在我的服务器中，数据库占用了太多空间：

Filesystem       Size  Used Avail Use% Mounted on
/dev/root         58G   58G  461M 100% /
tmpfs            966M     0  966M   0% /dev/shm
tmpfs            387M  856K  386M   1% /run
tmpfs            5.0M     0  5.0M   0% /run/lock
/dev/nvme0n1p15  105M  6.1M   99M   6% /boot/efi
tmpfs            194M  4.0K  194M   1% /run/user/1000

回答，当我调查它时，我看到那个/vae/lib/mysql占据了空间：

ncdu 1.15.1 ~ Use the arrow keys to navigate, press ? for help                                                                                                                                                                                
--- /var/lib 
   50.6 GiB [##########] /mysql                                                                                                                                                                                                               
  801.2 MiB [          ] /snapd
  138.4 MiB [          ] /apt
   90.1 MiB [          ] /mecab
   39.4 MiB [          ] /dpkg
    3.8 MiB [          ] /ubuntu-advantage

我试图调查什么东西占用了太多空间。所有数据库都为 WordPress 站点提供服务，因此我无法过多修改架构。

但我检查了数据库大小：

SELECT table_schema AS "Database", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema;
+--------------------+--------------+
| Database           | Size (MB)    |
+--------------------+--------------+
| blog1              | 166.00000000 |
| information_schema |   0.00000000 |
| mysql              |   2.76562500 |
| performance_schema |   0.00000000 |
| blog2              |  31.79687500 |
| sys                |   0.01562500 |
+--------------------+--------------+
6 rows in set (0.35 sec)

它们都是相对较小的数据库。因此，天哪，/var/lib/mysql 为何占用太多空间？

该设置只是一个带有 mysql 的 LEMP 堆栈，没有复制。

编辑1

我查看了一下/var/lib/mysql，看到很多binlog的记录：

sudo du -sk /var/lib/mysql
53151572    /var/lib/mysql

$ sudo ls -l /var/lib/mysql | wc -l
623
# I susspect 653 lines would be too much if pasted here

$ sudo ls -l /var/lib/mysql | grep binlog | head
-rw-r----- 1 mysql mysql  43170892 Jun  4 00:00 binlog.000233
-rw-r----- 1 mysql mysql  35975939 Jun  5 00:00 binlog.000234
-rw-r----- 1 mysql mysql  36153241 Jun  6 00:00 binlog.000235
-rw-r----- 1 mysql mysql  37148526 Jun  7 00:00 binlog.000236
-rw-r----- 1 mysql mysql  34947871 Jun  8 00:00 binlog.000237
-rw-r----- 1 mysql mysql  34058129 Jun  9 00:00 binlog.000238
-rw-r----- 1 mysql mysql  36786212 Jun 10 00:00 binlog.000239
-rw-r----- 1 mysql mysql  34790230 Jun 11 00:00 binlog.000240
-rw-r----- 1 mysql mysql  37634381 Jun 12 00:00 binlog.000241
-rw-r----- 1 mysql mysql  35801131 Jun 13 00:00 binlog.000242

$ sudo ls -l /var/lib/mysql | grep binlog | wc -l
545

# 545 lines are binlog files therefore I have binlogs

我已经找到了一种缓解这种情况的方法：

$ cat /etc/mysql/mysql.conf.d/rj.cnf
# Added by Rick James
[mysqld]
log_bin =                          # turn off
binlog_expire_logs_seconds = 86400  # 1 day
max_binlog_size = 1         # 100M

我做了：

mysql> SHOW BINARY LOGS;
PURGE BINARY LOGS BEFORE '2023-07-30 00:00:00';
Query OK, 0 rows affected, 1 warning (0.01 sec)

