Nginx搭建邮件代理服务器
A.搭建主服务器
#tar -cxvf turbomail_linux_500.tgz -C / ##安装并启动turbomail
#yum -y install httpd php ##安装php、apache服务,代理验证用户的关键
#vi /var/www/html/auth.php ##编辑验证文件
<?php
if (!isset($_SERVER["HTTP_AUTH_USER"] ) || !isset($_SERVER["HTTP_AUTH_PASS"] )){
fail();
}
$username=$_SERVER["HTTP_AUTH_USER"] ;
$userpass=$_SERVER["HTTP_AUTH_PASS"] ;
$protocol=$_SERVER["HTTP_AUTH_PROTOCOL"] ;
// default backend port
$backend_port=110;
if ($protocol=="imap") {
$backend_port=143;
}
if ($protocol=="smtp") {
$backend_port=25;
}
if($username == $username) { //验证条件
验证完返回用户访问服务器ip
}else{
exit;
}
pass($server_ip, $backend_port);
//END
function authuser($user,$pass){
return true;
}
function fail(){
header("Auth-Status: Invalid login or password");
exit;
}
function pass($server,$port){
header("Auth-Status: OK");
header("Auth-Server: $server");
header("Auth-Port: $port");
exit;
}
?>
B.搭建代理服务器(所有代理服务器都一样配置安装)
安装Nginx
# tar xf pcre-8.12.tar.bz2 ##安装pcre正则表达式包,以便让nginx支持正则表达式
# cd pcre-8.12
# ./configure && make && make install
# useradd nginx -s /sbin/nologin
# tar xzvf nginx-1.0.3.tar.gz ##Nginx源码包
# cd nginx-1.0.3
#./configure --user=nginx --group=nginx --prefix=/opt/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-mail
--prefix=<dir> 指定安装主目录,默认为/usr/local/nginx
--user=<user> 指定用户身份,如果没有指定则默认使用nobody
--group=<group> 指定组身份
--with-http_ssl_module https支持
--with-http_stub_status_module nginx连接状态模块
# make && make install ##不报错就ok
#vi /etc/init.d/nginx ##Nginx启动脚本,编辑完记得给以执行权限
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
killall -9 nginx
killall -9 nginx
killall -9 nginx
killall -9 nginx
killall -9 nginx
killall -9 nginx
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "" in
start)
rh_status_q && exit 0
;;
stop)
rh_status_q || exit 0
;;
restart|configtest)
;;
reload)
rh_status_q || exit 7
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
#chmod 755 /etc/init.d/nginx
#vim /opt/nginx/conf/nginx.conf ##nginx配置文件
user nginx;
根据cpu设置
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 5000;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
client_max_body_size 25m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 32k;
large_client_header_buffers 1 128k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 512k;
fastcgi_buffers 4 1024k;#8 128
fastcgi_busy_buffers_size 1024k;
fastcgi_temp_file_write_size 1024k;
fastcgi_intercept_errors on;
server_names_hash_bucket_size 128;
server_names_hash_max_size 4096;
ssi on;
ssi_silent_errors on;
ssi_types text/shtml;
gzip on;
gzip_min_length 1000;
gzip_buffers 4 8k;
gzip_types text/* text/css application/javascript application/x-javascript;
gzip_comp_level 9;
gzip_proxied any;
gzip_vary on;
gzip_http_version 1.0;
output_buffers 4 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
server_name_in_redirect off;
upstream turbo {
ip_hash;
北京ip:8080;
上海ip:8080;
江苏ip:8080;
云南ip:8080;
}
server {
listen 80;
server_name mail.turbomail.org;
index index.jsp;
location / {
proxy_pass http://turbo;
proxy_redirect off;
proxy_set_header Host $host;
proxy_cache cache_one;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
expires 30d;
}
}
#Mail Proxy
mail {
auth_http mail.postfix.cn:80/auth.php;
pop3_capabilities "TOP" "USER";
imap_capabilities "IMAP4rev1" "UIDPLUS";
#POP3 Auth
server {
listen 110;
protocol pop3;
proxy on;
}
#IMAP Auth
server {
listen 143;
protocol imap;
proxy on;
}
#SMTP Auth
server {
listen 25;
protocol smtp;
proxy on;
xclient off;
smtp_auth login plain;
}
}
#servicee nginx start
#netstat -nltp | grep nginx ##检查服务
===============================================================================
Ok完工,测试通过即可!
https://blog.51cto.com/kamactor/968728