VPS常用脚本和常见问题
source link: http://blog.76ers.site/2023/03/22/%E8%87%AA%E7%94%A8VPS%E5%B8%B8%E7%94%A8%E8%84%9A%E6%9C%AC%E5%92%8C%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
VPS常用脚本和常见问题
自用基于 centOs7
- XUI
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
- ACME
curl https://get.acme.sh | sh
- 流媒体查询
bash <(curl -L -s https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/check.sh)
- warp 刷IP
bash <(curl -sSL https://raw.githubusercontent.com/fscarmen/warp_unlock/main/unlock.sh)
- BBR内核加速
wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"
chmod +x tcp.sh
./tcp.sh
swap内存
添加虚拟内存
- 使用
free -m
命令查看 swap 分区[root@tripodcloud_214905 ~]# free -m
total used free shared buff/cache available
Mem: 475 126 40 26 308 310
Swap: 0 0 0 - 使用 dd 命令创建空的分区文件
[root@tripodcloud_214905 ~]# dd if=/dev/zero of=/opt/swap bs=1024 count=1024000
1024000+0 records in
1024000+0 records out
1048576000 bytes (1.0 GB) copied, 16.6877 s, 62.8 MB/s - 将swap文件设置为swap分区文件
chmod 600 /opt/swap
mkswap /opt/swap - 激活 swap 分区
swapon /opt/swap
移除虚拟内存
- 关闭swap
swapoff /opt/swap
- 删除 swap 分区
rm -rf /opt/swap
添加HTTPS证书
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --register-account -m [email protected]
~/.acme.sh/acme.sh --issue -d 域名.site --standalone
# 安装到root目录下
~/.acme.sh/acme.sh --installcert -d 域名.site --key-file /root/private.key --fullchain-file /root/cert.crt
使用cloudflare上的证书申请
acme.sh --issue --dns dns_cf -d 域名.site --server letsencrypt
# CF上的KEY和对应的EMAIL
export CF_Key="xxxx"
export CF_Email="[email protected]"
配置NGINX
修改SSH端口
vi /etc/ssh/sshd_config
# 修改 port 端口,重启sshd服务
systemctl restart sshd
修改SSH密码
修改SSH密码。登录ssh后, 通过命令:passwd {用户名}
添加普通用户用作SSH登录
useradd ssher
passwd ssher
普通用户管理员权限
sudo vim /etc/sudoers
# 先找到如下图所示的一行:
root ALL=(ALL) ALL
# 添加
用户名 ALL=(ALL) ALL
禁止ROOT用户登录
#vi /etc/ssh/sshd_config
# PermitRootLogin yes
PermitRootLogin no
重启sshd服务
#service sshd restart
添加防火墙
yum install firewalld firewalld-config
firewall-cmd --list-ports
开启关闭防火墙端口时,需要重启防火墙 systemctl restart firewalld.service
端口开启防火墙
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=81/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
端口关闭防火墙
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --zone=public --remove-port=22/tcp --permanent
firewall-cmd --zone=public --remove-port=21/tcp --permanent
firewall-cmd --zone=public --remove-port=53/udp --permanent
CentOs上安装软件时出现 Failed to Download Metadata for Repo ‘AppStream’ 问题
# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.epel.cloud|g' /etc/yum.repos.d/CentOS-Linux-*
默认xray设置
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}
参考内容:
https://blog.csdn.net/herobacking/article/details/80371242
https://atpx.com/auto-update-ssl-with-acme/
https://wzfou.com/linux-vps-sh/
https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples
https://mrchi.cc/posts/selfhosted-bitwarden/
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK