VPS装机装多了,就会感到非常枯燥和单调,但是每次想要动笔记录下来装机命令的时候,总是会想着,下次还不知道什么时候呢,就先这样吧,结果下次还是再翻文档,最后每次装机同样的工作都浪费了很多时间。
今天,趁着到手了一台新的VPS,就狠下心来,从第一行命令开始记录,希望帮到以后的自己和其他有需要的朋友。
::: tips
这些命令完全按照个人装机习惯,不一定适合所有人
:::
修改root密码
passwd挂载数据盘(如有)
# 查看数据盘名称 lsblk # 格式化分区(如果未格式化) sudo mkfs.ext4 /dev/vdb1 # 创建挂载点目录 sudo mkdir -p /data # 执行挂载命令 sudo mount /dev/vdb1 /data # 查看挂载情况 df -h lsblk # 设置开机挂载 echo "/dev/vdb1 /data ext4 defaults 0 0" >> /etc/fstab sudo mount -a安装nginx docker等必备软件
# 更新软件源 sudo apt update sudo apt upgrade # 准备防火墙 sudo ufw allow 22 sudo ufw enable # 安装nginx sudo apt install nginx sudo ufw allow 'Nginx HTTP' sudo ufw allow 'Nginx HTTPS' sudo ufw reload # 安装Docker curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo systemctl start docker sudo systemctl enable docker安装acme.sh申请证书
curl https://get.acme.sh | sh source .bashrc acme.sh --set-default-ca --server letsencrypt # Account_ID和账户绑定,Token Zone_ID和域名绑定 export CF_Token="xxxxxxxx" export CF_Zone_ID="xxxxxxxxxxxx" export CF_Account_ID="xxxxxxxxxxxxxx" acme.sh --issue --dns dns_cf -d you.domain -d "*.you.domain" mkdir -p ~/ssl/you.domain/ acme.sh --install-cert -d you.domain --key-file ~/ssl/you.domain/you.domain.key --fullchain-file ~/ssl/you.domain/you.domain.pem --reloadcmd "nginx -s reload"安装探针
wget https://raw.githubusercontent.com/cokemine/ServerStatus-Hotaru/master/status.sh bash status.sh c安装x-ui
bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/master/install.sh)配置x-ui对应的nginx设置
ufw allow面板端口登录面板,设置面板路径
打开
/etc/nginx/sites-enabled/default文件,替换为如下配置:server { listen 80; listen [::]:80; location /.well-known/ { root /var/www/html; } location / { rewrite ^(.*)$ https://$host$1 permanent; } } server { listen 443 ssl; listen [::]:443 ssl; server_name your.domain; #你的域名 ssl_certificate /root/ssl/your.domain/your.domain.pem; #证书位置 ssl_certificate_key /root/ssl/your.domain/your.domain.key; #私钥位置 ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; location / { proxy_pass https://xxx.your.domain; #伪装网址 proxy_redirect off; proxy_ssl_server_name on; sub_filter_once off; sub_filter "xxx.your.domain" $server_name; proxy_set_header Host "xxx.your.domain"; proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Language "zh-CN"; } location /xxxxxxxxxxxx { #分流路径 proxy_redirect off; proxy_pass http://127.0.0.1:xxxxx; #Xray端口 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /xxxx { #xui路径 proxy_redirect off; proxy_pass http://127.0.0.1:xxxxx; #xui监听端口 proxy_http_version 1.1; proxy_set_header Host $host; } }nginx -s reload重载nginxufw delete allow面板端口设置完成
