服务器配置

本文最后更新于:6 个月前

服务器配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 常用配置命令
# fail2ban配置:banit nginx-cc
fail2ban-client status banit
vim /etc/fail2ban/jail.local
tail -1000f /var/log/fail2ban.log
tail -1000f /var/log/nginx/access.log

tcpdump -i eth0 tcp port 80

systemctl start fail2ban.service
systemctl status fail2ban.service
systemctl restart fail2ban.service 
systemctl stop fail2ban.service 

fail2ban-client status banit

fail2ban-client set banit unbanip 117.133.51.5
fail2ban-client set banit addignoreip 117.133.51.5

fail2ban-client set nginx-cc unbanip 117.133.51.5
fail2ban-client set nginx-cc addignoreip 117.133.51.5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 后台运行
sudo nohup tcpdump -i eth0 port 80 -vv > /var/log/tcpdump.log 2>&1 &

# 检查进程
ps aux | grep tcpdump

# 停止 tcpdump
要停止在后台运行的 tcpdump,可以使用 kill 命令:
找到 tcpdump 的进程 ID (PID):
ps aux | grep tcpdump

使用 kill 命令停止进程:
sudo kill <pid>

将 <pid> 替换为 tcpdump 进程的实际 PID。

验证配置
验证 fail2ban 配置是否正确加载:
sudo fail2ban-client status

检查特定 jail 的状态:
sudo fail2ban-client status tcp-rst
sudo /usr/local/bin/fail2ban-client status tcp-rst

# 规则
sudo /usr/local/bin/fail2ban-regex /var/log/tcpdump.log /etc/fail2ban/filter.d/tcp-rst.conf


1. 源码:

RuoYi-Vue: 🎉 基于SpringBoot,Spring Security,JWT,Vue & Element 的前后端分离权限管理系统,同时提供了 Vue3 的版本 (gitee.com)

akfamily/akshare: AKShare is an elegant and simple financial data interface library for Python, built for human beings! 开源财经数据接口库 (github.com)

介绍 | RuoYi

2. 后端管理系统UI:若依管理系统

http://localhost/index

http://8.140.195.191/index

后端项目启动:

导出包:

maven -> springboot_13_study -> 生命周期 中,先执行clean,然后执行compile,最后执行package

导出到 -> E:\Javademo\SpringBoot2022\springboot_13_study\target

java -jar .\xxx.jar

1
2
3
4
5
[root@iZ2zeb7ybli3zzdll6airpZ ry]# pwd
/home/dev/ry
[root@iZ2zeb7ybli3zzdll6airpZ ry]# 
[root@iZ2zeb7ybli3zzdll6airpZ ry]# nohup java -jar ruoyi-admin.jar &
[root@iZ2zeb7ybli3zzdll6airpZ ry]# tail -1000f nohup.out

前端项目启动:

```

npm install

npm run serve

npm run build

npm run lint

```

3.Akshare:

源码:https://github.com/akfamily/akshare

Welcome to AKShare’s Online Documentation! — AKShare 1.12.66 文档 (akfamily.xyz)

AKTools 官方文档 (akfamily.xyz)

在线编译:https://github1s.com/akfamily/akshare

接口文档:https://akshare.akfamily.xyz/

视频教程:!T10 Python数据库基础操作——基于Akshare存储股票行情数据

1
2
3
4
5
6
# ① 更新 AKShare
pip install akshare --upgrade

# ② 更新aktools
# AKTools's version should great than 0.0.70
pip install aktools --upgrade -i https://pypi.org/simple

4. nginx

1
2
3
4
5
6
7
8
9
10
systemctl start nginx
systemctl status nginx
systemctl stop nginx
systemctl reload nginx

配置文件 /etc/nginx
/etc/nginx/nginx.conf 

日志:/var/log/nginx
tail -1000f /var/log/nginx/access.log

5. 服务管理

阿里云ECS服务器CentOS如何关闭AliYunDun?-CSDN博客

1
2
3
4
5
6
7
8
9
# 启用、停用和查看云监控插件的操作方法
bash /usr/local/cloudmonitor/cloudmonitorCtl.sh start
bash /usr/local/cloudmonitor/cloudmonitorCtl.sh stop
ps aux | grep argusagent | grep -v grep

systemctl stop aegis.service

# tcp_stats.sh:行2: $'\r': 未找到命令
[root@iZ2zeb7ybli3zzdll6airpZ files]# sed -i 's/\r//' tcp_stats.sh

6. Linux宝塔禁止国外ip访问服务器,屏蔽国外ip访问网站代码

Linux宝塔禁止国外ip访问服务器,屏蔽国外ip访问网站代码_iptables -a allcnrule -s 127.0.0.0/8 -j return-CSDN博客

