在Ubuntu下基于Postfix/Dovecot安装自有邮箱服务

Linux配置

博客已经搭建了很多年了,一直想拥有一个自己的邮箱服务器,最近机缘巧合,给另外一个项目搭建了一个,刚好随手,就给自己的域名也搭建一个,拿来用一用装逼。

顺便,把整个流程记录下来。

1、以我的域名 stamhe.com 为例,要部署邮箱服务的IP地址为 149.28.109.196

2、建议购买vultr的主机,好处后面就知道了

主要参考文章为Linode的这篇文章:

https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql/

到达率参考

http://lomu.me/post/SPF-DKIM-DMARC-PTR

一、申请SSL证书

通过Let’s Encrypt申请免费的SSL证书

cd /root
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
# 申请通配符域名
./certbot-auto -d "*.stamhe.com" --manual --preferred-challenges dns-01 certonly 
# 申请单一域名
./certbot-auto -d "mail.stamhe.com" --standalone certonly

按命令行提示进行操作,即可得到如下的证书

root@stamhe:~/certauto# ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: stamhe.com
    Domains: *.stamhe.com
    Expiry Date: 2019-10-22 05:33:50+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/stamhe.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/stamhe.com/privkey.pem

其中,fullchain.pem 为公钥文件, privkey.pem 为私钥文件.

Let’s Encrypt 是免费证书,有效期为 90 天,快到期前,需要执行下面的命令申请延期

./certbot-auto  renew --manual-auth-hook certonly

注意: 如果服务器本身安装得有Web服务器,如Nginx、Apache之类的,在执行延期申请命令前,需要先停止在80、443端口的监听,延期成功后,再启动。

二、配置基本的DNS相关信息

类型名称
Amail149.28.109.196
MX@mail.stamhe.com
TXT@v=spf1 mx:mail.stamhe.com ip4:149.28.109.196 ~all

配置spf主要是为了防止发信被对方放垃圾邮箱的一个手段,后面会有详细介绍。

三、配置基础的MySQL账户信息

假设MySQL的连接信息如下:

localhost
3306
root
123456

创建库、表

create database mailserver;
use mailserver;

CREATE TABLE `virtual_domains` (  
  `id` int(11) NOT NULL auto_increment,  
  `name` varchar(50) NOT NULL,  
  PRIMARY KEY (`id`))  
ENGINE=InnoDB DEFAULT CHARSET=utf8;


CREATE TABLE `virtual_users` (  
`id` int(11) NOT NULL auto_increment,  
`domain_id` int(11) NOT NULL,  
`password` varchar(106) NOT NULL,  
`email` varchar(100) NOT NULL,  
PRIMARY KEY (`id`),  
UNIQUE KEY `email` (`email`),  
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE)  
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `virtual_aliases` (  
`id` int(11) NOT NULL auto_increment,  
`domain_id` int(11) NOT NULL,  
`source` varchar(100) NOT NULL,  
`destination` varchar(100) NOT NULL,  
PRIMARY KEY (`id`),  
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE)  
ENGINE=InnoDB DEFAULT CHARSET=utf8;

插入两个测试用的邮箱账户信息

insert into virtual_domains(id,name) values(1,'mail.stamhe.com');     
insert into virtual_domains(id,name) values(2,'stamhe.com');


insert into virtual_users(id,domain_id,password,email) values (1,2,ENCRYPT('123456'),'love@stamhe.com');

insert into virtual_users(id,domain_id,password,email) values (2,2,ENCRYPT('12345678'),'you@stamhe.com');


insert into virtual_aliases(id,domain_id,source,destination) values (1,2,'all@stamhe.com','love@stamhe.com');

insert into virtual_aliases(id,domain_id,source,destination) values (2,2,'all@stamhe.com','you@stamhe.com');

四、Postfix的安装以及相关配置

安装Postfix

apt-get install postfix postfix-mysql postfix-doc mailutils

安装过程中需要选择Postfix的类型,请选择Internet Site,还会需要输入System mail name,这里请输入你要收发邮件的域名地址,我这儿是输入: stamhe.com

