Jerome提出的问题 -server

Jerome

Asked: 2024-05-26 12:47:22 +0800 CST

nginx 配置被忽略

7

其中的文件/etc/nginx/sites-enabled包含以下内容

server {

  server_name production.domain.club cspiero.domain.club;
  root /home/deploy/domain/current/public;
[...]
   ssl_certificate /etc/letsencrypt/live/cspiero.domain.club/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cspiero.domain.club/privkey.pem; # managed by Certbot
[...]
server {
    if ($host = production.domain.club) {
        return 301 https://$host$request_uri;
    }
  listen 80;
  listen [::]:80;
}
server {
    if ($host = cspiero.domain.club) {
        return 301 https://$host$request_uri;
    }
  listen 80;
  listen [::]:80;
}

当nginx -t通过时，服务器的实际行为是第三级域名production按预期呈现，而cspiero不是被路由到同一位置，而是由默认配置处理（浏览器也会收到http响应，从而忽略证书））

server {
       root /home/deploy/default;
        index index.html;
        server_name _;
        location / {
        try_files $uri $uri/ =404;
        }
}

为什么会发生这种情况？希望维持所有其他钓鱼探险请求的默认配置（渲染非常轻且平淡的东西）。那么在这种背景下应该做什么呢？

Jerome

Asked: 2023-04-22 16:41:37 +0800 CST

opendkim milter 未在正确的服务器套接字上启动

5

以下错误阻碍了opendkim的重启

× opendkim.service - OpenDKIM Milter
     Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-04-22 08:00:27 UTC; 2s ago
[...]    Process: 2295 ExecStart=/usr/sbin/opendkim (code=exited, status=78)
opendkim.service: Control process exited, code=exited, status=78/CONFIG

尝试查阅（未加密的，可能未更新的）文档，没有发现任何关于status=78.
但显然 milter 配置在某种程度上是不正确的。 /etc/postfix/main.cf 定义：

# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

而/etc/opendkim.conf有

Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes

Canonicalization        relaxed/simple
Mode                    sv
SubDomains              no
OversignHeaders         From

UserID                  opendkim
UMask                   007

Socket                  local:/var/spool/postfix/opendkim/opendkim.sock

#Nameservers            127.0.0.1
AutoRestart                     yes
AutoRestartRate                 10/1M
Background                      yes
DNSTimeout                      5
SignatureAlgorithm              rsa-sha256

ExternalIgnoreList      refile:/etc/opendkim/trusted.hosts
InternalHosts           refile:/etc/opendkim/trusted.hosts
KeyTable                refile:/etc/opendkim/key.table
SigningTable            refile:/etc/opendkim/signing.table

PidFile                 /var/run/opendkim/opendkim.pid
# UserID                  opendkim:opendkim

我注意到以下几点：
• 最初引用的 opendkim 配置ExternalIgnoreList refile:/etc/opendkim/TrustedHosts而现有文件是/etc/opendkim/trusted.hosts. 这对整个块重复。整个块被修改为小写的点分隔文件名，然后服务重新启动。

但是，电子邮件在发送时会被 postfix 记录为： warning: connect to Milter service local:opendkim/opendkim.sock: No such file or directory

cd /var/spool/postfix/opendkim
-bash: cd: /var/spool/postfix/opendkim: No such file or directory

我也看不到 pid 文件/var/run/opendkim/

smtpd_milters = local:opendkim/opendkim.sockpostfix配置和 opendkim定义之间可能存在一些错误Socket。需要改变什么？

更新
warning: connect to Milter service local:opendkim/opendkim.sock: Permission denied仍在邮件日志中，因此该配置元素是错误的。

将设置更改postfix/main.cf为

smtpd_milters = local:/var/spool/postfix/opendkim/opendkim.sock

结果： warning: connect to Milter service local:/var/spool/postfix/opendkim/opendkim.sock: No such file or directory。的存在/var/spool/postfix/opendkim/opendkim.sock得到验证。

Jerome

Asked: 2020-11-02 03:20:56 +0800 CST

拒绝规则没有完全过滤

2

下面的块

    location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
        return 404;
    }

处理en/blog/wp-includes/wlwmanifest.xml不当。目的是处理任何包含 stringwp-includes等的请求。

我希望 nginx 返回 404 错误，而访问是访问应用程序服务器。

语法错误在哪里？

更新 nginx -T 文件的内容

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 130s;
        client_max_body_size 10M;
    types_hash_max_size 2048;
    # server_tokens off;
        ## Block spammers and other unwanted visitors  ##
        include blockips.conf;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

