jcubic's questions

我找到了这篇文章，这是我用来生成 CA 证书的内容：

openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

我将其命名为“MyCert”

我用它来签署为本地主机生成的证书（它是 ChatGPT 的输出）

$ openssl req -newkey rsa:2048 -nodes -keyout localhost.key -out localhost.csr
$ openssl x509 -req -in localhost.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out localhost.crt -days 365 -sha256

我已将 CA 证书添加到系统中（我使用 Fedora）：

sudo cp myCA.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

我重新启动了服务器，当访问时https://localhost

得到这个错误：

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: localhost
Issuer: MyCert

我做错了什么？我使用 CA 证书的默认字段：

CN = MyCert
O = Default Company Ltd
L = Default City
C = pl

本地主机证书具有这些字段：

CN = localhost
C = pl

如何在 Fedora 上正确创建 CA 证书并为 Apache 签署证书？

我想将 localhost 配置为通过后缀服务器发送电子邮件，我这样做是为了测试我使用 Wordpress 设置 Docker 的解决方案（在互联网电子邮件上找到的解决方案不起作用，也 curl 但那是因为企业 CA SSL 证书）。现在我正在 Fedora 上对此进行测试，并尝试发送到我在 onet.pl 和 jcubic.pl 域的两个帐户，他们都拒绝了我的电子邮件。

以下是后缀日志：

Apr  4 13:24:14 23c96150d42f postfix/smtp[134]: BCAA01659A0: to=<[email protected]>, relay=mail.jcubic.pl[185.255.40.21]:25, delay=0.25, delays=0/0/0.07/0.17, dsn=5.7.1, status=bounced (host mail.jcubic.pl[185.255.40.21] said: 550 5.7.1 <[email protected]>: Recipient address rejected: Please see http://www.openspf.net/Why?s=helo;id=jcubic.pl;ip=185.129.113.210;r=unknown (in reply to RCPT TO command))
Apr  4 13:24:14 23c96150d42f postfix/qmgr[95]: BCAA01659A0: removed
Apr  4 13:25:41 23c96150d42f postfix/smtp[134]: 2D02E1659A0: to=<[email protected]>, relay=mx.poczta.onet.pl[213.180.147.146]:25, delay=0.85, delays=0/0/0.85/0, dsn=4.7.1, status=deferred (host mx.poczta.onet.pl[213.180.147.146] refused to talk to me: 220-mx.poczta.onet.pl ESMTP 450 4.7.1 Client host rejected: cannot find your reverse hostname, [185.129.113.210])

首先是 SPF 保护，我可以忽略它，只处理显示反向主机名错误的 onet.pl，我已经读到我需要在 jcubic.pl 有正确的 DNS 记录。我可以在 jcubic.pl 上设置 DNS，这只是为了查看电子邮件是否有效，但我不知道如何设置多个 A DNS 记录。我也不确定我该怎么做（记录应该是什么样子）。

我在 OpenStack 上使用 Ubuntu 测试我的 docker-wordpress 组合，我能够向 gmail 公司帐户发送电子邮件。

我正在使用此设置，我将后缀实例作为具有此配置的 docker compose 服务：

  postfix:
    image: catatnight/postfix
    environment:
      maildomain: example.com # at work here was valid domain of my company (gene.com)
      smtp_user: postfix:postfixpass
    ports:
      - "25:25"
    restart: always

端口 25 可能不会公开它只是为了测试，我不确定这是否是没有发送电子邮件的问题：

我的 wordpress image 使用msmtp命令发送电子邮件，我现在正在测试这个：

echo "Hello this is sending email using msmtp" | msmtp <name>@onet.pl
echo "Hello this is sending email using msmtp" | msmtp <name>@jcubic.pl

我的 msmtp 配置如下所示：

# Set defaults.
defaults
# Enable or disable TLS/SSL encryption.
tls off
tls_starttls off
# Setup WP account's settings.
account postfix
host postfix
port 25
auth login
user [email protected]
password postfixpass
from [email protected]

logfile /var/log/msmtp/msmtp.log

account default: postfix

我正在测试不同user的 nad from，我可以在 jcubic.pl 上配置 DNS 以验证我的本地 IP（这是动态的）现在是否有效，所以我可以测试发送电子邮件是否有效？我的域 jcubic.pl 在共享主机上，但我可以添加 DNS 记录。也可以修复 SPF 问题。这将如何在普通服务器上工作。在工作中，我使用我公司的域，但它是 Intranet IP 地址（私有 OpenStack 的实例），我不确定为什么 gmail 认为发件人是有效的。

我还有另一个问题是 postfix 邮件服务器需要公开并且可以访问发送电子邮件的 IP？这就是它的工作方式（有来自 docker postfix 容器的公共端口），但在这里我有 localhost 和 NAT 路由器，我的公共 IP 不同，邮件服务器不能从互联网访问。我不确定我的公司有哪些 DNS 记录。

我正在尝试使用来自 php的后缀图像和 msmtp 设置电子邮件。使用 msmtp 从命令行从 wordpress 容器到 postfix 发送电子邮件（我使用的是 docker compose，但我认为它不相关）。但是在php中它不起作用。

