新服务器基础配置

内网 ubuntu 镜像源

基础软件

1	apt-get install wget curl zsh tmux git vim gcc g++

on-my-zsh

1	sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

tmux

https://github.com/wklken/k-tmux

1
2
3

curl https://raw.githubusercontent.com/wklken/k-tmux/master/tmux.conf > ~/.tmux.conf

curl https://raw.githubusercontent.com/wklken/vim-for-server/master/vimrc > ~/.vimrc

vim

https://github.com/wklken/k-vim

https://github.com/wklken/vim-for-server

1	curl https://raw.githubusercontent.com/wklken/vim-for-server/master/vimrc > ~/.vimrc

pyenv

1	curl https://pyenv.run \| bash

加入 zshrc

1
2
3

export PATH="/root/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"

Debian/Ubuntu 编译安装 python-3.8.2

pyenv 太慢

wget https://www.python.org/ftp/python/3.8.2/Python-3.8.2.tgz

gzip -d Python-3.8.2.tgz python-3.8.2

cd python-3.8.2

sudo apt-get install -y gcc make build-essential libssl-dev zlib1g-dev \
libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev \
libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev

sudo ./configure --enable-optimizations --prefix=/usr/python3

sudo make && sudo make install

pip install -U pip setuptools

postgresql

https://www.postgresql.org/download/linux/debian/

导出导入

导出： pg_dump -f spendingviz-postgresql.sql spendingviz

导入： psql -d spendingviz -f export-postgresql/spendingviz-postgresql.sql

创建数据库 createdb spendingviz

删除数据库 dropdb spendingviz

启动重启

1 2	/etc/init.d/postgresql start /etc/init.d/postgresql restart

用户密码远程连接

sudo su postgres
createuser --interactive
chen
y
psql
\password chen
sudo vi /etc/postgres/9.5/main/postgresql.conf
listen_addresses = ‘*'
sudo vi /etc/postgres/9.5/main/pg_hba.conf
host all all 127.0.0.1/32 md5 下加一行
host all all 0.0.0.0/0 md5
psql -U postgres -d postgres
psql -U Chen -d postgres
pgcli -U Chen
pgcli -U Chen -d dbname
pgcli -h 107.170.238.235 -U chen -W -d dbname
\l
\du
\dt
\d entry
```



### 根据系统配置生成优化的  postgresql.conf



http://pgtune.leopard.in.ua/



## rabbitmq

sudo apt-get install rabbitmq-server
sudo rabbitmqctl add_user djshop passwordxxx
sudo rabbitmqctl set_user_tags djshop administrator
sudo rabbitmqctl set_permissions -p / djshop “.“ “.“ “.*”

rabbitmq-plugins enable rabbitmq_management rabbitmq_stomp rabbitmq_web_stomp




## nginx



verynginx: https://github.com/alexazhou/VeryNginx/blob/master/readme_zh.md



### proxy_params

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;




### Django

server {
listen 443 ssl;
server_name breakwire.me;
# location
location /static {
alias /root/ade/apps/static;
}
location /media {
alias /root/ade/apps/media;
}
location / {
include proxy_params;
proxy_pass http://unix:/root/ade/ade.sock;
}
# Let Encrypt
ssl on;
ssl_certificate /etc/letsencrypt/live/breakwire.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/breakwire.me/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”;
allow all;
# logs
access_log /root/logs/nginx.access.log;
error_log /root/logs/nginx.error.log;
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain text/css application/javascript application/xml application/xhtml+xml application/json image/gif image/jpeg image/png;
gzip_disable “MSIE [1-6].“;
}
server {
listen 80;
server_name breakwire.me;
return 301 https://$server_name$request_uri;
}




### breakwire.me 静态网页



Django 实例中的三个 location 换成下面这个

location / {
root /root/lsdlab.github.io/;
index index.html;
}




### 端口反代

location / {
proxy_pass http://localhost:3000;
}