Postfix配置项的官方文档

http://www.postfix.org/documentation.html

查看Postfix的版本号

postconf -d | grep mail_version

打开 /etc/postfix/main.cf

1、删除掉下面的所有默认配置

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

2、新增下面的配置

smtpd_tls_cert_file=/etc/letsencrypt/archive/stamhe.com/fullchain1.pem
smtpd_tls_key_file=/etc/letsencrypt/archive/stamhe.com/privkey1.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may

3、新增下面的配置

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
message_size_limit = 15728640
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unlisted_recipient,
    reject_unauth_destination

smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain

smtpd_relay_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    defer_unauth_destination

4、修改mydestination

mydestination = localhost

注意:mydestination参数中,不能出现在前面 virtual_domains 表中出现的域名,否则创建的账户会无法收到邮件。

5、新增如下配置,告诉Postfix不要使用LDA「Local Delivery Agent」转而使用Dovecot的LMTP完成本地邮件投递

virtual_transport = lmtp:unix:private/dovecot-lmtp

6、新增如下配置,告诉Postfix去MySQL数据库种寻找域名、用户帐号密码及邮件别名等信息

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

7、配置连接MySQL相关的信息

# cat /etc/postfix/mysql-virtual-mailbox-domains.cf
user = root
password = 123456
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'


# cat /etc/postfix/mysql-virtual-mailbox-maps.cf
user = root
password = 123456
hosts = 127.0.0.1  
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'

# cat /etc/postfix/mysql-virtual-alias-maps.cf
user = root
password = 123456
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'

执行下面的命令重启postfix

systemctl restart postfix

测试上面的MySQL连接信息

# postmap -q stamhe.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
1

# postmap -q love@stamhe.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
1

# postmap -q all@stamhe.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf
love@stamhe.com,you@stamhe.com

8、打开 /etc/postfix/master.cf 文件,去掉里面 submission和smtps所在的两行,并将其注释去掉。

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

9、再次重启postfix

10、完整的main.cf配置文件如下

root@stamhe:~# cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

myhostname = stamhe
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, stamhe, localhost.localdomain, , localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/archive/stamhe.com/fullchain1.pem
smtpd_tls_key_file=/etc/letsencrypt/archive/stamhe.com/privkey1.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.



smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
message_size_limit = 15728640
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unlisted_recipient,
    reject_unauth_destination

smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain

smtpd_relay_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    defer_unauth_destination

virtual_transport = lmtp:unix:private/dovecot-lmtp

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

# Even more Restrictions and MTA params
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes

smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h

# Reply Rejection Codes
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550



# rate
smtpd_client_connection_count_limit = 100
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 100
smtpd_client_new_tls_session_rate_limit = 100
smtpd_client_auth_rate_limit = 100
root@stamhe:~#

五、Dovecot的安装及相关配置

Dovecot充当IMAP、POP服务器的角色,同时它也将负责用户登录时用户身份的验证「Dovecot会将真正的验证工作交给MySQL处理」。因为使用SSL,Dovecot将会使用993「IMAP协议」及995「POP协议」与外界通讯,所以需要允许放行993、995、465三个端口。

1、安装Dovecot

apt-get install dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql

2、修改 /etc/dovecot/dovecot.conf 配置文件

!include_try /usr/share/dovecot/protocols.d/*.protocol  
protocols = imap pop3 lmtp

3、修改 /etc/dovecot/conf.d/10-mail.conf 配置文件

mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail

同时执行下面的命令,创建 mail_location需要的工作目录

# mkdir -p /var/mail/vhosts/stamhe.com
# groupadd -g 5000 vmail  
# useradd -g vmail -u 5000 vmail -d /var/mail
# chown -R vmail:vmail /var/mail

4、修改 /etc/dovecot/conf.d/10-auth.conf 配置文件

disable_plaintext_auth = yes
auth_mechanisms = plain login

默认情况下,Dovecot是允许Ubuntu系统用户登录使用的,我们需要将其禁用。找到文件种如下内容并将其注释:

