cattom/blog
0
0
Fork 0
Code Actions Activity

add
All checks were successful
Deploy / deploy (push) Successful in 44s
Details

Browse Source
This commit is contained in:
Cat Tom
2026-03-03 12:52:02 +08:00
parent 5bad5f8da2
commit 1bf21f2f4e
3 changed files with 198 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/deploy.yaml
View File

@@ -12,4 +12,4 @@ jobs:
username: "root" username: "root"
key: ${{ secrets.SSH_PRIVATE_KEY }} key: ${{ secrets.SSH_PRIVATE_KEY }}
command_timeout: 3h command_timeout: 3h
script: bash /root/maria/script/webhook/blog.sh script: bash /root/maria/script/action/blog.sh

196
docs/tech/Commands-for-Server-Operation-and-Maintenance.md Normal file
View File

@@ -0,0 +1,196 @@
# 服务器运行与维护常用命令
## 初始化
Maria:
```bash
git config --global credential.helper store && git clone https://github.com/cattomgithub/maria.git
cd maria/script && chmod +x *.sh && ./maria.sh
```
## 修改 SSH 配置
首先,启动 SSH 服务:
```bash
sudo systemctl enable ssh && sudo systemctl restart ssh && sudo systemctl status ssh
```
接着,生成 SSH 密钥。进入 CatTomServer3-1 的终端,然后执行:
```bash
ssh-copy-id -i /home/cattom/.ssh/[server_name].pub root@[server_ip]
```
最后,修改 `/etc/ssh/sshd_config`:
- Port 22 → Port 25800
- PermitRootLogin prohibit-password (取消该行注释)
- PasswordAuthentication yes → PasswordAuthentication no
重启 SSH 服务以刷新配置: `sudo systemctl restart ssh`
## 恢复备份文件/目录 (可选)
```bash
cd /root || exit
wget -c https://cattom.oss-cn-shenzhen.aliyuncs.com/"${SERVER}"/backup/[file_name].tar.gz
tar -zxvf [file_name].tar.gz
sudo rm [file_name].tar.gz
```
## 安装业务程序 (按需安装)
Traefik:
请到 [Releases - traefik/traefik](https://github.com/traefik/traefik/releases/latest) 检查最新版本。
```bash
mkdir /root/traefik
cd /root/traefik || exit
touch acme.json && chmod 600 acme.json
wget -c [link]
tar -zxvf [file_name] && rm [file_name] LICENSE.md CHANGELOG.md && mv traefik /usr/local/bin/traefik
ln -s /root/maria/config/traefik/static.yaml /root/traefik/static.yaml && ln -s /root/maria/config/${SERVER}/traefik.yaml /root/traefik/dynamic.yaml
ln -s /root/maria/config/systemd/traefik.service /etc/systemd/system/traefik.service && sudo systemctl daemon-reload
sudo systemctl enable traefik.service && sudo systemctl restart traefik.service
```
阿里云 CLI:
**注意: 请到 [RAM 访问控制](https://ram.console.aliyun.com/) 按照业务需求生成 AccessKey.**
```bash
cd /root || exit
/bin/bash -c "$(curl -fsSL https://aliyuncli.alicdn.com/install.sh)"
aliyun configure set --profile profile1 --mode AK --access-key-id [AccessKeyID] --access-key-secret [AccessKeySecret] --region "cn-shenzhen"
```
阿里云 CLI 现已集成阿里云 ossutil示例:
```bash
# Example 1
aliyun ossutil sync /root/backup/ oss://cattom/${SERVER}/backup/ --force --update --delete -e oss-cn-shenzhen.aliyuncs.com
# Example 2
aliyun ossutil sync /root/blog/site oss://cattom-blog --force --update --delete --region cn-hongkong
```
Flexget:
```bash
# 安装 Flexget
cd /root || exit
sudo apt -y install python3 python3-full python3-pip python3.12-venv
python3 -m venv /root/flexget/
/root/flexget/bin/pip install --upgrade pip setuptools && /root/flexget/bin/pip install flexget
# 测试配置并启动后台进程
sudo ln -s /root/maria/config/flexget/config.yml /root/flexget/config.yml
/root/flexget/bin/flexget -c /root/flexget/config.yml --test execute
