AI 生成
VPS基础配置指南 本文介绍VPS服务器的基础配置,包括用户管理、安全加固、服务管理和代理设置。
用户管理 添加新用户 1 2 3 4 5 6 adduser username useradd -m -s /bin/bash username passwd username
用户权限管理 1 2 3 4 5 6 7 8 9 usermod -aG sudo username usermod -aG wheel username visudo
修改密码 1 2 3 4 5 passwd passwd username
配置软件源 软件源是系统获取软件包的地址,配置合适的软件源可以加快软件安装和更新速度。
Ubuntu/Debian软件源配置 Ubuntu/Debian的软件源配置文件位于/etc/apt/sources.list:
1 2 3 4 5 cp /etc/apt/sources.list /etc/apt/sources.list.bakvim /etc/apt/sources.list
Ubuntu 22.04(Jammy)阿里云源示例 1 2 3 4 deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
Debian 12(Bookworm)清华源示例 1 2 3 4 deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
更新软件包列表:
CentOS/RHEL软件源配置 CentOS 7 阿里云源 1 2 3 4 5 6 7 8 9 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backupcurl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo yum clean all yum makecache
CentOS 8 Stream/RHEL 8 源配置 1 2 3 4 5 6 7 8 9 10 11 mv /etc/yum.repos.d/CentOS-Stream-BaseOS.repo /etc/yum.repos.d/CentOS-Stream-BaseOS.repo.backupmv /etc/yum.repos.d/CentOS-Stream-AppStream.repo /etc/yum.repos.d/CentOS-Stream-AppStream.repo.backupcurl -o /etc/yum.repos.d/CentOS-Stream-BaseOS.repo https://mirrors.aliyun.com/repo/CentOS-Stream-8-BaseOS.repo curl -o /etc/yum.repos.d/CentOS-Stream-AppStream.repo https://mirrors.aliyun.com/repo/CentOS-Stream-8-AppStream.repo dnf clean all dnf makecache
常用镜像源列表
国家/地区
镜像源名称
地址
中国大陆
阿里云
mirrors.aliyun.com
中国大陆
清华源
mirrors.tuna.tsinghua.edu.cn
中国大陆
中科大
mirrors.ustc.edu.cn
国际
官方源
archive.ubuntu.com (Ubuntu) / deb.debian.org (Debian)
自动选择最快的镜像源 Ubuntu/Debian 1 2 3 4 5 apt install netselect-apt netselect-apt -n -o /etc/apt/sources.list
CentOS/RHEL 1 2 3 4 5 6 7 8 yum install yum-plugin-fastestmirror echo "enabled=1" > /etc/yum/pluginconf.d/fastestmirror.confyum clean all
文件权限管理 基本权限命令 1 2 3 4 5 6 7 8 9 10 11 12 13 chown user:group filenamechown -R user:group directorychmod 755 filename chmod 644 filename chmod 600 filename chmod -R 755 directory
重要文件的推荐权限 1 2 3 4 5 6 7 8 9 chmod 600 ~/.ssh/id_rsachmod 644 ~/.ssh/id_rsa.pubchmod 644 ~/.ssh/authorized_keyschmod 700 ~/.sshchown -R www-data:www-data /var/www/htmlchmod -R 755 /var/www/html
SSH安全配置 修改SSH端口 编辑/etc/ssh/sshd_config:
1 2 3 4 5 6 7 8 9 vim /etc/ssh/sshd_config Port 2222 systemctl restart sshd
禁用root登录 编辑/etc/ssh/sshd_config:
1 2 3 4 5 6 7 8 9 10 11 12 PermitRootLogin no AllowUsers username1 username2 PubkeyAuthentication yes PasswordAuthentication no systemctl restart sshd
设置SSH密钥登录 1 2 3 4 5 6 7 ssh-keygen -t ed25519 -C "your_email@example.com" ssh-copy-id -i ~/.ssh/id_ed25519.pub username@server_ip cat ~/.ssh/id_ed25519.pub | ssh username@server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
服务管理 systemd服务管理 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 systemctl start service-name systemctl stop service-name systemctl restart service-name systemctl status service-name systemctl enable service-name systemctl disable service-name
查看服务日志 1 2 3 4 5 6 7 8 9 10 11 journalctl -u service-name journalctl -u service-name -n 100 journalctl -u service-name -f journalctl -u service-name --since "2023-01-01" --until "2023-01-02 03:00"
创建自定义systemd服务 创建文件 /etc/systemd/system/myapp.service:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [Unit] Description =My Custom ApplicationAfter =network.target[Service] Type =simpleUser =myuserWorkingDirectory =/opt/myappExecStart =/usr/bin/python3 /opt/myapp/app.pyRestart =on -failureRestartSec =5 StandardOutput =syslogStandardError =syslogSyslogIdentifier =myapp[Install] WantedBy =multi-user.target
启用并启动服务:
1 2 3 systemctl daemon-reload systemctl enable myapp systemctl start myapp
代理服务配置 1. 简单HTTP代理 - Squid 安装Squid:
1 2 3 4 5 6 apt update apt install squid yum install squid
基本配置 (/etc/squid/squid.conf):
1 2 3 4 5 6 7 8 9 10 11 # 设置允许访问的网络 acl localnet src 192.168.1.0/24 http_access allow localnet http_access allow localhost http_access deny all # 设置监听端口 http_port 3128 # 保存并重启 systemctl restart squid
2. Shadowsocks代理 安装Shadowsocks:
1 2 3 4 5 pip install shadowsocks apt install shadowsocks-libev
创建配置文件 /etc/shadowsocks.json:
1 2 3 4 5 6 7 8 { "server" : "0.0.0.0" , "server_port" : 8388 , "password" : "your_password" , "timeout" : 300 , "method" : "aes-256-gcm" , "fast_open" : true }
创建systemd服务 /etc/systemd/system/shadowsocks.service:
1 2 3 4 5 6 7 8 9 10 11 [Unit] Description =Shadowsocks ServerAfter =network.target[Service] Type =simpleExecStart =/usr/bin/ssserver -c /etc/shadowsocks.jsonRestart =on -failure[Install] WantedBy =multi-user.target
启动服务:
1 2 3 systemctl daemon-reload systemctl enable shadowsocks systemctl start shadowsocks
3. V2Ray代理 详细配置请参考《V2Ray配置教程》
基本安全加固 防火墙配置 (UFW) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 apt install ufw ufw default deny incoming ufw default allow outgoing ufw allow 2222/tcp ufw allow 80/tcp ufw allow 443/tcp ufw enable ufw status
防火墙配置 (firewalld) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 yum install firewalld systemctl start firewalld systemctl enable firewalld firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-port=2222/tcp firewall-cmd --permanent --remove-service=ssh firewall-cmd --reload
自动安全更新 1 2 3 4 5 6 7 8 apt install unattended-upgrades dpkg-reconfigure unattended-upgrades yum install yum-cron systemctl enable yum-cron systemctl start yum-cron
进阶扩展
本文只涵盖了VPS配置的基础内容,更多高级主题请参考上述链接的专门文章。