### wordpress.conf

server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
# Let Encrypt
listen 443 ssl; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# logs
access_log /root/nginx-log/access.log;
error_log /root/nginx-log/error.log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php$is_args$args;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain application/x-javascript text/css application/xml application/json text/javascript image/jpeg image/png;
gzip_disable “MSIE [1-6].”;
}
server {
listen 80;
server_name paikung.com;
return 301 https://$server_name$request_uri;
}




### /etc/nginx/nginx.conf 优化

user root;
worker_processes 5;
pid /run/nginx.pid;

include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 1024;
}

http {
log_format main ‘$remote_addr - $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘“$http_user_agent” “$http_x_forwarded_for”‘;

log_format timed_combined '$remote_addr - $remote_user [$time_local]  '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent" $request_time $upstream_response_time';

client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;

include /etc/nginx/sites-enabled/*.conf;

}




## certbot

[https://letsencrypt.org](https://letsencrypt.org/)

https://github.com/acmesh-official/acme.sh/wiki/说明

https://certbot.eff.org/lets-encrypt/debianbuster-nginx

sudo apt-get install certbot python-certbot-nginx
certbot certonly
certbot certificates
certbot delete –cert-name




## ssr

https://github.com/ToyoDAdoubi/doubi#ssrmush

wget -N –no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssrmu.sh && chmod +x ssrmu.sh && bash ssrmu.sh




## v2ray

[https://toutyrater.github.io](https://toutyrater.github.io/)

https://www.v2ray.com/chapter_00/install.html



## gitlab

https://about.gitlab.com/install/#debian

[Gitlab Ce | 镜像站使用帮助 | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror](https://mirror.tuna.tsinghua.edu.cn/help/gitlab-ce/)



## go-fastdfs

https://github.com/sjqzhang/go-fastdfs



## nps

端口代理 SSH 代理工具



https://github.com/ehang-io/nps/releases

https://ehang-io.github.io/nps/#/run



下载对应的 server client，先启动服务端，然后新建客户端，客户端连接上服务端，在网页上新建一个 TCP 隧道，建立成功就可以从外网访问到内网上，记得使用复杂密码，不要被爆破。



## 其他

https://github.com/haiiiiiyun/awesome-selfhosted-cn



### 开发

- [Gogs](https://gogs.io/docs/installation/install_from_binary) Go 写的 Git 服务，部署容易，功能简单易用。**已试用**
- [Gitea](https://docs.gitea.io/zh-cn/install-from-binary/) Gogs 的 fork，有人嫌 Gogs 是一个人开发的，速度太慢功能太少，就 fork 了一个出来由社区继续开发。**已试用**
- [Sentry](https://docs.sentry.io/server/installation/) 应用的异常catch服务，免费账户消息数量有限制，Docker 起一个也很方便，各种应用、服务的异常全部搜集过来好处理。**已试用，安装需要 2核****2G****以上机器**
- [Mattermost](https://docs.mattermost.com/install/install-debian.html#) 开源 IM，类似 Slack，**已试用，并且用上域名和 HTTPS**
- [Drone](http://docs.drone.io/) 一个新的 CI 工具，[Docker 安装](https://docs.drone.io/server/provider/gitlab/)，试了一下，没安装成功，不过看界面还是挺不错的。
- [netdata](https://my-netdata.io/) 开源监控工具，黑色背景大屏看起来非常帅，安装升级都很简单，支持物联网设备，底层用 C 写成，所以不会非常消耗太多 CPU 和内存，**已试用**
- https://github.com/ezaquarii/vpn-at-home
- https://docs.gitea.io/zh-cn/install-from-binary/
- https://gogs.io/docs/installation/install_from_binary



### 非开发

- [Syncthing](https://syncthing.net/) 个人云存储，网页版，页面还是比较好看的。**已试用**
- [restic](http://restic.readthedocs.io/) 备份工具
- [Misago](https://misago.gitbook.io/docs/setup/misago) 论坛，Python/Django 界面不错
- [elastic apm](https://www.elastic.co/cn/solutions/apm) elasticsearch 的 apm 应用性能监控，目前支持 Node.js, Django, Flask