# Security headers
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Frame-Options "SAMEORIGIN";
}

#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
#
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

# configuration file /etc/nginx/modules-enabled/10-mod-http-ndk.conf:
load_module modules/ndk_http_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
load_module modules/ngx_http_auth_pam_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf:
load_module modules/ngx_http_cache_purge_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
load_module modules/ngx_http_dav_ext_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
load_module modules/ngx_http_echo_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-fancyindex.conf:
load_module modules/ngx_http_fancyindex_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-headers-more-filter.conf:
load_module modules/ngx_http_headers_more_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-lua.conf:
load_module modules/ngx_http_lua_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-passenger.conf:
load_module /usr/lib/nginx/modules/ngx_http_passenger_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-perl.conf:
load_module modules/ngx_http_perl_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
load_module modules/ngx_http_subs_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-uploadprogress.conf:
load_module modules/ngx_http_uploadprogress_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
load_module modules/ngx_http_upstream_fair_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-nchan.conf:
load_module modules/ngx_nchan_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/blockips.conf:
deny 185.213.20.172;
deny 104.129.18.6;
deny 185.224.91.73;
deny 176.126.83.15;
deny 69.49.102.227;
deny 60.191.38.77;
deny 209.17.96.66;
deny 80.82.77.139;
deny 184.105.247.194;
deny 184.105.247.195;
deny 104.131.133.207;
deny 80.82.77.33;
deny 151.239.67.109;
deny 77.246.234.70;
deny 213.85.3.11;
deny 45.227.253.36;
deny 185.82.216.97;
deny 185.222.211.54;
deny 82.118.242.240;
deny 97.177.247.162;
deny 118.138.101.236;
deny 213.183.146.74;
deny 5.188.211.15;
deny 85.93.20.58;
deny 203.172.211.4;
deny 77.161.231.173;
deny 35.175.132.238;
deny 45.227.255.149;

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

# configuration file /etc/nginx/conf.d/mod-http-passenger.conf:
### Begin automatically installed Phusion Passenger config snippet ###
passenger_ruby /home/deploy/.rbenv/shims/ruby; # If you use rbenv
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
# passenger_ruby /usr/bin/passenger_free_ruby;
### End automatically installed Phusion Passenger config snippet ###

# configuration file /etc/nginx/sites-enabled/default:
server {

        server_name testing.sportstours.net sportstours.net www.sportstours.net sportstours.me www.sportstours.me iwanttogoto.com www.iwanttogoto.com muse.iwanttogoto.com reflektor.tv www.reflektor.tv;
#        server_name api.sportstours.net www.sportstours.net www.sportstours.me sportstours.me sportstours.net testing.sportstours.net;
        passenger_enabled on;
        rails_env         production;
        root              /home/deploy/v4/current/public;

        error_page 404 /404.html;
          location  /404.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/reflektor.tv/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/reflektor.tv/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.reflektor.tv) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


       listen 80;

        server_name testing.sportstours.net sportstours.net www.sportstours.net sportstours.me www.sportstours.me iwanttogoto.com www.iwanttogoto.com muse.iwanttogoto.com reflektor.tv www.reflektor.tv;
    return 404; # managed by Certbot


}
# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

# configuration file /etc/nginx/sites-enabled/gdpr:
server {
        # Make site accessible from http://localhost/
        server_name gdpr.reflektor.tv gdpr.sportstours.net gdpr.sportstours.me gdpr.onereededizioni.eu gdpr.perfectcut.glass gdpr.ellci.net;
# gdpr.sipi.it  has dropped off the face of the earth ?
        passenger_enabled on;
        rails_env         development;
        root              /home/deploy/gdpr/current/public;

        # redirect server error pages to the static page /50x.html
        error_page 404 /404.html;
          location  /404.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/gdpr.onereededizioni.eu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/gdpr.onereededizioni.eu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = gdpr.sportstours.me) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = gdpr.sportstours.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = gdpr.reflektor.tv) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = gdpr.perfectcut.glass) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = gdpr.onereededizioni.eu) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = gdpr.ellci.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name gdpr.reflektor.tv gdpr.sportstours.net gdpr.sportstours.me gdpr.onereededizioni.eu gdpr.perfectcut.glass gdpr.ellci.net;
    listen 80;
    return 404; # managed by Certbot

}

# configuration file /etc/nginx/sites-enabled/hf:
server {
        server_name hf.iwanttogoto.com;

       passenger_enabled on;
       rails_env         development;
       root              /home/deploy/hf/current/public;

        error_page 404 /404.html;
          location  /404.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }

}

# configuration file /etc/nginx/sites-enabled/ialbum:
server {
        # Make site accessible from http://localhost/
        client_max_body_size 20M;
        server_name ialbum.iwanttogoto.com;
        passenger_enabled on;
        rails_env         development;
        root              /home/deploy/fur/current/public;
        # redirect server error pages to the static page /50x.html
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
          root html;
        }
        error_page 404 /404.html;
          location  /404.html {
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ialbum.iwanttogoto.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ialbum.iwanttogoto.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = ialbum.iwanttogoto.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name ialbum.iwanttogoto.com;
    listen 80;
    return 404; # managed by Certbot


}
# configuration file /etc/nginx/sites-enabled/marchesi:
server {
        # Make site accessible from http://localhost/
        server_name marchesi.reflektor.tv marchesi.iwanttogoto.com;
        passenger_enabled on;
        rails_env         development;
        root              /home/deploy/marchesi/current/public;

        # redirect server error pages to the static page /50x.html
        error_page 404 /404.html;
          location  /404.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/marchesi.iwanttogoto.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/marchesi.iwanttogoto.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
    if ($host = marchesi.iwanttogoto.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = marchesi.reflektor.tv) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name marchesi.reflektor.tv marchesi.iwanttogoto.com;
    listen 80;
    return 404; # managed by Certbot
}

# configuration file /etc/nginx/sites-enabled/mssaccounting:
server {
        # Make site accessible from http://localhost/
        server_name contabilita.sportstours.net;
        passenger_enabled on;
        rails_env         development;
        root              /home/deploy/mssaccounting/current/public;
        # redirect server error pages to the static page /50x.html
        error_page 404 /404.html;
          location  /404.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/contabilita.sportstours.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/contabilita.sportstours.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = contabilita.sportstours.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name contabilita.sportstours.net;
    listen 80;
    return 404; # managed by Certbot


}
# configuration file /etc/nginx/sites-enabled/mssimagelib:
server {
        # Make site accessible from http://localhost/
        server_name mss.outreachit.com;
        passenger_enabled on;
        rails_env         development;
        root              /home/deploy/mssimagelib/current/public;
        # redirect server error pages to the static page /50x.html
        error_page 404 /404.html;
          location  /404.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /(wp-content|solr|jsonws|mifs|wp-includes|login.asp)/ {
            return 404;
        }
        location ~ \.php$ {
            return 404;
        }
        location ~ \.aspx$ {
            return 404;
        }
        location ~ \.env$ {
            return 404;
        }
        location ~ \.production$ {
            return 404;
        }
        location ~ \.git$ {
            return 404;
        }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mss.outreachit.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mss.outreachit.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = mss.outreachit.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name mss.outreachit.com;
    listen 80;
    return 404; # managed by Certbot


}
# configuration file /etc/nginx/sites-enabled/serverip:
server {
      server_name 46.111.191.173 www.46.111.191.173;
      error_page 404 /404.html;
        location  /404.html {
        internal;
      }
      location ~ / {
          return 404;
      }

}

Jerome

Asked: 2018-11-16 02:06:52 +0800 CST

反向匹配 MX 条目的 DNS PTR 条目

1

对反向 DNS 适用于什么以及在何处设置感到困惑......虽然有关于如何做到这一点的答案，但我仍然无法确定需要完成什么以及为什么。

域在 Registrar A 处注册，其中包含 DNS 表。注册商 A 还通过其拥有的域提供邮件服务。两个 VPS 提供不同的 3 级域服务。

DNS 表中的 spf 记录指向 MX 服务的邮件服务器的域，而 MX 记录指向

mail.registeredDomain.com

v=spf1 a mx ptr include:mailServer.net ~all

MX 工具箱状态Reverse DNS does not match SMTP Banner

是基于服务 (mx) 还是域的反向 DNS 查找？我可以看到与 MX 记录不匹配，但邮件提供商已按照说明设置 PTR 记录。

SPF PTR记录应该如何设置？为什么？

nginx 配置被忽略

opendkim milter 未在正确的服务器套接字上启动

拒绝规则没有完全过滤

反向匹配 MX 条目的 DNS PTR 条目

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

Jerome's questions