#!include auth-system.conf.ext

开启Dovecot的MySQL支持,取消!include auth-sql.conf.ext的注释符号:

#!include auth-system.conf.ext  
!include auth-sql.conf.ext  
#!include auth-ldap.conf.ext  
#!include auth-passwdfile.conf.ext  
#!include auth-checkpassword.conf.ext  
#!include auth-vpopmail.conf.ext  
#!include auth-static.conf.ext

5、修改 /etc/dovecot/conf.d/auth-sql.conf.ext 配置文件

passdb {  
    driver = sql  
    args = /etc/dovecot/dovecot-sql.conf.ext  
}  

userdb {  
    driver = static  
    args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n  
}

6、修改 /etc/dovecot/dovecot-sql.conf.ext 配置文件

driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=root password=123456
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u'

注意: default_pass_scheme代表使用的密码的加密存储算法,我们前面在SQL语句中使用的是encrypt函数,对应的就是CRYPT,当然也可以使用其他算法,自己研究。

7、修改一下目录权限

chown -R vmail:dovecot /etc/dovecot

chmod -R o-rwx /etc/dovecot

8、修改 /etc/dovecot/conf.d/10-master.conf 配置文件

service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service lmtp {  
        unix_listener /var/spool/postfix/private/dovecot-lmtp {  
        mode = 0600  
        user = postfix  
        group = postfix  
  }
}


service auth {  
    unix_listener /var/spool/postfix/private/auth {  
            mode = 0666  
            user = postfix  
            group = postfix  
    }  

    unix_listener auth-userdb {  
            mode = 0600  
            user = vmail  
            #group =  
    }  

    user = dovecot  
}

service auth-worker {  
    user = vmail  
}

9、修改 /etc/dovecot/conf.d/10-ssl.conf 配置文件

ssl = required
ssl_cert = </etc/letsencrypt/archive/stamhe.com/fullchain1.pem
ssl_key = </etc/letsencrypt/archive/stamhe.com/privkey1.pem

注意: 这儿的证书路径最前面,有一个【<】开头,别漏了。。。

10、修改 /etc/dovecot/dovecot.conf 配置文件

postmaster_address = postmaster at stamhe.com

11、重启dovecot服务

systemctl restart dovecot

六、测试接收、发送邮件

建议使用 163、gmail来做测试对象, qq邮箱很多变态规则,在做下面的配置之前,可能你的很多发送都是失败的。。。

调试日志在

/var/log/mail.log

/var/log/mail.log
/var/log/mail.err

七、邮件服务器添加SPF、DKIM、DMARC、PTR提高送达率

主要参考

http://lomu.me/post/SPF-DKIM-DMARC-PTR

1、SPF的配置

我们前面已经做了,在DNS中,新增下面的TXT记录即可

v=spf1 mx:mail.stamhe.com ip4:149.28.109.196 ~all

2、DMARC配置

在DNS中,新增下面的TXT记录

主机名:
_dmarc

记录值:
v=DMARC1;p=reject;rua=support@stamhe.com

3、PTR配置

如果你是使用的vultr,那就简单了,在Server Detail -> Setting下面,修改 Reverse DNS 为【mail.stamhe.com】即可。

如果是其他的主机厂商,问客服

使用如下命令测试结果

dig -x 你的邮箱服务器IP

4、DKIM配置

安装OpenDKIM

apt install opendkim opendkim-tools

A、修改  /etc/opendkim.conf  配置文件

在最后面追加如下配置内容

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

B、修改 /etc/default/opendkim 配置文件

SOCKET="inet:12301@localhost"

C、修改 /etc/postfix/main.cf 配置文件

milter_protocol = 6
milter_default_action = accept

smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

milter_protocol = 6 这个参数,根据下面的命令来

# postconf -d | grep mail_version
当postfix版本为2.6+,milter_protocol=6; 版本为2.3到2.5,milter_protocol=2;

D、创建目录

mkdir -p /etc/opendkim/keys

E、修改 /etc/opendkim/TrustedHosts  配置文件

127.0.0.1
localhost
192.168.0.1/24

 *.stamhe.com

F、创建opendkim所需要的key

# cd /etc/opendkim/keys 
# mkdir stamhe.com
# cd stamhe.com
# opendkim-genkey -s mail –d stamhe.com
# chown opendkim:opendkim mail.private

注意,有一些DNS服务商的TXT值有限制长度,opendkim-genkey默认生成的为2048的key,太长了,对于有长度限制的,可以使用 1024的key

# opendkim-genkey -s mail -d stamhe.com -b 1024

得到如下两个文件

total 16
drwxr-xr-x 2 root     root     4096 Jul 24 08:05 ./
drwxr-xr-x 3 root     root     4096 Jul 24 08:04 ../
-rw------- 1 opendkim opendkim  891 Jul 24 08:05 mail.private
-rw------- 1 root     root      308 Jul 24 08:05 mail.txt

G、修改 /etc/opendkim/KeyTable 配置文件

mail._domainkey.stamhe.com 
 stamhe.com:mail:/etc/opendkim/keys/stamhe.com/mail.private

H、修改 /etc/opendkim/SigningTable 配置文件

*@stamhe.com    mail._domainkey.stamhe.com

H、新增一条DNS记录

主机名:
mail._domainkey

记录值:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCptXy6RtzzWujOEfCAm96Kw/OAzGXGFXzky69T6crWOFl71R7Km8WDbJxLqmz1EfDwq5gVP7QP8lkKBbn/28KLIRlSmkzMaMB+JaZinZ3UJBvKZz6thBePSbAx9AuNU/IwLFlH1NXkK7DBk657EZusD3FgV3rx3sZzH6HcJ9O55wIDAQAB

记录值的来源:

root@stamhe:/etc/opendkim/keys/stamhe.com# cat mail.txt 
mail._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCptXy6RtzzWujOEfCAm96Kw/OAzGXGFXzky69T6crWOFl71R7Km8WDbJxLqmz1EfDwq5gVP7QP8lkKBbn/28KLIRlSmkzMaMB+JaZinZ3UJBvKZz6thBePSbAx9AuNU/IwLFlH1NXkK7DBk657EZusD3FgV3rx3sZzH6HcJ9O55wIDAQAB" )  ; ----- DKIM key mail for stamhe.com

I、重启postfix、opendkim服务

systemctl restart postfix
systemctl restart opendkim

测试opendkim的配置结果

opendkim-testkey -d stamhe.com -s mail -vvv

所有这些配置完毕,可以访问 下面的网站,用配置的账户信息,发送一封已经过去,测试一下得分情况。

http://www.mail-tester.com

在Mac、Linux平台下面编译比特币源码

比特币

下载托管在Github上面的比特币源码。以当前最新的 v0.18.0代码为例。

git clone https://github.com/bitcoin/bitcoin.git # 克隆最新版的比特币源码到本地。
cd bitcoin # 切换至比特币根目录。
git checkout v0.18.0 # 在当前分支上切换至 tag 为 v0.18.0 的版本,或省略此步骤以编译最新版。
git status # 查看当前状态(这里会显示版本信息),此步可省略。

Mac下面的依赖安装:

brew install automake berkeley-db4 libtool boost@1.64 miniupnpc openssl pkg-config protobuf python qt libevent qrencode

brew 默认安装指定库的最新版本,可以使用命令$ brew search <libname>查看指定库的所有版本。 bitcoin v0.18.0 对应的 boost 库的版本为1.64.0,可以从 bitcoin/depends/packages/boost.mk 中获取当前版本比特币对应的 boost 库的版本。

Ubuntu 16.04.x下面的依赖安装

安装基础编译依赖:

apt-get install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils python3

安装Boost依赖:

apt-get install libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-program-options-dev libboost-test-dev libboost-thread-dev

apt-get install libboost-all-dev

ubuntu 16.04.* 默认安装 boost 库的版本为 1.58.0,可满足 bitcoin v0.18.0 对 boost 库的需求。

安装DB4.8依赖:

apt-get install software-properties-common
add-apt-repository ppa:bitcoin/bitcoin
apt-get update
apt-get install libdb4.8-dev libdb4.8++-dev

安装upnp依赖miniupnpc依赖:

apt-get install libminiupnpc-dev

安装ZMQ依赖:

apt-get install libzmq3-dev

安装QT GUI依赖支持:

apt-get install libqt5gui5 libqt5core5a libqt5dbus5 qttools5-dev qttools5-dev-tools libprotobuf-dev protobuf-compiler # Qt 5
apt-get install libqt4-dev libprotobuf-dev protobuf-compiler # Qt 4 可选
apt-get install libqrencode-dev

编译构建:

./autogen.sh

./configure # 定制并生成 Makefile,例:关闭钱包功能,使用静态库链接得到移植后不依赖库文件的可执行文件,指定 boost 库路径等。

make -j4  # 使用 Makefile 进行比特币源码的编译,编译完成后会生成 4 至 6 个 ELF 程序,分别为 bitcoind、bitcoin-cli、bitcoin-tx、test_bitcoin,若安装了 Qt 图形库,则会增加 bitcoin-qt、test_bitcoin-qt。

make install # 该项可选,把编译好的比特币程序拷贝到系统默认的可执行程序目录 /usr/local/bin 下。

注:Mac 无法构建 bitcoin v0.18.0 的可执行文件 bitcoin-qt,因为 Mac 不支持 bitcoin v0.18.0 对应的 qt5.5 的构建。

《SpringBoot2从入门到工程实战》第十四篇:gRPC的接入

JavaSpringBoot

最近在改造公司的业务过程中,之前一直使用的是HTTP接口,接口性能基本在10-12 ms之间,对于短连接调用来说,性能其实已经算非常高的了,但是实际中发现,业务端的代码,写的实在是让人崩溃,部分业务接口,对于基础接口的调用,超过了20次+,如果每一个接口都是10-12 ms, 光是这些基础接口的调用,都是一件非常消耗时间的事情,没有办法,只好引入RPC框架了。

因为业务端是PHP 7.1,需要达到跨语言调用,所以目前合适的,比较成熟的也就是thrift、grpc两种了,其实dubbo也有一个基于swoole的php实现,但是经过测试,发现官方的框架,实在是太过随意了,怕有大坑,不敢使用。

经过权衡,还是最终选用了gRPC,所以本文还是以gRPC作为实践。关于gRPC与thrift之间的功能、性能差异,可以在网上找一找其他博主的文章。

本章示例工程名称:springboot_worker_grpc

代码地址:https://github.com/stamhe/SpringBoot-Work-Example

目录结构如下:


pom.xml内容:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.stamhe</groupId>
  <artifactId>springboot_worker_grpc</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>jar</packaging>

  <name>springboot_worker_grpc</name>
  <url>http://maven.apache.org</url>

  <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <java.version>1.8</java.version>
        
        <grpc.version>1.0.0</grpc.version>
        <protobuf.plugin.version>0.5.0</protobuf.plugin.version>
        <protoc.version>3.7.1</protoc.version>
  </properties>
  
  
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

  <dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    
    <dependency>  
        <groupId>org.springframework.boot</groupId>  
        <artifactId>spring-boot-starter-thymeleaf</artifactId>  
    </dependency> 
    
    <dependency>
  		<groupId>net.devh</groupId>
  		<artifactId>grpc-spring-boot-starter</artifactId>
  		<version>2.3.0.RELEASE</version>
	</dependency>
	
	
    <dependency>
  		<groupId>com.alibaba</groupId>
  		<artifactId>fastjson</artifactId>
  		<version>1.2.56</version>
	</dependency>
	
	
    <dependency>
    	<groupId>de.codecentric</groupId>
    	<artifactId>spring-boot-admin-starter-client</artifactId>
    	<version>2.1.4</version>
	</dependency>
	
	<dependency>
    	<groupId>org.springframework.boot</groupId>
    	<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
    
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <scope>test</scope>
    </dependency>
  </dependencies>
  
  <build>
  		<extensions>
            <extension>
                <groupId>kr.motd.maven</groupId>
                <artifactId>os-maven-plugin</artifactId>
                <version>1.5.0.Final</version>
            </extension>
        </extensions>
        
