SoftTimur's questions

我有一台具有以下功能的服务器docker-compose.yml：

version: "3"
services:
  frontend:
    restart: unless-stopped
    image: staticfloat/nginx-certbot
    ports:
      - 80:80/tcp
      - 443:443/tcp
    environment:
      CERTBOT_EMAIL: [email protected]
    volumes:
      - ./conf.d:/etc/nginx/user.conf.d:ro
      - letsencrypt:/etc/letsencrypt
  studio:
    image: bitnami/nginx:latest
    restart: always
    volumes: 
      - ./build:/app
      - ./default.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro
      - ./configs/config.prod.js:/app/lib/config.js
    depends_on: 
    - frontend

volumes:
  letsencrypt:

networks:
  default:
    external:
      name: studio

此外，还有一个conf.d/prod.conf用于 nginx 配置的文件。

我做到了docker exec -it frontend_frontend_1 /bin/bash，我可以看到有哪些/etc/nginx/user.conf.d/prod.conf是/etc/nginx/conf.d/prod.conf相同的。我知道是/etc/nginx/user.conf.d/prod.conf因为- ./conf.d:/etc/nginx/user.conf.d:roin才安装的docker-compose.yml，但为什么会在那里呢/etc/nginx/conf.d/prod.conf？

有人知道吗？

我刚刚意识到我网站的某些链接会导致“502 Bad Gateway”错误。例如https://v2a.10studio.tech/10studio/auth/google、https://v2a.10studio.tech/auth/google、https://v2a.10studio.tech/10studio/auth/microsoft、https ://v2a.10studio.tech/auth/microsoft。我很确定这些链接几周前有效，我不知道发生了什么。

网站https://v2a.10studio.tech/仍在运行。https://v2a.10studio.tech/#/sign?next=/包含点击导致链接断开的按钮。

这里是docker-compose.yml：

version: "3"
services:
  frontend:
    restart: unless-stopped
    image: staticfloat/nginx-certbot
    ports:
      - 80:80/tcp
      - 443:443/tcp
    environment:
      CERTBOT_EMAIL: [email protected]
    volumes:
      - ./conf.d:/etc/nginx/user.conf.d:ro
      - letsencrypt:/etc/letsencrypt
  10studio:
    image: bitnami/nginx:1.16
    restart: always
    volumes: 
      - ./build:/app
      - ./default.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro
      - ./configs/config.prod.js:/app/lib/config.js
    depends_on: 
    - frontend

volumes:
  letsencrypt:

networks:
  default:
    external:
      name: 10studio

并且conf.d/v2.conf：

gzip on;
gzip_proxied any;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/jpeg image/png image/svg+xml image/x-icon;

upstream funfun {
   server www.funfun.io:443;
}


server {
    listen              443 ssl;
    ssl_certificate     /etc/letsencrypt/live/v2a.10studio.tech/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/v2a.10studio.tech/privkey.pem;
    server_name v2a.10studio.tech;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    add_header X-Frame-Options "";
    
    
    location ~ /socialLoginSuccess {                                                                                            
        rewrite ^ '/#/socialLoginSuccess' redirect;
     }

    location ~ /auth/(.*) {                                                                                            
        proxy_pass  https://funfun/10studio/auth/$1?$query_string;
        proxy_set_header Host v2a.10studio.tech;
     }

    location / {
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Accept-Encoding     "";
        proxy_set_header    Proxy               "";
        proxy_pass          http://10studio:8080/;

        # These three lines added as per https://github.com/socketio/socket.io/issues/1942 to remove socketio error
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }
}

有人可以帮忙吗？

PS：几周前我在 CloudFlare 中更改了 funfun.io 的一些设置（尤其是 SSL 证书），如果它相关，我不知道。我不知道这Proxy status（DNS only或Proxied）是否有影响。

编辑 1：这里有一些 docker 日志：

2020-08-18T20:19:15.667934708Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.153.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.667995550Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.153.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.738088121Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.152.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.738135701Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://104.27.152.135:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.803843403Z 2020/08/18 20:19:15 [error] 42#42: *310 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://172.67.193.92:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.803890220Z 2020/08/18 20:19:15 [warn] 42#42: *310 upstream server temporarily disabled while SSL handshaking to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /auth/github HTTP/1.1", upstream: "https://172.67.193.92:443/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:15.803908241Z 176.144.215.193 - - [18/Aug/2020:20:19:15 +0000] "GET /auth/github HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" "-"
2020-08-18T20:19:21.284333260Z 2020/08/18 20:19:21 [error] 42#42: *310 no live upstreams while connecting to upstream, client: 176.144.215.193, server: v2a.10studio.tech, request: "GET /10studio/auth/github HTTP/1.1", upstream: "https://funfun/10studio/auth/github?", host: "v2a.10studio.tech"
2020-08-18T20:19:21.285121395Z 176.144.215.193 - - [18/Aug/2020:20:19:21 +0000] "GET /10studio/auth/github HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" "-"

我们在 DNS 记录中设置了 MX 记录，如下所示：

Type: MX
TTL: 1800
Name: @
Priority: 10
Hostname: webmail.ourdomain.fr

但是，当我们通过例如https://www.whatsmydns.net/#MX/ourdomain.fr检查传播时，我们看到主机名是mail.ourdomain.fr.ourdomain.fr.

有谁知道可能是什么问题？

PS：我们也有如下3条A记录，是不是混淆的原因？

mail    A   1800    5.100.152.xxx
webmail A   1800    5.100.152.xxx
webmail.ourdomain.fr    A   1800    5.100.152.xxx

我用 docker 和bitnami/nginx镜像部署了一个网站：https ://www.10studio.tech/demo 。部署后，我意识到像这样的文件analyzejs.js没有被压缩：

这里是docker-compose.yml：

version: "3"
services:
  docusaurus:
    image: bitnami/nginx:1.16
    restart: always
    volumes:
    - ./build:/app
    - ./certs:/certs:ro
    - ./my_server_block.conf:/opt/bitnami/nginx/conf/server_blocks/my_server_block.conf:ro
    ports:
    - "3001:3001"
    - "3002:3002"

这里是my_server_block.conf：

server {
  listen  3002;
  absolute_redirect off;
  root  /app;

  location = / {
    rewrite ^(.*)$ https://$http_host/docs/introduction redirect;
  }

  location / {
    try_files $uri $uri/ =404;
  }
}

server {
  listen  3001 ssl;

  ssl_certificate      /certs/server.crt;
  ssl_certificate_key  /certs/server.key;

  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;

  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;

  location / {
    proxy_pass http://localhost:3002;
    proxy_redirect off;
    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;
  }
}

这是/opt/bitnami/nginx/conf/nginx.conf，其中 gzip 似乎已启用：

I have no name!@8317023de7ec:/app$ cat /opt/bitnami/nginx/conf/nginx.conf
# Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf
# user              www www;  ## Default: nobody

worker_processes  auto;
error_log         "/opt/bitnami/nginx/logs/error.log";
pid               "/opt/bitnami/nginx/tmp/nginx.pid";

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format    main '$remote_addr - $remote_user [$time_local] '
                       '"$request" $status  $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
    access_log    "/opt/bitnami/nginx/logs/access.log";
    add_header    X-Frame-Options SAMEORIGIN;

    client_body_temp_path  "/opt/bitnami/nginx/tmp/client_body" 1 2;
    proxy_temp_path        "/opt/bitnami/nginx/tmp/proxy" 1 2;
    fastcgi_temp_path      "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
    scgi_temp_path         "/opt/bitnami/nginx/tmp/scgi" 1 2;
    uwsgi_temp_path        "/opt/bitnami/nginx/tmp/uwsgi" 1 2;

    sendfile           on;
    tcp_nopush         on;
    tcp_nodelay        off;
    gzip               on;
    gzip_http_version  1.0;
    gzip_comp_level    2;
    gzip_proxied       any;
    gzip_types         text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    keepalive_timeout  65;
    ssl_protocols      TLSv1 TLSv1.1 TLSv1.2;

    include  "/opt/bitnami/nginx/conf/server_blocks/*.conf";

    # HTTP Server
    server {
        # port to listen on. Can also be set to an IP:PORT
        listen  8080;

        location /status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            deny all;
        }
    }
}

有谁知道这里出了什么问题以及如何启用 gzip？

编辑：后续问题： 通过 --repair 和 WiredTiger 恢复 mongoDB。

我的开发人员犯了一个巨大的错误，我们在服务器的任何地方都找不到我们的 Mongo 数据库。

他登录到服务器，并将以下 shell 保存在~/crontab/mongod_back.sh：

#!/bin/sh
DUMP=mongodump
OUT_DIR=/data/backup/mongod/tmp  // 备份文件临时目录
TAR_DIR=/data/backup/mongod      // 备份文件正式目录
DATE=`date +%Y_%m_%d_%H_%M_%S`   // 备份文件将以备份对间保存
DB_USER=Guitang                  // 数库操作员
DB_PASS=qq■■■■■■■■■■■■■■■■■■■■■  // 数掘库操作员密码
DAYS=14                          // 保留最新14天的份
TARBAK="mongod_bak_$DATE.tar.gz" // 备份文件命名格式
cd $OUT_DIR                      // 创建文件夹
rm -rf $OUT_DIR/*                // 清空临时目录
mkdir -p $OUT_DIR/$DATE          // 创建本次备份文件夹
$DUMP -d wecard -u $DB_USER -p $DB_PASS -o $OUT_DIR/$DATE  // 执行备份命令
tar -zcvf $TAR_DIR/$TAR_BAK $OUT_DIR/$DATE       // 将份文件打包放入正式
find $TAR_DIR/ -mtime +$DAYS -delete             // 除14天前的旧备

然后他运行它并输出permission denied消息，所以他按下了Ctrl+C。服务器自动关闭。他试图重新启动它，但得到一个 grub 错误：

他联系了阿里云，工程师将磁盘连接到另一个工作服务器，以便他可以检查磁盘。看起来有些文件夹不见了，包括/data/mongodb 所在的位置！

1. 我们不明白脚本如何破坏磁盘，包括/data/：
2. 当然，是否有可能获得/data/回报？

PS：他之前没有拍过磁盘的快照。

PS2：由于人们经常提到“备份”，这两天我们有很多重要的用户和数据来了，这个动作的目的是备份它们（第一次），然后它们被完全删除了。

我正在为我学校的校友会建立一个网站。我myschool.com从GoDaddy. 在 GoDaddy 中，我已自定义DigitalOcean为名称服务器。

我想自定义 DigitalOcean 的 DNS，以便与域相关的所有内容myschool.com都可以重定向到alumni.myschool.com. 确切地说，可以满足以下所有条件：

• 如果在浏览器中输入alumni.myschool.com或www.alumni.myschool.com，我希望 URL 变为alumni.myschool.com，并且浏览器在我的服务器 IP 中显示我们的关联站点178.62.87.73。

• 如果输入错误的子域，例如abc.myschool.com在浏览器中，我希望 URL 仍然变为alumni.myschool.com，并且浏览器在我的服务器 IP 中显示我们的关联站点178.62.87.73。

• 如果只是进入域，即www.myschool.com在www.myschool.com浏览器中，我希望 URL 仍然成为alumni.myschool.com，并且浏览器在我的服务器 IP 中显示我们的关联站点178.62.87.73。

由于时差和 DNS 缓存问题，很难尝试和测试设置；很难说这是错误的设置还是只需要等待。

那么谁能给我一个完整的记录列表（A，CNAME ...）来实现这一点？

编辑2：

在第一个答案之后，我添加了 4 个 A 记录.，它们变成了

@         IN  A   178.62.87.73
alumni    IN  A   178.62.87.73
*         IN  A   178.62.87.73
*.alumni  IN  A   178.62.87.73

我在我的服务器中添加了以下服务器块：

server {
        listen 80;
        listen [::]:80;

        server_name myschool.com *.myschool.com;
        return 301 $scheme://alumni.myschool.com$requrest_uri;
}

并且服务器alumni.myschool.com保持不变：

server {
        ...
        server_name alumni.myschool.com;
        ...
}

结果是 , myschool.com,www.myschool.com和abc.myschool.com都www.abc.myschool.com可以www.alumni.myschool.com成功重定向到alumni.myschool.com。

我从 DigitalOcean 买了一个专用服务器，并配置nginx了 mysql 和 php，它的 IP 地址是a.b.c.d. 我从GoDaddy:siteone.com和. 购买了两个域名sitetwo.com。我做了一个子域sub.siteone.com，它将是一个WordPress站点。我提出sub.siteone.com来a.b.c.d。GoDaddy

通过关注这篇文章和这篇文章，我将 WordPress 文件放在/var/www/sub.siteone.com/html/. /etc/nginx/sites-available/sub.siteone.com包含以下内容：

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /var/www/sub.siteone.com/html;
    index index.php index.html index.htm;

    server_name sub.siteone.com;

    location / {
            try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    error_page 404 /404.html;

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
            root /usr/share/nginx/html;
    }

    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
}

结果，当我sub.siteone.com在浏览器中输入时，它会重定向到a.b.c.d并很好地显示 WordPress 站点。

问题是我希望我的服务器 ( a.b.c.d) 包含多个站点（即域）。所以我想一个机制将a.b.c.d/one/包含第一个域，并a.b.c.d/two/包含第二个域。因此，

• 当我sub.siteone.com在浏览器中输入时，网址保持不变，而内容来自a.b.c.d/one/；
• 当我sub.siteone.com/photos/在浏览器中输入时，当内容来自时，url 保持不变a.b.c.d/one/photos；
• 当我sitetwo.com在浏览器中输入时，网址保持不变，而内容来自a.b.c.d/two/；
• 例如，当我sitetwo.com/downloads/在浏览器中输入时，URL 保持不变，而内容来自a.b.c.d/two/downloads

谁能告诉我这种机制是否有意义？我如何修改 nginx 和 GoDaddy 的设置来实现这一点？