tld"
},
{
"name": "routers",
"data": "192.168.56.2"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp4.conf</literal>
EOF</userinput></screen>
</sect3>
<sect3 id="kea-dhcp6-config">
<title>IPv6 DHCP Server Configuration</title>
<para>
The configuration for IPv6 is similar to the configuration
of IPv4. The configuration file is
<filename>/etc/kea/kea-dhcp6.conf</filename>.
</para>
</sect3>
<sect3 id="kea-dhcp-ddns-config">
<title>Dynamic DNS Configuration</title>
<para>
If there is a <xref linkend="bind"/> server running,
<application>ISC Kea</application> can update the DNS when
it gives an IP address to a client. A sample configuration
file is created in <filename>/etc/kea/kea-dhcp-ddns.conf</filename>.
Adjust the file to suit your needs or overwrite it by running
the following command as the &root; user:
</para>
<screen role="nodump" ><userinput>cat &gt; /etc/kea/kea-dhcp-ddns.conf &lt;&lt; "EOF"
<literal>// Begin /etc/kea/kea-dhcp-ddns.conf
{
"DhcpDdns": {
"ip-address": "127.0.0.1",
"port": 53001,
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea-ddns-ctrl-socket"
},
"tsig-keys": [
{
"name" : "rndc-key",
"algorithm" : "hmac-sha256",
"secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
}
],
"forward-ddns" : {
"ddns-domains" : [
{
"name" : "your.domain.tld.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"reverse-ddns" : {
"ddns-domains" : [
{
"name" : "56.168.192.in-addr.arpa.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"loggers": [
{
"name": "kea-dhcp-ddns",
"output_options": [
{
"output": "/var/log/kea-ddns.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp-ddns.conf</literal>
EOF</userinput></screen>
<note>
<para>
The value of <literal>secret</literal> is just an example.
Generate the key for your installation by using the
<command>rndc-confgen -a</command> command or the
<command>tsig-keygen</command> command which both are
provided by <xref linkend="bind"/>.
</para>
<para>
In this example configuration, it is assumed that the DNS server
runs on the same machine as Kea does (accessible via
<literal>127.0.0.1</literal>) and that this machine has
the IP <literal>192.168.56.2</literal>.
</para>
</note>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
keactrl, kea-admin, kea-ctrl-agent, kea-dhcp4, kea-dhcp6,
kea-dhcp-ddns, kea-lfc, kea-shell
</seg>
<seg>
libkea-asiodns.so,
libkea-asiolink.so,
libkea-cc.so,
libkea-cgfclient.so,
libkea-cryptolink.so,
libkea-d2srv.so,
libkea-database.so,
libkea-dhcp_ddns.so,
libkea-dhcp++.so,
libkea-dhcpsrv.so,
libkea-dns++.so,
libkea-eval.so,
libkea-exceptions.so,
libkea-hooks.so,
libkea-http.so,
libkea-log.so,
libkea-process.so,
libkea-stats.so,
libkea-tcp.so,
libkea-util.so, and
libkea-util-io.so
</seg>
<seg>
/etc/kea,
/usr/include/kea,
/usr/lib/kea,
/usr/lib/python&python3-majorver;/site-packages/kea,
/usr/share/kea,
/usr/share/doc/kea-&kea-dhcp-version;, and
/var/lib/kea
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="keactrl">
<term><command>keactrl</command></term>
<listitem>
<para>
Tool to control (start/stop) the server processes.
</para>
<indexterm zone="kea keactrl">
<primary sortas="b-keactrl">keactrl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kea-admin">
<term><command>kea-admin</command></term>
<listitem>
<para>
kea-admin is a shell script which offers database maintenance.
</para>
<indexterm zone="kea kea-admin">
<primary sortas="b-kea-admin">kea-admin</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kea-ctrl-agent">
<term><command>kea-ctrl-agent</command></term>
<listitem>
<para>
Daemon which exposes a RESTful control interface for
managing Kea servers.
</para>
<indexterm zone="kea kea-ctrl-agent">
<primary sortas="b-kea-ctrl-agent">kea-ctrl-agent</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kea-dhcp4">
<term><command>kea-dhcp4</command></term>
<listitem>
<para>
The server daemon providing IPv4 addresses.
</para>
<indexterm zone="kea kea-dhcp4">
<primary sortas="b-kea-dhcp4">kea-dhcp4</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kea-dhcp6">
<term><command>kea-dhcp6</command></term>
<listitem>
<para>
The server daemon providing IPv6 addresses.
</para>
<indexterm zone="kea kea-dhcp6">
<primary sortas="b-kea-dhcp6">kea-dhcp6</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kea-dhcp-ddns">
<term><command>kea-dhcp-ddns</command></term>
<listitem>
<para>
The server daemon performing the dynamic DNS updates.
</para>
<indexterm zone="kea kea-dhcp-ddns">
<primary sortas="b-kea-dhcp-ddns">kea-dhcp-ddns</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kea-lfc">
<term><command>kea-lfc</command></term>
<listitem>
<para>
The kea-lfc service process removes redundant information
from the files used to provide persistent storage for the
memfile database backend. It is run by the Kea DHCP server.
</para>
<indexterm zone="kea kea-lfc">
<primary sortas="b-kea-lfc">kea-lfc</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="keashell">
<term><command>keashell</command></term>
<listitem>
<para>
RESTful client to the <application>ISC Kea</application>
services.
</para>
<indexterm zone="kea keashell">
<primary sortas="b-keashell">keashell</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

24
server/major/major.xml
View File

@ -1,24 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
<chapter id="server-major">
<?dbhtml filename="majorservers.html"?>
<title>Major Servers</title>
<para>
Major servers are the programs that provide content or services
to users or other programs.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="apache.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="bind.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="kea.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="proftpd.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vsftpd.xml"/>
</chapter>