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            
            <plugin>
                <groupId>org.xolstice.maven.plugins</groupId>
                <artifactId>protobuf-maven-plugin</artifactId>
                <version>${protobuf.plugin.version}</version>
                <configuration>
                	<protoSourceRoot>${project.basedir}/src/main/proto</protoSourceRoot>
                    <protocArtifact>com.google.protobuf:protoc:${protoc.version}:exe:${os.detected.classifier}</protocArtifact>
                    <pluginId>grpc-java</pluginId>
                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
                    
                    <outputDirectory>${project.basedir}/src/main/java</outputDirectory>
                    <!-- 
                    巨坑的地方,一定要设置为false,否则上面设置的 src/main/java 目录的代码会全部被删除.
                    https://github.com/xolstice/protobuf-maven-plugin/issues/16
                    -->
                     <clearOutputDirectory>false</clearOutputDirectory>
                </configuration>
                <executions>
                    <execution>
                        <goals>
                            <goal>compile</goal>
                            <goal>compile-custom</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

注意:

1、使用了grpc-spring-boot-starter,免得自己手动集成很多东西

2、proto定义文件放置在 src/main/proto目录, 并在pom.xml添加自动生成命令即执行mvn compile 的时候,自动在 src/main/java目录生成protobuf和stub文件

3、clearOutputDirectory一定要配置为 false, 否则 src/main/java 目录代码会被删除。。。

App.java 内容:

package com.stamhe.springboot;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class App 
{
    public static void main( String[] args )
    {
    	SpringApplication.run(App.class, args);
    }
}

UserModel.java内容:

package com.stamhe.springboot.user.model;

import java.io.Serializable;

public class UserModel implements Serializable {
	private Long user_id;
	private String name;
	private String createTime;
	public Long getUser_id() {
		return user_id;
	}
	public void setUser_id(Long user_id) {
		this.user_id = user_id;
	}
	public String getName() {
		return name;
	}
	public void setName(String name) {
		this.name = name;
	}
	public String getCreateTime() {
		return createTime;
	}
	public void setCreateTime(String createTime) {
		this.createTime = createTime;
	}
	@Override
	public String toString() {
		return "UserModel [user_id=" + user_id + ", name=" + name + ", createTime=" + createTime + "]";
	}
}

UserService.java内容:

package com.stamhe.springboot.user.service;

import com.alibaba.fastjson.JSON;
import com.stamhe.springboot.common.proto.CommonReply;
import com.stamhe.springboot.user.model.UserModel;
import com.stamhe.springboot.user.proto.UserGrpc;
import com.stamhe.springboot.user.proto.UserRequest;

import io.grpc.stub.StreamObserver;
import net.devh.boot.grpc.server.service.GrpcService;

@GrpcService
public class UserService extends UserGrpc.UserImplBase {
	@Override
	public void userInfo(UserRequest request, StreamObserver<CommonReply> responseObserver) {

		UserModel userModel = new UserModel();
		userModel.setUser_id(request.getUserId());
		userModel.setName("Stam He");
		userModel.setCreateTime("2019-04-17 12:00:00");
		
		String json_data = JSON.toJSONString(userModel);
		
		CommonReply reply = CommonReply.newBuilder().setCode(0).setMessage("Success From UserService")
				.setData(json_data).build();
		
        responseObserver.onNext(reply);
        responseObserver.onCompleted();
	}
}

application.properties

grpc.server.port=9090
grpc.server.address=0.0.0.0

server.port=8080

我们自定义了grpc的端口为 9090

com.stamhe.springboot.*.proto 包下面的文件,都是自动生成的 protobuf和stub文件,此处不再列出。

到此,java相关的gRPC部分已经完全开发完成了。

从proto文件生成PHP代码,需要依赖 protoc、grpc_php_plugin这两个工具

安装方式如下:

git clone https://github.com/grpc/grpc.git
cd grpc
git submodule update --init
make grpc_php_plugin -j4

cp bins/opt/grpc_php_plugin   /usr/bin/
cp bins/opt/protobuf/protoc   /usr/bin/

grpc代码库比较大, 比较耗时,如果是在国内,最好开稳定的vpn.

