Adam Birds's questions

我运行 Nginx 和 PHP-FPM。Nginx 在 www-data 下运行，PHP-FPM 作为每个网站的单独用户运行。我使用 Nginx FASTCGI 缓存并使用 WordPress 的 Nginx Helper 插件。不幸的是，由于用户不同，我们不能在插件中使用“Purge All”功能，因为 php 用户无权访问缓存。

由于安全原因，更改权限不是一种选择。

如果 URL 中存在以下参数，我想要做的是使用不同的 PHP-FPM 池。

nginx_helper_urls=all

我当前的 NGinx 配置如下：

    upstream examplebackend {
        server unix:/var/run/php-fcgi-example.sock;
}

upstream cachedeletebackend {
        server unix:/var/run/php-fcgi-cachedelete.sock;
}

server {
        listen 80 default;
        server_name www.example.com;
        return 301 https://www.example.com$request_uri;
}
server {
        listen 80;
        server_name example.com;
        return 301 https://www.example.com$request_uri;
}
server {
        listen 443 ssl;
        server_name example.com;
        return 301 https://www.example.com$request_uri;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

server {
    listen 443 ssl;
    ssl_protocols TLSv1.2 TLSv1.3;
    server_name www.example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    access_log   /home/examplecom/logs/example.com.access.log;
    error_log    /home/examplecom/logs/example.com.error.log;

    root /home/examplecom/public_html;
    index index.php;

    set $skip_cache 0;

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
        set $skip_cache 1;
    }   
    if ($query_string != "") {
        set $skip_cache 1;
    }   

    # Don't cache uris containing the following segments
    if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
        set $skip_cache 1;
    }   

    # Don't use the cache for logged in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $skip_cache 1;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }    

    location ~ \.php$ {
        try_files $uri =404; 
        include fastcgi_params;
    if ( $args ~ nginx_helper_urls=all ) { fastcgi_pass cachedeletebackend; }
        fastcgi_pass examplebackend;

        fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;

        fastcgi_cache WORDPRESS;
        fastcgi_cache_valid  60m;
    }

    location ~ /purge(/.*) {
        fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
    }   

    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log off; log_not_found off; expires max;
    }

    location = /robots.txt { access_log off; log_not_found off; }
    location ~ /\. { deny  all; access_log off; log_not_found off; }
}

不知道我哪里出错了，或者是否有可能。谢谢

我正在尝试使用 Nginx 提供 Autodiscover.xml 文件：

下面是我的配置：

上游 autodiscoverexamplecoukbackend {
        服务器 unix:/var/run/php-fcgi-autodiscoverexamplecouk.sock;
}

服务器 {
        听 80；
        听 443 ssl；

        ssl_certificate /etc/letsencrypt/live/autodiscover.example.co.uk/fullchain.pem；
        ssl_certificate_key /etc/letsencrypt/live/autodiscover.example.co.uk/privkey.pem；

        server_name autodiscover.example.co.uk；
        根 /var/www/vhosts/autodiscover.example.co.uk/htdocs；

        索引 index.html;

        错误日志/var/www/vhosts/autodiscover.example.co.uk/error.log；
        access_log /var/www/vhosts/autodiscover.example.co.uk/access.log 结合；

        #location ^~ /autodiscover/ {
                #index 自动发现.php；
                #rewrite ^/.*$ /autodiscover.php 最后；
        #}

        位置 ~* /autodiscover/ {
                最后重写 ^/autodiscover/autodiscover\.xml$ /autodiscover/autodiscover.php；
        }

        位置 = /robots.txt {
                允许全部;
                log_not_found 关闭；
                access_log 关闭；
        }

        位置 ~ \.php$ {
                try_files $uri =404;
                包括/etc/nginx/fastcgi_params；
                fastcgi_pass autodiscoverexamplecoukbackend；
                fastcgi_index index.php；
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors 开启；
        }
}

问题是它无法在使用大写 A 请求时提供 Autodiscover.xml 文件

如果有人可以提供帮助，那就太好了。

当请求 Autodiscover.xml 时，它应该将其重新发送到 autodiscover.php，它将返回 .autodisocver.xml。它这样做是为了可以服务于不同的域。