469
server/major/proftpd.xml
View File

@ -1,469 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY proftpd-download-http "https://github.com/proftpd/proftpd/archive/v&proftpd-version;/proftpd-&proftpd-version;.tar.gz">
<!ENTITY proftpd-download-ftp " ">
<!ENTITY proftpd-md5sum "778cdeeac86e1d26451112bb7d4662af">
<!ENTITY proftpd-size "19 MB">
<!ENTITY proftpd-buildsize "66 MB">
<!ENTITY proftpd-time "0.3 SBU">
]>
<sect1 id="proftpd" xreflabel="ProFTPD-&proftpd-version;">
<?dbhtml filename="proftpd.html"?>
<title>ProFTPD-&proftpd-version;</title>
<indexterm zone="proftpd">
<primary sortas="a-proftpd">Proftpd</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to ProFTPD</title>
<para>
The <application>ProFTPD</application> package contains a secure
and highly configurable FTP daemon. This is useful for serving large
file archives over a network.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&proftpd-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&proftpd-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &proftpd-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &proftpd-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &proftpd-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &proftpd-time;
</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/proftpd-&proftpd-version;-consolidated_fixes-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">ProFTPD Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="libcap-pam"/>,
<xref linkend="libssh2"/>,
<xref linkend="linux-pam"/>,
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
<xref linkend="pcre2"/>,
<xref linkend="postgresql"/>, and
<ulink url="https://metacpan.org/pod/Net::SSH2">Net::SSH2</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of ProFTPD</title>
<para>
For security reasons, you should install
<application>ProFTPD</application> using an unprivileged user and group.
As the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 46 proftpd &amp;&amp;
useradd -c proftpd -d /srv/ftp -g proftpd \
-s /usr/bin/proftpdshell -u 46 proftpd &amp;&amp;
install -v -d -m775 -o proftpd -g proftpd /srv/ftp &amp;&amp;
ln -v -s /usr/bin/false /usr/bin/proftpdshell &amp;&amp;
echo /usr/bin/proftpdshell &gt;&gt; /etc/shells</userinput></screen>
<!--
<para>
First, apply a patch containing various security fixes from
the upstream developers:
</para>
<screen><userinput remap="pre">patch -Np1 -i ../proftpd-&proftpd-version;-consolidated_fixes-1.patch</userinput></screen>
-->
<para>
Install <application>ProFTPD</application> as an unprivileged user by
running the following commands:
</para>
<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/run &amp;&amp;
make</userinput></screen>
<para>
This packages does not come with a usable test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install &amp;&amp;
install -d -m755 /usr/share/doc/proftpd-&proftpd-version; &amp;&amp;
cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version;</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>install -v -d -m775 -o proftpd -g proftpd /srv/ftp</command>:
Create the home directory for <application>ProFTPD</application>.
</para>
<para>
<command>ln -v -s /usr/bin/false /usr/bin/proftpdshell</command>:
Set the default shell as a link to an invalid shell.
</para>
<para>
<command>echo /usr/bin/proftpdshell &gt;&gt; /etc/shells</command>:
Fake a valid shell for compatibility purposes.
</para>
<note>
<para>
The above two commands can be omitted if the following directive is
placed in the configuration file:
</para>
<screen><literal>RequireValidShell off</literal></screen>
<para>
By default, proftpd will require that users logging in have valid
shells. The RequireValidShell directive turns off this requirement.
This is only recommended if you are setting up your FTP server
exclusively for anonymous downloads.
</para>
</note>
<note>
<para>
Support for most of the dependency packages requires using options
passed to the <command>configure</command> script. View the output
from <command>./configure --help</command> for complete information
about enabling dependency packages.
</para>
</note>
</sect2>
<sect2 role="configuration">
<title>Configuring ProFTPD</title>
<sect3 id='proftpd-config'>
<title>Config Files</title>
<para>
<filename>/etc/proftpd.conf</filename>
</para>
<indexterm zone="proftpd proftpd-config">
<primary sortas="e-etc-proftpd">/etc/proftpd.conf</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
This is a simple, download-only sample configuration. See the
<application>ProFTPD</application> documentation in
<filename class="directory">/usr/share/doc/proftpd</filename> and
consult the website at <ulink url="http://www.proftpd.org/"/> for
example configurations.
</para>