但文件仍然不断填满，如果我或者以某种方式可以告诉 binlog 存储它 /dev/null/var/lib/mysql会安全吗？rm -rf

我尝试在亚马逊 AWS 中实现这个网络：

因此，我在亚马逊 VPC 中有以下子网：

子网subnet-0ac620105fc198e33使用具有弹性 IP 的 NAT 网关，该 IP 具有以下路由表：

这nat-0de30b43c561c4161是我的 nat 网关。

其他子网 2 使用默认路由表：

并且所有子网都具有以下 ACL

上面显示的相同规则适用于入站和出站流量。

我也有 2 个 EC-2 实例：

1. 它位于使用 NAT 网关的子网中用于 ssh 访问的公共子网中
2. 一个在使用 nat 网关的子网中

在访问第二个 EC-2 实例后，我运行以下命令：

ping 8.8.8.8
curl http://google.com

但无法连接到谷歌。为什么我无法连接？

由于 Dockerhub 的速率限制，我从 dockerHub 迁移到 AmazonECR。我设法将新图像推送到 docker ECR，但我想将现有标签从 dockerhub 迁移到 Amazon ECR。

你知道我该怎么做吗？

我的文件服务器上有以下设置：

• 英特尔 RST RAID-1 中的 2 个硬盘，包含 Windows OS+DATA

我想迁移到以下配置：

• 1 个包含 CentOS 8 的 SSD
• 2 HDDS 仅包含 RAID-1 配置中的数据

RAID-1 将使用 Linux Kernel mdam 而不是 intel RST。但是因为收到第二个硬盘需要一些时间，所以到目前为止，我将像这样设置我的文件服务器：

• 1 个包含 CentO 的 SSD
• 1 个包含数据的 HDD

因此，一旦我备份了我的数据，我将格式化剩余的 HDD，然后使用 live USB 恢复其上的数据，然后我将在 SSD 上安装我的操作系统。但是因为数据恢复需要一些时间，所以我想避免在收到第二个 HDD 后进行数据恢复。

那么我是否可以在我的 Linux 服务器上设置 RAID-1madm而不会丢失任何数据，或者我需要重新存储数据？

我正在具有现有数据的文件服务器上安装 ubuntu。服务器在 RAID-1 配置中使用 Intel RTST 有 2X4TB 磁盘。并且因为一个失败（RAID-1 降级）我拆解了 RAID-1 配置（使用 Intel RTST）。

此外，我的新安装程序使用 SSD 来安装 ubuntu 操作系统，然后使用 RAID-1 配置中的硬盘进行数据存储。拿到磁盘后，我将使用 Intel RTST 重新设置 RAID-1 阵列。但在那之前，我需要使用单个磁盘进行临时设置。

因此，一旦我拿到我的磁盘，我可以使用英特尔 RTST 控制器来重新创建 RAID-1 而不会丢失任何数据吗？我需要格式化之前在 RAID-1 配置中的磁盘，以便可以在其中存储数据。

我在 ubuntu 18.04LTS 上设置了一个虚拟机中的 ppp 服务器，用于测试 puproces，具有以下设置：

• /etc/ppp/pap-secrets：

#
# /etc/ppp/pap-secrets
#
# This is a pap-secrets file to be used with the AUTO_PPP function of
# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
# after a user has passed this file. Don't be disturbed therefore by the fact
# that this file defines logins with any password for users. /etc/passwd
# (again, /etc/shadow, too) will catch passwd mismatches.
#
# This file should block ALL users that should not be able to do AUTO_PPP.
# AUTO_PPP bypasses the usual login program so it's necessary to list all
# system userids with regular passwords here.
#
# ATTENTION: The definitions here can allow users to login without a
# password if you don't use the login option of pppd! The mgetty Debian
# package already provides this option; make sure you don't change that.

# INBOUND connections

# Every regular user can use PPP and has to use passwords from /etc/passwd
*   hostname    ""  *

# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest   hostname    "*" -
master  hostname    "*" -
root    hostname    "*" -
support hostname    "*" -
stats   hostname    "*" -

# OUTBOUND connections

# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following line.

