3

VPS常用脚本和常见问题

 1 year ago
source link: http://blog.76ers.site/2023/03/22/%E8%87%AA%E7%94%A8VPS%E5%B8%B8%E7%94%A8%E8%84%9A%E6%9C%AC%E5%92%8C%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

VPS常用脚本和常见问题

自用基于 centOs7

  • XUI
    bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
  • ACME
    curl https://get.acme.sh | sh
  • 流媒体查询
    bash <(curl -L -s https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/check.sh)
  • warp 刷IP
    bash <(curl -sSL https://raw.githubusercontent.com/fscarmen/warp_unlock/main/unlock.sh)
  • BBR内核加速
    wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"
    chmod +x tcp.sh
    ./tcp.sh

swap内存

添加虚拟内存

  • 使用 free -m 命令查看 swap 分区 
    [root@tripodcloud_214905 ~]# free -m
                  total        used        free      shared  buff/cache   available
    Mem:            475         126          40          26         308         310
    Swap:             0           0           0
  • 使用 dd 命令创建空的分区文件 
       [root@tripodcloud_214905 ~]# dd if=/dev/zero of=/opt/swap bs=1024 count=1024000
    1024000+0 records in
    1024000+0 records out
    1048576000 bytes (1.0 GB) copied, 16.6877 s, 62.8 MB/s
  • 将swap文件设置为swap分区文件 
    chmod 600 /opt/swap
    mkswap /opt/swap
  • 激活 swap 分区
    swapon /opt/swap

移除虚拟内存

  • 关闭swap
    swapoff /opt/swap
  • 删除 swap 分区
    rm -rf /opt/swap

添加HTTPS证书

curl https://get.acme.sh | sh

~/.acme.sh/acme.sh --register-account -m [email protected]

~/.acme.sh/acme.sh  --issue -d 域名.site --standalone

# 安装到root目录下
~/.acme.sh/acme.sh --installcert -d 域名.site --key-file /root/private.key --fullchain-file /root/cert.crt

使用cloudflare上的证书申请

acme.sh --issue --dns dns_cf -d 域名.site --server letsencrypt

# CF上的KEY和对应的EMAIL
export CF_Key="xxxx"

export CF_Email="[email protected]"

配置NGINX

修改SSH端口

vi /etc/ssh/sshd_config

# 修改 port 端口,重启sshd服务

systemctl restart sshd

修改SSH密码

修改SSH密码。登录ssh后, 通过命令:
passwd {用户名}

添加普通用户用作SSH登录

useradd ssher  
passwd ssher
普通用户管理员权限
sudo vim /etc/sudoers
# 先找到如下图所示的一行:
root ALL=(ALL) ALL
# 添加
用户名 ALL=(ALL) ALL

禁止ROOT用户登录

#vi /etc/ssh/sshd_config  
# PermitRootLogin yes     
PermitRootLogin no 
重启sshd服务   
#service sshd restart

添加防火墙

yum install firewalld firewalld-config
firewall-cmd --list-ports

开启关闭防火墙端口时,需要重启防火墙 systemctl restart firewalld.service

端口开启防火墙

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=81/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent

端口关闭防火墙

firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --zone=public --remove-port=22/tcp --permanent
firewall-cmd --zone=public --remove-port=21/tcp --permanent
firewall-cmd --zone=public --remove-port=53/udp --permanent

CentOs上安装软件时出现 Failed to Download Metadata for Repo ‘AppStream’ 问题

# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
# sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-*
# sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.epel.cloud|g' /etc/yum.repos.d/CentOS-Linux-*

默认xray设置

{
  "api": {
    "services": [
      "HandlerService",
      "LoggerService",
      "StatsService"
    ],
    "tag": "api"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 62789,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "127.0.0.1"
      },
      "tag": "api"
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "policy": {
    "system": {
      "statsInboundDownlink": true,
      "statsInboundUplink": true
    }
  },
  "routing": {
    "rules": [
      {
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api",
        "type": "field"
      },
      {
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "blocked",
        "type": "field"
      },
      {
        "outboundTag": "blocked",
        "protocol": [
          "bittorrent"
        ],
        "type": "field"
      }
    ]
  },
  "stats": {}
}

参考内容:

https://blog.csdn.net/herobacking/article/details/80371242
https://atpx.com/auto-update-ssl-with-acme/
https://wzfou.com/linux-vps-sh/
https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples
https://mrchi.cc/posts/selfhosted-bitwarden/


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK