分类:技术&日志

开发过程遇到的问题记录及相关开发技巧

经纬度计算两地之间的距离

宗川凉介 评论

经纬度计算两地之间的距离

mysql

# 精华代码段
ROUND(6378.138*2*ASIN(SQRT(POW(SIN(({$latitude}*PI()/180-latitude*PI()/180)/2),2)+COS({$latitude}*PI()/180)*COS(latitude*PI()/180)*POW(SIN(({$longitude}*PI()/180-longitude*PI()/180)/2),2)))*1000) AS distance
# 完整代码段
$this->db->whereNotNull('u.longitude')->whereNotNull('u.latitude')->orderBy('distance', 'ASC')->get($this->getTable($this->table) . ' as r', null, "u.id as uid,r.id, ROUND(6378.138*2*ASIN(SQRT(POW(SIN(({$latitude}*PI()/180-latitude*PI()/180)/2),2)+COS({$latitude}*PI()/180)*COS(latitude*PI()/180)*POW(SIN(({$longitude}*PI()/180-longitude*PI()/180)/2),2)))*1000) AS distance , u.longitude, u.latitude, r.level");

PHP

    /**
     * 根据起点坐标和终点坐标测距离
     * @param  [array]   $from  [起点坐标(经纬度),例如:array(118.012951,36.810024)]
     * @param  [array]   $to    [终点坐标(经纬度)]
     * @param  [bool]    $km        是否以公里为单位 false:米 true:公里(千米)
     * @param  [int]     $decimal   精度 保留小数位数
     * @return [string]  距离数值
     */
    function getDistance($from,$to,$km=true,$decimal=2){
        sort($from);
        sort($to);
        $EARTH_RADIUS = 6370.996; // 地球半径系数

        $distance = $EARTH_RADIUS*2*asin(sqrt(pow(sin( ($from[0]*pi()/180-$to[0]*pi()/180)/2),2)+cos($from[0]*pi()/180)*cos($to[0]*pi()/180)* pow(sin( ($from[1]*pi()/180-$to[1]*pi()/180)/2),2)))*1000;

        if($km){
            $distance = $distance / 1000;
        }

        return round($distance, $decimal);
    }

相关资料

mysql php和js根据经纬度计算距离
MySql根据经纬度查询任意距离范围内数据
PHP根据经纬度计算两地之间的距离

APP支付SDK-支付宝-PHP

宗川凉介 评论

调试支付宝一直出现-ALIN10146-系统繁忙

出现的问题: ALIN10146-系统繁忙

  • 错误1: 由于在创建应用的使用选择了[公钥证书]加签方式、(PHP不要选择这一项、这个一旦确定就不可以修改了、只能重新创建提交审核)
  • 错误2: 参数加的位置错误
// 使用easyswoole集成的composer包-错误使用方式
        $aliConfig = new \EasySwoole\Pay\AliPay\Config();
        $aliConfig->setGateWay(\EasySwoole\Pay\AliPay\GateWay::NORMAL);
        $aliConfig->setAppId('2019091167181387');
        $aliConfig->setPublicKey('xxxxxx');
        $aliConfig->setPrivateKey('xxxxxxxx');
        $pay = new \EasySwoole\Pay\Pay();
        $order = new \EasySwoole\Pay\AliPay\RequestBean\App();
        $order->setSubject($orderDesc);
        $order->setOutTradeNo($orderSn);
        $order->setTotalAmount($money);
        $aliPay = $pay->aliPay($aliConfig);
        $result = $aliPay->app($order)->toArray();
        $result ['notify_url'] = 'http://261843m3y6.wicp.vip:52034/ali/pay_notify'; # 这个回调通知地址不可以加到这儿、可有可无
        foreach ($result as &$value) {
            $value = $this->characet($value, $result['charset']);
        }
        $body ['body'] = http_build_query($result);
        return $body;

// 使用easyswoole集成的composer包-正确使用方式
        $aliConfig = new \EasySwoole\Pay\AliPay\Config();
        $aliConfig->setGateWay(\EasySwoole\Pay\AliPay\GateWay::NORMAL);
        $aliConfig->setAppId('2019091167181387');
        $aliConfig->setPublicKey('xxxxxx');
        $aliConfig->setPrivateKey('xxxxxxxx');
        $aliConfig->setNotifyUrl('http://261843m3y6.wicp.vip:52034/ali/pay_notify'); # 需要的话通过这个方法添加
        $pay = new \EasySwoole\Pay\Pay();
        $order = new \EasySwoole\Pay\AliPay\RequestBean\App();
        $order->setSubject($orderDesc);
        $order->setOutTradeNo($orderSn);
        $order->setTotalAmount($money);
        $aliPay = $pay->aliPay($aliConfig);
        $result = $aliPay->app($order)->toArray();
        foreach ($result as &$value) {
            $value = $this->characet($value, $result['charset']);
        }
        $body ['body'] = http_build_query($result);
        return $body;

支付结果验签

// 使用easyswoole集成的composer包
        $param = $this->request()->getRequestParam();
        unset($param['sign_type']);
        $aliConfig = $this->aliPayConfig();
        $aliConfig->setPublicKey('支付宝公钥(当你生成公钥填入到支付宝开发平台、平台会生成一个公钥-共两个公钥)'); # 支付的时候用自己的公钥、验签用支付宝公钥
        $order = new \EasySwoole\Pay\AliPay\RequestBean\NotifyRequest($param,true);
        $pay = new \EasySwoole\Pay\Pay();
        $aliPay = $pay->aliPay($aliConfig);
        if($aliPay->verify($order)) {

沙箱配置

RSA(SHA1)密钥 和 RSA2(SHA256)密钥(推荐) 两个只要填写一个即可, RSA指得是工具中的1024, RSA2指得是工具生成的2048

应用网关: 指得是支付宝服务推送消息接收地址(我们自己服务器中的地址外网可访问的)

授权回调地址: 用于需要用户授权的处理的回调地址

阿里开发平台-APP应用添加

注意: 加签管理中-选择公钥(不要选择公钥证书-官方SDK没有提供PHP对证书的加签方式 需要自己实现-JAVA的官方SDK提供了)

秘钥生成工具

注意: 要选择PKCS1(非JAVA使用)

相关资料

调用接口-时序图 下拉到: 第四步:调用接口
请求参数
PHP服务端 SDK 生成 APP支付订单信息示例

生成 RSA 密钥
联调日志排查
沙箱调试 需要登录后-开发中心-开发服务-研发服务

ALIN10146-系统繁忙

支付宝接口错误代码 invalid-signature 错误原因: 验签出错
支付宝报错:系统繁忙,请稍后再试

遇到调试不同可以点击、有技术点我、图标然后输入”人工客服”

swoole开启openssl

宗川凉介 评论

安装swoole扩展两种方式1. pecl 2. 编译安装

环境说明

  • 宿机win10
  • 操作主机vbox-ubuntu
  • 安装主机docker [letsdockerize/laradock-php-fpm:2.4-7.2]

pecl方式安装

pecl install swoole-4.4.4

执行上面命令后待定一段时间后、会出现下面询问对话输入[y]就是开启, 但是在dockerfile中无法自动为其输入[y]. 方法未找到. dockerfile可以使用编译方式安装.

...
381 source files, building
running: phpize
Configuring for:
PHP Api Version:         20170718
Zend Module Api No:      20170718
Zend Extension Api No:   320170718
enable sockets supports? [no] : 
enable openssl support? [no] : 
enable http2 support? [no] : 
enable mysqlnd support? [no] : 
building in /tmp/pear/temp/pear-build-defaultusernDqLij/swoole-4.4.1
....

编译安装

    curl -o /tmp/swoole.tar.gz https://github.com/swoole/swoole-src/archive/v4.4.1.tar.gz -L && \
    tar zxvf /tmp/swoole.tar.gz && cd swoole-src* && \
    phpize && \
    ./configure \
    --enable-openssl  \
    --enable-http2  \
    --enable-async-redis \
    --enable-mysqlnd && \
    make && make install && \
    docker-php-ext-enable swoole

查看swoole扩展信息

php –ri swoole

出现openssl字符说明已启用openssl

root@4c5bf38c1a5d:/var/www/html# php --ri swoole

swoole

Swoole => enabled
Author => Swoole Team <team@swoole.com>
Version => 4.4.1
Built => Sep  6 2019 05:54:34
coroutine => enabled
epoll => enabled
eventfd => enabled
signalfd => enabled
cpu_affinity => enabled
spinlock => enabled
rwlock => enabled
openssl => OpenSSL 1.1.0j  20 Nov 2018
http2 => enabled
zlib => enabled
mutex_timedlock => enabled
pthread_barrier => enabled
futex => enabled
mysqlnd => enabled
async_redis => enabled

Directive => Local Value => Master Value
swoole.enable_coroutine => On => On
swoole.enable_library => On => On
swoole.enable_preemptive_scheduler => Off => Off
swoole.display_errors => On => On
swoole.use_shortname => On => On
swoole.unixsock_buffer_size => 8388608 => 8388608

pecl install 参数选择 pecl help install

Options:
  -f, --force
        will overwrite newer installed packages
  -l, --loose
        do not check for recommended dependency version
  -n, --nodeps
        ignore dependencies, install anyway
  -r, --register-only
        do not install files, only register the package as installed
  -s, --soft
        soft install, fail silently, or upgrade if already installed
  -B, --nobuild
        don't build C extensions
  -Z, --nocompress
        request uncompressed files when downloading
  -R DIR, --installroot=DIR
        root directory used when installing files (ala PHP's INSTALL_ROOT), use packagingroot for RPM
  -P DIR, --packagingroot=DIR
        root directory used when packaging files, like RPM packaging
  --ignore-errors
        force install even if there were errors
  -a, --alldeps
        install all required and optional dependencies
  -o, --onlyreqdeps
        install all required dependencies
  -O, --offline
        do not attempt to download any urls or contact channels
  -p, --pretend
        Only list the packages that would be downloaded

相关资料

pecl-swoole
github-swoole-tag
pecl 安装swoole怎么开启openssl | 如果是 Nginx 代理到 Swoole,那么 Swoole 不需要配置 SSL 编译Swoole时指定–enable-openssl或–with-openssl-dir可以开启SSL

expect – 自动交互脚本 待研究

Samba 共享资源的多重连接

宗川凉介 评论

Samba报错:不允许一个用户使用一个以上用户名与服务器或共享资源的多重连接

windows-执行CMD命令 处理后重新连接

net use
net use * /del /y

原文转载

转载地址

事实上这个不是samba的限制。是Windows的限制。

始终要用public=yes的话,上面的方法都不能有效解决,因为:

在打开存在public=yes的samba服务器时,如果首先点击了有public=yes的共享资源的时候,widows会用默认的用户名去连接服务器,一般就是windows的登录名(可以在服务器端查看到的),这时候,再去点击没有public=yes的共享资源,由于使用了user级别,服务器就会要求验证,这时,之前的默认登录已经存在,就出现了楼主的故障了。即使注销连接后如果没有采用正确的顺序访问共享资源,还是会陷入这个泥潭中。

因此,最好办法就是不用public=yes,给公共帐号建立一个共用的账户并公示出来。这样处理,其实权限更清晰一些。

使用以下命令解决

net use

net use * /del /y

不允许一个用户使用一个以上用户名与一个服务器或共享资源的多重连接

1 samba 是仿造 ms 共享的

2 你是不可能多重连接的。也就是说你不可能同时有两个身份同时访问一个资源。这不是samba或网络文件共享不完善,而是道理上讲不通。

例如

你可以卖1架飞机上的两张机票,1个经济舱。1个vip.但是你不能同时坐在你的经济舱位子和你的vip位子上。

那么你的问题就成了,我可否迅速切换这两个身份?

当然可以,有两种方法

1 你手动更换你的身份。跑道vip舱门外去,你再往里面走就要你身份认证了。具体方法楼上也跟你说了。

2 舱里每分钟剪一次票,自动踢你出去。当然对你来说这个数值越小越好,对别人就不一定。微软飞机默认15分钟剪1次。

3 你也可以选择缓存车票,或手动拿出车票。

我认为 net use 从命令角度

或用映射/断开 网络驱动器 的图形角度 都很方便

websocket-nginx反向代理

宗川凉介 评论

nginx反向代理easyswoole的http和websocket 

server {
    root /var/www/es;
    server_name esapi.test;
    # 代理http
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "keep-alive";
        proxy_set_header X-Real-IP $remote_addr;
        if (!-f $request_filename) {
             proxy_pass http://192.168.3.67:9501;
        }
        # 代理websocket就靠下面两行
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }
}

相关资料

官方文档参考

FTP服务器搭建

宗川凉介 评论

ubuntu-vsftpd服务器搭建 阿里云ECS-FTP服务器搭建

usermod -s /sbin/nologin testuser # 用户不可以ssh连接

需求

  • 不允许匿名用户访问
  • 不允许用户返回上级目录
  • 用户登录到自己的目录中

注意

  • 目录的权限不能太大 标准 755
  • 阿里云[安全组规则]

chroot_list_enable 与 chroot_local_user

  • 当 chroot_list_enable=yes,chroot_local_user=yes时,在/etc/vsftpd/chroot_list文件 中列出的用户,可以切换到上级目录;未在文件中列出的用户,不能切换到站点根目录的上级目录。
  • 当 chroot_list_enable=yes,chroot_local_user=no时,在/etc/vsftpd/chroot_list文件中 列出的用户,不能切换到站点根目录的上级目录;未在文件中列出的用户,可以切换到上级目录。
  • 当 chroot_list_enable=no,chroot_local_user=yes时,所有用户均不能切换到上级目录。
  • 当 chroot_list_enable=no,chroot_local_user=no时,所有用户均可以切换到上级目录。
  • 当用户不允许切 换到上级目录时,登录后ftp站点的根目录“/”是该ftp账户的主目录,即文件的系统的/var/ftp目录

安装

$ sudo apt-get update
$ sudo apt-get install vsftpd # 安装服务
$ sudo vsftpd -v # 查看版本号

配置

问题记录

ubuntu启用了PAM: vsftp时需要用到 /etc/pam.d/vsftpd 这个文件 因此除了匿名用户外本地用户无法登录。所以只要删除了就可以了

阿里被动模式端口配置

# 详细见[资料2]
pasv_enable=YES
pasv_min_port=61001
pasv_max_port=62000 # 在阿里云安全规则中添加 61001/62000
pasv_address=120.79.22.112 # 替换成自己服务器IP

最总修改后的配置

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=NO
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
#root_local_user=NO# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
local_root=/var/www/$USER 
user_sub_token=$USER
#local_root=/var/www/test
#local_root=/var/www
#local_root=/var/ftp/pub
#local_root=/var/www/bb
chroot_local_user=NO
chroot_list_enable=YES
allow_writeable_chroot=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

#pasv_enable=YES
pasv_min_port=61001
pasv_max_port=62000
pasv_address=120.79.22.112

#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES

参考资料

资料1-FTP客户端无法连接
资料2-阿里云安装 vsftpd 添加被动模式
资料3-Linux实例搭建FTP站点
资料4-Limit FTP access only to the /var/www with vsftpd
资料5-ubuntu 下的ftp详细配置
资料6-vsftp中控制用户是否允许切换到上级目录

apache配置

宗川凉介 评论

apahce 配置

多域名绑定

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.test.com
        ServerAlias test2.cn www.test.cn

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/test
         <Directory /var/www/test>
                 Options FollowSymLinks
                 AllowOverride All
                 Order allow,deny
                 allow from all
         </Directory>


        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

ipv6配置

<VirtualHost ip.v4.address:80 [ip.v6.address]:80>
...
</VirtualHost>