<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt; /etc/proftpd.conf &lt;&lt; "EOF"
<literal># This is a basic ProFTPD configuration file
# It establishes a single server and a single anonymous login.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
<!--# (such as xinetd)-->
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group proftpd
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, files should be overwritable.
&lt;Directory /*&gt;
AllowOverwrite on
&lt;/Directory&gt;
# A basic anonymous configuration, no upload directories.
&lt;Anonymous ~proftpd&gt;
User proftpd
Group proftpd
# Clients should be able to login with "anonymous" as well as "proftpd"
UserAlias anonymous proftpd
# Limit the maximum number of anonymous logins
MaxClients 10
# 'welcome.msg' should be displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
&lt;Limit WRITE&gt;
DenyAll
&lt;/Limit&gt;
&lt;/Anonymous&gt;</literal>
EOF</userinput></screen>
</sect3>
<sect3 id="proftpd-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
Install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/proftpd</filename>
init script</phrase>
<phrase revision="systemd"><filename>proftpd.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/>
package:
</para>
<indexterm zone="proftpd proftpd-init">
<primary sortas="f-proftpd">proftpd</primary>
</indexterm>
<screen role="root"><userinput>make install-proftpd</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directory</segtitle>
<seglistitem>
<seg>
ftpasswd, ftpcount, ftpdctl, ftpmail, ftpquota, ftpscrub, ftpshut,
ftptop, ftpwho, in.proftpd (symlink to proftpd), proftpd, and prxs
</seg>
<seg>
None
</seg>
<seg>
/usr/{include,lib}/proftpd,
/usr/share/doc/proftpd-&proftpd-version;, and
/srv/ftp
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="proftpd-prog">
<term><command>proftpd</command></term>
<listitem>
<para>
is the FTP daemon
</para>
<indexterm zone="proftpd proftpd-prog">
<primary sortas="b-proftpd">proftpd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpcount">
<term><command>ftpcount</command></term>
<listitem>
<para>
shows the current number of connections
</para>
<indexterm zone="proftpd ftpcount">
<primary sortas="b-ftpcount">ftpcount</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpdctl">
<term><command>ftpdctl</command></term>
<listitem>
<para>
is used to control the proftpd daemon while it is running
</para>
<indexterm zone="proftpd ftpdctl">
<primary sortas="b-ftpdctl">ftpdctl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpasswd">
<term><command>ftpasswd</command></term>
<listitem>
<para>
is a Perl script designed to create and manage
AuthUserFiles and AuthGroupFiles of the correct format for proftpd
</para>
<indexterm zone="proftpd ftpasswd">
<primary sortas="b-ftpasswd">ftpasswd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpmail">
<term><command>ftpmail</command></term>
<listitem>
<para>
is a Perl script for sending email based on the proftpd TransferLog
</para>
<indexterm zone="proftpd ftpmail">
<primary sortas="b-ftpmail">ftpmail</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpquota">
<term><command>ftpquota</command></term>
<listitem>
<para>
is a Perl script designed to create and manage limits and tally
files for the mod_quotatab + mod_quotatab_file module combination
for proftpd
</para>
<indexterm zone="proftpd ftpquota">
<primary sortas="b-ftpquota">ftpquota</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpscrub">
<term><command>ftpscrub</command></term>
<listitem>
<para>
provides a way to scrub the scoreboard file on demand
</para>
<indexterm zone="proftpd ftpscrub">
<primary sortas="b-ftpscrub">ftpscrub</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpshut">
<term><command>ftpshut</command></term>
<listitem>
<para>
shuts down all <application>proftpd</application> servers
at a given time
</para>
<indexterm zone="proftpd ftpshut">
<primary sortas="b-ftpshut">ftpshut</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftptop">
<term><command>ftptop</command></term>
<listitem>
<para>
displays running status on connections
</para>
<indexterm zone="proftpd ftptop">
<primary sortas="b-ftptop">ftptop</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpwho">
<term><command>ftpwho</command></term>
<listitem>
<para>
shows current process information for each session
</para>
<indexterm zone="proftpd ftpwho">
<primary sortas="b-ftpwho">ftpwho</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="prxs">
<term><command>prxs</command></term>
<listitem>
<para>
is a Perl script designed to compile and install third-party
modules, from source code, as DSO modules for the installed
proftpd
</para>
<indexterm zone="proftpd prxs">
<primary sortas="b-prxs">prxs</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

