linux主机常用操作集合 #102

Triment · 2024-03-23T05:48:33Z

先安装面板,1panel的面板自带docker安装，我们就不用单独安装docker了

curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sudo bash quick_start.sh

准备用docker安装acme和nginx，不过先创建一个docker网络

docker network create app-network

创建一个nginx映射主机的80 443端口，以及关键的conf.d文件夹

docker run -p 80:80 -p 443:443 -v 主机的conf路径:/etc/nginx/conf.d -v 主机的example.com_ecc:/etc/nginx/ssl/example.com_ecc --network app-network --restart aways --rm -it -d  --label=sh.acme.autoload.domain=example.com nginx:latest

创建acme的容器

docker run --rm  -itd  \
  -v "$(pwd)/acme.sh":/acme.sh  \#生成的证书文件到这个文件夹
  --net=host \
  --name=acme.sh \
  -v /var/run/docker.sock:/var/run/docker.sock \
  neilpang/acme.sh daemon

然后运行acme.sh进行证书获取
token在cf后台自己生成
--ecc使用椭圆曲线加密，相比rsa同样复杂度下更快

docker  exec \
    -e CF_Email=邮箱 \
    -e CF_Token=token \
    acme.sh --issue -d example.com --ecc  --dns dns_cf

然后配置你的example.conf

server {
    listen              443 ssl;
    server_name         example.com;
    ssl_certificate     /etc/nginx/ssl/example.com_ecc/example.com.cer;
    ssl_certificate_key /etc/nginx/ssl/example.com_ecc/example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location /otherws {#配置示例
        proxy_redirect off;
        proxy_pass http://otherdockername:1080;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        # Config for 0-RTT in TLSv1.3
        proxy_set_header Early-Data $ssl_early_data;
    }

    location / {
        proxy_pass https://bing.com;#配置示例
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect off;
    }
}

生成密钥，用于登录别的主机,这里使用

ssh-keygen -t ed25519 -C "密钥备注"

开启bbr

echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.conf
sysctl -p

The text was updated successfully, but these errors were encountered:

Triment added documentation Improvements or additions to documentation release 发布文章 and removed documentation Improvements or additions to documentation labels Mar 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

linux主机常用操作集合 #102

linux主机常用操作集合 #102

Triment commented Mar 23, 2024 •

edited

Loading

linux主机常用操作集合 #102

linux主机常用操作集合 #102

Comments

Triment commented Mar 23, 2024 • edited Loading

Triment commented Mar 23, 2024 •

edited

Loading