问题[ubuntu](server)

我有一台运行 ubuntu 的服务器，我有一张配置了 mtu 9000 的 10G 卡，而 NFS 服务器也有一张 10G 卡，并通过专用链路直接连接到服务器（中间没有交换机）。ubuntu 服务器具有以下设置

enp66s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9000
        inet 192.168.1.2  netmask 255.255.255.252  broadcast 192.168.1.3
        inet6 fe80::d65d:64ff:fe09:b66  prefixlen 64  scopeid 0x20<link>
        ether d4:5d:64:09:0b:66  txqueuelen 1000  (Ethernet)
        RX packets 3065123981  bytes 3717515096214 (3.7 TB)
        RX errors 1963997  dropped 0  overruns 1887746  frame 76251
        TX packets 2720860289  bytes 4802586105745 (4.8 TB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 99  memory 0x20080800000-20080ffffff 

并且 nfs 服务器具有以下配置，

bnxt2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9000     options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,
LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 84:16:0c:aa:6b:32
        inet 192.168.1.1 netmask 0xfffffffc broadcast 192.168.1.3
        media: Ethernet autoselect (10GBase-CR1 <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

当我使用 dd 命令复制一些数据时，我得到来自 bmon 的以下信息，但无法获得 10G 连接，或者我不确定是否获得 10G 连接。请看一下并解释我是否以优化的方式利用了 10G。

尝试启动 generic/ubuntu18(20|22) 镜像并通过 ansible.builtin.user 模块在那里添加用户。一切正常，但用户并没有真正添加。为什么会这样？

Ansible：2.16.3

流浪者：2.4.3

主机操作系统：Ubuntu 24.04

  config.vm.define "ubuntu18" do |ubuntu18|
    ubuntu18.vm.box = "generic/ubuntu1804"

    ubuntu18.vm.boot_timeout = 600
    ubuntu18.vm.hostname = "ubuntu18"

    ubuntu18.vm.network :private_network, ip: "192.168.56.15"

    PLAYBOOKS = [
         "ansible/nix-local-users.yml",
    ]
    PLAYBOOKS.each do |playbook|
        ubuntu18.vm.provision "ansible" do |ansible|
          ansible.playbook = playbook
          ansible.verbose = "vvv"
          ansible.extra_vars = {
              target_host: "ubuntu18"
          }
        end
    end
  end

剧本如下：

---
- hosts: "{{ target_host }}"
  connection: local
  become: yes
  become_user: root
  become_method: sudo
  tasks:
    - name: Create a local nix users
      ansible.builtin.user:
        name: "{{ item.login }}"
        password: "*"
        state: present
#        password: "{{ item.password | password_hash('sha512') }}"
        create_home: yes
      with_items:
        - { login: 'LocalUser1', password: '1Passw0rd@' }
        - { login: 'LocalUser2', password: '2Passw0rd@' }
        - { login: 'LocalUser3', password: '3Passw0rd@' }