#   *   password
"user1" *   "user1" *

• 并/etc/ppp/pppoe-server-options具有以下设置：

# PPP options for the PPPoE server
# LIC: GPL
auth
debug
#plugin /etc/ppp/plugins/rp-pppoe.so
require-pap
login
mtu 500
mru 500
ktune
proxyarp
lcp-echo-interval 10
lcp-echo-failure 2
nobsdcomp
noccp
novj
noipx 

然后我通过以下方式启动 pppoe 服务器：

sudo pppoe-server -C dummyppoe -I enp0s8 -L 10.0.0.1 -l -R 10.0.0.2 -N 265 -O /etc/ppp/pppoe-server-options

此外，我在 virtualbox vm 中有一个 Ubuntu 18.04LTS 客户端，我通过以下命令创建了一个新的 ppp 连接：

nmcli con edit type pppoe con-name "Dummy PPP"

然后在提示的命令界面中输入以下命令：

set pppoe.username user1
set pppoe.password user1
save
quit

并通过命令提示连接：

sudo nmcli device connect enp0s3

但在我的服务器上，/var/log/syslog我收到以下错误：

May 31 11:53:27 ppp-server pppoe-server[3059]: Session 18 created for client 08:00:27:d0:71:55 (10.0.0.19) on enp0s8 using Service-Name ''
May 31 11:53:27 ppp-server pppd[3059]: pppd 2.4.7 started by user, uid 0
May 31 11:53:27 ppp-server pppd[3059]: using channel 60
May 31 11:53:27 ppp-server pppd[3059]: Using interface ppp0
May 31 11:53:27 ppp-server pppd[3059]: Connect: ppp0 <--> /dev/pts/2
May 31 11:53:27 ppp-server systemd-udevd[3061]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
May 31 11:53:27 ppp-server pppd[3059]: rcvd [LCP ConfReq id=0x1 <mru 1492> <magic 0x8877ed71>]
May 31 11:53:27 ppp-server pppd[3059]: sent [LCP ConfReq id=0x1 <mru 1492> <auth pap> <magic 0xf28cfd90>]
May 31 11:53:27 ppp-server pppd[3059]: sent [LCP ConfAck id=0x1 <mru 1492> <magic 0x8877ed71>]
May 31 11:53:27 ppp-server pppd[3059]: rcvd [LCP ConfAck id=0x1 <mru 1492> <auth pap> <magic 0xf28cfd90>]
May 31 11:53:27 ppp-server pppd[3059]: sent [LCP EchoReq id=0x0 magic=0xf28cfd90]
May 31 11:53:27 ppp-server systemd-timesyncd[603]: Network configuration changed, trying to establish connection.
May 31 11:53:27 ppp-server networkd-dispatcher[1011]: WARNING:Unknown index 63 seen, reloading interface list
May 31 11:53:27 ppp-server pppd[3059]: rcvd [PAP AuthReq id=0x1 user="user1" password=<hidden>]
May 31 11:53:27 ppp-server pppd[3059]: Initializing PAM (3) for user user1
May 31 11:53:27 ppp-server pppd[3059]: ---> PAM INIT Result = 0
May 31 11:53:27 ppp-server pppd[3059]: Attempting PAM authentication
May 31 11:53:27 ppp-server systemd-timesyncd[603]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).
May 31 11:53:28 ppp-server pppd[3059]: PAM Authentication failed: 7: Authentication failure
May 31 11:53:28 ppp-server pppd[3059]: PAP peer authentication failed for user1
May 31 11:53:28 ppp-server pppd[3059]: Connection terminated.
May 31 11:53:28 ppp-server pppoe[3063]: read (asyncReadFromPPP): Session 18: Input/output error
May 31 11:53:28 ppp-server systemd-timesyncd[603]: Network configuration changed, trying to establish connection.
May 31 11:53:28 ppp-server pppd[3059]: Exit.
May 31 11:53:28 ppp-server pppoe-server[2786]: Session 18 closed for client 08:00:27:d0:71:55 (10.0.0.19) on enp0s8
May 31 11:53:28 ppp-server pppoe-server[2786]: Sent PADT
May 31 11:53:28 ppp-server pppoe-server[2786]: PADT for session 18 received from 08:00:27:D0:71:55; should be from 00:00:00:00:00:00
May 31 11:53:28 ppp-server systemd-timesyncd[603]: Synchronized to time server 91.189.89.198:123 (ntp.ubuntu.com).

