From 1bf21f2f4e5e7ac6250d910e846dc398092f0060 Mon Sep 17 00:00:00 2001 From: Cat Tom Date: Tue, 3 Mar 2026 12:52:02 +0800 Subject: [PATCH] add --- .gitea/workflows/deploy.yaml | 2 +- ...ds-for-Server-Operation-and-Maintenance.md | 196 ++++++++++++++++++ mkdocs.yml | 1 + 3 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 docs/tech/Commands-for-Server-Operation-and-Maintenance.md diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index c44a4cc..1331f34 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -12,4 +12,4 @@ jobs: username: "root" key: ${{ secrets.SSH_PRIVATE_KEY }} command_timeout: 3h - script: bash /root/maria/script/webhook/blog.sh \ No newline at end of file + script: bash /root/maria/script/action/blog.sh \ No newline at end of file diff --git a/docs/tech/Commands-for-Server-Operation-and-Maintenance.md b/docs/tech/Commands-for-Server-Operation-and-Maintenance.md new file mode 100644 index 0000000..b3f6fac --- /dev/null +++ b/docs/tech/Commands-for-Server-Operation-and-Maintenance.md @@ -0,0 +1,196 @@ +# 服务器运行与维护常用命令 + +## 初始化 + +Maria: + +```bash + git config --global credential.helper store && git clone https://github.com/cattomgithub/maria.git + + cd maria/script && chmod +x *.sh && ./maria.sh +``` + +## 修改 SSH 配置 + +首先,启动 SSH 服务: + +```bash + sudo systemctl enable ssh && sudo systemctl restart ssh && sudo systemctl status ssh +``` + +接着,生成 SSH 密钥。进入 CatTomServer3-1 的终端,然后执行: + +```bash + ssh-copy-id -i /home/cattom/.ssh/[server_name].pub root@[server_ip] +``` + +最后,修改 `/etc/ssh/sshd_config`: + +- Port 22 → Port 25800 +- PermitRootLogin prohibit-password (取消该行注释) +- PasswordAuthentication yes → PasswordAuthentication no + +重启 SSH 服务以刷新配置: `sudo systemctl restart ssh` + +## 恢复备份文件/目录 (可选) + +```bash + cd /root || exit + wget -c https://cattom.oss-cn-shenzhen.aliyuncs.com/"${SERVER}"/backup/[file_name].tar.gz + tar -zxvf [file_name].tar.gz + sudo rm [file_name].tar.gz +``` + +## 安装业务程序 (按需安装) + +Traefik: + +请到 [Releases - traefik/traefik](https://github.com/traefik/traefik/releases/latest) 检查最新版本。 + +```bash + mkdir /root/traefik + cd /root/traefik || exit + + touch acme.json && chmod 600 acme.json + + wget -c [link] + tar -zxvf [file_name] && rm [file_name] LICENSE.md CHANGELOG.md && mv traefik /usr/local/bin/traefik + + ln -s /root/maria/config/traefik/static.yaml /root/traefik/static.yaml && ln -s /root/maria/config/${SERVER}/traefik.yaml /root/traefik/dynamic.yaml + + ln -s /root/maria/config/systemd/traefik.service /etc/systemd/system/traefik.service && sudo systemctl daemon-reload + sudo systemctl enable traefik.service && sudo systemctl restart traefik.service +``` + +阿里云 CLI: + +**注意: 请到 [RAM 访问控制](https://ram.console.aliyun.com/) 按照业务需求生成 AccessKey.** + +```bash + cd /root || exit + + /bin/bash -c "$(curl -fsSL https://aliyuncli.alicdn.com/install.sh)" + + aliyun configure set --profile profile1 --mode AK --access-key-id [AccessKeyID] --access-key-secret [AccessKeySecret] --region "cn-shenzhen" +``` + +阿里云 CLI 现已集成阿里云 ossutil,示例: + +```bash + # Example 1 + aliyun ossutil sync /root/backup/ oss://cattom/${SERVER}/backup/ --force --update --delete -e oss-cn-shenzhen.aliyuncs.com + # Example 2 + aliyun ossutil sync /root/blog/site oss://cattom-blog --force --update --delete --region cn-hongkong +``` + +Flexget: + +```bash + # 安装 Flexget + cd /root || exit + sudo apt -y install python3 python3-full python3-pip python3.12-venv + python3 -m venv /root/flexget/ + /root/flexget/bin/pip install --upgrade pip setuptools && /root/flexget/bin/pip install flexget + + # 测试配置并启动后台进程 + sudo ln -s /root/maria/config/flexget/config.yml /root/flexget/config.yml + /root/flexget/bin/flexget -c /root/flexget/config.yml --test execute + /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config + + # 设置开机自启动 + (crontab -u $(whoami) -l echo "@reboot /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config") | crontab -u $(whoami) - + + # 配置 alias + echo 'alias flexget="/root/flexget/bin/flexget -c /root/flexget/config.yml"' >>/root/.bashrc +``` + +## 配置防火墙 + +!!! warning "注意" + + 所有经由 Tailscale 的连接都不需要在 UFW 中放行。 + + 所有在 Docker Compose 文件中没有定义特定监听地址的端口都不需要在 UFW 中放行。 + +Maria 端口开放表: + +| 服务器 | 端口 | 来源IP/IP段 | 目标IP/IP段 | 协议 | 备注 | +| :----: | :---: | :---------: | :---------: | :---: | :-----------: | +| 2 | 7100 | / | / | / | Frps 监听端口 | +| 2 | 18080 | 127.0.0.1 | / | / | Bitwarden | +| 2 | 5230 | 127.0.0.1 | / | / | Memos | +| 2 | 3002 | 127.0.0.1 | / | / | Homepage | +| 2 | 3100 | 127.0.0.1 | / | / | Gitea | +| 2 | 25801 | 127.0.0.1 | / | / | Gitea SSH | + +| 服务器 | 端口 | 来源IP/IP段 | 目标IP/IP段 | 协议 | 备注 | +| :----: | :---: | :---------: | :---------: | :---: | :-------: | +| 3 | 6800 | 127.0.0.1 | / | / | Aria2 RPC | +| 3 | 6888 | / | / | / | Aria2 BT | +| 3 | 6888 | / | / | UDP | Aria2 BT | + +```bash + # 重置防火墙 + sudo ufw reset + # 添加默认条件 + sudo ufw default allow outgoing # 默认允许所有数据出站 + sudo ufw default deny incoming # 默认禁止所有数据入站 +``` + +```bash + # SSH + sudo ufw allow 25800 + # Web + sudo ufw allow 80 && sudo ufw allow 443 + + # Example 1 + sudo ufw allow 7100 + # Example 2 + sudo ufw allow from 127.0.0.1 to any port 18080 + # Example 3 + sudo ufw allow 6888/udp +``` + +```bash + # 启用日志 + sudo ufw logging medium + # 列出端口开放情况 + sudo ufw status numbered + # 启用防火墙 + sudo ufw enable +``` + +## 加载 Docker 容器 + +```bash + sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml pull + sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml up -d --remove-orphans + sudo docker system prune -f + # 可选 + sudo systemctl restart traefik +``` + +## 配置自动备份 (可选) + +```bash +(crontab -u $(whoami) -l echo "0 6 * * * /root/maria/script/backup.sh") | crontab -u $(whoami) - +``` + +## NFS 配置 + +```bash + # Install + sudo apt -y update && sudo apt -y install nfs-kernel-server nfs-common + # Modify firewall on host + sudo ufw allow from [client_ip] to any port nfs + # Create mount point on client + sudo mkdir -p [/path/on/client] + # Mount directories on client + sudo mount [host_ip]:[/path/on/host] [/path/on/client] + # Check stats on client + sudo df -h + # Mount the directories at boot + sudo echo "[host_ip]:[/path/on/host] [/path/on/client] nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >>/etc/fstab + # Unmount NFS + sudo umount [/path/on/client] +``` \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 33f04ea..60c0111 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -106,6 +106,7 @@ nav: - "Docker Compose: 限制容器的资源使用": tech/Docker-Compose-Limiting-container-resource-usage.md - "创建和管理 Linux 服务器用于身份验证的 SSH 密钥": tech/Creating-and-Managing-SSH-Keys-for-Authentication-on-Linux-Servers.md - "将已经失效的 Onedrive 账户从资源管理器边侧栏去除": tech/Remove-deactivated-Onedrive-accounts-from-Explorer-sidebar.md + - "服务器运行与维护常用命令": tech/Commands-for-Server-Operation-and-Maintenance.md - "财经": - finance/index.md - "每日复盘":