运行“vagrant up ubuntu18”时我得到了这个输出。

Bringing machine 'ubuntu18' up with 'virtualbox' provider...
==> ubuntu18: Importing base box 'generic/ubuntu1804'...
==> ubuntu18: Matching MAC address for NAT networking...
==> ubuntu18: Setting the name of the VM: test_ubuntu18_1737979065436_47140
==> ubuntu18: Fixed port collision for 22 => 2222. Now on port 2200.
==> ubuntu18: Clearing any previously set network interfaces...
==> ubuntu18: Preparing network interfaces based on configuration...
    ubuntu18: Adapter 1: nat
    ubuntu18: Adapter 2: hostonly
==> ubuntu18: Forwarding ports...
    ubuntu18: 22 (guest) => 2200 (host) (adapter 1)
==> ubuntu18: Running 'pre-boot' VM customizations...
==> ubuntu18: Booting VM...
==> ubuntu18: Waiting for machine to boot. This may take a few minutes...
    ubuntu18: SSH address: 127.0.0.1:2200
    ubuntu18: SSH username: vagrant
    ubuntu18: SSH auth method: private key
    ubuntu18: 
    ubuntu18: Vagrant insecure key detected. Vagrant will automatically replace
    ubuntu18: this with a newly generated keypair for better security.
    ubuntu18: 
    ubuntu18: Inserting generated public key within guest...
    ubuntu18: Removing insecure key from the guest if it's present...
    ubuntu18: Key inserted! Disconnecting and reconnecting using new SSH key...
==> ubuntu18: Machine booted and ready!
==> ubuntu18: Checking for guest additions in VM...
    ubuntu18: The guest additions on this VM do not match the installed version of
    ubuntu18: VirtualBox! In most cases this is fine, but in rare cases it can
    ubuntu18: prevent things such as shared folders from working properly. If you see
    ubuntu18: shared folder errors, please make sure the guest additions within the
    ubuntu18: virtual machine match the version of VirtualBox you have installed on
    ubuntu18: your host and reload your VM.
    ubuntu18: 
    ubuntu18: Guest Additions Version: 5.2.42
    ubuntu18: VirtualBox Version: 7.0
==> ubuntu18: Setting hostname...
==> ubuntu18: Configuring and enabling network interfaces...
==> ubuntu18: Running provisioner: ansible...
    ubuntu18: Running ansible-playbook...
PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --limit="ubuntu18" --inventory-file=/test/.vagrant/provisioners/ansible/inventory --extra-vars=\{\"target_host\":\"ubuntu18\"\} -vvv ansible/nix-local-users.yml
ansible-playbook [core 2.17.7]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/study/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/study/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.12.3 (main, Jan 17 2025, 18:03:48) [GCC 13.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory as it did not pass its verify_file() method
script declined parsing /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory as it did not pass its verify_file() method
auto declined parsing /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory as it did not pass its verify_file() method
Parsed /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: nix-local-users.yml **************************************************
1 plays in ansible/nix-local-users.yml

PLAY [ubuntu18] ****************************************************************

TASK [Gathering Facts] *********************************************************
task path: /test/ansible/nix-local-users.yml:2
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: study
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236 `" && echo ansible-tmp-1737979102.1509817-523943-230847070365236="` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236 `" ) && sleep 0'
<ubuntu18> Attempting python interpreter discovery
<127.0.0.1> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.12'"'"'; command -v '"'"'python3.11'"'"'; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python3'"'"'; echo ENDFOUND && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.12 && sleep 0'
<ubuntu18> Python interpreter discovery fallback (unsupported Linux distribution: ubuntu)
Using module file /usr/lib/python3/dist-packages/ansible/modules/setup.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmpxuv0pdbw TO /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/AnsiballZ_setup.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/ /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/AnsiballZ_setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-cgihllizftbsohvxjezexndfhosuwwji ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/AnsiballZ_setup.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/ > /dev/null 2>&1 && sleep 0'
[WARNING]: Platform linux on host ubuntu18 is using the discovered Python
interpreter at /usr/bin/python3.12, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.17/reference_appendices/interpreter_discovery.html for more information.
ok: [ubuntu18]

TASK [Create a local nix users] ************************************************
task path: /test/ansible/nix-local-users.yml:10
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: study
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742 `" && echo ansible-tmp-1737979102.789001-524110-46585659397742="` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/user.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmpv012owpg TO /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/AnsiballZ_user.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/ /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/AnsiballZ_user.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-mleatpfjsqwveasahcifudyghhrkuzwq ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/AnsiballZ_user.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/ > /dev/null 2>&1 && sleep 0'
ok: [ubuntu18] => (item={'login': 'LocalUser1', 'password': '1Passw0rd@'}) => {
    "ansible_loop_var": "item",
    "append": false,
    "changed": false,
    "comment": "",
    "group": 1002,
    "home": "/home/LocalUser1",
    "invocation": {
        "module_args": {
            "append": false,
            "authorization": null,
            "comment": null,
            "create_home": true,
            "expires": null,
            "force": false,
            "generate_ssh_key": null,
            "group": null,
            "groups": null,
            "hidden": null,
            "home": null,
            "local": null,
            "login_class": null,
            "move_home": false,
            "name": "LocalUser1",
            "non_unique": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "password_expire_max": null,
            "password_expire_min": null,
            "password_expire_warn": null,
            "password_lock": null,
            "profile": null,
            "remove": false,
            "role": null,
            "seuser": null,
            "shell": null,
            "skeleton": null,
            "ssh_key_bits": 0,
            "ssh_key_comment": "ansible-generated on Dev",
            "ssh_key_file": null,
            "ssh_key_passphrase": null,
            "ssh_key_type": "rsa",
            "state": "present",
            "system": false,
            "uid": null,
            "umask": null,
            "update_password": "always"
        }
    },
    "item": {
        "login": "LocalUser1",
        "password": "1Passw0rd@"
    },
    "move_home": false,
    "name": "LocalUser1",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "uid": 1002
}
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064 `" && echo ansible-tmp-1737979102.9724927-524110-48708649402064="` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/user.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmp4tqlyxfh TO /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/AnsiballZ_user.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/ /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/AnsiballZ_user.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-bcaxqjzbaqhsvieolltmbltywjjyhyke ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/AnsiballZ_user.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/ > /dev/null 2>&1 && sleep 0'
ok: [ubuntu18] => (item={'login': 'LocalUser2', 'password': '2Passw0rd@'}) => {
    "ansible_loop_var": "item",
    "append": false,
    "changed": false,
    "comment": "",
    "group": 1003,
    "home": "/home/LocalUser2",
    "invocation": {
        "module_args": {
            "append": false,
            "authorization": null,
            "comment": null,
            "create_home": true,
            "expires": null,
            "force": false,
            "generate_ssh_key": null,
            "group": null,
            "groups": null,
            "hidden": null,
            "home": null,
            "local": null,
            "login_class": null,
            "move_home": false,
            "name": "LocalUser2",
            "non_unique": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "password_expire_max": null,
            "password_expire_min": null,
            "password_expire_warn": null,
            "password_lock": null,
            "profile": null,
            "remove": false,
            "role": null,
            "seuser": null,
            "shell": null,
            "skeleton": null,
            "ssh_key_bits": 0,
            "ssh_key_comment": "ansible-generated on Dev",
            "ssh_key_file": null,
            "ssh_key_passphrase": null,
            "ssh_key_type": "rsa",
            "state": "present",
            "system": false,
            "uid": null,
            "umask": null,
            "update_password": "always"
        }
    },
    "item": {
        "login": "LocalUser2",
        "password": "2Passw0rd@"
    },
    "move_home": false,
    "name": "LocalUser2",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "uid": 1003
}
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436 `" && echo ansible-tmp-1737979103.0961325-524110-27042937232436="` echo /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/user.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmpk4vulkhv TO /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/AnsiballZ_user.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/ /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/AnsiballZ_user.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xyazghqxggmfaljuxketsxytgkcbtwuk ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/AnsiballZ_user.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/ > /dev/null 2>&1 && sleep 0'
ok: [ubuntu18] => (item={'login': 'LocalUser3', 'password': '3Passw0rd@'}) => {
    "ansible_loop_var": "item",
    "append": false,
    "changed": false,
    "comment": "",
    "group": 1004,
    "home": "/home/LocalUser3",
    "invocation": {
        "module_args": {
            "append": false,
            "authorization": null,
            "comment": null,
            "create_home": true,
            "expires": null,
            "force": false,
            "generate_ssh_key": null,
            "group": null,
            "groups": null,
            "hidden": null,
            "home": null,
            "local": null,
            "login_class": null,
            "move_home": false,
            "name": "LocalUser3",
            "non_unique": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "password_expire_max": null,
            "password_expire_min": null,
            "password_expire_warn": null,
            "password_lock": null,
            "profile": null,
            "remove": false,
            "role": null,
            "seuser": null,
            "shell": null,
            "skeleton": null,
            "ssh_key_bits": 0,
            "ssh_key_comment": "ansible-generated on Dev",
            "ssh_key_file": null,
            "ssh_key_passphrase": null,
            "ssh_key_type": "rsa",
            "state": "present",
            "system": false,
            "uid": null,
            "umask": null,
            "update_password": "always"
        }
    },
    "item": {
        "login": "LocalUser3",
        "password": "3Passw0rd@"
    },
    "move_home": false,
    "name": "LocalUser3",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "uid": 1004
}

PLAY RECAP *********************************************************************
ubuntu18                   : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

为什么这里的 ok=2？有 3 个用户，而不是 2 个。当我通过 ssh 访问机器时，我在 /etc/passwd、/etc/shadow 中看不到用户，也看不到新的主目录。

在我的 Ubuntu 24.04 上，我创建了一个实验性的 Docker 文件，用于安装ejabberd：

FROM ubuntu:24.04

RUN apt update
RUN apt -y install apt-utils
RUN apt -y install locales
RUN apt -y install nano

# Set the locale
RUN locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

RUN apt -y install openssl

RUN apt -y install ejabberd

构建并运行

sudo docker build -t u24jabber .
sudo docker run -it --rm --name jabber -p 5280:5280 -p 5222:5222 -p 5269:5269 u24jabber

然后在docker容器内运行

ejabberdctl status

并收到以下错误：

Failed RPC connection to the node ejabberd@localhost: nodedown

我的第一个猜测是ejabberd没有运行，我尝试过

ejabberdctl start

在docker容器里面，但是没有帮助。

我也尝试添加

CMD ["ejabberdctl", "foreground"]

到Docker 文件，但没有成功并且telnet 172.17.0.2 5280没有连接。

ejabberd在默认配置下运行的最小 Dockerfile 是什么？

最近我尝试使用 postfix SNI 为多个域设置多个 SSL。（Dovecot 保持不变）。现在我收到 TLS 错误（var/etc/mail.log）：

Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: connect from unknown[46.39.58.24]
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: warning: table hash:/etc/postfix/vmail_ssl.map.db: key history.tor: malformed BASE64 value: /FakeSSL/history.tor/history.t
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: warning: tls_server_sni_maps: history.tor map lookup problem
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: SSL_accept error from unknown[46.39.58.24]: -1
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: warning: TLS library problem: error:0A0000EA:SSL routines::callback failed:../ssl/statem/extensions.c:1000:
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: lost connection after STARTTLS from unknown[46.39.58.24]
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: disconnect from unknown[46.39.58.24] ehlo=1 starttls=0/1 commands=1/2

我的 postfix main.conf：

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6


smtpd_use_tls = yes
# TLS parameters
smtpd_tls_cert_file=/OtherSSL/mishkin.ml/mishkin.ml.chain.pem
smtpd_tls_key_file=/OtherSSL/mishkin.ml/mishkin.ml.priv.key
smtpd_tls_security_level=may

#smtp_tls_CApath=/OtherSSL/CA
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_auth_only = yes
smtpd_tls_wrappermode = no
smtpd_tls_mandatory_ciphers = high

tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mishkin.ml
mydomain = mishkin.ml
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mishkin.ml, 2099047-cg00264.twc1.net, localhost.twc1.net, localhost, history.tor
virtual_alias_domains = mishkin.ml, history.tor
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost = 
mynetworks = 90.156.226.142/32
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

vmail_ssl.映射：

mishkin.ml /OtherSSL/mishkin.ml/mishkin.ml.chain.pem /OtherSSL/mishkin.ml/mishkin.ml.priv.key
history.tor /FakeSSL/history.tor/history.tor.chain.pem /FakeSSL/history.tor/history.tor.priv.key

SSL 是使用https://github.com/Vinalti/Self-Signed-Certificates-Generator创建的

1. 尝试将两个 smtpd_tls 文件替换为 smtpd_tls_chain_files 参数
2. 将 Postfix 移至 25 端口（是的，从 587 移至 25）
3. 遵循其他 SNI 设置说明
4. 尝试通过 openssl 获取证书，而不是那个脚本

我有 ubuntu 24.04，并且我正在使用 IPv6 提供某些服务，但我不需要它来进行 ssh 访问，这就是为什么我试图在 ssh 服务上禁用它，但是，将地址系列指定为“inet”不再像在 ubuntu 22.04 中那样有效，我是否遗漏了什么？此外，我尝试在 /etc/ssh/sshd_config.d/ 中为此创建一个完全独立的配置文件，但没有成功。

在 ubuntu 22.04 中，我需要添加的只是在 sshd_config 中添加两行（每次都有效）：AddressFamily inet

监听地址 0.0.0.0

<Location /server-status>
        SetHandler server-status
        Require local
</Location>

# Keep track of extended status information for each request
ExtendedStatus On

这是我的 /etc/apache2/mods-enabled/status.conf

显然，当我尝试从家里的电脑访问它时，它会失败，但如果我添加“全部允许”并删除“需要本地”，然后转到/server-status，它会显示 Wordpress 404 页面，这很奇怪。

