环境：debian 11, exim4, php8.1, osticket-1.17
需求：用exim接收邮件，将邮件通过 piping 交给 osticket 的 php 脚本处理

过程：

1. 新增一条 router 配置文件，如 /etc/exim4/conf.d/router/050_exim4-config_osticket

2. 050_exim4-config_osticket 内容如下。意思要将support@localdomain的邮件交给osticket_transport受理

   osticket_router:
    driver = accept
    local_parts = support
    transport = osticket_transport

3. 新增 osticket_transport 的配置文件，如 /etc/exim4/conf.d/transport/25_exim4-config_osticket_pipe

4. 25_exim4-config_osticket_pipe 内容如下。意思是将邮件交给 /var/www/public_html/api/pipe.php 处理

   osticket_transport:
    driver = pipe
    command = /usr/bin/php8.1 /var/www/public_html/api/pipe.php

5. 将新增的配置文件内容添加到模板中，update-exim4.conf.template -r
6. 更新exim的配置，update-exim4.conf
7. 重载 systemctl reload exim4 的服务
8. 可通过如 exim4 -bt support@localdomain 的命令来检查新设置的 router 和 transport 是否生效

参考：

• https://docs.osticket.com/en/latest/Getting%20Started/Email%20Piping.html
• https://serverfault.com/questions/565973/make-exim-deliver-local-mail-externally
• https://manpages.debian.org/testing/exim4-config/update-exim4.conf.template.8.en.html
• https://www.howtogeek.com/devops/how-to-route-incoming-email-to-your-application-with-exim/
• https://geekthis.net/post/exim-process-mail-script/

#!/bin/bash

# refer: https://www.baeldung.com/linux/check-website-availablilty and https://curl.se/mail/archive-2022-04/0027.html

trap "exit 1" TERM
export TOP_PID=$$
STDOUTFILE=".tempCurlStdOut" # temp file to store stdout
> $STDOUTFILE # cleans the file content

# Argument parsing follows our specification
for i in "$@"; do
  case $i in
#    http*)
#      WEBPAGE="${i#*=}"
#      shift
#      ;;
    -n=*|--notWantedContent=*)
      NOTWANTEDCONTENT="${i#*=}"
      shift
      ;;
    -r=*|--requiredContent=*)
      REQUIREDCONTENT="${i#*=}"
      shift
      ;;
    -e=*|--email=*)
      EMAIL="${i#*=}"
      shift
      ;;
    -s|--silent)
      SILENT=true
      shift
      ;;
    -t|--testTcpPortOnly)
      TESTTCPPORTONLY=true
      shift
      ;;      
#    *)
#      >&2 echo "Unknown option: $i" # stderr
#      exit 1
#      ;;
    *)
      WEBPAGE="${i#*=}"
      shift      
      ;;
    *)
      ;;
  esac
done

if test -z "$WEBPAGE"; then
    >&2 echo "Missing required URL" # stderr
    exit 1;
fi

function tcp_port_is_open {
  local exit_status_code
#   curl -t '' --connect-timeout 2 -s telnet://"$1:$2" </dev/null
   URL=${WEBPAGE#*//*}
   curl -t '' --connect-timeout 2 -s telnet://"$URL" </dev/null
   exit_status_code=$?
   case $exit_status_code in
     49) return 0 ;;
     *) return "$exit_status_code" ;;
   esac
}

function stdOutput { 
    if ! test "$SILENT" = true; then
        echo "$1"
    fi
}

function stdError { 
    if ! test "$SILENT" = true; then
        >&2 echo "$1" # stderr
    fi
    if ! test -z "$EMAIL"; then
        echo -e "Subject: $WEBPAGE is not working\n\nThe error is: $1" | msmtp $EMAIL
    fi
    kill -s TERM $TOP_PID # abort the script execution
}

if tcp_port_is_open > /dev/null 2>&1 ; then
    if test "$TESTTCPPORTONLY" = true; then
        stdOutput "TCP port is open -> OK"
    else
#            stdOutput "Internet connectivity OK"
    HTTPCODE=$(curl --max-time 5 --silent --write-out %{response_code} --output "$STDOUTFILE" "$WEBPAGE")
    CONTENT=$(<$STDOUTFILE) # if there are no errors, this is the HTML code of the web page
        if test $HTTPCODE -eq 200; then
            stdOutput "HTTP STATUS CODE $HTTPCODE -> OK"
        else
            stdError "HTTP STATUS CODE $HTTPCODE -> Has something gone wrong?"
        fi
        if ! test -z "$NOTWANTEDCONTENT"; then
            if echo "$CONTENT" | grep -iq "$NOTWANTEDCONTENT"; then # case insensitive check
                stdError "Not wanted content '$NOTWANTEDCONTENT'"
            fi
        fi
        if ! test -z "$REQUIREDCONTENT"; then
            if ! echo "$CONTENT" | grep -iq "$REQUIREDCONTENT"; then # case insensitive check
                stdError "Required content '$REQUIREDCONTENT' is absent"
            fi
        fi
        if echo "$WEBPAGE" | grep -iq "https"; then # case insensitive check
            EXPIREDATE=$(curl --max-time 5 --verbose --head --stderr - "$WEBPAGE" | grep "expire date" | cut -d":" -f 2- | date -f - "+%s")
            DAYS=$(( ($EXPIREDATE - $(date "+%s")) / (60*60*24) )) # days remaining to expiration
            if test $DAYS -gt 7; then
                stdOutput "No need to renew the SSL certificate. It will expire in $DAYS days."
            else
                if test $DAYS -gt 0; then
                    stdError "The SSL certificate should be renewed as soon as possible ($DAYS remaining days)."
                else
                    stdError "The SSL certificate IS ALREADY EXPIRED!"
                fi
            fi
        fi
    fi    
else
    stdError "TCP port is close -> Has something gone wrong?"
    exit 1
fi

例子：

liujia@moni:~/check$ ./c.sh anqun.org:3389 -t
TCP port is close -> Has something gone wrong?
liujia@moni:~/check$ ./c.sh anqun.org:3390 -t
TCP port is open -> OK
liujia@moni:~/check$ ./c.sh http://anqun.org:80
HTTP STATUS CODE 200 -> OK
liujia@moni:~/check$ ./c.sh https://anqun.org:443
TCP port is close -> Has something gone wrong?
liujia@moni:~/check$ ./c.sh https://liujia.anqun.org:443
HTTP STATUS CODE 200 -> OK
No need to renew the SSL certificate. It will expire in 59 days.
liujia@moni:~/check$ ./c.sh https://hy.anqun.org:443 -e=i@liujia.anqun.org
TCP port is close -> Has something gone wrong?

原因：在老版本的 debian 系统里，使用 curl 或 wget 访问 let's Encrypt 发的证书站点时，会提示证书过期。因为证书中包含 DST Root CA X3 的指向，curl 不会自动选择 ISRG Root X1 的证书，且因为 DST Root CA X3 的证书在 2021 年过期，所以 curl 报错。

尝试：

1. vi /etc/ca-certificates.conf # 编辑证书配置文件内容，注释掉 DST ROOT CA X3 的证书文件，如 !mozilla/DST_Root_CA_X3.crt
2. update-ca-certificates --fresh # 更新证书

参考：

• https://manpages.debian.org/jessie/ca-certificates/update-ca-certificates.8.en.html
• https://cloudraya.com/knowledge-base/fix-broken-letsencrypt-ssl-certificate-due-to-expired-root-ca-certificate/
• https://curl.se/docs/sslcerts.html
• https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
• https://community.certifytheweb.com/t/still-getting-dst-root-ca-x3-as-the-root/1510/4

测试设备：烽火 FiberHome 厂家的光猫 HG6543C1
目标：能在 AMD64 的 Debian 11 里编译、make 出能在光猫里运行的程序

过程：

1. 先确认光猫能否 telnet 或 ssh 登录

2. 查看、确认光猫现有的软件环境，如本例的一个程序，在Linux里用file命令查看，大概知是大端的mips32平台

   $file gdecms
   gdecms: ELF 32-bit MSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped

3. 下载，通过buildroot来获得相应的cross compiler toolchain 交叉编译所需的软件包
4. 用toolchain包里的gcc，g++等，从软件的源码中make中可执行的二进制程序文件

本次实践中的几条命令：

/home/liujia/bt/openssl/openssl-1.1.1n/Configure linux-mips32 no-shared --cross-compile-prefix=mipsel-linux- --prefix=/home/liujia/bt/openssl/out

./b2 install abi=o32 toolset=gcc-mips --prefix=/home/liujia/bt/boost/out  --with-program_options --with-system link=static

cmake .. -DENABLE_MYSQL=OFF -DSYSTEMD_SERVICE=OFF -DBoost_DEBUG=ON -DBoost_LIBRARIES="/home/liujia/bt/boost/out/lib" -DBoost_INCLUDE_DIR="/home/liujia/bt/boost/out/include" -DOPENSSL_ROOT_DIR="/home/liujia/bt/openssl/out" -DOPENSSL_LIBRARIES="/home/liujia/bt/openssl/out/lib" -DOPENSSL_INCLUDE_DIR="/home/liujia/bt/openssl/out/include" -DCMAKE_TOOLCHAIN_FILE=../toolchain.cmake

参考：

• https://stackoverflow.com/questions/44521150/buildroot-install-and-build-the-toolchain-only
• https://buildroot.org
• https://tupelo-shen.github.io/2020/10/23/MIPS%E6%9E%B6%E6%9E%84%E6%B7%B1%E5%85%A5%E7%90%86%E8%A7%A38-%E5%90%91MIPS%E7%A7%BB%E6%A4%8D%E8%BD%AF%E4%BB%B6%E4%B9%8B%E5%A4%A7%E5%B0%8F%E7%AB%AF%E6%A8%A1%E5%BC%8F/
• https://github.com/xizhibei/blog/issues/141

来自ISPSystem。

#!/bin/sh
#
# metadata_begin
# recipe: Proxmox
# tags: debian10,debian11
# revision: 2
# description_ru: Proxmox VE
# description_en: Proxmox VE
# metadata_end
#
RNAME=Proxmox

set -x

LOG_PIPE=/tmp/log.pipe.$$                                                                                                                                                                                                                    
mkfifo ${LOG_PIPE}
LOG_FILE=/root/${RNAME}.log
touch ${LOG_FILE}
chmod 600 ${LOG_FILE}

tee < ${LOG_PIPE} ${LOG_FILE} &

exec > ${LOG_PIPE}
exec 2> ${LOG_PIPE}

export DEBIAN_FRONTEND="noninteractive"
HOSTNAME_SHORT=$(hostname -s)
HOSTNAME_FULL=$(hostname)
IP=$(ip route get 1 | grep -Po '(?<=src )[^ ]+')
if ! [ "${HOSTNAME_SHORT}" = "${HOSTNAME_FULL}" ]; then
    echo "$IP $HOSTNAME_FULL $HOSTNAME_SHORT" >> /etc/hosts
else
    echo "$IP $HOSTNAME_FULL" >> /etc/hosts
fi

# Wait firstrun script
while ps uxaww | grep  -v grep | grep -Eq 'apt-get|dpkg' ; do echo "waiting..." ; sleep 3 ; done

apt-get update

test -f /usr/bin/which || apt-get -y install which
which wget 2>/dev/null || apt-get -y install wget
which gnupg2 2>/dev/null || apt-get -y install gnupg2
which lsb-release 2>/dev/null || apt-get -y install lsb-release

if [ "$(lsb_release -c -s)" = "buster" ]; then
    wget -qO - http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg | apt-key add -
    echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" | tee /etc/apt/sources.list.d/pve-install-repo.list
else
    wget -qO - http://download.proxmox.com/debian/proxmox-release-bullseye.gpg | apt-key add -
    echo "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription" | tee /etc/apt/sources.list.d/pve-install-repo.list
fi
apt update && apt dist-upgrade -y
apt install proxmox-ve -y

参考：

• https://docs.ispsystem.com/dcimanager/os-templates-recipes-and-iso-images/recipes/recipe-management
• https://pve.proxmox.com/wiki/Unattended_installation_of_Proxmox