服务器重装设置指南
2024-05-25
前言
其实也不算指南把,因为最近要帮 her.blue 的服务器重新装系统和全线使用 docker 安装应用,在操作过程做顺便做了个记录,希望能帮到你。
数据备份
- 在操作之前最好做各个服务器快照,以防万一
- 如果没有快照就对所有程序、数据库等单独自己做数据备份
本次操作过程就装完系统后就立马触发这个问题需要重新装系统,还好数据都有备份。
服务安全加固
添加非root用户
sudo adduser username添加用户
添加用户到 sudo 用户组
sudo usermod -aG sudo usernameid username这个命令可以查看用户有什么权限
生成安全密钥
切换到新增加的用户,生成该用户的安全密钥
ssh-keygen -t rsa -b 4096cat id_rsa.pub >> authorized_keys
设置ssh,启用密钥登录
编辑 /etc/ssh/sshd_config 文件,进行如下设置:
RSAAuthentication yes
PubkeyAuthentication yes
你也可以将root用户禁用登录(禁用后root用户就不能登录了,一定要先把普通用户的登录测试好后再禁用
PermitRootLogin yes
最后设置完后禁用密码登录
PasswordAuthentication no
重启SSH服务
sudo service sshd restart
安装Nginx
在debain8.9安装nginx失败,按下方的操作更换源也不行,后来无奈把系统重新做到11.8后才可以正常安装
先更新apt
sudo apt-get update
安装
sudo apt-get install nginx
换源
可能会因为网络问题更新失败,需要换源 没用,最后换了系统版本。
# 备份
cp /etc/apt/sources.list /etc/apt/sources.list.bak
sudo vim /etc/apt/sources.list
# 阿里镜像
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
# 中科大
deb http://mirrors.ustc.edu.cn/ubuntu/ precise-updates main restricted
deb-src http://mirrors.ustc.edu.cn/ubuntu/ precise-updates main restricted
deb http://mirrors.ustc.edu.cn/ubuntu/ precise universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ precise universe
deb http://mirrors.ustc.edu.cn/ubuntu/ precise-updates universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ precise-updates universe
deb http://mirrors.ustc.edu.cn/ubuntu/ precise multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ precise multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ precise-updates multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ precise-updates multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
# 搜狐源
deb http://mirrors.sohu.com/ubuntu/ precise-updates main restricted
deb-src http://mirrors.sohu.com/ubuntu/ precise-updates main restricted
deb http://mirrors.sohu.com/ubuntu/ precise universe
deb-src http://mirrors.sohu.com/ubuntu/ precise universe
deb http://mirrors.sohu.com/ubuntu/ precise-updates universe
deb-src http://mirrors.sohu.com/ubuntu/ precise-updates universe
deb http://mirrors.sohu.com/ubuntu/ precise multiverse
deb-src http://mirrors.sohu.com/ubuntu/ precise multiverse
deb http://mirrors.sohu.com/ubuntu/ precise-updates multiverse
deb-src http://mirrors.sohu.com/ubuntu/ precise-updates multiverse
deb http://mirrors.sohu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ precise-backports main restricted universe multiverse
# 网易源
deb http://mirrors.163.com/ubuntu/ precise-updates main restricted
deb-src http://mirrors.163.com/ubuntu/ precise-updates main restricted
deb http://mirrors.163.com/ubuntu/ precise universe
deb-src http://mirrors.163.com/ubuntu/ precise universe
deb http://mirrors.163.com/ubuntu/ precise-updates universe
deb-src http://mirrors.163.com/ubuntu/ precise-updates universe
deb http://mirrors.163.com/ubuntu/ precise multiverse
deb-src http://mirrors.163.com/ubuntu/ precise multiverse
deb http://mirrors.163.com/ubuntu/ precise-updates multiverse
deb-src http://mirrors.163.com/ubuntu/ precise-updates multiverse
deb http://mirrors.163.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ precise-backports main restricted universe multiverse
在更新过程中出现 E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporari 错误,通过以下命令解锁
sudo rm /var/lib/apt/lists/lock
安装Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
安装Docker-compose
一键安装
sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
添加执行权限
sudo chmod +x /usr/local/bin/docker-compose
添加链接到bin目录
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
如果docker-compose没有设置user设置,可能会以root等高权限组的用户创建,此时需要修改文件夹、文件权限,其中1001是你的目标用户、用户组
chown -R 1001:1001 文件夹、目录名称
在使用docker-compose创建容器时如果不是非要用到root权限,建议加上 user: 1001:1001,文件夹权限使用普通用户,1001 可以是你的非root用户id。
Docker-compose安装MySQL
version: '3.1'
services:
mysql:
container_name: mysql
image: mysql:8.0
restart: always
user: 1001:1001
ports:
- 10001:3306
environment:
MYSQL_ROOT_PASSWORD: example
volumes:
- /home/herblue/data/mysql-data/data:/var/lib/mysql
- /home/herblue/data/mysql-data/config:/etc/mysql/conf.d
进入mysql中添加用户、创建数据
sudo docker exec -it mysql bash
mysql -u root -p
CREATE DATABASE ghost_test;
CREATE USER 'ghost_test'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON ghost_test.* TO 'ghost_test'@'localhost';
FLUSH PRIVILEGES;
登录域最好给任意,我设置为localhost似乎不能登录
DockerCompose安装ghost
Ghost中环境变量的server__port会直接开启外部端口。
version: '3.1'
services:
ghost:
container_name: ghost
image: ghost:latest
restart: always
user: 1001:1001
ports:
- "10002:8080"
environment:
server__host: "127.0.0.1"
server__port: 10002
portal__url: "https://npm.webcache.cn/@tryghost/portal@~{version}/umd/portal.min.js"
sodoSearch__url: "https://npm.webcache.cn/@tryghost/sodo-search@~{version}/umd/sodo-search.min.js"
sodoSearch__styles: "https://npm.webcache.cn/@tryghost/sodo-search@~{version}/umd/main.css"
comments__url: "https://npm.webcache.cn/@tryghost/comments-ui@~{version}/umd/comments-ui.min.js"
comments__styles: "https://npm.webcache.cn/@tryghost/comments-ui@~{version}/umd/main.css"
logging__level: "error"
#database__client: sqlite3
#database__connection__filename: "content/data/ghost-sqlite.db"
database__client: mysql
database__connection__host: "127.0.0.1"
database__connection__port: 10001
database__connection__user: "ghost-test"
database__connection__password: "test"
database__connection__database: "ghost_test"
url: https://yourdomain
volumes:
- /home/herblue/data/ghost-data:/var/lib/ghost/content
network_mode: "host"
备份
建议对所有容器数据进行容灾备份,避免出现被黑、脑残操作等等意外导致数据丢失。
我其实之前写过一个备份脚本,不过在上次搬家的时候忘记备份了,还挺可惜的。
不过现在有ChatGPT辅助,重新生成一个完善点的也不是什么难题。
mysql的备份脚本内用到了一个my.cnf文件,请自省提前copy到mysql容器内
#!/bin/bash
set -e # 遇到错误停止执行
set -x # 打开调试模式
# 设置参数
BACKUP_DIR="/home/username/backup"
TARGET_DIR="/home/username/data"
DATABASES=("ghost_prod" "test" "test2") # 数据库列表
ZIP_PASSWORD="your_zip_password"
DATE=$(date +"%Y%m%d%H%M%S")
MYSQL_CONTAINER_NAME="mysql"
USER_HOME="/home/username" # 请根据实际用户主目录路径修改
TEMP_BACKUP_DIR="$USER_HOME/backup_temp_$DATE"
# 检查并创建所需的目录
mkdir -p "$BACKUP_DIR"
mkdir -p "$TEMP_BACKUP_DIR"
# 1. 自动将指定目录的数据复制到临时备份目录
if [ -d "$TARGET_DIR" ]; then
cp -r "$TARGET_DIR"/* "$TEMP_BACKUP_DIR"
else
echo "Target directory $TARGET_DIR does not exist"
exit 1
fi
# 2. 自动将指定的 MySQL 数据库导出成 SQL 文本并放到临时备份目录中
for MYSQL_DATABASE in "${DATABASES[@]}"; do
SQL_FILE="$TEMP_BACKUP_DIR/${MYSQL_DATABASE}_backup_${DATE}.sql"
# 从Docker容器中导出数据库
docker exec "$MYSQL_CONTAINER_NAME" sh -c "mysqldump --defaults-extra-file=/root/.my.cnf $MYSQL_DATABASE" > "$SQL_FILE"
done
# 3. 将临时备份目录打包成带密码的压缩包
ARCHIVE_NAME="backup_${DATE}.zip"
if ! zip -r -P "$ZIP_PASSWORD" "$BACKUP_DIR/$ARCHIVE_NAME" "$TEMP_BACKUP_DIR"; then
echo "Failed to create backup archive"
exit 1
fi
# 删除临时备份目录
rm -rf "$TEMP_BACKUP_DIR"
# 4. 备份文件保留规则
find "$BACKUP_DIR" -type f -name "*.zip" | while read backup_file; do
backup_date=$(basename "$backup_file" | grep -o -E '[0-9]{14}')
backup_epoch=$(date -d "$backup_date" +%s)
current_epoch=$(date +%s)
diff_days=$(( (current_epoch - backup_epoch) / 86400 ))
if [ $diff_days -ge 365 ]; then
# 保留最近365天的一个备份
if [ $diff_days -gt 365 ]; then
rm "$backup_file"
fi
elif [ $diff_days -ge 150 ]; then
# 保留最近150天的一个备份
if [ $(( diff_days % 150 )) -ne 0 ]; then
rm "$backup_file"
fi
elif [ $diff_days -ge 90 ]; then
# 保留最近90天的一个备份
if [ $(( diff_days % 90 )) -ne 0 ]; then
rm "$backup_file"
fi
elif [ $diff_days -ge 30 ]; then
# 保留前30天的一个备份
if [ $(( diff_days % 30 )) -ne 0 ]; then
rm "$backup_file"
fi
elif [ $diff_days -ge 7 ]; then
# 保留最近一个星期每天的备份
if [ $(( diff_days % 7 )) -ne 0 ]; then
rm "$backup_file"
fi
fi
done
echo "Backup completed and expired backups cleaned"
rclone备份
然后再利用rclone将备份文件夹同步到OneDrive就好了,以下是安装命令
sudo -v ; curl https://rclone.org/install.sh | sudo bash
安装完后通过 rclone config 配置远端储存服务,具体的教程可以自己搜一下。
加入评论