新服务器基础配置

Posted by JC on 2020-02-17 21:40:45 Updated on 2020-02-17 21:40:45

内网 ubuntu 镜像源

Ubuntu 镜像软件源 https://mirror.tuna.tsinghua.edu.cn/help/ubuntu/

Debian https://mirror.tuna.tsinghua.edu.cn/help/debian/

Docker https://mirror.tuna.tsinghua.edu.cn/help/docker-ce/

gitlab https://mirror.tuna.tsinghua.edu.cn/help/gitlab-ce/

gitlab-runner https://mirror.tuna.tsinghua.edu.cn/help/gitlab-runner/

pypi https://mirror.tuna.tsinghua.edu.cn/help/pypi/

基础软件

apt-get install wget curl zsh tmux git vim gcc g++

on-my-zsh

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

tmux

https://github.com/wklken/k-tmux

curl https://raw.githubusercontent.com/wklken/k-tmux/master/tmux.conf > ~/.tmux.conf

curl https://raw.githubusercontent.com/wklken/vim-for-server/master/vimrc > ~/.vimrc

vim

https://github.com/wklken/k-vim

https://github.com/wklken/vim-for-server

curl https://raw.githubusercontent.com/wklken/vim-for-server/master/vimrc > ~/.vimrc

pyenv

curl https://pyenv.run | bash

加入 zshrc

export PATH="/root/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"

Debian/Ubuntu 编译安装 python-3.8.2

pyenv 太慢

wget https://www.python.org/ftp/python/3.8.2/Python-3.8.2.tgz

gzip -d Python-3.8.2.tgz python-3.8.2

cd python-3.8.2

sudo apt-get install -y gcc make build-essential libssl-dev zlib1g-dev \
libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev \
libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev

sudo ./configure --enable-optimizations --prefix=/usr/python3

sudo make && sudo make install

pip install -U pip setuptools

postgresql

https://www.postgresql.org/download/linux/debian/

导出 导入

导出: pg_dump -f spendingviz-postgresql.sql spendingviz

导入:psql -d spendingviz -f export-postgresql/spendingviz-postgresql.sql

创建数据库 createdb spendingviz

删除数据库 dropdb spendingviz

启动 重启

/etc/init.d/postgresql start
/etc/init.d/postgresql restart

用户 密码 远程连接

sudo su postgres
createuser --interactive
chen
y
psql
\password chen
sudo vi /etc/postgres/9.5/main/postgresql.conf
listen_addresses = ‘*'
sudo vi /etc/postgres/9.5/main/pg_hba.conf
host all all 127.0.0.1/32 md5 下加一行
host all all 0.0.0.0/0 md5
psql -U postgres -d postgres
psql -U Chen -d postgres
pgcli -U Chen
pgcli -U Chen -d dbname
pgcli -h 107.170.238.235 -U chen -W -d dbname
\l
\du
\dt
\d entry
​```



### 根据系统配置生成优化的  postgresql.conf



http://pgtune.leopard.in.ua/



## rabbitmq

sudo apt-get install rabbitmq-server sudo rabbitmqctl add_user djshop passwordxxx sudo rabbitmqctl set_user_tags djshop administrator sudo rabbitmqctl set_permissions -p / djshop "." "." ".*"

rabbitmq-plugins enable rabbitmq_management rabbitmq_stomp rabbitmq_web_stomp

## nginx



verynginx: https://github.com/alexazhou/VeryNginx/blob/master/readme_zh.md



### proxy_params

proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;

### Django

server { listen 443 ssl; server_name breakwire.me; # location location /static { alias /root/ade/apps/static; } location /media { alias /root/ade/apps/media; } location / { include proxy_params; proxy_pass http://unix:/root/ade/ade.sock; } # Let Encrypt ssl on; ssl_certificate /etc/letsencrypt/live/breakwire.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/breakwire.me/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; allow all; # logs access_log /root/logs/nginx.access.log; error_log /root/logs/nginx.error.log; # gzip gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 5; gzip_types text/plain text/css application/javascript application/xml application/xhtml+xml application/json image/gif image/jpeg image/png; gzip_disable "MSIE [1-6]."; } server { listen 80; server_name breakwire.me; return 301 https://$server_name$request_uri; }

