Open ourfor opened 5 years ago
管理服务器的一些好习惯:(web方面)
/var/www
下面,同时尽量使用dnf
安装软件,尽量少编译软件,编译软件,下载临时文件,把文件下载在目录/tmp
下面,这个目录下面的文件,重启后会自动删除的。最好不要更改caddy
默认读写的目录,因为这个目录caddy要用来存放证书的。php后台显示语法错误,大部分是PHP的一些依赖没有安装,全新的Fedora 29
需要关闭SELINUX
,使用/usr/sbin/sestatus
查看开闭状态,修改状态:
vim /etc/selinux/config
SELINUX=disabled
mailx
后,在/etc/mail.rc
头部添加:
set from=ourfor@126.com(肥猫瑞伊)
set smtp=smtps://smtp.126.com:465
set smtp-auth-user=ourfor@126.com
set smtp-auth-password=$密码$
set smtp-auth=login
平时我经常用到的软件有很多,记下来,一键安装,脚本以后再写:
sudo dnf install -y caddy zsh curl nmap wget vim youtube-dl git screen neofetch
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
安装mysql
链接
caddy在系统服务中打开ProtectHome=true
,这样就有资格访问/home
目录了
安装php
dnf install -y php-fpm php php-json
启动php-fpm
systemctl start php-fpm
监听9000
配合caddy
:
vim /etc/php-fpm.d/www.conf
在listen = /tmp/php-cgi.sock
下一行加上:
listen = 127.0.0.1:9000
重启php-fpm
systemctl restart php-fpm
设置ssh验证,免密码登陆:
scp .ssh/id_rsa.pub root@ip.ourfor.top:~/.ssh
如果服务器没有authorized_keys
:
cp id_rsa.pub authorized_keys
否则:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
配置Minecraft后台自动运行,来自agowa338
# Source: https://github.com/agowa338/MinecraftSystemdUnit/
# License: MIT
[Unit]
Description=Minecraft Server %i
After=network.target
[Service]
WorkingDirectory=/opt/minecraft/%i
PrivateUsers=true # Users Database is not available for within the unit, only root and minecraft is available, everybody else is nobody
User=minecraft
Group=minecraft
ProtectSystem=full # Read only mapping of /usr /boot and /etc
ProtectHome=true # /home, /root and /run/user seem to be empty from within the unit. It is recommended to enable this setting for all long-running services (in particular network-facing ones).
ProtectKernelTunables=true # /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be read-only within the unit. It is recommended to turn this on for most services.
# Implies MountFlags=slave
ProtectKernelModules=true # Block module system calls, also /usr/lib/modules. It is recommended to turn this on for most services that do not need special file systems or extra kernel modules to work
# Implies NoNewPrivileges=yes
ProtectControlGroups=true # It is hence recommended to turn this on for most services.
# Implies MountAPIVFS=yes
ExecStart=/bin/sh -c '/usr/bin/screen -DmS mc-%i /usr/bin/java -server -Xms512M -Xmx2048M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -jar $(ls -v | grep -i "FTBServer.*jar\|minecraft_server.*jar" | head -n 1) nogui'
ExecReload=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "reload"\\015'
ExecStop=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "say SERVER SHUTTING DOWN. Saving map..."\\015'
ExecStop=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "save-all"\\015'
ExecStop=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "stop"\\015'
ExecStop=/bin/sleep 10
Restart=on-failure
RestartSec=60s
[Install]
WantedBy=multi-user.target
#########
# HowTo
#########
#
# Create a directory in /opt/minecraft/XX where XX is a name like 'survival'
# Add minecraft_server.jar into dir with other conf files for minecraft server
#
# Enable/Start systemd service
# systemctl enable minecraft@survival
# systemctl start minecraft@survival
#
# To run multiple servers simply create a new dir structure and enable/start it
# systemctl enable minecraft@creative
# systemctl start minecraft@creative
安装
ffmpeg
,运行后老是出现符号未定义,后来新开了一台vps
发现全新的系统上面没有这个问题,所以我打算重装,得备份一下,这服务器我主要是弄了一些web服务,还有一些上网的东西,还好这些东西我都放在/root
目录下的,这样我新开一台主机,把备份的恢复过去,原来的主机重装之后,再用sftp
把重要的文件get
过来。