328
server/major/vsftpd.xml
View File

@ -1,328 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY vsftpd-download-http "https://security.appspot.com/downloads/vsftpd-&vsftpd-version;.tar.gz">
<!ENTITY vsftpd-download-ftp " ">
<!ENTITY vsftpd-md5sum "efbf362a65bec771bc15ad311f5a982e">
<!ENTITY vsftpd-size "210 KB">
<!ENTITY vsftpd-buildsize "1.9 MB">
<!ENTITY vsftpd-time "less than 0.1 SBU">
<!ENTITY vsftpd-empty "/usr/share/vsftpd/empty">
]>
<sect1 id="vsftpd" xreflabel="vsftpd-&vsftpd-version;">
<?dbhtml filename="vsftpd.html"?>
<title>vsftpd-&vsftpd-version;</title>
<indexterm zone="vsftpd">
<primary sortas="a-vsftpd">vsftpd</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to vsftpd</title>
<para>
The <application>vsftpd</application> package contains a very
secure and very small FTP daemon. This is useful for serving files
over a network.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&vsftpd-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&vsftpd-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &vsftpd-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &vsftpd-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &vsftpd-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &vsftpd-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">vsftpd Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="libnsl"/>
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="linux-pam"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="libcap-pam"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of vsftpd</title>
<para>
For security reasons, running <application>vsftpd</application>
as an unprivileged user and group is encouraged. Also, a user should be
created to map anonymous users. As the <systemitem
class="username">root</systemitem> user, create the needed directories,
users, and groups with the following commands:
</para>
<screen role="root"><userinput>install -v -d -m 0755 &vsftpd-empty; &amp;&amp;
install -v -d -m 0755 /home/ftp &amp;&amp;
groupadd -g 47 vsftpd &amp;&amp;
groupadd -g 45 ftp &amp;&amp;
useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd &amp;&amp;
useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp</userinput></screen>
<para>
Gcc-10 and later flags an error for an implicit type cast. Make it
explicit:
</para>
<screen><userinput>sed -e "s/kVSFSysStrOpenUnknown;/(enum EVSFSysUtilOpenMode)&amp;/" -i sysstr.c</userinput></screen>
<para>
Build <application>vsftpd</application> as an unprivileged user
using the following command:
</para>
<screen><userinput>make</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Once again, become the <systemitem class="username">root</systemitem>
user and install <application>vsftpd</application> with the following
commands:
</para>
<screen role="root"><userinput>install -v -m 755 vsftpd /usr/sbin/vsftpd &amp;&amp;
install -v -m 644 vsftpd.8 /usr/share/man/man8 &amp;&amp;
install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 &amp;&amp;
install -v -m 644 vsftpd.conf /etc</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>install -v -d ...</command>: This creates the
directory that anonymous users will use (<filename
class='directory'>/home/ftp</filename>)
and the directory the daemon will chroot into
(<filename class='directory'>&vsftpd-empty;</filename>).
</para>
<note>
<para>
<filename class="directory">/home/ftp</filename> should not be
owned by the user <systemitem class="username">vsftpd</systemitem>,
or the user <systemitem class="username">ftp</systemitem>.
</para>
</note>
<para>
<command>echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h</command>:
Use this prior to <command>make</command> to add support for
<application>tcpwrappers</application>.
</para>
<para>
<command>echo "#define VSF_BUILD_SSL" >>builddefs.h</command>:
Use this prior to <command>make</command> to add support for SSL.
</para>
<para>
<command>install -v -m ...</command>:
The <filename>Makefile</filename> uses non-standard installation paths.
These commands install the files in
<filename class='directory'>/usr</filename> and
<filename class='directory'>/etc</filename>.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring vsftpd</title>
<sect3 id="vsftpd-config">
<title>Config Files</title>
<para>
<filename>/etc/vsftpd.conf</filename>
</para>
<indexterm zone="vsftpd vsftpd-config">
<primary sortas="e-etc-vsftpd.conf">/etc/vsftpd.conf</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
<application>vsftpd</application> comes with a basic
anonymous-only configuration file that was copied to
<filename class='directory'>/etc</filename> above. While still as
<systemitem class="username">root</systemitem>, this file should be
modified because it is now recommended to run <command>vsftpd</command>
in standalone mode. Also, you
should specify the privilege separation user created above. Finally,
you should specify the <command>chroot</command> directory.
<command>man vsftpd.conf</command> will give you all the details.
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<literal>background=YES
nopriv_user=vsftpd
secure_chroot_dir=&vsftpd-empty;</literal>
EOF</userinput></screen>
<!-- recheck this issue when vsftpd is updated -->
<!-- Aug'23: Cannot see any difference in behavior of vsftpd
when that option is set or not
<para>
The vsftpd daemon uses seccomp to improve security by default.
But it's known to cause vsftpd unable to handle ftp
<literal>LIST</literal> command with recent kernel versions. Append
a line to <filename>/etc/vsftpd.conf</filename> (as the
<systemitem class="username">root</systemitem> user) to disable
seccomp and workaround this issue:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<literal>seccomp_sandbox=NO</literal>
EOF</userinput></screen>
-->
<para>
To enable local logins, append the following to the
<filename>/etc/vsftpd.conf</filename> file (as the
<systemitem class="username">root</systemitem> user):
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<literal>local_enable=YES</literal>
EOF</userinput></screen>
<para>
In addition, if using <application>Linux-PAM</application> and
<application>vsftpd</application> with local user logins, you will need
a <application>Linux-PAM</application> configuration file. As the
<systemitem class="username">root</systemitem> user, create the
<filename>/etc/pam.d/vsftpd</filename> file, and add the needed
configuration changes for <application>Linux-PAM</application> session
support using the following commands:
</para>
<screen role="root"><userinput>cat &gt; /etc/pam.d/vsftpd &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/pam.d/vsftpd
auth required /lib/security/pam_listfile.so item=user sense=deny \
file=/etc/ftpusers \
onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-account
session include system-session</literal>
EOF
cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<literal>session_support=YES
pam_service_name=vsftpd</literal>
EOF</userinput></screen>
</sect3>
<sect3 id="vsftpd-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
Install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/vsftpd</filename>
init script</phrase>
<phrase revision="systemd"><filename>vsftpd.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<screen role="root"><userinput>make install-vsftpd</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Program</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>vsftpd</seg>
<seg>None</seg>
<seg>/usr/share/vsftpd, /home/ftp</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="vsftpd-prog">
<term><command>vsftpd</command></term>
<listitem>
<para>
is the FTP daemon
</para>
<indexterm zone="vsftpd vsftpd-prog">
<primary sortas="b-vsftpd">vsftpd</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