此外，在客户端通过wireshark捕获的身份验证过程的数据包显示我输入了正确的密码（我知道显示密码不好，但这是一个实验设置，而不是没有任何公共访问权限的生产设置）：

287 296.597405  PcsCompu_d0:71:55   PcsCompu_7b:9e:7b   PPP PAP 60  Authenticate-Request (Peer-ID='user1', Password='user1')

我做错了什么？

我正在使用 Ubuntu Server 18.04.2LTS，我想尝试将其作为 ppp 服务器，以便通过wireshark 更好地研究协议。

这个想法是使用virtualbox并使用虚拟机，如下图所示：

每个虚拟机都使用“内部网络”配置通过其虚拟网卡连接到虚拟机。换句话说，我正在运行以下虚拟机：

$ VBoxManage list runningvms
"Ubuntu PPP Configuration" {55314243-8b75-4a46-a8fa-9e371a63bd7f} <<<< ppp server
"ubuntuVM pppclient" {bf57df72-5ae8-406b-b364-4eec324e7cac} <<< pppclient

每个都有以下网卡：

• PPP服务器

 VBoxManage showvminfo 55314243-8b75-4a46-a8fa-9e371a63bd7f | grep NIC
NIC 1:           MAC: 080027DACEE9, Attachment: NAT, Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 1 Settings:  MTU: 0, Socket (send: 64, receive: 64), TCP Window (send:64, receive: 64)
NIC 1 Rule(0):   name = Rule 1, protocol = tcp, host ip = , host port = 2022, guest ip = , guest port = 22
NIC 2:           MAC: 0800277B9E7B, Attachment: Internal Network 'intnet', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none

• PPP客户端

VBoxManage showvminfo bf57df72-5ae8-406b-b364-4eec324e7cac | grep NIC
NIC 1:           MAC: 080027D07155, Attachment: Internal Network 'intnet', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 2:           disabled

在运行Ubuntu 18.04LTS的默认桌面变体的PPPoE客户端机器上，我已经安装了“pppoeconf”包，我尝试使用该chap方法通过ppp服务器进行连接（只是为了研究通过wireshark到主机的网络连接）但我有这2个问题：

因此，我想知道通过PPPoE连接的接口是否应该先有IP。如果没有，我如何强制pppoeconf使用默认接口并连接到我设置的 ppp 服务器？

作为记录，我的 ppp服务器运行并且已经按照route -n命令显示：

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    100    0        0 enp0s3
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 enp0s8
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 enp0s3
10.0.2.2        0.0.0.0         255.255.255.255 UH    100    0        0 enp0s3

ppp 服务器是使用此源代码在 ubuntu 18.04LTS 服务器上手动编译的。在它上面，我/etc/ppp/pppoe-server-options为 pap 身份验证设置了以下设置（只是为了看看它是如何工作的）：

# PPP options for the PPPoE server
# LIC: GPL
debug
plugin /etc/ppp/plugins/rp-pppoe.so
require-pap
login
mtu 500
mru 500
ktune
proxyarp
lcp-echo-interval 10
lcp-echo-failure 2
nobsdcomp
noccp
novj
noipx 

编辑 1

对于我的 ppp 客户端，我删除了任何/etc/ppp/hosts/*文件，然后我将其用作此答案以对其进行配置。仍然无法连接。你知道我怎么调试它吗？

此外，在当前连接中，我还设置了唯一将使用 pppoe 和父级的以太网接口。

此外，我到客户端的网络接口是通过（sudo nmcli show命令）：

GENERAL.DEVICE:                         enp0s3
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         08:00:27:D0:71:55
GENERAL.MTU:                            1500
GENERAL.STATE:                          30 (disconnected)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
WIRED-PROPERTIES.CARRIER:               on

