Arthur Attout's questions

Eu tenho uma datapasta na raiz do meu sistema de arquivos

arthur@debian:~$ ls -la /data
total 36
drwxr-xr-x  9 root   root            4096 Dec 13 09:45 .
drwxr-xr-x 21 root   root            4096 Dec 13 10:08 ..
drwxr-xr-x  2 root   root            4096 Jun 15  2020 500g2
drwxr-xr-x  6 root   root            4096 Nov 16 18:20 quad_1
drwxr-sr-x  5 arthur arthur          4096 Dec 13 13:29 tera_1
drwxrwxr-x  6 root   root            4096 Dec  7 00:00 tera_2
drwxr-xr-x  5 root   root            4096 Sep 18 21:32 tera_3
drwxr-xr-x  6 root   root            4096 May  5  2021 tera_4

Quero montar o diretório inteiro como um volume docker, mas o contêiner deve ter acesso somente leitura. Então usei:ro

sudo docker run -it --name testcontainer -v /data:/internal_data:ro --rm alpine:latest /bin/sh

Quando o shell é gerado, ainda consigo escrever no contêiner supostamente somente leitura. Por que isso?

/ # touch /internal_data/test
touch: /internal_data/test: Read-only file system        # Ok, container prevented from writing
/ # touch /internal_data/tera_1/test                     # This worked
/ # touch /internal_data/tera_2/test                     # This worked
/ # touch /internal_data/500g2/test                      
touch: /internal_data/500g2/test: Read-only file system # Ok, container prevented from writing
/ #

Às vezes, esse tipo de linha aparece no meu access.log:

149.28.156.181 - - [13/Sep/2018:20:35:09 +0100] "GET /js/czjl.js HTTP/1.1" 301 184 "-" "Mozilla/5.0 ..."

O recurso /js/czjl.jsnão existe no meu servidor. No entanto, o NGINX respondeu com 301 em vez de 404. Se eu tentar a mesma solicitação com o Postman, recebo

192.168.1.67 - - [13/Sep/2018:21:09:34 +0100] "GET /js/czjl.js HTTP/1.1" 404 1140 "-" "PostmanRuntime/7.3.0"

que é o comportamento esperado.

Por que o NGINX está retornando 301 em vez de 404 se esses recursos não estiverem no meu servidor?

Aqui está minha configuração

server {
    listen 80;

    server_name example.com www.example.com;

    location ~ /.well-known {
        allow all;
    }

    location / {
        limit_except GET {
            deny all;     
        }
        return 301 https://www.example.com$request_uri;
    }

    location ~ /\. { deny all;}

}

server{
    #FOR INTERNAL REQUESTS

    listen 8080;

    server_name 192.168.1.75;
    error_page 401 403 404 /404.html;
    location = /404.html {
            root /var/www/html/error/;
            internal;
    }

    location / {
        limit_except GET {
            deny all;     
        }
    }

    root /var/www/html;
    index index.html;
}

server {
    listen 443 ssl;

    server_name example.com www.example.com;

    location / {
        limit_except GET {
            deny all;     
        }
    }

    root /var/www/html;
    index index.html;
    error_page 401 403 404 /404.html;
    location = /404.html {
            root /var/www/html/error/;
            internal;
    }

    #SSL Config
    ...
}

Estou preso com esse status nos últimos 3 dias, não consigo descobrir o que estou fazendo de errado.

Eu tenho este docker-mailserver, que pode enviar e-mails para hosts SMTP públicos (outlook, gmail ..), mas não para si mesmo. Ao tentar enviar de [email protected] para [email protected], recebo o seguinte log:

May 18 21:48:55 mail postfix/smtp[9268]: 34C559BE: to=<[email protected]>, relay=none, delay=0.21, delays=0.02/0/0.18/0, dsn=5.4.6, status=bounced (mail for newproject.org loops back to myself)

aqui está a saída depostconf -n

alias_database = ldap:/etc/postfix/ldap-users.cf
alias_maps = ldap:/etc/postfix/ldap-users.cf
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
dkim_milter = inet:localhost:8891
dmarc_milter = inet:localhost:8893
inet_interfaces = allinet_protocols = all
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = newproject.org
myhostname = mail.newproject.org
mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 172.20.0.30/32
non_smtpd_milters = $dkim_milterpolicyd-spf_time_limit = 3600postscreen_bare_newline_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
readme_directory = no
recipient_delimiter = +
relayhost =
sender_dependent_relayhost_maps = texthash:/etc/postfix/relayhost_map
smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_security_level = encrypt
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit
smtpd_milters = $dkim_milter,$dmarc_milter
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_security_level = none
smtpd_use_tls = no
tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf
virtual_mailbox_domains = mail.newproject.org, /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_transport = lmtp:unix:/var/run/dovecot/lmtp

Eu tenho um tipo de registro MX mail.newproject.orgque aponta para o contêiner (endereço IP interno).

O que eu fiz que poderia causar o loop?