892
server/other/openldap.xml
View File

@ -1,892 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY openldap-download-http "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
<!ENTITY openldap-download-ftp " ">
<!ENTITY openldap-md5sum "cf71b4b455ab8dfc8fdd4e247d697ccd">
<!ENTITY openldap-size "6.2 MB">
<!ENTITY openldap-buildsize "82 MB (client and server)">
<!ENTITY openldap-time "0.4 SBU (client), 1.1 SBU (server)">
]>
<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
<?dbhtml filename="openldap.html"?>
<title>OpenLDAP-&openldap-version;</title>
<indexterm zone="openldap">
<primary sortas="a-OpenLDAP">OpenLDAP</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to OpenLDAP</title>
<para>
The <application>OpenLDAP</application> package provides an open
source implementation of the Lightweight Directory Access Protocol.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&openldap-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&openldap-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &openldap-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &openldap-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &openldap-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &openldap-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/openldap-&openldap-version;-consolidated-1.patch"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="cyrus-sasl"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="gnutls"/>,
<xref linkend="unixodbc"/>,
<xref linkend="mariadb"/> or
<xref linkend="postgresql"/> or
<ulink url="https://www.mysql.com/">MySQL</ulink>,
<ulink url="http://www.openslp.org/">OpenSLP</ulink>,
<ulink url="https://docs.mongodb.com/manual/core/wiredtiger/">WiredTiger</ulink>, and
&berkeley-db; (for slapd, also deprecated)
</para>
</sect2>
<sect2 role="installation">
<title>Installation of OpenLDAP</title>
<note>
<para>
If you only need to install the client side <command>ldap*</command>
binaries, corresponding man pages, libraries and header files (referred
to as a <quote>client-only</quote> install), issue these commands
instead of the following ones (no test suite available):
</para>
<screen role="nodump"><userinput>patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch &amp;&amp;
autoconf &amp;&amp;
./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static \
--enable-dynamic \
--disable-debug \
--disable-slapd &amp;&amp;
make depend &amp;&amp;
make</userinput></screen>
<para>
Then, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="nodump"><userinput>make install</userinput></screen>
</note>
<para>
There should be a dedicated user and group to take control
of the <command>slapd</command> daemon after it is
started. Issue the following commands as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 83 ldap &amp;&amp;
useradd -c "OpenLDAP Daemon Owner" \
-d /var/lib/openldap -u 83 \
-g ldap -s /bin/false ldap</userinput></screen>
<para>
Install <application>OpenLDAP</application> by
running the following commands:
</para>
<screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch &amp;&amp;
autoconf &amp;&amp;
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=/usr/lib \
--disable-static \
--disable-debug \
--with-tls=openssl \
--with-cyrus-sasl \
--without-systemd \
--enable-dynamic \
--enable-crypt \
--enable-spasswd \
--enable-slapd \
--enable-modules \
--enable-rlookups \
--enable-backends=mod \
--disable-sql \
--disable-wt \
--enable-overlays=mod &amp;&amp;
make depend &amp;&amp;
make</userinput></screen>
<para>
The tests are fragile, and errors may cause the tests to abort
prior to finishing. Some errors may happen due to timing problems.
The tests take around an hour, and the time is CPU independent due
to delays in the tests. On most systems, the tests will run up to the
<filename>test065-proxyauth for mdb</filename> test.
To test the results, issue: <command>make test</command>.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install &amp;&amp;
sed -e "s/\.la/.so/" -i /etc/openldap/slapd.{conf,ldif}{,.default} &amp;&amp;
install -v -dm700 -o ldap -g ldap /var/lib/openldap &amp;&amp;
install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d &amp;&amp;
chmod -v 640 /etc/openldap/slapd.{conf,ldif} &amp;&amp;
chown -v root:ldap /etc/openldap/slapd.{conf,ldif} &amp;&amp;
install -v -dm755 /usr/share/doc/openldap-&openldap-version; &amp;&amp;
cp -vfr doc/{drafts,rfc,guide} \
/usr/share/doc/openldap-&openldap-version;</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
<para>
<parameter>--disable-debug</parameter>: This switch disables
the debugging code in <application>OpenLDAP</application>.
</para>
<para>
<parameter>--enable-dynamic</parameter>: This switch forces the
<application>OpenLDAP</application> libraries to be dynamically
linked to the executable programs.
</para>
<para>
<parameter>--enable-crypt</parameter>: This switch enables using
<ulink role='man' url='&man;crypt.3'>crypt(3)</ulink> passwords.
</para>
<para>
<parameter>--enable-spasswd</parameter>: This switch enables
<application>SASL</application> password verification.
</para>
<para>
<parameter>--enable-modules</parameter>: This switch enables dynamic
module support.
</para>
<para>
<parameter>--enable-rlookups</parameter>: This switch enables
reverse lookups of client hostnames.
</para>
<para>
<parameter>--enable-backends</parameter>: This switch enables
all available backends.
</para>
<para>
<parameter>--enable-overlays</parameter>: This switch enables
all available overlays.
</para>
<!--
<para>
<parameter>- -disable-ndb</parameter>: This switch disables
<application>MySQL</application> NDB Cluster backend
which causes configure to fail if
<application>MySQL</application> is present.
</para>
-->
<para>
<parameter>--disable-sql</parameter>: This switch explicitly
disables the SQL backend. Omit this switch if a SQL server is
installed and you are going to use a SQL backend.
</para>
<para>
<parameter>--disable-wt</parameter>: This switch explicitly
disables the WiredTiger backend. Omit this switch if WiredTiger is
installed and you are going to use a WiredTiger backend.
</para>
<para>
<parameter>--libexecdir=/usr/lib</parameter>: This switch controls where
the <filename class="directory">/usr/lib/openldap</filename> directory is
installed. Everything in that directory is a library, so it belongs under
<filename class="directory">/usr/lib</filename> instead of
<filename class="directory">/usr/libexec</filename>.
</para>
<para>
<option>--enable-slp</option>: This switch enables
SLPv2 support. Use it if you have installed
<ulink url="http://www.openslp.org/">OpenSLP</ulink>.
</para>
<para>
<option>--disable-versioning</option>: This switch disables
symbol versioning in the <application>OpenLDAP</application> libraries.
The default is to have symbol versioning. Note that if you have
built applications using this package with symbol versioning, and
remove the symbols, the applications may fail to run.
</para>
<note>
<para>
You can run <command>./configure --help</command> to see if there
are other switch you can pass to the <command>configure</command>
command to enable other options or dependency packages.
</para>
</note>
<para>
<command>install ...</command>, <command>chown ...</command>,
and <command>chmod ...</command>:
Having slapd configuration files and ldap databases in /var/lib/openldap
readable by anyone is a SECURITY ISSUE, especially since a file stores the
admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
were used. The owner is root, so only root can modify the file, and group is
ldap, so that the group which owns slapd daemon could read but not modify
the file in case of a security breach.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring OpenLDAP</title>
<sect3 id="openldap-config">
<title>Config Files</title>
<itemizedlist spacing="compact">
<listitem>
<para>
For LDAP client: <filename>/etc/openldap/ldap.conf</filename> and
<filename>~/.ldaprc</filename>
</para>
</listitem>
<listitem>
<para>
For LDAP server, two configuration mechanisms are used:
a legacy <filename>/etc/openldap/slapd.conf</filename>
configuration file and the recommended
<emphasis>slapd-config</emphasis> system, using an LDIF database
stored in
<filename class="directory">/etc/openldap/slapd.d</filename>.
</para>
</listitem>
</itemizedlist>
<indexterm zone="openldap openldap-config">
<primary
sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
</indexterm>
<indexterm zone="openldap openldap-config">
<primary sortas="e-AA.ldaprc">~/.ldaprc</primary>
</indexterm>
<indexterm zone="openldap openldap-config">
<primary
sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
</indexterm>
<indexterm zone="openldap openldap-config">
<primary
sortas="e-etc-openldap-slapd.d">/etc/openldap/slapd.d/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
Configuring the <command>slapd</command> servers can be complex.
Securing the LDAP directory, especially if you are storing non-public
data such as password databases, can also be a challenging task. In
order to set up <application>OpenLDAP</application>, you'll need to
modify either the <filename>/etc/openldap/slapd.conf</filename>
file (old method), or the <filename>/etc/openldap/slapd.ldif</filename>
file and then use <command>ldapadd</command> to create the LDAP
configuration database in
<filename class="directory">/etc/openldap/slapd.d</filename>
(recommended by the OpenLDAP documentation).
</para>
<!--
<para>
The shipped configuration files suppose the loadable modules are
installed with their <filename class="extension">.la</filename>
files, which may not be true if you remove those files as instructed
in <xref linkend="libtool"/>. If this is the case, issue, as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>sed 's/\.la$/.so/' -i /etc/openldap/slapd.{conf,ldif}{,.default}</userinput></screen>
-->
<warning>
<para>
The instructions above install an empty LDAP structure and a default
<filename>/etc/openldap/slapd.conf</filename> file, which are
suitable for testing the build and other packages using LDAP. Do not
use them on a production server.
</para>
</warning>
<para>
Resources to assist you with topics such as choosing a directory
configuration, backend and database definitions, access control
settings, running as a user other than
<systemitem class="username">root</systemitem>
and setting a <command>chroot</command> environment include:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The <ulink role='man' url='&man;slapd.8'>slapd(8)</ulink> man
page.
</para>
</listitem>
<listitem>
<para>
The <ulink role='man'
url='&man;slapd.conf.5'>slapd.conf(5)</ulink> and
<ulink role='man'
url='&man;slapd-config.5'>slapd-config(5)</ulink> man pages.
</para>
</listitem>
<listitem>
<para>
The <ulink url="https://www.openldap.org/doc/admin26/"> OpenLDAP 2.6
Administrator's Guide</ulink> (also installed locally in
<filename class="directory">
/usr/share/doc/openldap-&openldap-version;/guide/admin</filename>).
</para>
</listitem>
<listitem>
<para>
Documents located at
<ulink url="https://www.openldap.org/pub/"/>.
</para>
</listitem>
</itemizedlist>
</sect3>
<!--
<sect3>
<title>Mozilla Address Directory</title>
<para>
By default, LDAPv2 support is disabled in the
<filename>slapd.conf</filename> file. Once the database is properly
set up and <application>Mozilla</application> is configured to use the
directory, you must add <option>allow bind_v2</option> to the
<filename>slapd.conf</filename> file.
</para>
</sect3>
-->
<sect3 id="openldap-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
To automate the startup of the LDAP server at system bootup,
install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/slapd</filename>
init script</phrase>
<phrase revision="systemd"><filename>slapd.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/>
package using the following command:
</para>
<indexterm zone="openldap openldap-init">
<primary sortas="f-slapd">slapd</primary>
</indexterm>
<screen role="root"><userinput>make install-slapd</userinput></screen>
<note>
<para>
You'll need to modify
<phrase revision="sysv"><filename>/etc/sysconfig/slapd</filename></phrase>
<phrase revision="systemd"><filename>/etc/default/slapd</filename></phrase>
to include the parameters needed for your specific configuration. See
the <command>slapd</command> man page for parameter information.
</para>
</note>
</sect3>
<sect3>
<title>Testing the Configuration</title>
<para>
Start the LDAP server using
<phrase revision="sysv">the init script:</phrase>
<phrase revision="systemd">systemctl:</phrase>
</para>
<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/slapd start</userinput></screen>
<screen role="root" revision="systemd"><userinput>systemctl start slapd</userinput></screen>
<para>
Verify access to the LDAP server with the following command:
</para>
<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
<para>
The expected result is:
</para>
<screen><computeroutput># extended LDIF
#
# LDAPv3
# base &lt;&gt; with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=my-domain,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1</computeroutput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
ldapadd, ldapcompare, ldapdelete, ldapexop, ldapmodify, ldapmodrdn,
ldappasswd, ldapsearch, ldapurl, ldapvc, ldapwhoami, slapacl, slapadd,
slapauth, slapcat, slapd, slapdn, slapindex, slapmodify, slappasswd,
slapschema, and slaptest
</seg>
<seg>
liblber.so, libldap.so, and several under /usr/lib/openldap
</seg>
<seg>
/etc/openldap,
/{usr,var}/lib/openldap, and
/usr/share/doc/openldap-&openldap-version;
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="ldapadd">
<term><command>ldapadd</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and adds entries
</para>
<indexterm zone="openldap ldapadd">
<primary sortas="b-ldapadd">ldapadd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapcompare">
<term><command>ldapcompare</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and performs
a compare using specified parameters
</para>
<indexterm zone="openldap ldapcompare">
<primary sortas="b-ldapcompare">ldapcompare</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapdelete">
<term><command>ldapdelete</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and deletes
one or more entries
</para>
<indexterm zone="openldap ldapdelete">
<primary sortas="b-ldapdelete">ldapdelete</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapexop">
<term><command>ldapexop</command></term>
<listitem>
<para>
issues the LDAP extended operation specified by
oid or one of the special keywords whoami,
cancel, or refresh
</para>
<indexterm zone="openldap ldapexop">
<primary sortas="b-ldapexop">ldapexop</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapmodify">
<term><command>ldapmodify</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and modifies entries
</para>
<indexterm zone="openldap ldapmodify">
<primary sortas="b-ldapmodify">ldapmodify</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapmodrdn">
<term><command>ldapmodrdn</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and modifies
the RDN of entries
</para>
<indexterm zone="openldap ldapmodrdn">
<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldappasswd">
<term><command>ldappasswd</command></term>
<listitem>
<para>
is a tool used to set the password of an LDAP user
</para>
<indexterm zone="openldap ldappasswd">
<primary sortas="b-ldappasswd">ldappasswd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapsearch">
<term><command>ldapsearch</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and performs
a search using specified parameters
</para>
<indexterm zone="openldap ldapsearch">
<primary sortas="b-ldapsearch">ldapsearch</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapurl">
<term><command>ldapurl</command></term>
<listitem>
<para>
is a command that allows to either compose or
decompose LDAP URIs
</para>
<indexterm zone="openldap ldapurl">
<primary sortas="b-ldapurl">ldapurl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapvc">
<term><command>ldapvc</command></term>
<listitem>
<para>
verifies LDAP credentials
</para>
<indexterm zone="openldap ldapvc">
<primary sortas="b-ldapvc">ldapvc</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ldapwhoami">
<term><command>ldapwhoami</command></term>
<listitem>
<para>
opens a connection to an LDAP server, binds and displays
whoami information
</para>
<indexterm zone="openldap ldapwhoami">
<primary sortas="b-ldapwhoami">ldapwhoami</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapacl">
<term><command>slapacl</command></term>
<listitem>
<para>
is used to check the behavior of slapd by verifying
access to directory data according to the access control
list directives defined in its configuration
</para>
<indexterm zone="openldap slapacl">
<primary sortas="b-slapacl">slapacl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapadd">
<term><command>slapadd</command></term>
<listitem>
<para>
is used to add entries specified in LDAP Directory Interchange
Format (LDIF) to an LDAP database
</para>
<indexterm zone="openldap slapadd">
<primary sortas="b-slapadd">slapadd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapauth">
<term><command>slapauth</command></term>
<listitem>
<para>
is used to check the behavior of the slapd
in mapping identities for authentication and
authorization purposes, as specified in slapd.conf
</para>
<indexterm zone="openldap slapauth">
<primary sortas="b-slapauth">slapauth</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapcat">
<term><command>slapcat</command></term>
<listitem>
<para>
is used to generate an LDAP LDIF output based upon the
contents of a slapd database
</para>
<indexterm zone="openldap slapcat">
<primary sortas="b-slapcat">slapcat</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapd">
<term><command>slapd</command></term>
<listitem>
<para>
is the standalone LDAP server
</para>
<indexterm zone="openldap slapd">
<primary sortas="b-slapd">slapd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapdn">
<term><command>slapdn</command></term>
<listitem>
<para>
checks a list of string-represented DNs based on schema syntax
</para>
<indexterm zone="openldap slapdn">
<primary sortas="b-slapdn">slapdn</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapindex">
<term><command>slapindex</command></term>
<listitem>
<para>
is used to regenerate slapd indexes based upon the current
contents of a database
</para>
<indexterm zone="openldap slapindex">
<primary sortas="b-slapindex">slapindex</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapmodify">
<term><command>slapmodify</command></term>
<listitem>
<para>
modifies entries in a slapd database
</para>
<indexterm zone="openldap slapmodify">
<primary sortas="b-slapmodify">slapmodify</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slappasswd">
<term><command>slappasswd</command></term>
<listitem>
<para>
is an <application>OpenLDAP</application> password utility
</para>
<indexterm zone="openldap slappasswd">
<primary sortas="b-slappasswd">slappasswd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slapschema">
<term><command>slapschema</command></term>
<listitem>
<para>
is used to check schema compliance of the contents
of a slapd database
</para>
<indexterm zone="openldap slapschema">
<primary sortas="b-slapschema">slapschema</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="slaptest">
<term><command>slaptest</command></term>
<listitem>
<para>
checks the sanity of the <filename>slapd.conf</filename> file
</para>
<indexterm zone="openldap slaptest">
<primary sortas="b-slaptest">slaptest</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="liblber">
<term><filename class="libraryfile">liblber.so</filename></term>
<listitem>
<para>
is a set of Lightweight Basic Encoding Rules routines. These
routines are used by the LDAP library routines to encode and decode
LDAP protocol elements using the (slightly simplified) Basic
Encoding Rules defined by LDAP. They are not normally used directly
by an LDAP application program except in the handling of controls
and extended operations
</para>
<indexterm zone="openldap liblber">
<primary sortas="c-liblber">liblber.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libldap">
<term><filename class="libraryfile">libldap.so</filename></term>
<listitem>
<para>
supports the LDAP programs and provide functionality for
other programs interacting with LDAP
</para>
<indexterm zone="openldap libldap">
<primary sortas="c-libldap">libldap.so</primary>
</indexterm>
</listitem>
</varlistentry>
<!--
<varlistentry id="libldap_r">
<term><filename class="libraryfile">libldap_r.so</filename></term>
<listitem>
<para>
contains the functions required by the LDAP programs to
produce the results from LDAP requests
</para>
<indexterm zone="openldap libldap_r">
<primary sortas="c-libldap_r">libldap_r.so</primary>
</indexterm>
</listitem>
</varlistentry>
-->
</variablelist>
</sect2>
</sect1>