GENERAL.DEVICE:                         lo
GENERAL.TYPE:                           loopback
GENERAL.HWADDR:                         00:00:00:00:00:00
GENERAL.MTU:                            65536
GENERAL.STATE:                          10 (unmanaged)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
IP4.ADDRESS[1]:                         127.0.0.1/8
IP4.GATEWAY:                            --
IP6.ADDRESS[1]:                         ::1/128
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = ::1/128, nh = ::, mt = 256

我尝试使用此解决方案让 moode 在 ssl 反向代理后面运行，但出现以下错误：

启用反向代理，服务器无法直接访问，抱歉。请联系服务器管理员。

在moodle的配置中，我启用了以下设置：

$CFG->reverseproxy = true;
$CFG->sslproxy = true;

从而产生了这种配置。

对于反向代理，我使用具有以下设置的 nginx：

events {
  worker_connections  768;
}

http {
  include  /etc/nginx/mime.types;
  default_type  application/octet-stream;

  charset  utf-8;

  gzip  on;
  gzip_disable  "msie6";
  client_max_body_size 10000M;

  # Mysql apache-based variant
  server {
    listen  6440 ssl;
    server_name  0.0.0.0;

    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
              proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
          proxy_pass_request_headers      on;
          # In case or running another port please replace the value bellow.
            proxy_pass http://^ip^;
      }
  }
}

^ip^我反向代理请求的 ip在哪里。同样对于我在我的情况下使用的设置 url，我在 docker 容器中运行整个设置，以下https://0.0.0.0:6440不是服务 ip 。

docker-compose 也如下：

version: '2'
services:
  nginx_reverse:
    image: nginx:alpine
    ports:
      - "6440:6440"
    links:
      - 'moodle_mysql_reverse'
    restart: always
    volumes:
      - './conf/nginx/nginx_ssl_reverse.conf:/etc/nginx/nginx.conf:ro'
      - './conf/certs:/etc/nginx/certs:ro'

  moodle_mysql_db_reverse:
    image: mysql
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
      MYSQL_ONETIME_PASSWORD: "yes"
      MYSQL_DATABASE: "${MOODLE_DB_NAME}"
      MYSQL_USER: '${MOODLE_MYSQL_USER}'
      MYSQL_PASSWORD: '${MOODLE_MYSQL_PASSWORD}'

  moodle_mysql_reverse:
    image: ellakcy/moodle:mysql_maria_apache
    links:
      - "moodle_mysql_db_reverse:moodle_db"
    environment:
      MOODLE_DB_HOST: "moodle_db"
      MOODLE_DB_NAME: "${MOODLE_DB_NAME}"
      MOODLE_DB_USER: '${MOODLE_MYSQL_USER}'
      MOODLE_DB_PASSWORD: "${MOODLE_MYSQL_PASSWORD}"
      MOODLE_ADMIN: "${MOODLE_ADMIN}"
      MOODLE_ADMIN_PASSWORD: "${MOODLE_ADMIN_PASSWORD}"
      MOODLE_URL: "https://0.0.0.0:6440"
      MOODLE_REVERSE_LB: "true"
      MOODLE_SSL: "true"

您知道我为什么会收到错误以及如何解决吗？

我已经使用 certbot 的 --standalone 选项创建了一些证书，但我想更新它们，所以我运行（测试是否会更新）：

sudo certbot renew --dry-run

但是对于某些域，我得到了错误

Attempting to renew cert from /etc/letsencrypt/renewal/example.org.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for example.org:
Choices: ['Enter a new webroot', '/var/www/ellakcy/']

(You can set this with the --webroot-path flag). Skipping.

