Index's questions

我正在配置 Subversion 并希望它在启动时启动。使用以下命令系列：

sudo mkdir /var/svn
sudo useradd -r -s /bin/false svn
sudo mkdir /etc/svn
sudo cp /home/zipo/svnserve /etc/svn/svnserve
sudo chown root:root /etc/svn/svnserve
set execute to owner/group/other
sudo nano /lib/systemd/system/svn.service
sudo systemctl daemon-reload
sudo systemctl enable svn
sudo systemctl start svn

当我在 syslog 中键入手动命令以启动服务sudo systemctl start svn时，会出现以下日志条目：

    Oct 29 10:13:27 testserver systemd[1]: Started SVN server.
    Oct 29 10:13:27 testserver svnserve[3128]:  * Starting svnserve...
    Oct 29 10:13:27 testserver svnserve[3128]:    ...done.

但服务不起作用。我在正确的端口 9999 上检查它，如配置中所述。如果我使用以下命令手动运行它，它会启动并正常工作：sudo -H -u svn bash -c '/etc/svn/svnserve start'

我错过了什么？

svn.service 文件内容：

    [Unit]
    Description=SVN server
    After=network.target

    [Service]
    User=svn
    Group=svn
    Type=simple
    ExecStart=/etc/svn/svnserve start
    GuessMainPID=no

    [Install]
    WantedBy=multi-user.target

svnserve 文件内容：

    #! /bin/sh -e
    #
    # svnserve - brings up the svn server so anonymous users
    # can access svn
    #

    # Get LSB functions
    . /lib/lsb/init-functions
    . /etc/default/rcS

    SVNSERVE=/usr/bin/svnserve
    SVN_USER=svn
    SVN_GROUP=svn
    SVN_REPO_PATH=/var/svn/

    # Check that the package is still installed
    [ -x $SVNSERVE ] || exit 0;

    case "$1" in
            start)
                    log_begin_msg "Starting svnserve..."
                    umask 002
                    if start-stop-daemon --start \
                    --chuid $SVN_USER:$SVN_GROUP \
                    --exec $SVNSERVE \
                    -- -d --listen-port=9999 -r $SVN_REPO_PATH; then
                            log_end_msg 0
                    else
                            log_end_msg $?
                    fi
            ;;

            stop)
                    log_begin_msg "Stopping svnserve..."
                    if start-stop-daemon --stop --exec $SVNSERVE; then
                    log_end_msg 0
                    else
                    log_end_msg $?
                    fi
            ;;

            restart|force-reload)
                    "$0" stop && "$0" start
            ;;

            *)
            echo "Usage: /etc/init.d/svnserve {start|stop|restart|force-reload}"
                    exit 1
            ;;
    esac

    exit 0

我正在尝试将后缀配置为使用多个 IP 的不同密钥加密传出邮件。

主要.cf postconf -n：

    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    anvil_rate_time_unit = 86400s
    anvil_status_update_time = 120s
    append_dot_mydomain = no
    biff = no
    compatibility_level = 2
    inet_interfaces = all
    inet_protocols = ipv4
    mailbox_size_limit = 0
    milter_default_action = accept
    milter_protocol = 6
    mydestination = $myhostname, domain.com, localhost.localdomain, localhost.localdomain, localhost
    myhostname = domain.com
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    myorigin = /etc/mailname
    non_smtpd_milters = inet:localhost:8891
    readme_directory = no
    recipient_delimiter = +
    relayhost =
    sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport
    smtp_tls_mandatory_ciphers = high
    smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    smtpd_client_event_limit_exceptions = $mynetworks
    smtpd_client_message_rate_limit = 200
    smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
    smtpd_milters = inet:localhost:8891
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_mandatory_ciphers = high
    smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_use_tls = yes
    tls_high_cipherlist = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

大师.cf：

    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    #submission inet n       -       y       -       -       smtpd
    127.0.0.1:submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_security_options=noanonymous
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o smtpd_tls_cert_file=/srv/letsencrypt/ssl/domain.com/domain.com_chained.crt
      -o smtpd_tls_key_file=/srv/letsencrypt/ssl/domain.com/domain.com.key

    # domain2.com
    111.1.1.222:submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_security_options=noanonymous
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o smtpd_tls_key_file=/srv/letsencrypt/ssl/domain2.com/domain2.com.key
      -o smtpd_tls_cert_file=/srv/letsencrypt/ssl/domain2.com/domain2.com_chained.crt

邮件日志：

    Oct 28 11:43:05 zipserver postfix/postfix-script[2239]: starting the Postfix mail system
    Oct 28 11:43:05 zipserver postfix/master[2241]: daemon started -- version 3.3.0, configuration /etc/postfix
    Oct 28 11:43:32 zipserver postfix/pickup[2242]: 0BFA8104115B: uid=1000 from=<[email protected]>
    Oct 28 11:43:32 zipserver postfix/cleanup[2248]: 0BFA8104115B: message-id=<[email protected]>
    Oct 28 11:43:32 zipserver postfix/qmgr[2243]: 0BFA8104115B: from=<[email protected]>, size=407, nrcpt=1 (queue active)
    Oct 28 11:43:32 zipserver postfix/smtp[2250]: 0BFA8104115B: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.167.27]:25, delay=0.46, delays=0.13/0.01/0.05/0.27, dsn=2.0.0, status=sent (250 2.0.0 OK  1603881812 s81si4271295wmf.188 - gsmtp)
    Oct 28 11:43:32 zipserver postfix/qmgr[2243]: 0BFA8104115B: removed

版本：

    postconf -d | grep mail_version
    mail_version = 3.3.0

但是电子邮件以红色交叉锁到达 gmail，而 gmail 说它没有加密。我错过了什么？

我有以下 nginx 服务器配置：

server {
    ...

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to proxy.
            try_files /maintenance.php $uri @proxyPass;
    }

    location @proxyPass {
            proxy_pass http://1.1.1.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    location ~ /\. {
            deny all;
    }

    include /etc/nginx/acme;

    include /etc/nginx/expires.conf;
}

/etc/nginx/acme：

location /.well-known/acme-challenge/ {
    allow myip;                           # my ip
    allow serverip;                       # server ip
    allow 66.133.109.36/32;               # allow outbound1.letsencrypt.org
    allow 64.78.149.164/32;               # allow outbound2.letsencrypt.org
    allow 64.78.149.164/32;               # allow outbound2.letsencrypt.org
    deny all;                             # deny everything else

    alias /srv/letsencrypt/acme-challenge/;
    try_files $uri =404;
}

deny all所有从点开始的规则与 acme 的规则冲突。如果我在能够访问 acme 相关文件夹中的文件时将其删除，否则我会收到 403 Forbidden

我尝试allow all在 acme 相关的位置块中设置而不是登记 IP 地址，如下所述： 覆盖单个位置块的 nginx 拒绝规则 但 id 没有帮助

如何使这两个位置块一起工作？