代理 1 export {http,https}_proxy="http://ip:port"
1 2 set http_proxy=http://ip:portset https_proxy=http://ip:port
mariadb install debian 1 2 3 4 5 curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | bash apt install mariadb-server systemctl enable mariadb --now mysql_secure_installation
alpine 1 2 3 4 5 apk add mariadb mariadb-client /etc/init.d/mariadb setup rc-service mariadb start rc-update add mariadb default mariadb-secure-installation
config /etc/mysql/mariadb.conf.d/10-custom.cnf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [mysqld] default-time-zone='+08:00' query_cache_type=0 query_cache_size=0 open_files_limit=65536 thread_cache_size=100 innodb_buffer_pool_size=6G innodb_buffer_pool_instances=4 innodb_log_file_size=256M innodb_log_buffer_size=64M sort_buffer_size=4M join_buffer_size=4M read_buffer_size=2M read_rnd_buffer_size=2M tmp_table_size=1024M max_heap_table_size=1024M skip-name-resolve=ON max_connections=200 log-bin=/var/lib/mysql/bin expire_logs_days=14 slow-query-log=1 slow-query-log-file=/var/log/mysql-slow.log long_query_time=2
command 1 2 3 4 5 6 7 8 CREATE DATABASE `database`; CREATE USER 'root'@'%' IDENTIFIED BY 'root'; GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY 'password' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON `database`.* TO 'user'@'%'; FLUSH PRIVILEGES;
1 2 show status like '%Qcache%'; show variables like "%query_cache%"
1 2 DROP TABLE IF EXISTS `database`.`users`; RENAME TABLE database_old.user TO database_new.user;
bak 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 #!/bin/bash BACKUP_DIR="/data/bak/mariadb" RETENTION_DAYS=14 BACKUP_FILE="$BACKUP_DIR /$(date +%Y%m%d-%H%M%S) .sql.gz" docker exec mariadb-mariadb-1 mariadb-dump \ --databases database \ --ignore-table database.user_in_histories \ --single-transaction \ --quick \ --lock-tables=false \ -uroot -p"password." | gzip > "$BACKUP_FILE " if [ $? -eq 0 ]; then find $BACKUP_DIR -name "*.sql.gz" -mtime +$RETENTION_DAYS -delete fi
1 2 zcat backup.sql.gz | mysql -u 用户名 -p pv backup.tar.gz | gunzip | mysql -u 用户名 -p
主从同步 主 1 2 3 4 5 6 7 8 [mysqld] server_id = 110 gtid_domain_id = 1 log-slave-updates = 1 binlog_format = row log-bin=/var/lib/mysql/bin expire_logs_days=30
1 2 3 CREATE USER 'sync_user' @'%' IDENTIFIED BY 'sync_passord'; GRANT REPLICATION SLAVE ON *.* TO 'sync_user' @'%'; FLUSH PRIVILEGES;
从 1 2 3 4 5 6 [mysqld] server_id = 100 gtid_domain_id = 1 log-slave-updates = 0 binlog_format = row read_only = 1
1 2 3 4 5 6 7 8 9 10 11 12 STOP SLAVE; CHANGE MASTER TO MASTER_HOST='[主库IP]', MASTER_USER='sync_user', MASTER_PASSWORD='sync_passord', MASTER_PORT=3306, MASTER_USE_GTID=current_pos; START SLAVE; SHOW SLAVE STATUS\G
redis debian 1 2 3 4 5 6 7 8 apt-get install lsb-release curl gpg curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg chmod 644 /usr/share/keyrings/redis-archive-keyring.gpgecho "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/redis.listapt-get update apt-get install redis systemctl enable redis-server --now
valkey alpine 1 2 3 apk add valkey rc-service valkey start rc-update add valkey
caddy debian 1 2 3 4 5 6 apt install -y debian-keyring debian-archive-keyring apt-transport-https curl curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list apt update apt install caddy systemctl enable caddy --now
