2

Andie's Blog

 2 years ago
source link: https://blog.andiedie.cn/posts/754e/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

记录一下新买的树莓派 4 的部署过程,包括系统安装、网络连接、基本配置、Xrdp、Docker、Shadowsocks、Frp、Node.js、RSSHub、Nginx、HTTPS 等内容。本文尽可能提供可以直接执行的 bash 命令,方便后续参考。

1. 系统安装

下载地址:Raspbian

为了方便之后使用 Xrdp 远程连接,下载的版本是带桌面的:

1569042878994

Windows 下写入系统可以使用 Win32 Disk Imager,注意设备不要选错了。

1569043176140

写入成功后,在盘符为 boot 的 TF 卡分区根目录下,创建一个名为 ssh 的空文件。新版的 Raspbian 默认不开启 ssh,需要通过这种方式手动开启。

将 TF 卡插入树莓派,连上网线和电源即可。

2. 网络连接

如果有显示器,直接接入显示器执行 ifconfig 即可获得 ip 地址。没有显示器的情况下,需要先使用网线连接,然后在路由器上查看树莓派有线网卡的 ip 地址。

1569043698593

使用 SSH 登录树莓派,用户 pi,密码为 raspberry

ssh pi@ip

使用 raspi-config 连接 WiFi

sudo raspi-config

1569043986105

设置完成后,树莓派会重启。(之后便用不上网线了)

3. 基本配置

# vim ~/.ssh/config
Host pi
  HostName pc.andiedie.cn
  Port 22
  User pi

无密码登录

ssh-copy-id pi
sudo raspi-config

使用国内镜像加速(清华大学开源软件镜像站

sudo mv /etc/apt/sources.list /etc/apt/sources.list.bak
sudo tee /etc/apt/sources.list <<-'EOF'
deb http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib
deb-src http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib
EOF

sudo mv /etc/apt/sources.list.d/raspi.list /etc/apt/sources.list.d/raspi.list.bak
sudo tee /etc/apt/sources.list.d/raspi.list <<-'EOF'
deb http://mirrors.tuna.tsinghua.edu.cn/raspberrypi/ buster main ui
EOF

sudo apt update
# 可选,升级所有依赖
sudo apt upgrade -y

安装常用软件

sudo apt install -y vim unzip

4. Xrdp 远程桌面

sudo apt install xrdp -y

打开 Windows 远程桌面,连接 ip:3389,用户密码留空。

连接成功后,再输入 pi 的账号和密码即可。

5. Docker

curl -fsSL get.docker.com | sh -s -- --mirror Aliyun
# 将当前用户加入 docker 用户组,避免 sudo
sudo usermod -aG docker $USER
# 镜像加速 阿里、七牛云、DaoCloud、Azure
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": [
    "https://【注意替换】.mirror.aliyuncs.com",
    "https://reg-mirror.qiniu.com",
    "http://【注意替换】.m.daocloud.io",
    "https://dockerhub.azk8s.cn"
  ]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

# 安装 Docker Compose
# 安装 Python
sudo apt install -y python python-pip libffi-dev python-backports.ssl-match-hostname
# Pip 镜像加速
pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
sudo pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
sudo pip install docker-compose

6. Shadowsock

# 安装
sudo apt install -y shadowsocks
# 配置
sudo tee /etc/shadowsocks/config.json <<-'EOF'
{
    "server": "【注意替换】",
    "server_port": "【注意替换】",
    "local_address": "127.0.0.1",
    "local_port": "1080",
    "password": "【注意替换】",
    "method": "【注意替换】"
}
EOF
# 开机启动
sudo tee /etc/systemd/system/sslocal.service <<-'EOF'
[Unit] 
Description = ShadowSocks Client 
After = network.target 

[Service] 
Type = simple 
User = root 
ExecStart = sslocal -c /etc/shadowsocks/config.json

[Install] 
WantedBy = multi-user.target
EOF
sudo systemctl start sslocal
sudo systemctl enable sslocal

# 安装 polipo 将 socks 协议转为 http
sudo apt install -y polipo
# 配置
sudo tee /etc/polipo/config <<-'EOF'
logSyslog = false
logFile = /var/log/polipo/polipo.log
socksParentProxy = "127.0.0.1:1080"
socksProxyType = socks5
proxyAddress = "127.0.0.1"
proxyPort = 1088
EOF
# 开机启动
sudo systemctl start polipo
sudo systemctl enable polipo

