Init Server

  |   2 评论   |   607 浏览

1、添加用户

root@VM-0-8-ubuntu:/home/ubuntu# useradd -r -m -s /bin/bash lishulong  
root@VM-0-8-ubuntu:/home/ubuntu# passwd lishulong  
Enter new UNIX password:   
Retype new UNIX password:   
passwd: password updated successfully  
root@VM-0-8-ubuntu:/home/ubuntu#   

2、给用户权限sudo

编辑文件 新增一行  echo "lishulong ALL=(ALL:ALL) ALL" >> /etc/sudoers

root@VM-0-8-ubuntu:/home# chmod +w /etc/sudoers  
root@VM-0-8-ubuntu:/home# echo "lishulong ALL=(ALL:ALL) ALL" >>  /etc/sudoers

3、install app

  1. apt install nginx

  2. apt install screen

  3. docker https://docs.docker.com/install/linux/docker-ce/ubuntu/

  4. apt install docker-compose

3.1 install docker
sudo apt-get update

sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
    
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

apt-key fingerprint 0EBFCD88

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
   
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

4、https 匹配多域名证书生成

https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E


curl  https://get.acme.sh | sh  
​  
export DP_Id="126250"  
​  
export DP_Key="xxxx"  
​  
acme.sh   --issue   --dns dns_dp   -d  thinking.mobi -d blog.thinking.mobi -d xxxx  
​  
acme.sh  --installcert  -d  thinking.mobi   \  
 --key-file   /etc/nginx/ssl/thinking.mobi.key \  
 --fullchain-file /etc/nginx/ssl/fullchain.cer \  
 --reloadcmd  "service nginx force-reload"

5、nginx 代理

server {  
	 server_name blog.thinking.mobi;  
	 listen 443 ssl http2;  
	 ssl_certificate /etc/nginx/ssl/fullchain.cer;  
	 ssl_certificate_key /etc/nginx/ssl/thinking.mobi.key;  
	 ssl_session_timeout 5m;  
	 ssl_protocols TLSv1.1 TLSv1.2;  
	 ssl_prefer_server_ciphers on;  
	 ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";  
	 ssl_session_cache builtin:1000 shared:SSL:10m;  
	 location / {  
	 proxy_pass http://127.0.0.1:8000;  
	 }  
	 access_log  /etc/nginx/logs/blog.log;  
}

6、docker 镜像加速

sudo mkdir -p /etc/docker  
sudo tee /etc/docker/daemon.json <<-'EOF'  
{  
 "registry-mirrors": ["https://l1p6qgl0.mirror.aliyuncs.com"]  
}  
EOF  
sudo systemctl daemon-reload  
sudo systemctl restart docker

评论

  • lishulongVI 回复»

    http 重定向 到https

    server {
        listen 80;
        server_name blog.thinking.mobi;
        rewrite ^(.*)$  https://$host$1 permanent;
    }
    

  • lishulongVI 回复»

    新增二级域名的时候
    acme.sh --issue --dns dns_dp -d thinking.mobi -d open.thinking.mobi -d metabase.thinking.mobi -d blog.thinking.mobi -d yapi.thinking.mobi 追加就行
    追加完让证书生效:
    acme.sh --installcert -d thinking.mobi --key-file /etc/nginx/ssl/thinking.mobi.key --fullchain-file /etc/nginx/ssl/fullchain.cer --reloadcmd "service nginx force-reload"

发表评论