1 caddy file-server --browse --listen :3000 --access-log
alpine 1 2 3 apk add caddy rc-update add caddy rc-service caddy restart
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 { servers { trusted_proxies static 192.168.0.0/16 127.0.0.1 2a06:98c0::/29 log_credentials } } (cors) { @cors_preflight method OPTIONS @cors header Origin {args.0} handle @cors_preflight { header Access-Control-Allow-Origin "{args.0}" header Access-Control-Allow-Methods * header Access-Control-Allow-Headers * header Access-Control-Max-Age "3600" respond "" 204 } handle @cors { header Access-Control-Allow-Origin "{args.0}" header Access-Control-Expose-Headers * } } import /data/conf/*.caddy :80 { root * /usr/share/caddy file_server } domain.com { encode zstd gzip tls domain@email import cors http://domain.com reverse_proxy 127.0.0.1:6001 log { output file /data/logs/domain.log } } domain.com:80 { encode zstd gzip bind 0.0.0.0 bind [fe80::be24:11ff:fe33:1618%eth0] uri replace /aaa/ / root * /data/www/dist try_files {path} /index.html file_server } domain.com { encode zstd gzip tls certificate.pem private.key tls internal @match_cors { method OPTIONS } handle @match_cors { header { Access-Control-Allow-Origin * Access-Control-Allow-Methods * Access-Control-Allow-Headers * Access-Control-Max-Age 3600 } respond 204 } reverse_proxy 127.0.0.1:8000 } reverse_proxy 127.0.0.1:4050 { header_up X-Real-IP {remote} handle_response { header Access-Control-Allow-Origin * header Access-Control-Allow-Methods * header Access-Control-Allow-Headers * header Access-Control-Max-Age 3600 copy_response } } log { output file /data/logs/log.log format console { time_format wall time_local } } handle_path /logs/* { root * /data/www/logs/ file_server browse { precompressed zstd br gzip hide ".gitignore" "*.json" "supervisord*" } }
supervisor debian 1 2 apt install supervisor systemctl enable supervisor --now
alpine 1 2 3 4 apk add supervisor rc-update add supervisord rc-service supervisord restart mkdir -p /etc/supervisor.d/
nodejs 1 2 3 4 5 6 curl -sS https://deb.nodesource.com/setup_lts.x | bash apt install nodejs npm config set registry https://registry.npmmirror.com npm install -g pnpm
pnpm ~/.profile
1 2 3 4 5 6 7 export PNPM_HOME="/root/.local/share/pnpm" case ":$PATH :" in *":$PNPM_HOME :" *) ;; *) export PATH="$PNPM_HOME :$PATH " ;; esac
pm2 1 2 3 pm2 start ecosystem.config.js pm2 startup pm2 save
git 1 2 3 4 5 6 git config core.filemode false git daemon --verbose --export-all --base-path=. git clone git://127.0.0.1/file file git clone ../base/file file
alpine 1 apk add openssh-client-default openssh-keygen git
pake 1 2 pake http://domain.test --name domain --icon favicon_128.ico --fullscreen --always-on-top --installer-language zh-CN pake http://domain-dev.test --name domain-dev --icon favicon_128.ico --installer-language zh-CN --debug
php frankenphp 1 2 3 wget https://github.com/dunglas/frankenphp/releases/download/v1.3.1/frankenphp-linux-x86_64 chmod +x frankenphp-linux-x86_64mv frankenphp-linux-x86_64 /usr/local/bin
/usr/local/bin/php
1 2 3 4 5 6 7 8 9 10 11 12 13 #!/usr/bin/env bash args=("$@ " ) index=0 for i in "$@ " do if [ "$i " == "-d" ]; then unset 'args[$index]' unset 'args[$index+1]' fi index=$((index+1 )) done /usr/local/bin/frankenphp php-cli ${args[@]}