PHP使用gRPC,需要依赖 2 个扩展,一个是grpc扩展,一个是protobuf扩展,编译安装方式如下(假设php安装在/opt/php7目录下):

wget -c "http://pecl.php.net/get/grpc-1.20.0RC3.tgz"
tar xvf grpc-1.20.0RC3.tgz
cd grpc-1.20.0RC3
/opt/php7/bin/phpize
./configure --with-php-config=/opt/php7/bin/php-config && make -j4 && make install

wget -c "http://pecl.php.net/get/protobuf-3.7.1.tgz"
tar xvf protobuf-3.7.1.tgz
cd protobuf-3.7.1
/opt/php7/bin/phpize
./configure --with-php-config=/opt/php7/bin/php-config && make -j4 && make install

然后在/opt/php7/etc/php.ini 中,添加上下面两个配置即可:
extension=grpc.so
extension=protobuf.so

配置好后,下面命令就可以看到两个扩展了
/opt/php7/bin/php -m |grep -E "grpc|protobuf"

使用proto文件,生成php使用的protobuf和stub文件,命令如下:

cd /data/lib
protoc --php_out=/data/lib   --grpc_out=/data/lib   --plugin=protoc-gen-grpc=/usr/bin/grpc_php_plugin   User.proto

则在 /data/lib就有我们需要的protobuf和stub php相关文件了。

为了使用方便,我们引入 composer 的autoload功能来管理所有php文件的加载

composer的安装命令如下:

wget https://dl.laravel-china.org/composer.phar -O /usr/local/bin/composer && chmod a+x /usr/local/bin/composer

composer.json 配置如下:

{
        "name" : "grpc-java/php",
        "require" : {
                "grpc/grpc" : "^v1.3.0",
                "google/protobuf" : "^v3.3.0"
        },
        "autoload" : {
                "classmap" : [
                        "lib/"
                ]
        }
}

放置此 composer.json 文件到 /data 目录, 执行下面的命令更新 autoload 文件列表

composer update

在 /data 目录,新建 main-autoload.php 文件, 内容如下:

<?php
require_once  __DIR__ . '/vendor/autoload.php';

use \Com\Stamhe\Springboot\User\Proto\UserClient;
use \Com\Stamhe\Springboot\User\Proto\UserRequest;

use \Com\Stamhe\Springboot\Common\Proto\CommonReply;

$start_time = microtime(true);

$obj = new UserClient('127.0.0.1:9090', [
    'credentials' => \Grpc\ChannelCredentials::createInsecure(),
    'timeout' => 1000,
]);


$req = new UserRequest();
$req->setUserId(10000);
$rsp = $obj->UserInfo($req)->wait();

$end_time = microtime(true);
printf("start_time = %s end_time = %s 【diff = %s】 ms\n", $start_time, $end_time, ($end_time - $start_time) * 1000.0);

list($rsp_data, $rsp_status) = $rsp;
var_dump($rsp_status);
var_dump($rsp_data->getCode());
var_dump($rsp_data->getMessage());
var_dump($rsp_data->getData());

启动 springboot 项目, 然后去 /data 目录执行 php main-autoload.php , 可得到如下结果:

start_time = 1555487705.4756 end_time = 1555487705.4959 【diff = 20.330905914307】 ms
object(stdClass)#12 (3) {
  ["metadata"]=>
  array(0) {
  }
  ["code"]=>
  int(0)
  ["details"]=>
  string(0) ""
}
int(0)
string(24) "Success From UserService"
string(69) "{"createTime":"2019-04-17 12:00:00","name":"Stam He","user_id":10000}"

说明:

1、rpc调用的请求成功与否,使用$rsp_status->code == 0 来确认

2、业务端的请求是否有问题,使用$rsp_data->getCode() 来确认

gRPC 的错误码说明文档:

https://github.com/grpc/grpc/blob/master/doc/statuscodes.md

完毕。