先运行如下命令行语句来获取国内IP网段,保存到此目录下:/root/china_ssr.txt

将下面脚本保存为/root/allcn.sh ,设置可执行权限:

设置可执行权限: 

1
sudo chmod 777 allcn.sh

执行下面代码,执行后国外ip将无法打开网站

1
/root/allcn.sh

如果要停止的话执行下面这个命令可恢复国外ip访问网站:

1
/root/allcn.sh stop

7. Mongodb

MongoDB 源码下载地址:https://www.mongodb.com/try/download/community

安装文档:Linux 平台安装 MongoDB | 菜鸟教程 (runoob.com)

Linux下MongoDB的安装与配置_mongodb6.0.9linux安装与配置-CSDN博客

(1) 安装Mongodb

1
2
3
4
5
6
7
8
# 下载
[root@iZ2zeb7ybli3zzdll6airpZ files]# wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-7.0.9.tgz

# 解压
[root@iZ2zeb7ybli3zzdll6airpZ files]# tar -zxvf mongodb-linux-x86_64-rhel80-7.0.9.tgz

# 将解压包拷贝
[root@iZ2zeb7ybli3zzdll6airpZ files]# mv mongodb-linux-x86_64-rhel80-7.0.9 /usr/local/mongodb7
1
2
3
4
安装目录:/usr/local/mongodb7
配置文件:/etc/mongodb.conf
数据存储目录:/var/lib/mongo
日志文件目录:/var/log/mongodb

启动 Mongodb 服务:

1
mongod --dbpath /var/lib/mongo --logpath /var/log/mongodb/mongod.log --fork

停止 Mongodb 服务:

1
mongod --dbpath /var/lib/mongo --logpath /var/log/mongodb/mongod.log --shutdown

查看日志:

1
2
3
4
# tail -10f /var/log/mongodb/mongod.log
2020-07-09T12:20:17.391+0800 I  NETWORK  [listener] Listening on /tmp/mongodb-27017.sock
2020-07-09T12:20:17.392+0800 I  NETWORK  [listener] Listening on 127.0.0.1
2020-07-09T12:20:17.392+0800 I  NETWORK  [listener] waiting for connections on port 27017

(2) 配置Mongodb

a. 设置 MongoDB 环境变量

1
2
3
4
5
6
vim /etc/profile

export MONGODB_HOME=/usr/local/mongodb7
export PATH=$MONGODB_HOME/bin:$PATH

source /etc/profile

b. 启动和关闭 MongoDB

【MongoDB】Linux下启动(指定参数/配置文件)与停止_linux mongo启动配置文件-CSDN博客

mongodb的配置参数 - zhou_blog - 博客园 (cnblogs.com)

mongodb 命令行mongod启动报错 - 不积硅步,无以至千里 - 博客园 (cnblogs.com)

进入 bin 目录

1
cd /usr/local/mongodb7/bin

启动 MongoDB

  • 指令+配置文件(-conf 使用配置文件方式启动)

    1
    2
    cd /usr/local/mongodb7/bin
    mongod -f /etc/mongodb.conf

  • 指令+参数

    1
    2
    3
    # 后台启动mongo服务(常驻 --fork)
    # 使用--fork参数常驻启动
    mongod --dbpath /var/lib/mongo/ --logpath /var/log/mongodb/mongod.log --logappend --fork --port 27017

关闭mongodb

netstat -tunlp|grep 27017

  • 通过mongo函数关闭

    进入mongodb,然后:

    1
    2
    use admin 
    db.shutdownServer()

    如果关闭失败可以在进入mongo的时候声明一下账号和密码,然后在使用上面的方式关闭

    1
    mongo admin -u username -p password

  • 在命令行关闭,其中dbpath是存放mongodb数据的位置。

    1
    mongod --dbpath /var/lib/mongo --logpath /var/log/mongodb/mongod.log --shutdown
    1
    mongod --shutdown --dbpath /var/lib/mongo

  • 关闭mongodb的进程

    1
    2
    ps aux | grep mongodb
    kill -2 pid

(3) 安装Mongodb shell

1
2
3
4
5
6
7
8
9
10
[root@iZ2zeb7ybli3zzdll6airpZ files]# wget https://downloads.mongodb.com/compass/mongosh-2.2.6-linux-x64.tgz
[root@iZ2zeb7ybli3zzdll6airpZ files]# tar -zxvf mongosh-2.2.6-linux-x64.tgz
[root@iZ2zeb7ybli3zzdll6airpZ files]# cd mongosh-2.2.6-linux-x64/
[root@iZ2zeb7ybli3zzdll6airpZ mongosh-2.2.6-linux-x64]# ls
bin  LICENSE-crypt-library  LICENSE-mongosh  mongosh.1.gz  README  THIRD_PARTY_NOTICES
[root@iZ2zeb7ybli3zzdll6airpZ mongosh-2.2.6-linux-x64]# cd bin/
[root@iZ2zeb7ybli3zzdll6airpZ bin]# ls
mongosh  mongosh_crypt_v1.so
[root@iZ2zeb7ybli3zzdll6airpZ bin]#
[root@iZ2zeb7ybli3zzdll6airpZ files]# mv mongosh-2.2.6-linux-x64/bin/* /usr/local/bin/