1 frankenphp php-cli /usr/local/bin/composer install --no-dev -vvv
composer 1 2 3 4 wget https://mirrors.tencent.com/composer/composer.phar mv composer.phar /usr/local/bin/composerchmod +x /usr/local/bin/composercomposer config -g repos.packagist composer https://mirrors.tencent.com/composer/
1 composer install --no-dev -vvv
laravel 1 php artisan key:generate
win 1 irm https://massgrave.dev/get | iex
alpine 1 RUN apk add name --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/
ssh 1 2 3 apk add openssh rc-service sshd start rc-update add sshd
dropbear 1 2 3 apk add dropbear openssh-sftp-server rc-service dropbear start rc-update add dropbear
1 DROPBEAR_OPTS=" -p 0.0.0.0:22"
docker install debian 1 2 3 4 5 6 7 8 9 10 11 12 13 apt-get update apt-get install ca-certificates curl install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.ascecho \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ $(. /etc/os-release && echo "$VERSION_CODENAME " ) stable" | \ tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
alpine 1 2 3 apk add docker docker-compose rc-service docker start rc-update add docker
config /etc/docker/daemon.json
1 2 3 4 5 6 7 8 9 { "iptables": true, "default-address-pools": [ { "base": "172.18.0.0/16", "size": 24 } ] }
image 1 2 3 4 docker save puzzle9/image:latest | gzip > puzzle9_image-latest.tar.gz gunzip -c puzzle9_image-latest.tar.gz | docker load
role 1 sudo usermod -aG docker $USER
run 1 2 3 docker run -e HTTP_PROXY=http://127.0.0.1:3128 -e HTTPS_PROXY=http://127.0.0.1:3128 -it --rm --name build_web -v ./web:/app -w /app node:20-alpine npm install docker run --net=host -it --rm --name build_web -v "$PWD " :/app -w /app node:20-alpine npm install --proxy http://127.0.0.1:3128/
firewall 记得要加进去
1 firewall-cmd --permanent --zone=trusted --add-source=172.19.0.1/16
tar 1 2 3 4 5 6 tar -xvf file tar -cvf file.tar files tar -czvf file.tar.gz files
静态路由 1 2 ip route add 192.168.21.0/24 via 192.168.2.9 ip route del 192.168.21.0/24 via 192.168.2.9
ssh key 清空网卡已获取到的ip并重新获取 1 ip addr flush eth0 && dhclient
lvm 1 2 lvextend -l +100%FREE /dev/mapper/debian--vg-root lvremove /dev/debian-vg/tmp
ncat 1 ncat -l -k 31280 -c 'ncat 127.0.0.1 3128'
1 2 nc -l -v 9999 > file.zip nc -v ip 9999 < file.zip
log 1 tail -f manager/`date +%Y%m%d`/* service/`date +%Y%m%d`/*
timedatectl 1 apt install systemd-timesyncd
1 2 3 4 5 6 7 date -s "2024-05-11 10:12:20" timedatectl set-time "2024-05-30 12:23:20" timedatectl set-ntp no timedatectl set-timezone Asia/Hong_Kong
1 2 3 4 apt install ntpdate ntpdate ntp.aliyun.com ncat -u -l 123 -c "ncat -u ntp.aliyun.com 123"
lvm 分区调整 1 2 3 4 lvdisplay lvremove /dev/debian-vg/home lvextend -rl +100%FREE /dev/debian-vg/root resize2fs /dev/debian-vg/root
win 端口转发 1 2 3 netsh interface portproxy add v4tov4 listenport=1234 listenaddress=0 .0 .0 .0 connectport=1234 connectaddress=192 .168 .3 .30 netsh interface portproxy show all
ufw 防火墙 1 2 3 4 5 6 7 8 9 10 11 12 apt install ufw ufw status ufw status numbered ufw allow 22/tcp ufw allow 30000:50000/tcp ufw allow from 192.168.1.1 to any port 3306 proto tcp ufw allow in on eth0 ufw route allow in on eth0 ufw default reject ufw enable ufw disable ufw delete