我不完全确定我需要做哪些更改才能使其显示真正的 mod_status 页面而不是 Wordpress 404 页面。

如果您需要任何额外的信息，请告诉我。

我有一个由第三方设置的裸机 Ubuntu 服务器。它运行专有服务。没有关于正在运行什么以及如何运行的适当文档。

我必须将此服务器重新用于另一项服务，即运行新服务的带有 Docker 容器的 Ubuntu 服务器。

我需要运行之前在裸机服务器上运行的专有服务。我还需要在容器中运行它，以便于部署和管理。

我不确定如何将 Ubuntu 服务器移动到容器。

我知道这不是“Docker 方式”来实现这一点。

我发现的一种方法是从头开始创建一个映像并传输除以下文件夹之外的文件系统：/proc、/sys、/dev、/tmp、/mnt、/media、/run、/boot 和 /swapfile

FROM scratch
ADD folders-to-transfer.tar.gz /
CMD ["/bin/bash"]

这是正确的方法吗？

其他人建议使用虚拟机，但这听起来有点小题大做。

我的服务器上安装了 Fail2Ban，我希望它在 IP 被禁止时阻止所有协议（TCP、UDP、ICMP），而不仅仅是 TCP。我正在尝试设置该protocol = all选项，但遇到了问题。

iptables.conf以下是部分文件中默认配置的一部分[Init]：

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp

我想更改tcp为all以便阻止所有协议，但更改似乎没有生效。我还创建了一个iptables.local包含以下内容的文件来覆盖 的默认设置iptables.conf。但是，重新启动 Fail2Ban 后，它仍然只阻止 TCP 连接

[Init]
protocol = all

有人能帮我配置 Fail2Ban 来阻止所有协议吗？我应该怎么做才能使 protocol = all 更改生效？我应该修改其他配置文件吗？还是需要调整其他设置？

感谢您的帮助！

经过大约 30 个小时几乎绞尽脑汁之后，我不得不得出结论，最好把这篇文章写给那些可能更熟悉这个主题的人。

我有一个使用 Ubuntu 22 的 Digitalocean 服务器。

是的，我知道 Digitalocean 不支持发送邮件等，但我只是使用 postfix 作为简单的中继服务器，没有其他用途。

基本上，我现在正在使用 Amazon SES 向例如“ [email protected] ”发送邮件。我有多个域需要处理，而不仅仅是一个，并且所有这些域的配置（DNS）都正确设置为指向服务器。它之前确实与 brevo 一起使用，但我肯定是配置错误，因为他们因违反 TOS 而随机暂停了帐户，当然没有给出任何理由，只是说“很抱歉您被暂停了”。

我怀疑我直接从发件人那里转发了“发件人：”地址，他们认为有人接管了帐户或做了其他事情，这是公平的。

无论如何...现在我已经描述了基本设置和情况。问题是，我设置了一个过滤器，这对于实现这一点至关重要，如果我在 master.cf 中创建自定义 content_filter 服务，情况似乎如下：

shell_content_filter unix - n n - - pipe
  flags=Rq user=filteruser argv=/usr/local/bin/minimal_filter.sh

这是我们可以看到问题日志的一部分：

"relay=shell_content_filter, delay=0.04, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via shell_content_filter service"

在 main.cf 中：

content_filter = shell_content_filter
receive_override_options = no_address_mappings

是的，有一个“filteruser”被创建，并且它工作正常，所有权限都正确设置并经过测试，一切运行正常，但我的过滤器被识别为中继，而且它实际上是说电子邮件是由外部服务传递的，这毫无意义......至少对我来说是这样。

不确定这些信息是否足够，如果有人知道发生了什么，我将不胜感激，因为我遇到了很大的麻烦，电子邮件丢失了，永远无法恢复，而且我仍然无法让它工作。

假设我的组织有一个域example.com和一台运行最新版本的 Ubuntu 的服务器，名称为myserver.example.com。假设我在一台 Windows 机器上，可以通过端口 22 访问该服务器。我想使用 putty 通过 ssh 连接到该服务器。

第一次连接时我会看到如下警告消息：

从这里我可以连接一次并在将来继续查看错误，接受主机密钥以便将来受到信任，或者取消，因为我无法确定地验证服务器的身份。

现在假设我还有一个*.example.com 由主要的公共信任 CA（例如 DigiCert、Comodo、GlobalSign 等）颁发的通配符证书，并且包含myserver.example.com在主题备用名称 (SAN) 列表中。

我该如何将证书安装到服务器，以便将其用于 ssh 连接签名（而不是用户身份验证 — 这将是单独的！）并受到客户端计算机的信任，这样就不会显示此警告？证书中需要包含哪些属性，而这些属性可能不包含在开箱即用中？