因此，我希望在运行时sudo certbot renew能够自动更新我的证书，而无需提供 webroot 路径。

我怎么能这样做？

我尝试通过 haproxy 将所有传入的电子邮件流量反向代理到 我的 debian 服务器中的mailcow-dockerized解决方案：

配置haproxy.cfg是：

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http


frontnend smtp
   bind *:25
   default_backend smtp_public

frontend submission
  bind *:587
  default_backend smtp_submission

frontend smtp_ssl
   bind *:449
   default_backend smtp_ssl

frontend pop3
  bind *:995
  default_backend pop3_

frontend imap
  bind *:993
  default_backend imap

backend smtp_public 
   mode tcp
   option tcplog
   server docker 127.0.0.1:2525 check

backend smtp_ssl
   mode tcp
   option tcplog
   server docker 127.0.0.1:2465

backend smtp_submission
   mode tcp
   option tcplog
   server docker 127.0.0.1:2587

backend pop3_
   mode tcp
   option tcplog
   server docker 127.0.0.1:2995

backend imap
   mode tcp
   option tcplog
   server docker 127.0.0.1:2993

运行的图像是：

ec79939443d4        mailcow/acme:1.3        "/srv/docker-entry..."   46 hours ago        Up 46 hours                                                           
29c295d44767        mailcow/rspamd:1.1      "/docker-entrypoin..."   46 hours ago        Up 46 hours                                                           
2d09fd009c39        nginx:mainline-alpine   "/bin/sh -c 'envsu..."   46 hours ago        Up 46 hours (healthy)   80/tcp, 0.0.0.0:8080->8080/tcp                
a00d9477c464        mailcow/fail2ban:1.0    "python2 -u /logwa..."   46 hours ago        Up 46 hours                                                           
6fdf54789459        mailcow/phpfpm:1.0      "/docker-entrypoin..."   46 hours ago        Up 46 hours             9000/tcp                                      
091d621123aa        mailcow/sogo:1.0        "/bin/sh -c 'exec ..."   46 hours ago        Up 46 hours                                                           
1028c60923a0        redis:alpine            "docker-entrypoint..."   46 hours ago        Up 46 hours             6379/tcp                                      
827c20cee898        mailcow/dovecot:1.0     "/docker-entrypoin..."   46 hours ago        Up 46 hours             24/tcp, 10001/tcp, 0.0.0.0:2110->110/tcp, 0.0.
76a977a8064e        mailcow/postfix:1.0     "/bin/sh -c 'exec ..."   46 hours ago        Up 46 hours             588/tcp, 0.0.0.0:2525->25/tcp, 0.0.0.0:2465->4
2299076f475f        memcached:alpine        "docker-entrypoint..."   46 hours ago        Up 46 hours             11211/tcp                                     
03b56dcc1563        mailcow/unbound:1.0     "/docker-entrypoin..."   46 hours ago        Up 46 hours (healthy)   53/tcp, 53/udp                                
21f5a3673f3f        mariadb:10.1            "docker-entrypoint..."   46 hours ago        Up 46 hours (healthy)   3306/tcp                                      
e2af96428a94        robbertkl/ipv6nat       "/docker-ipv6nat -..."   46 hours ago        Up 46 hours                                                           
97fcf9ad82ad        mailcow/clamd:1.0       "/bootstrap.sh"          46 hours ago        Up 46 hours             3310/tcp 

但我收到以下错误：

Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : Unable to use proxy 'imap' with wrong mode, required: http, has: tcp.
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : You may want to use 'mode http'.
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : Proxy 'imap': unable to find required default_backend: 'imap'.
Ιούλ 04 17:28:51 DockerMailserver haproxy[58310]: [ALERT] 184/172851 (58310) : Fatal errors found in configuration.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: haproxy.service holdoff time over, scheduling restart.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Stopping HAProxy Load Balancer...
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Starting HAProxy Load Balancer...
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: haproxy.service start request repeated too quickly, refusing to start.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Failed to start HAProxy Load Balancer.
Ιούλ 04 17:28:51 DockerMailserver systemd[1]: Unit haproxy.service entered failed state.