# 代理 alias
tee -a ~/.bashrc <<-'EOF'
alias pon='export use_proxy="on" && export http_proxy="http://127.0.0.1:1088/" && export https_proxy=$http_proxy && export ftp_proxy=$http_proxy && export dns_proxy=$http_proxy && export rsync_proxy=$http_proxy && export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"'
alias poff='unset use_proxy && unset http_proxy && unset https_proxy && unset ftp_proxy && unset dns_proxy && unset rsync_proxy && unset no_proxy'
EOF
source ~/.bashrc

7. Frp

# 开启代理
pon
# 下载
wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_arm.tar.gz
# 关闭代理
poff
# 解压
tar -xzf frp_0.29.0_linux_arm.tar.gz
# 移动到合适的位置
sudo mkdir -p /usr/sbin/frp
sudo mv frp_0.29.0_linux_arm/frps /usr/sbin/frp
sudo mkdir -p /etc/frp
# 清理
rm -f frp_0.29.0_linux_arm.tar.gz
rm -rf frp_0.29.0_linux_arm
# 配置
sudo tee /etc/frp/frps.ini <<-'EOF'
[common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = 【注意替换】
dashboard_pwd = 【注意替换】
token = 【注意替换】
EOF
# 开机自启
sudo tee /etc/systemd/system/frps.service <<-'EOF'
[Unit]
Description=FRP Server Daemon
After=network.target
Wants=network.target

[Service]
Type=simple
ExecStart=/usr/sbin/frp/frps -c /etc/frp/frps.ini
Restart=always

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl start frps
sudo systemctl enable frps

8. Node.js

sudo apt install -y nodejs npm
sudo npm i -g npm --registry=https://registry.npm.taobao.org
sudo npm i -g nrm --registry=https://registry.npm.taobao.org
nrm use cnpm
sudo npm i -g yarn n
pon
sudo n lts
poff

9. RSSHub

cd /home/pi/Desktop
pon
git clone https://github.com/DIYgod/RSSHub.git
poff
cd RSSHub/
yarn

# 开机启动
sudo tee /etc/systemd/system/rsshub.service <<-'EOF'
[Unit] 
Description = RSSHub
After = network.target 

[Service] 
Type = simple 
ExecStart = /bin/bash -c 'PROXY_PROTOCOL=socks PROXY_HOST=127.0.0.1 PROXY_PORT=1080 PROXY_URL_REGEX="instagram|twitter" TWITTER_CONSUMER_KEY=【注意替换】 TWITTER_CONSUMER_SECRET=【注意替换】 GITHUB_ACCESS_TOKEN=【注意替换】 yarn --cwd /home/pi/Desktop/RSSHub start'

[Install] 
WantedBy = multi-user.target
EOF

sudo systemctl start rsshub
sudo systemctl enable rsshub

10. Nginx

# 安装 Certbot
sudo apt install -y certbot
# 安装 nginx
sudo apt install -y nginx

# 打开 https://nginxconfig.io/?0.domain=rss.andiedie.cn&0.document_root=&0.redirect=false&[email protected]&0.php=false&0.proxy&0.proxy_pass=http:%2F%2F127.0.0.1:1200&0.root=false
# 下载 zip 文件,放到 /etc/nginx 目录下
cd /etc/nginx
# 解压
sudo unzip -o nginxconfig.io-rss.andiedie.cn.zip

# 生成 Diffie-Hellman 参数
sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048

# 获得泛域名证书(renew 也是这样)
sudo certbot certonly --preferred-challenges dns --manual -d *.andiedie.cn --email [email protected] --agree-tos --force-renewal --server https://acme-v02.api.letsencrypt.org/directory

# 根据要求给 DNS 添加 TXT 记录
# 还需要添加 CAA 记录,推荐 cloudflare
# CAA andiedie.cn 0 issue ";"

# 添加 SSL 证书通用配置
sudo tee /etc/nginx/ssl.conf <<-'EOF'
ssl_certificate /etc/letsencrypt/live/andiedie.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/andiedie.cn/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/andiedie.cn/chain.pem;
EOF

# 将 SSL 三连 改为
# include ssl.conf;
sudo vim /etc/nginx/sites-available/frp.andiedie.cn.conf
sudo vim /etc/nginx/sites-available/frp.andiedie.cn.conf

# 启动
sudo nginx -t && sudo systemctl reload nginx
sudo systemctl enable nginx

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK