Linux | yang's.cc

2019-10-242019-10-24

Debian 上安裝YunoHost面板

詳細安裝說明 https://yunohost.org/#/install_manually

一旦有了Debian 9 （內核> = 3.12）並訪問了服務器上的命令行（直接或通過SSH），就可以通過以root身份運行命令來安裝yunohost：

curl https://install.yunohost.org | bash

（如果curl未在系統上安裝，則可能需要使用進行安裝apt install curl。否則，如果命令沒有執行任何操作，則可能需要apt install ca-certificates）

2019-10-242019-10-24

Debian 9上安裝VestaCP面板

官網：https://vestacp.com/
進階的安裝設定可參考官網說明
操作系統支援 CentOS、Debian、Ubuntu

# Connect to your server as root via SSH
ssh [email protected]
# Download installation script
curl -O http://vestacp.com/pub/vst-install.sh
# Run it
bash vst-install.sh

2018-11-04

NGINX線上產生器 NGINXCONFIG

網址：https://nginxconfig.io/

NGINXCONFIG 可以透過簡單的方式產生 Nginx 的設定檔

2018-10-012018-10-01

透過Linux每天自動登入PTT

1.確認系統有無expect
# which expect
/user/bin/expect
沒有的話請裝安裝相關套件
CentOS：yum -y install expect
Debian：apt-get -y install expect

2.建立執行檔內容 ptt.sh (ID和PW更改自己要的)

#!/usr/bin/expect
spawn ssh -oBatchMode=no -oStrictHostKeyChecking=no [email protected]
set BBS_ID “YOUR_ID”
set BBS_PW “YOUR_PW”
expect {
“請輸入代號” { send “$BBS_ID\r” ; exp_continue }
“請輸入您的密碼” { send “$BBS_PW\r” ; exp_continue }
“您想刪除其他重複登入的連線嗎” { send “N\r” ; exp_continue }
“您要刪除以上錯誤嘗試的記錄嗎” { send “N\r” ; exp_continue }
“任意鍵繼續” { send “q\r” ; exp_continue }
“密碼不對喔” { exit }
“裡沒有這個人啦” { exit }
“請勿頻繁登入以免造成系統過度負荷” { send “\r” ; exp_continue }
“請按任意鍵繼續” { send “\r” ; exp_continue }
“oodbye” { interact }
exit

3.改變檔案為可執行檔
# chmod +x ptt.sh

4.利用crontal來啟動執行
# crontab -e
* */3 * * * /ptt.sh > /log/ptt.log
(每3個小時執行一次)
* * */1 * * /ptt.sh > /log/ptt.log
(每天執行一次)
* 0 * * * /ptt.sh > /log/ptt.loc
(每天的0時執行一次)

2018-09-262024-04-21

受保護的內容: 一鍵安裝KMS伺服器-轉載秋水逸冰

2018-09-192018-09-20

Debian 9 安裝 Nginx PHP7 Mariadb…

1.更改時區

timedatectl set-timezone Asia/Taipei

2.Update && Upgrade
apt-get -y update && apt-get upgrade -y

3.安裝基本套件
apt-get install -y openssl ssl-cert php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli
php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-mysql php7.0-mcrypt bzip2 nginx mariadb-server mariadb-client

sed -i ‘s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/’ /etc/php/7.0/fpm/php.ini

4.設定並驗證 Mariadb
mysql_secure_installation

mysql -u root -p
show databases; #檢查目前的資料庫項目
exit #離開

5.新增資料庫
CREATE DATABASE wordpress;

6.資料庫權限
GRANT ALL PRIVILEGES ON wordpress.* TO root@localhost IDENTIFIED BY ‘password’;

7.資料庫設定生效
FLUSH PRIVILEGES;

8.建立 SSL
mkdir -p /var/www/html/ssl
cd /var/www/html/ssl
openssl req -new -x509 -days 365 -nodes -out /var/www/html/ssl/xxx.crt -keyout /var/www/html/ssl/xxx.key
chmod 600 xxx.crt
chmod 600 xxx.key

9.設定站點權限為www-date;
chown -R www-data:www-data /var/www

10.建立站點

nano /etc/nginx/conf.d/xxx.conf

server {
listen 80;
server_name xxx.com;
rewrite ^(.*) https://$server_name$1 permanent;
}

server {
listen 443;
server_name xxx.com;
ssl on;

#SSL Certificate you created
ssl_certificate /var/www/html/ssl/xxx.crt;
ssl_certificate_key /var/www/html/ssl/xxx.key;

location / {
root /var/www/html/xxx.com;
index index.php index.html index.htm;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

location ~ \.php$ {
root /var/www/html/xxx.com;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

11.Install vsftpd
apt-get install -y vsftpd

nano /etc/vsftpd.conf
anonymous_enable=No
local_enable=YES
write_enable=YES

nano /etc/ftpusers
#root

12.iptables 設定
nano /etc/firewall.server #建立規則

##############################################################
# http port 80
iptables -A INPUT -i venet0 -p tcp –dport 80 -j ACCEPT

# https port 443
iptables -A INPUT -i venet0 -p tcp –dport 443 -j ACCEPT

# vsftpd port 21
iptables -A INPUT -i venet0 -p tcp –dport 21 -j ACCEPT

# pptpd prot 1723
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
# NAT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT –to-source x.x.x.x
iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -o ppp+ -j ACCEPT
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

##############################################################
chmod 700 /etc/firewall.server #更改權限
sed -i ‘/^exit 0/i\sh /etc/firewall.server’ /etc/rc.local #在 /etc/rc.local 最後一行 exit 0 之前加入 sh /etc/firewall.server

13.安裝PPTPD
apt-get install pptpd

nano /etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
#logwtmp

nano /etc/ppp/options
ms-dns 8.8.8.8
ms-dns 8.8.4.4
ms-dns 168.95.1.1
#require-mppe-128

nano /etc/ppp/chap-secrets
name pptpd password *

nano /etc/sysctl.conf
net.ipv4.ip_forward=1

sysctl -p

14.安裝fail2ban
yum -y install fail2ban

15.啟用rc.local
nano /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will “exit 0” on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0
EOF

chmod +x /etc/rc.local

systemctl start rc-local

2018-09-01