search

hhstore / blog

My Tech Blog: about Mojo / Rust / Golang / Python / Kotlin / Flutter / VueJS / Blockchain etc.
https://github.com/hhstore/blog/issues
292 stars 24 forks source link

VPS : Setup Ubuntu VPS. #36

Open hhstore opened 6 years ago

hhstore commented 6 years ago

📖 Abstract:

💯 Related:

反向代理 & 负载均衡:

域名解析:

域名购买:

hhstore commented 6 years ago

云主机 + Ubuntu 配置教程

Checklist:

参考:

配置 VPS 教程:

hhstore commented 2 years ago

配置服务器:

网络设置/静态IP:

更改镜像源:


sudo bash -c "cat << EOF > /etc/apt/sources.list && apt update
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF"

安装 clash:

下载包:


echo -e "export http_proxy=http://127.0.0.1:7890\nexport https_proxy=http://127.0.0.1:7890" >> ~/.bashrc

echo -e "export http_proxy=http://127.0.0.1:7890\nexport https_proxy=http://127.0.0.1:7890" >> ~/.zshrc
hhstore commented 2 years ago

从0配置 Ubuntu VPS 主机:

安装依赖:


apt update -y

apt install curl -y
apt install git -y
apt install zsh -y
apt install vim -y
apt install tmux -y

# ssh 登录保护:
apt install fail2ban -y

# Python 包安装: for docker-compose
apt install python3-pip -y


sudo apt update -y

sudo apt install curl -y
sudo apt install git -y
sudo apt install zsh -y
sudo apt install vim -y
sudo apt install tmux -y

# set zsh:
sudo chsh -s $(which zsh)

创建 dev 用户:


# 参数说明:
# -m 创建用户的主目录,如 /home/xxx
# -g 指定用户所属的群组
# -G 指定用户所属的附加群组,将新用户加入 sudo 群组中,以获得 root 权限
# -s 指定用户登入后所使用的shell。注意使用 /bin/bash 之类的路径,而非 /usr/bin/bash
useradd -m -g users -G sudo -s /bin/zsh dev

# 设置密码:
passwd dev

配置 zsh:

切换到新用户(注意要切换身份+env)

su - dev

q: 先不定制zsh(未装oh-my-zsh)

进入用户目录

cd ~

安装

sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

zsh theme:

wget https://raw.githubusercontent.com/skylerlee/zeta-zsh-theme/master/zeta.zsh-theme

# cp zeta.zsh-theme ~/.oh-my-zsh/themes

vim ~/.zshrc

ZSH_THEME="zeta"

自带:

ZSH_THEME="candy"

登出账号

exit

hhstore commented 2 years ago

配置 SSH key 登录:

非 server 版本 Ubuntu, 需要安装:


sudo apt install openssh-server -y

特别提醒:

✅ 基于密码的方式登录 VPS 主机: 


ssh root@22.33.22.33 -p 22

# 交互式输入密码

🔥 VPS 侧 设置:


cd ~
mkdir .ssh

ssh-keygen

cd .ssh/
cat id_rsa.pub >> authorized_keys

chmod 600 authorized_keys
chmod 700 ~/.ssh
image

更改配置:


vim /etc/ssh/sshd_config

# update:

RSAAuthentication yes
PubkeyAuthentication yes

PermitRootLogin yes

# set ok, then add this:
PasswordAuthentication no
image 

# 检测配置文件是否异常
sshd -t

# 重启
service sshd restart

本机设置:


# 放入本地路径: 追加一个 `换行符`
~/.ssh/vps/id_rsa.crypto

# 修正权限:
chmod 600 ~/.ssh/vps/id_rsa.crypto


# 示例方式:
ssh root@22.33.22.33 -p 22 -i ~/.ssh/vps/id_rsa.crypto
image

禁用密码访问服务器:


# 设置登录成功, 再改此:
PasswordAuthentication no


service sshd restart

ssh root@22.33.22.33 -p 22
image

配置 SSH Config


Host vps.hw    # 别名
    HostName xx.xxx.xx.xxx    # 替换 xx.xxx.xx.xxx 为服务器 ip 地址
    Port 22    # 端口,稍后会进行修改
    User xxx    # 用户名
    IdentityFile ~/.ssh/vps/key.hw    # 私钥文件


<img width="500" alt="image" src="https://github.com/hhstore/blog/assets/3252130/6a9fc6f5-3afb-425c-9dd9-e74076434aee">
hhstore commented 2 years ago

SSH 超时断开问题:


ClientAliveInterval 60
ClientAliveCountMax 3
hhstore commented 2 years ago

中间件定制:

Tmux 使用:


brew install tmux
hhstore commented 2 years ago

Linux 性能调优:

内核参数调优:

hhstore commented 2 years ago

安装 docker:

配置源:


# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update


# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings

# 
# change:
# - https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg
# 
sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

安装 docker 组件:


sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y


sudo docker run hello-world

配置 docker:

run Docker as a non-privileged user:

dockerd-rootless-setuptool.sh install

配置开机启动:


# 开机启动
sudo systemctl enable docker
sudo systemctl start docker
sudo systemctl status docker

创建 docker 用户组:

  1. 创建 docker 用户组

# 1. 创建 docker 用户组
sudo groupadd docker

# 2. 添加用户到 docker 用户组:
sudo usermod -aG docker $USER

# 3. 重启
sudo service docker restart

# 4. exit, 需要退出当前终端, 重新登入, 才能生效.
exit

验证 docker 配置成功: 


docker run hello-world

配置 docker-compose:


# 方法1:
apt install python3-pip -y

pip3 install docker-compose

# 方法2:
curl -sSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py

python3 get-pip.py

pip3 install docker-compose

限制 docker 容器日志:


{
  "log-driver": "json-file",
  "log-opts": { "max-size": "50m", "max-file": "3" }
}

{
  "log-driver": "local",
  "log-opts": {
    "max-size": "50m"
  }
}

sudo service docker restart
hhstore commented 2 years ago

docker 更新国内镜像源:

2024 更新源:


sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<EOF
{
    "registry-mirrors": [
        "https://hub.uuuadc.top",
        "https://docker.anyhub.us.kg",
        "https://dockerhub.jobcher.com",
        "https://dockerhub.icu",
        "https://docker.ckyl.me",
        "https://docker.awsl9527.cn"
    ]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker

可能已经过期的源:


sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<EOF
{
    "registry-mirrors": [
        "https://docker.m.daocloud.io",
        "https://hub.uuuadc.top",
        "https://docker.anyhub.us.kg",
        "https://dockerhub.jobcher.com",
        "https://dockerhub.icu",
        "https://docker.ckyl.me",
        "https://docker.awsl9527.cn"
    ]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker


# 自动走镜像源:
docker pull redis

docker run hello-world
hhstore commented 2 years ago

git 设置:


git config --global user.name "crypto"

git config --global user.email crypto@gmail.com

git config --global core.editor vim
hhstore commented 4 months ago

安全防护:

防止 SSH 登录扫描: 

apt install fail2ban -y

开启 BBR,root 账户执行

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
hhstore commented 4 months ago

Linux 服务器状态检测:

内核信息查看: 


hostnamectl

uname -a

cat /proc/version

查看磁盘空间:


df -Th
df -hl
df -h

查看内存: 


# 单位 MB
free -m

cat /proc/meminfo

查看最大文件描述符: 

cat /proc/sys/fs/file-max
9223372036854775807

ulimit -n
1024


# vim /etc/security/limits.conf

* soft nofile 65535
* hard nofile 65535