启动:测试shell命令行

1
2
3
4
5
[root@iZ2zeb7ybli3zzdll6airpZ files]# mongosh 127.0.0.1:28017
Current Mongosh Log ID: 66519506625edbba68a26a12
Connecting to:          mongodb://127.0.0.1:28017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.2.6
MongoNetworkError: connect ECONNREFUSED 127.0.0.1:28017
[root@iZ2zeb7ybli3zzdll6airpZ files]#

(3) 启动Mongodb shell

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@iZ2zeb7ybli3zzdll6airpZ ~]# mongosh
Current Mongosh Log ID: 665195de3fad0408e5a26a12
Connecting to:          mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+2.2.6
Using MongoDB:          7.0.9
Using Mongosh:          2.2.6

For mongosh info see: https://docs.mongodb.com/mongodb-shell/


To help improve our products, anonymous usage data is collected and sent to MongoDB periodically (https://www.mongodb.com/legal/privacy-policy).
You can opt-out by running the disableTelemetry() command.

------
   The server generated these startup warnings when booting
   2024-05-25T14:04:02.503+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
   2024-05-25T14:04:02.503+08:00: You are running this process as the root user, which is not recommended
   2024-05-25T14:04:02.503+08:00: This server is bound to localhost. Remote systems will be unable to connect to this server. Start the server with --bind_ip <address> to specify which IP addresses it should serve responses from, or with --bind_ip_all to bind to all interfaces. If this behavior is desired, start the server with --bind_ip 127.0.0.1 to disable this warning
   2024-05-25T14:04:02.503+08:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never' in this binary version
   2024-05-25T14:04:02.503+08:00: vm.max_map_count is too low
------

test> 
# 切换到 admin 数据库,并创建 root (管理员)用户:
test> use admin;
switched to db admin
admin> 

admin> 

admin> db.createUser({user:'root', pwd:'123456', roles:[{role:'root', db:'admin'}]});
{ ok: 1 }

# 创建好账号后,可以选择打开 mongodb.conf 中的 auth=true 授权验证。
# 验证账号是否授权成功:
admin> db.auth("root","123456")
{ ok: 1 }
admin> 
admin> exit

8. YApi

内网部署 (hellosean1025.github.io)

https://github.com/YMFE/yapi/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@iZ2zeb7ybli3zzdll6airpZ yapi]# pwd
/home/dev/yapi
[root@iZ2zeb7ybli3zzdll6airpZ yapi]# ls
config.json  vendors
[root@iZ2zeb7ybli3zzdll6airpZ vendors]# npm run install-server

> yapi-vendor@1.11.0 install-server /home/dev/yapi/vendors
>  node server/install.js

log: mongodb load success...
初始化管理员账号成功,账号名:"xxx",密码:"xxx"
[root@iZ2zeb7ybli3zzdll6airpZ vendors]# 
[root@iZ2zeb7ybli3zzdll6airpZ vendors]# node server/app.js //启动服务器后,请访问 127.0.0.1:{config.json配置的端口},初次运行会有个编译的过程,请耐心等候

# 后台运行
nohup node /home/dev/yapi/vendors/server/app.js -o /home/dev/yapi/output.log &amp;
或者
nohup node /home/dev/yapi/vendors/server/app.js > /home/dev/yapi/output.log 2>&1 &
tail -1000f /home/dev/yapi/nohup.out

pm2 start /home/dev/yapi/vendors/server/app.js
pm2 stop /home/dev/yapi/vendors/server/app.js

使用pm2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
## 全局安装pm2
npm install -g pm2

## 启动脚本
pm2 start 你的js脚本 
## 停止脚本
pm2 stop 你的js脚本
## 重启脚本
pm2 restart 你的js脚本
## 停止所有脚本
pm2 stop all  
## 重启所有脚本
pm2 restart all

# 使用PM2的日志功能
pm2 logs
Linux
#技术 #Linux
服务器配置
https://chris-z-su.github.io/2024/03/07/linux/服务器配置/
作者
Chris
发布于
2024年3月7日
许可协议