/root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config
# 设置开机自启动
(crontab -u $(whoami) -l echo "@reboot /root/flexget/bin/flexget -c /root/flexget/config.yml daemon start -d --autoreload-config") | crontab -u $(whoami) -
# 配置 alias
echo 'alias flexget="/root/flexget/bin/flexget -c /root/flexget/config.yml"' >>/root/.bashrc
```
## 配置防火墙
!!! warning "注意"
所有经由 Tailscale 的连接都不需要在 UFW 中放行。
所有在 Docker Compose 文件中没有定义特定监听地址的端口都不需要在 UFW 中放行。
Maria 端口开放表:
| 服务器 | 端口 | 来源IP/IP段 | 目标IP/IP段 | 协议 | 备注 |
| :----: | :---: | :---------: | :---------: | :---: | :-----------: |
| 2 | 7100 | / | / | / | Frps 监听端口 |
| 2 | 18080 | 127.0.0.1 | / | / | Bitwarden |
| 2 | 5230 | 127.0.0.1 | / | / | Memos |
| 2 | 3002 | 127.0.0.1 | / | / | Homepage |
| 2 | 3100 | 127.0.0.1 | / | / | Gitea |
| 2 | 25801 | 127.0.0.1 | / | / | Gitea SSH |
| 服务器 | 端口 | 来源IP/IP段 | 目标IP/IP段 | 协议 | 备注 |
| :----: | :---: | :---------: | :---------: | :---: | :-------: |
| 3 | 6800 | 127.0.0.1 | / | / | Aria2 RPC |
| 3 | 6888 | / | / | / | Aria2 BT |
| 3 | 6888 | / | / | UDP | Aria2 BT |
```bash
# 重置防火墙
sudo ufw reset
# 添加默认条件
sudo ufw default allow outgoing # 默认允许所有数据出站
sudo ufw default deny incoming # 默认禁止所有数据入站
```
```bash
# SSH
sudo ufw allow 25800
# Web
sudo ufw allow 80 && sudo ufw allow 443
# Example 1
sudo ufw allow 7100
# Example 2
sudo ufw allow from 127.0.0.1 to any port 18080
# Example 3
sudo ufw allow 6888/udp
```
```bash
# 启用日志
sudo ufw logging medium
# 列出端口开放情况
sudo ufw status numbered
# 启用防火墙
sudo ufw enable
```
## 加载 Docker 容器
```bash
sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml pull
sudo docker compose -f /root/maria/config/"${SERVER}"/docker-compose.yml up -d --remove-orphans
sudo docker system prune -f
# 可选
sudo systemctl restart traefik
```
## 配置自动备份 (可选)
```bash
(crontab -u $(whoami) -l echo "0 6 * * * /root/maria/script/backup.sh") | crontab -u $(whoami) -
```
## NFS 配置
```bash
# Install
sudo apt -y update && sudo apt -y install nfs-kernel-server nfs-common
# Modify firewall on host
sudo ufw allow from [client_ip] to any port nfs
# Create mount point on client
sudo mkdir -p [/path/on/client]
# Mount directories on client
sudo mount [host_ip]:[/path/on/host] [/path/on/client]
# Check stats on client
sudo df -h
# Mount the directories at boot
sudo echo "[host_ip]:[/path/on/host] [/path/on/client] nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" >>/etc/fstab
# Unmount NFS
sudo umount [/path/on/client]
```

1
mkdocs.yml
View File

@@ -106,6 +106,7 @@ nav:
- "Docker Compose: 限制容器的资源使用": tech/Docker-Compose-Limiting-container-resource-usage.md - "Docker Compose: 限制容器的资源使用": tech/Docker-Compose-Limiting-container-resource-usage.md
- "创建和管理 Linux 服务器用于身份验证的 SSH 密钥": tech/Creating-and-Managing-SSH-Keys-for-Authentication-on-Linux-Servers.md - "创建和管理 Linux 服务器用于身份验证的 SSH 密钥": tech/Creating-and-Managing-SSH-Keys-for-Authentication-on-Linux-Servers.md
- "将已经失效的 Onedrive 账户从资源管理器边侧栏去除": tech/Remove-deactivated-Onedrive-accounts-from-Explorer-sidebar.md - "将已经失效的 Onedrive 账户从资源管理器边侧栏去除": tech/Remove-deactivated-Onedrive-accounts-from-Explorer-sidebar.md
- "服务器运行与维护常用命令": tech/Commands-for-Server-Operation-and-Maintenance.md
- "财经": - "财经":
- finance/index.md - finance/index.md
- "每日复盘": - "每日复盘":