各位大侠知道如何解决这个错误吗？

在我的服务器上，我在 debian 服务器上运行mailcow:dockerized解决方案，我不仅想将 nginx 用作 http 反向代理，而且还用作 SMTP imap 和 pop3，如https://www.nginx.com中所示/资源/管理指南/邮件代理/

但是我在链接中阅读得越多，就越难弄清楚如何做到这一点。在 http 中很明显这是如何完成的：

 server {
   listen 80;
   server_name mail.example.tk;

   location /.well-known {
        proxy_pass http://127.0.0.1:8080/.well-known ;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 100m;

   }

   location / {
        rewrite ^(.*) https://$server_name$1 permanent;
   }

}

server {
 listen 443 ssl;
 server_name mail.example.tk;

 ssl_certificate     /opt/docker-mailcow/data/assets/ssl/cert.pem;
 ssl_certificate_key /opt/docker-mailcow/data/assets/ssl/key.pem;
 ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers         HIGH:!aNULL:!MD5;


 location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 100m;
 }

}

但是使用 smtp、pop3 和 imap 将如何完成呢？请记住，docker 镜像与 nginx 在同一台服务器上运行，它们是：

827c20cee898        mailcow/dovecot:1.0     "/docker-entrypoin..."   50 minutes ago      Up 50 minutes             24/tcp, 10001/tcp, 0.0.0.0:2110->110/tcp, 0.
76a977a8064e        mailcow/postfix:1.0     "/bin/sh -c 'exec ..."   50 minutes ago      Up 50 minutes             588/tcp, 0.0.0.0:2525->25/tcp, 0.0.0.0:2465-

有任何想法吗？

在我的服务器上，我试图在 postgresql 9.5 安装上使用用户映射对一些用户进行对等身份验证。我正在尝试做的是映射用户 mailreader，如您所见：

postgres=# \du
                              List of roles
 Role name  |                   Attributes                   | Member of 
------------+------------------------------------------------+-----------
 mailreader |                                                | {}
 postgres   | Superuser, Create role, Create DB, Replication | {}

进入系统的用户root，dovecot，postfix。因此，我编辑了我的pg_ident.cong并放置了以下内容：

mailmap         dovecot                 mailreader
mailmap         postfix                 mailreader
mailmap         root                    mailreader

我还编辑了pg_hba.conf并附加了以下内容：

local    mail        all                     peer map=mailmap

当我尝试通过sudo psql -U mailreader -d mail命令连接时，我得到：

psql：致命：用户“mailreader”的对等身份验证失败

错误。

我还尝试了以下配置：

local    mail            all                                     ident map=mailmap

没有任何进展。

我可以帮忙吗？

编辑 1

生成的有关错误的日志是：

2017-06-27 19:10:10 UTC [1188-1] mailreader@mail LOG:  provided user name (mailreader) and authenticated user name (root) do not match
2017-06-27 19:10:10 UTC [1188-2] mailreader@mail FATAL:  Peer authentication failed for user "mailreader"
2017-06-27 19:10:10 UTC [1188-3] mailreader@mail DETAIL:  Connection matched pg_hba.conf line 90: "local   all             all  

在我工作的 Intranet 上，我们有不公开的内部应用程序，例如：app1.example.com、app2.example.com，而 example.com 是面向公众的网站。app1.example.com 和 app2.example.com 都解析为内网的 ip。

据我搜索，我发现这可以通过将本地 DNS 服务器连接到我们的 Intranet 来实现。

因此，我想通过使用 Virtualbox VM 来复制它，所以使用了 3 个 Ubuntu 风格的 Vm 的一个 Xubuntu、一个 Lubuntu 和一个 Ubuntu Budgie Edition 剩余的来自以前的“实验”。他们都有 2 个网络适配器：

• 一种设置为 NAT 和
• 另一个作为“内部网络”，静态具有来自192.0.0.0/24网络的 ips。

在 Xubuntu 上，我安装了 bind9 和一个网络服务器，并尝试通过输入 Xubuntu 和 Budgie Edition Vms 的浏览器 app1.intranet.example.com 和 app2.intranet.example.com 来模拟，以服务于 2 个不同的站点。这些站点在网络之外（这 3 个 Vms 的）将不可用，甚至无法解析这 2 个站点的 DNS 条目。