### breakwire.me 静态网页



Django 实例中的三个 location 换成下面这个

location / { root /root/lsdlab.github.io/; index index.html; }

### 端口反代

location / { proxy_pass http://localhost:3000; }

### wordpress.conf

server { root /var/www/html; # Add index.php to the list if you are using PHP index index.php index.html index.htm index.nginx-debian.html; # Let Encrypt listen 443 ssl; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # logs access_log /root/nginx-log/access.log; error_log /root/nginx-log/error.log; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php$is_args$args; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ .php$ { include snippets/fastcgi-php.conf; # # # With php7.0-cgi alone: fastcgi_pass 127.0.0.1:9000; # # With php7.0-fpm: # fastcgi_pass unix:/run/php/php7.0-fpm.sock; } # gzip gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 5; gzip_types text/plain application/x-javascript text/css application/xml application/json text/javascript image/jpeg image/png; gzip_disable "MSIE [1-6]."; } server { listen 80; server_name paikung.com; return 301 https://$server_name$request_uri; }

### /etc/nginx/nginx.conf 优化

user root; worker_processes 5; pid /run/nginx.pid;

include /etc/nginx/modules-enabled/*.conf;

events { worker_connections 1024; }

http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

log_format timed_combined '$remote_addr - $remote_user [$time_local]  '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent" $request_time $upstream_response_time';

client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;

include /etc/nginx/sites-enabled/*.conf;

}

## certbot

[https://letsencrypt.org](https://letsencrypt.org/)

https://github.com/acmesh-official/acme.sh/wiki/说明

https://certbot.eff.org/lets-encrypt/debianbuster-nginx

sudo apt-get install certbot python-certbot-nginx certbot certonly certbot certificates certbot delete --cert-name

## ssr

https://github.com/ToyoDAdoubi/doubi#ssrmush

wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssrmu.sh && chmod +x ssrmu.sh && bash ssrmu.sh ```

v2ray

https://toutyrater.github.io

https://www.v2ray.com/chapter_00/install.html

gitlab

https://about.gitlab.com/install/#debian

Gitlab Ce | 镜像站使用帮助 | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror

go-fastdfs

https://github.com/sjqzhang/go-fastdfs

nps

端口代理 SSH 代理工具

https://github.com/ehang-io/nps/releases

https://ehang-io.github.io/nps/#/run

下载对应的 server client,先启动服务端,然后新建客户端,客户端连接上服务端,在网页上新建一个 TCP 隧道,建立成功就可以从外网访问到内网上,记得使用复杂密码,不要被爆破。

其他

https://github.com/haiiiiiyun/awesome-selfhosted-cn

开发

  • Gogs Go 写的 Git 服务,部署容易,功能简单易用。已试用
  • Gitea Gogs 的 fork,有人嫌 Gogs 是一个人开发的,速度太慢功能太少,就 fork 了一个出来由社区继续开发。已试用
  • Sentry 应用的异常catch服务,免费账户消息数量有限制,Docker 起一个也很方便,各种应用、服务的异常全部搜集过来好处理。已试用,安装需要 2核2G以上机器
  • Mattermost 开源 IM,类似 Slack,已试用,并且用上域名和 HTTPS
  • Drone 一个新的 CI 工具,Docker 安装,试了一下,没安装成功,不过看界面还是挺不错的。
  • netdata 开源监控工具,黑色背景大屏看起来非常帅,安装升级都很简单,支持物联网设备,底层用 C 写成,所以不会非常消耗太多 CPU 和内存,已试用
  • https://github.com/ezaquarii/vpn-at-home
  • https://docs.gitea.io/zh-cn/install-from-binary/
  • https://gogs.io/docs/installation/install_from_binary

非开发

  • Syncthing 个人云存储,网页版,页面还是比较好看的。已试用
  • restic 备份工具
  • Misago 论坛,Python/Django 界面不错
  • elastic apm elasticsearch 的 apm 应用性能监控,目前支持 Node.js, Django, Flask