Loading... # 放置pubkey mkdir -p ~/.ssh/ touch ~/.ssh/authorized_keys cat <<'EOF'> ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsFITm4ITWJPBvnD4pzVQQ7+gumY//IjWo2V8ciU+1Rzfv4IjYh25yPv0K6pf06JGtHyOGTkPzIWx85wtuNZ96cst6hjfzw7pp2IVy31DBPae6lMLhylZxrYmg8KAZE6msR1QKE4J3d8qFvyQWhOVcOF6gv5d5NPKR0vcQbOFtdAxoLGZE1/x3BXjCeb4IXA+bnXPgwB01a+cNEg8kLnt74DvoJU+aS2iX90hKOrMQ1yLzpoA0gHE38yJ9E2DfA5b6NiNcJU8r5wonWz9U08ztYTjsK1SAHSgXd5xgUlW2ImYASuxTznXIF9ehInCPxk/Khw6zKp2TaDnZUWojS1D5iEug0e+wVeuBtIMQdnHtNQtolKBzPmcSyr+SAGKdUU+y1oF6L9N4Ilu/Y1xUYfRP8s/qPUr8NBVkTyPiKslZKUeSVtn3hw5+FFR9ieKpvDinLizhkP/KWN2fKlQOjWHyB1ln4c00BjMc7HHCBioV+fN5YecFbIF82Wdr6p/XMVU= jacky EOF # 查看版本 cat /etc/redhat-release # 设置本地编码 要将 CentOS 的本地区域设置更改为 `zh_CN.UTF-8`(中文简体UTF-8编码),你可以执行以下步骤: 1. 打开终端并以超级用户(root)权限登录,或者使用 sudo 进行操作。 2. 首先,查看可用的语言和区域设置: localectl list-locales 确保 `zh_CN.UTF-8` 在列表中。 3. 设置系统的语言和区域设置为 `zh_CN.UTF-8`: localectl set-locale LANG=zh_CN.UTF-8 4. 更新系统的区域设置配置: source /etc/locale.conf 5. 重启系统以使更改生效: reboot 在系统重新启动后,你的本地区域设置应该已经更改为 `zh_CN.UTF-8`。这将影响系统的界面语言、日期格式和其他相关设置。请注意,这仅更改系统级别的区域设置。对于特定用户的区域设置,可以使用 `~/.bashrc` 或 `~/.bash_profile` 文件进行自定义。 # 修改主机名 hostnamectl set-hostname master #reboot # 修改hosts vim /etc/hosts # 添加如下内容 10.0.1.9 master 10.0.1.5 node1 # 修改时区 rm -f /etc/localtime ; ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 时间同步 yum install -y chrony systemctl restart chronyd systemctl enable chronyd systemctl status chronyd # 关闭selinux # 临时关闭selinux setenforce 0 # 设置永久关闭selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # 关闭交换分区 # 临时关闭交换分区 swapoff -a # 永久关闭交换分区 sed -i '/ swap / s/^/#/' /etc/fstab # 关闭防火墙 systemctl disable firewalld systemctl stop firewalld iptables -t filter -F # 修改更新源 cd /etc/yum.repos.d/ && mkdir bak && mv * bak/ cat <<EOF>/etc/yum.repos.d/CentOS-Base.repo [base] name=CentOS- enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/centos/7/os/x86_64 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7 [updates] name=CentOS- enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/centos/7/updates/x86_64/ gpgcheck=1 gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7 [extras] name=CentOS- enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/centos/7/extras/x86_64/ gpgcheck=1 gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7 EOF cat <<EOF>/etc/yum.repos.d/docker-ce.repo [docker-ce-stable] name=Docker CE Stable - \$basearch baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/\$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-stable-debuginfo] name=Docker CE Stable - Debuginfo \$basearch baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/stable enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-stable-source] name=Docker CE Stable - Sources baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/source/stable enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-test] name=Docker CE Test - \$basearch baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/\$basearch/test enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-test-debuginfo] name=Docker CE Test - Debuginfo \$basearch baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/test enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-test-source] name=Docker CE Test - Sources baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/source/test enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-nightly] name=Docker CE Nightly - \$basearch baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/\$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-nightly-debuginfo] name=Docker CE Nightly - Debuginfo \$basearch baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg [docker-ce-nightly-source] name=Docker CE Nightly - Sources baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/source/nightly enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg EOF cat <<EOF>epel.repo [epel] name=Extra Packages for Enterprise Linux 7 - enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/epel/7/x86_64/ gpgcheck=0 gpgkey=https://repo.huaweicloud.com/epel/RPM-GPG-KEY-EPEL-7 EOF # 参数优化 cat <<'EOF'>/etc/sysctl.conf kernel.shmall = 4294967296 net.netfilter.nf_conntrack_max = 1000000 kernel.unknown_nmi_panic = 0 kernel.sysrq = 0 fs.file-max = 1000000 vm.swappiness = 10 fs.inotify.max_user_watches = 10000000 net.core.wmem_max = 327679 net.core.rmem_max = 327679 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 fs.notify.max_queued_events = 3276792 net.ipv4.neigh.default.gc_thresh1 = 2048 net.ipv4.neigh.default.gc_thresh2 = 4096 net.ipv4.neigh.default.gc_thresh3 = 8192 vm.overcommit_memory=1 net.core.somaxconn = 512 vm.max_map_count = 262144 kernel.pid_max=1000000 net.ipv6.conf.all.disable_ipv6 = 1 EOF # 安装基础软件 yum install -y tar curl wget telnet rsync iftop dstat sysstat lrzsz net-tools traceroute tcpdump tshark bind-utils # proxychains #1. 下载 #2. so文件放在/usr/lib64/proxychains-ng #3. conf文件放在/etc/proxychains.conf #4. proxychains文件放在/bin/或者别的地方也可以 mkdir -p /usr/lib64/proxychains-ng cd /tmp wget https://vip.123pan.cn/1815238395/download/proxychains/proxychains.tar.gz tar xzvf proxychains.tar.gz mv libproxychains4.so /usr/lib64/proxychains-ng mv proxychains.conf /etc/ mv proxychains /bin/ # tcping typing cd /bin wget https://vip.123pan.cn/1815238395/download/tcping/amd64/tcping_Linux_static%202.0.0.tar.gz tar xzvf tcping_Linux_static\ 2.0.0.tar.gz # nali cd /bin wget https://vip.123pan.cn/1815238395/download/nali/nali-linux-amd64-v0.7.3.gz gunzip nali-linux-amd64-v0.7.3.gz mv nali-linux-amd64-v0.7.3 nali chmod a+x nali mkdir -p ~/.local/share/nali cd ~/.local/share/nali/ wget https://vip.123pan.cn/1815238395/download/nali/nali.share.tar.gz tar xzvf nali.share.tar.gz cd ~/.local/share/nali wget https://vip.123pan.cn/1815238395/download/nali/qqwry.dat # python # 使用本镜像站来升级 pip pip install -i https://mirrors.ustc.edu.cn/pypi/web/simple pip -U pip config set global.index-url https://mirrors.ustc.edu.cn/pypi/web/simple" golang "export all_proxy=socks5://120.224.58.239:47891 wget https://golang.google.cn/dl/go1.21.1.linux-amd64.tar.gz sudo tar xfz go1.21.1.linux-amd64.tar.gz -C /usr/local cat <<'EOF'>> /etc/profile export GOROOT=/usr/local/go export GOPATH=$HOME/gowork export GOBIN=$GOPATH/bin export PATH=$GOPATH:$GOBIN:$GOROOT/bin:$PATH EOF source /etc/profile" conda "cd /root wget https://mirrors.tuna.tsinghua.edu.cn/anaconda/archive//Anaconda3-2022.10-Linux-x86_64.sh bash Anaconda3-2022.10-Linux-x86_64.sh -p /opt/anaconda3 -b -p /opt/conda -u source ~/.bashrc source /etc/bashrc conda init bash conda create --name test python=3.9 conda activate test # ip # 显示网络接口信息 ip a # 显示路由表 ip route # 配置IP地址和子网掩码 ip addr add <IP地址>/<子网掩码位数> dev <接口名> ip addr add 192.168.1.2/24 dev eth0 # 启用或禁用接口 ip link set <接口名> up ip link set <接口名> down # 添加静态路由 ip route add <目标网络> via <网关IP> ip route add 192.168.2.0/24 via 192.168.1.1 # 删除静态路由 ip route del <目标网络> # firewalld # 启动firewalld服务 sudo systemctl start firewalld # 停止firewalld服务 sudo systemctl stop firewalld # 重启firewalld服务 sudo systemctl restart firewalld # 查看firewalld服务状态 sudo systemctl status firewalld # 启用firewalld服务开机自启动 sudo systemctl enable firewalld # 禁用firewalld服务开机自启动 sudo systemctl disable firewalld # 查看防火墙规则列表 sudo firewall-cmd --list-all # 查看已启用的防火墙服务 sudo firewall-cmd --list-services # 开放端口(例如,打开SSH端口 22) sudo firewall-cmd --add-port=22/tcp --permanent sudo firewall-cmd --reload # 开放服务(例如,打开HTTP服务) sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --reload # 移除端口或服务规则(例如,移除SSH端口规则) sudo firewall-cmd --remove-port=22/tcp --permanent sudo firewall-cmd --reload # 显示防火墙状态(运行时信息) sudo firewall-cmd --state # 查看firewalld的版本信息 sudo firewall-cmd --version # ipsec # 需求 Intranet subnets: 172.17.165.249/32 Public network address: 1.222.209.74 密码:XXX # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup uniqueids=never conn %default authby=psk type=tunnel conn To-Unitel-FirtiGate500E keyexchange=ikev1 left=%any leftsubnet=172.17.165.249/32 leftid=1.222.209.74 right=2.182.106.164 rightsubnet=10.120.54.115/32 rightid=2.182.106.164 auto=start ike=aes256-sha256-modp1024 ikelifetime=28800s esp=aes256-sha256 lifetime=3600 type=tunnel closeaction=restart dpdaction=restart keyingtries=%forever conn To-Unitel-FirtiGate100F keyexchange=ikev1 left=%any leftsubnet=172.17.165.249/32 leftid=8.222.209.74 right=183.182.100.130 rightsubnet=10.78.3.234/32 rightid=183.182.100.130 auto=start ike=aes256-sha256-modp1024 ikelifetime=28800s esp=aes256-sha256 lifetime=3600 type=tunnel closeaction=restart dpdaction=restart keyingtries=%forever # 密码文件 # ipsec.secrets - strongSwan IPsec secrets file 1.222.209.74 2.182.106.164 : PSK ""xxx"" # 测试命令 ## 查看状态 strongswan statusall strongswan up xxx strongswan down xxx ## 查看路由 ip xfrm policy ## 链路测试 traceroute -w 1 -d -n 1.62.111.200 # docker yum install -y docker cat <<'EOF'>/etc/docker/daemon.json { ""debug"": false, ""experimental"": true, ""registry-mirrors"": [ ""https://harbor.test.stesh.cn"",""https://r1qjm8hm.mirror.aliyuncs.com"" ], ""log-opts"":{""max-size"":""100m"",""max-file"":""1""} } EOF systemctl daemon-reload systemctl restart docker systemctl enable docker" docker-compose "wget ""https://ghproxy.com/https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64"" -O /bin/docker-compose chmod a+x /bin/docker-compose # wireguard brew "# 安装brew export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git"" export HOMEBREW_CORE_GIT_REMOTE=""https://mirrors.ustc.edu.cn/homebrew-core.git"" export HOMEBREW_BOTTLE_DOMAIN=""https://mirrors.ustc.edu.cn/homebrew-bottles"" export HOMEBREW_API_DOMAIN=""https://mirrors.ustc.edu.cn/homebrew-bottles/api"" #/bin/bash -c ""$(curl -fsSL https://github.com/Homebrew/install/raw/HEAD/install.sh)"" /bin/bash -c ""$(curl -fsSL https://mirrors.ustc.edu.cn/misc/brew-install.sh)"" # 更换源 ##临时使用 export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git"" brew update ## 对于 bash 用户 echo 'export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git""' >> ~/.bash_profile ## 对于 zsh 用户 echo 'export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git""' >> ~/.zshrc" tcpdump "tcpdump -i ens33 src host 1.1.1.1 tcpdump -i ens33 icmp tcpdump -i ens33 icmp -w /www # safeline # 安装 bash -c ""$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"" # cd /path/to/safeline mv compose.yaml compose.yaml.old.`date ""+%Y-%m-%d %H:%M:%S""` wget ""https://waf-ce.chaitin.cn/release/latest/compose.yaml"" --no-check-certificate -O compose.yaml wget ""https://waf-ce.chaitin.cn/release/latest/seccomp.json"" --no-check-certificate -O seccomp.json sed -i ""s/IMAGE_TAG=.*/IMAGE_TAG=latest/g"" "".env"" grep ""SAFELINE_DIR"" "".env"" > /dev/null || echo ""SAFELINE_DIR=$(pwd)"" >> "".env"" grep ""IMAGE_TAG"" "".env"" > /dev/null || echo ""IMAGE_TAG=latest"" >> "".env"" grep ""MGT_PORT"" "".env"" > /dev/null || echo ""MGT_PORT=9443"" >> "".env"" grep ""POSTGRES_PASSWORD"" "".env"" > /dev/null || echo ""POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"" >> "".env"" grep ""REDIS_PASSWORD"" "".env"" > /dev/null || echo ""REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"" >> "".env"" grep ""SUBNET_PREFIX"" "".env"" > /dev/null || echo ""SUBNET_PREFIX=172.22.222"" >> "".env"" cd /tmp;rm -f image.tar.gz;wget https://demo.waf-ce.chaitin.cn/image.tar.gz --no-check-certificate -O image.tar.gz;docker load -i image.tar.gz docker compose down docker compose up -d # iterm # 1panel curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sh quick_start.sh # bt面板 yum install -y wget && wget -O install.sh https://download.bt.cn/install/install_6.0.sh && sh install.sh ed8484bec # halo # rustdesk # nxshell # rinetd wget https://vip.123pan.cn/1815238395/download/rinetd/rinetd -O /usr/local/bin/rinetd wget https://vip.123pan.cn/1815238395/download/rinetd/rinetd.service -O /etc/systemd/system/rinetd.service chmod a+x /bin/rinetd systemctl daemon-reload systemctl restart rinetd # 用法 echo '0.0.0.0 46781 127.0.0.1 7891' >> /etc/rinetd.conf" # ddnsgo #wget https://ghproxy.com/https://github.com/jeessy2/ddns-go/releases/download/v5.6.1/ddns-go_5.6.1_linux_x86_64.tar.gz wget https://vip.123pan.cn/1815238395/download/ddns-go/ddns-go_5.6.1_linux_x86_64.tar.gz tar xzvf ddns-go_5.6.1_linux_x86_64.tar.gz mv ddns-go /bin/ ddns-go -s install # 配置文件 dnsconf: - ipv4: enable: true gettype: url url: https://myip4.ipip.net,https://ddns.oray.com/checkip,https://ip.3322.net,https://4.ipw.cn netinterface: """" cmd: """" domains: - raspberrypi.hlab.sddts.cn ipv6: enable: true gettype: netInterface url: https://speed.neu6.edu.cn/getIP.php,https://v6.ident.me,https://6.ipw.cn netinterface: eth0 cmd: """" ipv6reg: """" domains: - raspberrypi.hlab.sddts.cn dns: name: dnspod id: ""438041"" secret: 42c2006d3cf452bcb2ec632123456559 ttl: """" user: username: admin password: 123123 webhook: webhookurl: """" webhookrequestbody: """" webhookheaders: """" notallowwanaccess: false # icmptunnel # 下载 https://vip.123pan.cn/1815238395/download/icmptunnel/icmptunnel-1.0.0.tar.gz # 用法 ./icmptunnel -s 240e:345:4070:1200:20c:29ff:fefb:9724 # jumpserver curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash # webstart version: '3.3' services: web-start: ports: - '2000:2000' image: 'dockerproxy.com/luode0320/web-start:1.0' volumes: - ./index-95ea9c5d.js:/app/dist/assets/index-95ea9c5d.js" # 文件系统扩容 # xfs扩容sda1 yum install -y cloud-utils-growpart LANG=en_US.UTF-8 growpart /dev/sda 1 -v lsblk xfs_growfs xfs_growfs -d /dev/sda1 df -h # xfs扩容vda1 LANG=en_US.UTF-8 growpart /dev/vda 1 -v lsblk xfs_growfs xfs_growfs -d /dev/vda1 df -h # xfs扩容vdb LANG=en_US.UTF-8 growpart /dev/vdb 1 -v lsblk xfs_growfs xfs_growfs -d /dev/vdb df -h # 扩容ext4 yum install cloud-utils-growpart -y # 1是分区编号 growpart /dev/sda 1 resize2fs /dev/sda1 # tailsacle nginx "upstream xxx { server xxx:10001 weight=1 max_fails=3 fail_timeout=20s; server xxx:10001 weight=1 max_fails=3 fail_timeout=20s; } server{ listen 80; server_name xxx; location / { proxy_pass http://xxx; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-remoteip $http_x_forwarded_for; } } server { listen 443 ssl; server_name xxx; ssl_certificate /usr/local/nginx/sslkey/xxx.crt; ssl_certificate_key /usr/local/nginx/sslkey/xxx.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://xxx; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-remoteip $http_x_forwarded_for; } } 最后修改:2024 年 05 月 11 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