至于现在在运行绑定的虚拟机上（The Xubuntu One）有这些设置：

options {
        directory "/var/cache/bind";


        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

         forwarders {
                208.67.222.222;
                208.67.220.220;
         };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

acl "intranet" { 192.0.0.1/24; };
view "intranetView" {
        match-clients { "intranet"; };
        recursion yes;
        zone "intranet.example.com" {
                type master;
                file "/etc/bind/db.intranet"
        }
}

view "outside" {
        match-clients { any; }
        recursion no;
}

另外，/etc/bind/db.intranet我有以下条目：

;
; BIND data file for local loopback interface
;
$TTL    604800
@   IN  SOA intranet.example.com. root.example.com. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@   IN  NS  192.0.0.2
@   IN  A   192.0.0.2
app1    IN  A   192.0.0.2
app2    IN  A   192.0.0.2

但是由于某种原因，当我尝试重新启动绑定时它失败了。你能帮我找出问题所在吗？

在 docker 映像的入口点 shell 脚本上，我想确定 postgresql 容器是否可以侦听连接。对于 mysql，我使用了以下代码段：

while ! mysqladmin ping -h"$MOODLE_DB_HOST" -P $MOODLE_DB_PORT --silent; do
  echo "Connecting to ${MOODLE_DB_HOST} Failed"
  sleep 1
done

如何使用 postgresql 实现类似的功能？

在服务器上，我同时运行docker映像和 postfix smtp 服务器。smtp 服务器可通过 localhost 访问，并且未安装在任何类型的容器中。

问题是我可以在任何容器外使用 sendemail 通过终端发送电子邮件，但我不能通过在任何容器内运行 sendemail 的终端发送电子邮件。

后缀配置如下：

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/ellak.org/fullchain.pem
smtpd_tls_key_file= /etc/letsencrypt/live/ellak.org/privkey.pem

smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = guest8.ellak.gr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.ellak.org, guest8.ellak.gr, localhost.ellak.gr, localhost

#Virtual alias domains
virtual_alias_domains = ellak.org

# RELAY Options
relayhost = [mail1.ellak.gr]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
smtp_tls_note_starttls_offer = yes


#Network Access Options

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = *

在我运行的容器内：

sendemail -s 172.17.0.1:25 -f [email protected] -t [email protected] -u 你好 -m 你好

并输出以下错误：

Nov 27 19:51:14 7e56b4e22e09 sendemail[1988]: WARNING => The recipient <[email protected]> was rejected by the mail server, error follows:
Nov 27 19:51:14 7e56b4e22e09 sendemail[1988]: WARNING => Received:  454 4.7.1 <[email protected]>: Relay access denied
Nov 27 19:51:14 7e56b4e22e09 sendemail[1988]: ERROR => Exiting. No recipients were accepted for delivery by the mail server.

在我得到的后缀日志上是：

Nov 27 21:42:54 guest8 postfix/smtpd[14979]: NOQUEUE: reject: RCPT from unknown[172.18.0.5]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<7e56b4e22e09>
Nov 27 21:42:54 guest8 postfix/smtpd[14979]: lost connection after RCPT from unknown[172.18.0.5]
Nov 27 21:42:54 guest8 postfix/smtpd[14979]: disconnect from unknown[172.18.0.5]
Nov 27 21:46:14 guest8 postfix/anvil[14982]: statistics: max connection rate 2/60s for (smtp:172.18.0.5) at Nov 27 21:42:54
Nov 27 21:46:14 guest8 postfix/anvil[14982]: statistics: max connection count 1 for (smtp:172.18.0.5) at Nov 27 21:42:41
Nov 27 21:46:14 guest8 postfix/anvil[14982]: statistics: max cache size 1 at Nov 27 21:42:41

您对我将如何在 docker 容器中发送电子邮件有任何想法吗？