搬瓦工有一台配置 20G VPS,现在谈谈我用这台 VPS 做什么。

配置更新

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 更改主机名
echo <hostname>.localdomain > /etc/hostname

# 更改密码
passwd

# 添加用户 fang 到用户组 users
useradd -g users fang

# 添加用户 sudo 权限
echo fang ALL=(ALL) ALL >> /etc/sudoers

# 启用 epel 源
nano /etc/yum.repos.d/epel.repo
# [epel] enabled=0 修改为 enabled=0

# 更新系统
yum upgrade

# 常用开发工具
yum -y groupinstall "Development tools"

ssh 远程延迟明显,我习惯于用 mosh

启用 epel 前提

1
yum install mosh

mosh

mosh 编译安装

1
2
3
4
5
6
7
8
# centos
yum install -y protobuf-devel ncurses-devel zlib-devel openssl-devel
git clone https://github.com/mobile-shell/mosh.git
cd mosh
./autogen.sh
./configure
make
make install

zsh

1
2
3
4
5
6
7
8
9
10
11
12
sudo yum install zsh

# oh-my-zsh
sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

# 开启 z 自动路径跳转
nano ~/.zshrc
# 编辑文本添加 z
plugins=(
git
z
)

仅秘钥登录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# 服务器端生成秘钥
ssh-keygen -t rsa -b 4096 -f authorized_keys
mkdir ~/.ssh
chmod 700 ~/.ssh
authorized_keys.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

# 下载到本地
scp -P 端口 用户名@ip:秘钥路径 下载到本地路径

# 开启秘钥登录
sudo nano /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes

# 关闭密码登录
PasswordAuthentication no

# 允许 root ssh 登录
PermitRootLogin yes

# 重启 ssh 服务 (用 root 用户)
service sshd restart

搭建静态博客

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# 添加 nginx 源
# centos
nano /etc/yum.repos.d/nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

# 安装 nginx
yum install nginx

# nginx conf 配置
nano /etc/nginx/conf.d/your_nginx_conf.conf

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name ; # 域名
root ; # 静态网站目录
# 目录位置建议 /usr/share/nginx/ 下

ssl on;
http2_push_preload on

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;


location / {
}

error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

# http 跳转到 https
nano /etc/nginx/conf.d/your_nginx_conf_re.conf

server {
listen 80;
listen [::]:80;
server_name ; #域名
return 301 https://fxtaoo.com$request_uri;
}


# 安装 ssl 证书
# Let's Encrypt
# centos 7 nginx
sudo yum install python2-certbot-nginx
sudo certbot --nginx

shadowsocks

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# centos 7 编译依赖
sudo yum -y install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel

# 安装 ss-server
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive
./autogen.sh && ./configure && make
make install

# 配置文件
nano /usr/local/etc/ss-server-config.json

{
"server":"0.0.0.0",
"server_port":, # 端口
"password":"", # 密码
"timeout":300,
"user":"nobody",
"method":"xchacha20-ietf-poly1305",
"fast_open":true,
"nameserver":"8.8.8.8",
}


# systemctl 启动脚本
sudo nano /etc/systemd/system/ss-server.service

[Unit]
Description=ss-server-systemctl
After=network.target

[Service]
ExecStartPre=/bin/sh -c 'ulimit -n 51200'
ExecStart=/usr/local/bin/ss-server -c /usr/local/etc/ss-server-config.json
Restart=on-abort

[Install]
WantedBy=multi-user.target

# 优化
sudo nano /etc/sysctl.conf
# 文本添加
net.ipv4.tcp_fastopen = 3
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1

更新记录

2018-10-22 添加配置、nginx、ss

参阅

1 nginx: Linux packages
2 HTTP/2 服务器推送(Server Push)教程
3 Best way to configure Nginx SSL + force HTTP to redirect to HTTPS + force www to non-www on Serverpilot free plan (by using Nginx configuration file only)
4 Let’s Encrypt
5 certbot
6 shadowsocks-libev
7 搭建Git服务器
8 处理git clone命令的非标准SSH端口连接
9 SSH Config 那些你所知道和不知道的事