28
server/other/other.xml
View File

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
<chapter id="server-other">
<?dbhtml filename="other.html"?>
<title>Other Server Software</title>
<para>
Here you will find many ways to share your machine with the rest
of the world or your local network. Before installing
any packages in this chapter, you need to be sure you understand what
the package does and how to set it up correctly. It might also be
helpful to learn about the consequences of an improper setup so
that you can analyze the risks.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openldap.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="soprano.xml"/>-->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="unbound.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="virtuoso.xml"/>-->
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="xinetd.xml"/>-->
</chapter>

368
server/other/unbound.xml
View File

@ -1,368 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY unbound-download-http "https://nlnetlabs.nl/downloads/unbound/unbound-&unbound-version;.tar.gz">
<!ENTITY unbound-download-ftp " ">
<!ENTITY unbound-md5sum "00bf61460c87c2542bcb68d52a2e5195">
<!ENTITY unbound-size "6.1 MB">
<!ENTITY unbound-buildsize "145 MB (with docs; add 13 MB for tests)">
<!ENTITY unbound-time "0.3 SBU (Using parallelism=4; with docs; add 0.4 SBU for tests)">
]>
<sect1 id="unbound" xreflabel="Unbound-&unbound-version;">
<?dbhtml filename="unbound.html"?>
<title>Unbound-&unbound-version;</title>
<indexterm zone="unbound">
<primary sortas="a-Unbound">Unbound</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Unbound</title>
<para>
<application>Unbound</application> is a validating, recursive, and caching
DNS resolver. It is designed as a set of modular components that
incorporate modern features, such as enhanced security (DNSSEC)
validation, Internet Protocol Version 6 (IPv6), and a client resolver
library API as an integral part of the architecture.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&unbound-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&unbound-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &unbound-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &unbound-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &unbound-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &unbound-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Unbound Dependencies</bridgehead>
<!--
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="openssl"/>
broken?
or <xref linkend="nss"/>
</para>
-->
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="libevent"/>,
<xref linkend="nettle"/>,
<xref linkend="python2"/>,
<xref linkend="sphinx"/> (for Python bindings documentation),
<xref linkend="swig"/> (for Python bindings),
<xref linkend="doxygen"/> (for html documentation), and
<ulink url="https://dnstap.info/">dnstap</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Unbound</title>
<para>
There should be a dedicated user and group to take control of the
<command>unbound</command> daemon after it is started. Issue the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 88 unbound &amp;&amp;
useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
-g unbound -s /bin/false unbound</userinput></screen>
<para>
Install <application>Unbound</application> by running the following
commands:
</para>
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
--disable-static \
--with-pidfile=/run/unbound.pid &amp;&amp;
make</userinput></screen>
<para>
If you have <xref linkend="doxygen"/> package installed and want to build
html documentation, run the following command:
</para>
<screen remap="doc"><userinput>make doc</userinput></screen>
<para>
To test the results, issue <command>make check</command>.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install &amp;&amp;
mv -v /usr/sbin/unbound-host /usr/bin/</userinput></screen>
<para>
If you built the documentation, install it by running the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"
remap="doc"><userinput>install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &amp;&amp;
install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
<para>
<option>--with-libevent</option>: This option enables libevent support
allowing use of large outgoing port ranges.
</para>
<para>
<option>--with-pyunbound</option>: This option enables building of the Python
bindings.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring Unbound</title>
<sect3 id="unbound-config">
<title>Config Files</title>
<para>
<filename>/etc/unbound/unbound.conf</filename>
</para>
<indexterm zone="unbound unbound-config">
<primary sortas="e-etc-unbound-unbound.conf">/etc/unbound/unbound.conf</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
In the default configuration, <command>unbound</command> will bind to
localhost (127.0.0.1 IP address) and allow recursive queries only from
localhost clients. If you want to use <command>unbound</command> for
local DNS resolution, run the following command as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>echo "nameserver 127.0.0.1" > /etc/resolv.conf</userinput></screen>
<para>
For advanced configuration see
<filename>/etc/unbound/unbound.conf</filename> file and the
documentation.
</para>
<para revision="sysv">
When <application>Unbound</application> is installed, some package
builds fail if the file <filename>/etc/unbound/root.key</filename> is
not found. This file is created by running the boot script (install
instructions below). Alternatively, it can be created by running the
following command as the <systemitem class="username">root</systemitem>
user:
</para>
<para revision="systemd">
When <application>Unbound</application> is installed, some package
builds fail if the file <filename>/etc/unbound/root.key</filename> is
not found. Create this file by running the following command as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="nodump"><userinput>unbound-anchor</userinput></screen>
</sect3>
<sect3 id="unbound-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
If you want the <application>Unbound</application> server to
start automatically when the system is booted, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/unbound</filename>
init script</phrase>
<phrase revision="systemd"><filename>unbound.service</filename>
unit</phrase> included
in the <xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package:
</para>
<indexterm zone="unbound unbound-init">
<primary sortas="f-unbound">unbound</primary>
</indexterm>
<screen role="root"><userinput>make install-unbound</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
unbound, unbound-anchor, unbound-checkconf, unbound-control,
unbound-control-setup, and unbound-host
</seg>
<seg>
libunbound.so and (optional)
/usr/lib/python&python2-majorver;/site-packages/_unbound.so
</seg>
<seg>
/etc/unbound and /usr/share/doc/unbound-&unbound-version; (optional)
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="unbound-prog">
<term><command>unbound</command></term>
<listitem>
<para>
is a DNS resolver daemon
</para>
<indexterm zone="unbound unbound-prog">
<primary sortas="b-unbound">unbound</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unbound-anchor">
<term><command>unbound-anchor</command></term>
<listitem>
<para>
performs setup or update of the root trust anchor for DNSSEC
validation
</para>
<indexterm zone="unbound unbound-anchor">
<primary sortas="b-unbound-anchor">unbound-anchor</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unbound-checkconf">
<term><command>unbound-checkconf</command></term>
<listitem>
<para>
checks the <command>unbound</command> configuration file for syntax
and other errors
</para>
<indexterm zone="unbound unbound-checkconf">
<primary sortas="b-unbound-checkconf">unbound-checkconf</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unbound-control">
<term><command>unbound-control</command></term>
<listitem>
<para>
performs remote administration on the <command>unbound</command> DNS
resolver
</para>
<indexterm zone="unbound unbound-control">
<primary sortas="b-unbound-control">unbound-control</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unbound-control-setup">
<term><command>unbound-control-setup</command></term>
<listitem>
<para>
generates a self-signed certificate and private keys for the server
and client
</para>
<indexterm zone="unbound unbound-control-setup">
<primary sortas="b-unbound-control-setup">unbound-control-setup</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unbound-host">
<term><command>unbound-host</command></term>
<listitem>
<para>
is a DNS lookup utility similar to <command>host</command> from
<xref linkend="bind-utils"/>
</para>
<indexterm zone="unbound unbound-host">
<primary sortas="b-unbound-host">unbound-host</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libunbound">
<term><filename class="libraryfile">libunbound.so</filename></term>
<listitem>
<para>
provides the <application>Unbound</application> API functions to
programs
</para>
<indexterm zone="unbound libunbound">
<primary sortas="c-libunbound">libunbound.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

18
server/server.xml
View File

@ -1,18 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE part PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../general.ent">
%general-entities;
]>
<part id="server" xreflabel="Servers">
<?dbhtml filename="server.html" dir="server"?>
<title>Servers</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="major/major.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mail/mail.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="databases/databases.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="other/other.xml"/>
</part>

4
stylesheets/lfs-xsl/dark.lfs.css
View File

@ -300,7 +300,9 @@ span.blue {
/* Admonitions */ /* Admonitions */
div.admon img { div.admon img {
padding: .3em; padding: .3em;
max-height: 5%;
max-width: 5%;
} }
div.admon h3 { div.admon h3 {

4
stylesheets/lfs-xsl/lfs.css
View File

@ -300,7 +300,9 @@ span.blue {
/* Admonitions */ /* Admonitions */
div.admon img { div.admon img {
padding: .3em; padding: .3em;
max-height: 5%;
max-width: 5%;
} }
div.admon h3 { div.admon h3 {

4
stylesheets/lfs-xsl/light.lfs.css
View File

@ -300,7 +300,9 @@ span.blue {
/* Admonitions */ /* Admonitions */
div.admon img { div.admon img {
padding: .3em; padding: .3em;
max-height: 5%;
max-width: 5%;
} }
div.admon h3 { div.admon h3 {