后缀日志显示：

Feb 14 12:00:09 36a1774df087 postfix/smtpd[141]: connect from volume_wordpress_1.volume_default[172.23.0.4]
Feb 14 12:00:09 36a1774df087 postfix/smtpd[141]: warning: Illegal address syntax from volume_wordpress_1.volume_default[172.23.0.4] in MAIL command: <[email protected]>
Feb 14 12:00:09 36a1774df087 postfix/smtpd[141]: disconnect from volume_wordpress_1.volume_default[172.23.0.4]
Feb 14 12:03:29 36a1774df087 postfix/anvil[143]: statistics: max connection rate 1/60s for (smtp:172.23.0.4) at Feb 14 11:58:44
Feb 14 12:03:29 36a1774df087 postfix/anvil[143]: statistics: max connection count 1 for (smtp:172.23.0.4) at Feb 14 11:58:44
Feb 14 12:03:29 36a1774df087 postfix/anvil[143]: statistics: max cache size 1 at Feb 14 11:58:44

php 配置如下所示：

sendmail_path = "/usr/bin/msmtp -C /etc/msmtprc -t -i"

当我从终端运行它时，相同的命令起作用。但是从php它显示上面的错误。

是否需要更改[email protected]（是内网公用机器地址，wordpress是docker-compose.yml中的服务名称）？我怎样才能做到这一点？

我发现这篇文章在 CentOS 上使用 PHP imagick 扩展安装 imagemagick但是当我尝试运行pecl install imagick时编译时出现错误，这是命令的输出：

# pecl install imagick
downloading imagick-3.0.1.tgz ...
Starting to download imagick-3.0.1.tgz (93,920 bytes)
.....................done: 93,920 bytes
13 source files, building
running: phpize
Configuring for:
PHP Api Version:         20100412
Zend Module Api No:      20100525
Zend Extension Api No:   220100525
Please provide the prefix of Imagemagick installation [autodetect] : 
Notice: Use of undefined constant STDIN - assumed 'STDIN' in CLI.php on line 304

Warning: fgets() expects parameter 1 to be resource, string given in CLI.php on line 304

Warning: fgets() expects parameter 1 to be resource, string given in /usr/lib/php/PEAR/Frontend/CLI.php on line 304
building in /root/tmp/pear/pear-build-rootf4XQy0/imagick-3.0.1
running: /root/tmp/pear/imagick/configure --with-imagick
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for PHP prefix... /usr/local
checking for PHP includes... -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib
checking for PHP extension directory... /usr/local/lib/php/extensions/no-debug-non-zts-20100525
checking for PHP installed headers prefix... /usr/local/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... re2c
checking for re2c version... 0.13.5 (ok)
checking for gawk... gawk
checking whether to enable the imagick extension... yes, shared
checking whether to enable the imagick GraphicsMagick backend... no
checking ImageMagick MagickWand API configuration program... found in /usr/bin/MagickWand-config
checking if ImageMagick version is at least 6.2.4... found version 6.5.4 Q16
checking for MagickWand.h header file... found in /usr/include/ImageMagick/wand/MagickWand.h
checking PHP version is at least 5.1.3... yes. found 5.4.6
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking the maximum length of command line arguments... 1966080
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC
checking if cc PIC flag -fPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no

creating libtool
appending configuration tag "CXX" to libtool
configure: creating ./config.status
config.status: creating config.h
running: make
/bin/sh /root/tmp/pear/pear-build-rootf4XQy0/imagick-3.0.1/libtool --mode=compile cc  -I. -I/root/tmp/pear/imagick -DPHP_ATOM_INC -I/root/tmp/pear/pear-build-rootf4XQy0/imagick-3.0.1/include -I/root/tmp/pear/pear-build-rootf4XQy0/imagick-3.0.1/main -I/root/tmp/pear/imagick -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/usr/include/ImageMagick  -DHAVE_CONFIG_H  -g -O2   -c /root/tmp/pear/imagick/imagick_class.c -o imagick_class.lo
mkdir .libs
 cc -I. -I/root/tmp/pear/imagick -DPHP_ATOM_INC -I/root/tmp/pear/pear-build-rootf4XQy0/imagick-3.0.1/include -I/root/tmp/pear/pear-build-rootf4XQy0/imagick-3.0.1/main -I/root/tmp/pear/imagick -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/imagick/imagick_class.c  -fPIC -DPIC -o .libs/imagick_class.o
/root/tmp/pear/imagick/imagick_class.c: In function ‘zim_imagick_setfont’:
/root/tmp/pear/imagick/imagick_class.c:1442: error: ‘struct _php_core_globals’ has no member named ‘safe_mode’
/root/tmp/pear/imagick/imagick_class.c:1442: error: ‘CHECKUID_CHECK_FILE_AND_DIR’ undeclared (first use in this function)
/root/tmp/pear/imagick/imagick_class.c:1442: error: (Each undeclared identifier is reported only once
/root/tmp/pear/imagick/imagick_class.c:1442: error: for each function it appears in.)
/root/tmp/pear/imagick/imagick_class.c:1442: error: ‘CHECKUID_NO_ERRORS’ undeclared (first use in this function)
/root/tmp/pear/imagick/imagick_class.c: In function ‘zim_imagick_setimageprogressmonitor’:
/root/tmp/pear/imagick/imagick_class.c:9534: error: ‘struct _php_core_globals’ has no member named ‘safe_mode’
/root/tmp/pear/imagick/imagick_class.c:9534: error: ‘CHECKUID_CHECK_FILE_AND_DIR’ undeclared (first use in this function)
/root/tmp/pear/imagick/imagick_class.c:9534: error: ‘CHECKUID_NO_ERRORS’ undeclared (first use in this function)
make: *** [imagick_class.lo] Błąd 1
ERROR: `make' failed

我在具有 4 个 CPU（Linode 4096）的 Debian GNU/Linux 机器上使用 MySQL 服务器，并且在重载（在一天​​中）时存在性能问题，但机器没有超载，只有查询很慢。

我可以使用哪些其他数据库来使用这 4 个 CPU？我读到 MySQL 只使用一个。有 SQL dababse 还是我需要使用 NoSQL？大多数查询都是选择。