From 0b2f8a06d76eae85e3b004ab7c0f3af734371425 Mon Sep 17 00:00:00 2001 From: Cat Tom Date: Wed, 4 Mar 2026 18:54:18 +0800 Subject: [PATCH] edit Commands-for-Server-Operation-and-Maintenance --- ...ds-for-Server-Operation-and-Maintenance.md | 61 +++++++++++++------ 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/docs/tech/Commands-for-Server-Operation-and-Maintenance.md b/docs/tech/Commands-for-Server-Operation-and-Maintenance.md index 7f43df6..aeb5754 100644 --- a/docs/tech/Commands-for-Server-Operation-and-Maintenance.md +++ b/docs/tech/Commands-for-Server-Operation-and-Maintenance.md @@ -18,17 +18,20 @@ Maria: sudo systemctl enable ssh && sudo systemctl restart ssh && sudo systemctl status ssh ``` -接着,生成 SSH 密钥。进入 CatTomServer3-1 的终端,然后执行: +接着,生成并配置 SSH 密钥。进入 CatTomServer3-1 的终端,然后执行: ```bash + ssh-keygen -m PEM -t rsa -b 4096 -C "[username]@[server_ip]" -f ~/.ssh/[server_name] + ssh-copy-id -i /home/cattom/.ssh/[server_name].pub root@[server_ip] ``` 最后,修改 `/etc/ssh/sshd_config`: -- Port 22 → Port 25800 -- PermitRootLogin prohibit-password (取消该行注释) -- PasswordAuthentication yes → PasswordAuthentication no +- Port 22 → **Port 25800** +- PermitRootLogin **prohibit-password** (取消该行注释) +- PasswordAuthentication yes → PasswordAuthentication **no** +- (可选) PubkeyAuthentication **yes** 重启 SSH 服务以刷新配置: `sudo systemctl restart ssh` @@ -36,14 +39,14 @@ Maria: ```bash cd /root || exit - wget -c https://cattom.oss-cn-shenzhen.aliyuncs.com/"${SERVER}"/backup/[file_name].tar.gz + wget -c https://cattom.oss-cn-shenzhen.aliyuncs.com/[server_name]/backup/[file_name].tar.gz tar -zxvf [file_name].tar.gz sudo rm [file_name].tar.gz ``` ## 安装业务程序 (按需安装) -Traefik: +### Traefik 请到 [Releases - traefik/traefik](https://github.com/traefik/traefik/releases/latest) 检查最新版本。 @@ -56,13 +59,14 @@ Traefik: wget -c [link] tar -zxvf [file_name] && rm [file_name] LICENSE.md CHANGELOG.md && mv traefik /usr/local/bin/traefik - ln -s /root/maria/config/traefik/static.yaml /root/traefik/static.yaml && ln -s /root/maria/config/${SERVER}/traefik.yaml /root/traefik/dynamic.yaml + ln -s /root/maria/config/traefik/static.yaml /root/traefik/static.yaml + ln -s /root/maria/config/${SERVER}/traefik.yaml /root/traefik/dynamic.yaml ln -s /root/maria/config/systemd/traefik.service /etc/systemd/system/traefik.service && sudo systemctl daemon-reload sudo systemctl enable traefik.service && sudo systemctl restart traefik.service ``` -阿里云 CLI: +### 阿里云 CLI **注意: 请到 [RAM 访问控制](https://ram.console.aliyun.com/) 按照业务需求生成 AccessKey.** @@ -74,7 +78,7 @@ Traefik: aliyun configure set --profile profile1 --mode AK --access-key-id [AccessKeyID] --access-key-secret [AccessKeySecret] --region "cn-shenzhen" ``` -阿里云 CLI 现已集成阿里云 ossutil,示例: +阿里云 CLI 现已集成 ossutil,示例: ```bash # Example 1 @@ -83,25 +87,39 @@ Traefik: aliyun ossutil sync /root/blog/site oss://cattom-blog --force --update --delete --region cn-hongkong ``` -Flexget: +### Flexget + +安装 Flexget: ```bash - # 安装 Flexget cd /root || exit sudo apt -y install python3 python3-full python3-pip python3.12-venv python3 -m venv /root/flexget/ - /root/flexget/bin/pip install --upgrade pip setuptools && /root/flexget/bin/pip install flexget + /root/flexget/bin/pip install --upgrade pip setuptools + /root/flexget/bin/pip install flexget +``` - # 测试配置并启动后台进程 +测试配置并启动后台进程: + +```bash sudo ln -s /root/maria/config/flexget/config.yml /root/flexget/config.yml /root/flexget/bin/flexget -c /root/flexget/config.yml --test execute /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config +``` - # 设置开机自启动 - (crontab -u $(whoami) -l echo "@reboot /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config") | crontab -u $(whoami) - +设置开机自启动: - # 配置 alias - echo 'alias flexget="/root/flexget/bin/flexget -c /root/flexget/config.yml"' >>/root/.bashrc +```bash + ( + crontab -u $(whoami) -l + echo "@reboot /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config" + ) | crontab -u $(whoami) - +``` + +配置 alias: + +```bash + echo 'alias flexget="/root/flexget/bin/flexget -c /root/flexget/config.yml"' >> /root/.bashrc ``` ## 配置防火墙 @@ -112,7 +130,7 @@ Flexget: 所有在 Docker Compose 文件中没有定义特定监听地址的端口都不需要在 UFW 中放行。 -Maria 端口开放表: +Maria 非标端口开放表: | 服务器 | 端口 | 来源IP/IP段 | 目标IP/IP段 | 协议 | 备注 | | :----: | :---: | :---------: | :---------: | :---: | :-----------: | @@ -176,7 +194,10 @@ Maria 端口开放表: ## 配置自动备份 (可选) ```bash -(crontab -u $(whoami) -l echo "0 6 * * * /root/maria/script/backup.sh") | crontab -u $(whoami) - +( + crontab -u $(whoami) -l + echo "0 6 * * * /root/maria/script/backup.sh" +) | crontab -u $(whoami) - ``` ## 进入 Docker 容器的终端 @@ -201,7 +222,7 @@ Maria 端口开放表: # Check stats on client sudo df -h # Mount the directories at boot - sudo echo "[host_ip]:[/path/on/host] [/path/on/client] nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >>/etc/fstab + sudo echo "[host_ip]:[/path/on/host] [/path/on/client] nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >> /etc/fstab # Unmount NFS sudo umount [/path/on/client] ``` \ No newline at end of file