/etc/ufw/before.rules
1 2 -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j DROP
/etc/default/ufw
1 2 DEFAULT_FORWARD_POLICY="DROP" DEFAULT_FORWARD_POLICY="ACCEPT"
nftables 端口映射 /etc/nftables.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #!/usr/sbin/nft -f flush ruleset table ip nat { chain prerouting { type nat hook prerouting priority dstnat; policy accept; # port iifname "eth0" tcp dport 4500 dnat to 192.168.1.1:22 iifname "eth0" tcp dport 4501-4599 dnat to 192.168.1.1 iifname "eth0" udp dport 4501-4599 dnat to 192.168.1.1 } chain postrouting { type nat hook postrouting priority srcnat; policy accept; masquerade } }
1 systemctl enable nftables --now
samba debian alpine 1 2 apk add samba rc-update add samba
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [global] security = user log file = /var/log/samba/log.%m max log size = 100 logging = file map to guest = bad user guest account = root server min protocol = SMB2 client min protocol = SMB2 # interfaces = 192.168.0.0/16 # bind interfaces only = yes [hdd] comment = hdd path = /hdd public = yes browseable = yes writable = yes guest ok = yes force user = root force group = root create mode = 0660 directory mode = 2770
win11 以管理员模式运行
1 2 Set-SmbClientConfiguration -RequireSecuritySignature $false Set-SmbClientConfiguration -EnableInsecureGuestLogons $true
1 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLinkedConnections /t REG_DWORD /d 1 /f
nfs 服务端 debian 1 2 apt install nfs-kernel-server systemctl enable nfs-kernel-server --now
alpine 在 pve 中 先添加配置文件后启动
1 2 unprivileged: 0 lxc.apparmor.profile: unconfined
1 2 3 apk add nfs-utils util-linux rc-service nfs start rc-update add nfs
1 2 3 4 exportfs -v exportfs -ra exportfs -afv rpc.mountd -F -d all
/etc/exports
1 2 3 /share domain_name(rw,async,no_root_squash,no_subtree_check) /share 192.168.0.0/16(rw,async,no_root_squash,no_subtree_check) /share 192.168.0.0/16(rw,async,no_subtree_check,all_squash,anonuid=100000,anongid=100000)
/etc/nfs.conf
1 2 3 [nfsd] # port=20450 # host=192.168.1.100
客户端 1 mount -t nfs [ip]:/share /share
/etc/fstab
1 2 [ip]:/share /share nfs defaults,_netdev 0 0 [ip]:/share /share nfs defaults,noauto,x-systemd.automount,x-systemd.mount-timeout=30,timeo=14 0 0
其他 目前看起来 win会乱码
iptables 1 2 3 4 5 6 7 8 9 10 11 12 13 14 iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 1.2.3.4:80 iptables -t nat -A POSTROUTING -p tcp -d 1.2.3.4 --dport 80 -j MASQUERADE iptables -L iptables -P FORWARD ACCEPT iptables -t nat -L -n -v --line-numbers iptables -t nat -D PREROUTING [number] /etc/init.d/iptables save
rsync 1 2 rsync -P -rzv --sparse -e "ssh -p 2222" root@ip:/data/mariadb/database /bak/ rsync -P -n -av /data/old /data/new
openssl 1 openssl req -x509 -nodes -newkey rsa:2048 -keyout server.key -out server.crt -days 365
completion 1 apt install bash-completion
swap 1 2 3 4 5 6 dd if =/dev/zero of=/swapfile bs=1M count=16384 status=progressfallocate -l 2G /swapfile chmod 600 /swapfilemkswap /swapfile
/etc/fstab
1 /swapfile swap swap defaults,discard 0 0
中文 debian /etc/locale.gen
1 2 en_US.UTF-8 UTF-8 zh_CN.UTF-8 UTF-8
1 2 apt install fonts-noto-cjk fonts-wqy-microhei fonts-wqy-zenhei locale-gen
~/.bashrc
1 2 3 export LANG=zh_CN.UTF-8export LANGUAGE=zh_CN:zhexport LC_ALL=zh_CN.UTF-8