该文件位于 /autodiscover/autodiscover.php

Nginx 错误日志：

2017/01/25 21:34:12 [错误] 29385#29385: *93 open() "/var/www/vhosts/autodiscover.example.co.uk/htdocs/Autodiscover/Autodiscover.xml" 失败 (2:没有这样的文件或目录），客户端：13.67.59.89，服务器：autodiscover.example.co.uk，请求：“POST /Autodiscover/Autodiscover.xml HTTP/1.1”，主机：“autodiscover.example.co.uk”
2017/01/25 21:34:13 [错误] 29385#29385: *94 open() "/var/www/vhosts/autodiscover.example.co.uk/htdocs/Autodiscover/Autodiscover.xml" 失败 (2:没有这样的文件或目录），客户端：13.67.59.89，服务器：autodiscover.example.co.uk，请求：“POST /Autodiscover/Autodiscover.xml HTTP/1.1”，主机：“autodiscover.example.co.uk”
2017/01/25 21:45:05 [错误] 29385#29385: *108 stat() "/var/www/vhosts/autodiscover.example.co.uk/htdocs/Autodiscover/Autodiscover.xml" 失败 (2:没有这样的文件或目录），客户端：13.67.59.89，服务器：autodiscover.example.co.uk，请求：“POST /Autodiscover/Autodiscover.xml HTTP/1.1”，主机：“autodiscover.example.co.uk”
2017/01/25 21:45:05 [错误] 29385#29385: *109 open() "/var/www/vhosts/autodiscover.example.co.uk/htdocs/Autodiscover/Autodiscover.xml" 失败 (2:没有这样的文件或目录），客户端：13.67.59.89，服务器：autodiscover.example.co.uk，请求：“POST /Autodiscover/Autodiscover.xml HTTP/1.1”，主机：“autodiscover.example.co.uk”
2017/01/25 21:56:15 [错误] 29485#29485: *121 open() "/var/www/vhosts/autodiscover.example.co.uk/htdocs/Autodiscover/Autodiscover.xml" 失败 (2:没有这样的文件或目录），客户端：13.67.59.89，服务器：autodiscover.example.co.uk，请求：“POST /Autodiscover/Autodiscover.xml HTTP/1.1”，主机：“autodiscover.example.co.uk”
2017/01/25 21:56:16 [错误] 29485#29485: *122 open() "/var/www/vhosts/autodiscover.example.co.uk/htdocs/Autodiscover/Autodiscover.xml" 失败 (2:没有这样的文件或目录），客户端：13.67.59.89，服务器：autodiscover.example.co.uk，请求：“POST /Autodiscover/Autodiscover.xml HTTP/1.1”，主机：“autodiscover.example.co.uk”

我在 CentOS 7 中使用 Postifx/Dovecot/MariaDB 设置了一个邮件服务器。它以某种方式配置为开放中继。你知道如何阻止这种情况吗？配置文件如下：

大师.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin -v
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
#virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

postconf -n

    alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 26214400
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (CentOS)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = reject, reject_unauth_destination
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mariadb-valias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mariadb-vdomains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mariadb-vusers.cf
virtual_transport = dovecot

邮件版本 = 2.10.1

请问有人可以建议吗？

谢谢

想知道是否有人知道如何使用 GNOME 和 centos 6 在 xrdp 上启用 root 登录？

以下是我对 /etc/xrdp/xrdp.ini 的配置

[globals]
bitmap_cache=yes
bitmap_compression=yes
port=3389
crypt_level=high
channel_code=1
max_bpp=24
#black=000000
#grey=d6d3ce
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72

[xrdp1]
name=sesman-Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1

以下是我对 /etc/xrdp/sesman.ini 的配置：

[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=1
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh

[Security]
AllowRootLogin=1
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins

[Sessions]
X11DisplayOffset=10
MaxSessions=10
KillDisconnected=0
IdleTimeLimit=0
DisconnectedTimeLimit=0

[Logging]
LogFile=/var/log/xrdp-sesman.log
LogLevel=DEBUG
EnableSyslog=0
SyslogLevel=DEBUG

[X11rdp]
param1=-bs
param2=-nolisten
param3=tcp

[Xvnc]
param1=-bs
param2=-nolisten
param3=tcp
param4=-localhost
param5=-dpi
param6=96

与普通用户一起工作，但无论是 root 还是我授予 root 权限的用户都不会登录。

在有人说我不应该以 root 身份登录之前，这是一个测试环境，我需要能够这样做。

干杯

亚当