工作需求经常需要安装Ubuntu虚拟服务器,考虑到LTS和社区成熟度选用20.04,Python使用3.8,Node使用16.17。废话不多说开始流程。

* 很多设置由于低安全性不适合用于生产环境,但是作为测试或者Demo还是不错的。

Ubuntu 20.04 LTS

安装

云服务器可以直接加载现成的os镜像;

自行安装需要从Ubuntu官网下载20.04 LTS的iso文件,使用BOOT的方式安装。

首次进入可以先更新一下pkg

sudo apt update
sudp apt upgrade

* 使用国内源

首先备份源文件

sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup

修改源文件

sudo nano /etc/apt/sources.list

常用国内源:

# 阿里云源

deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

# 清华源

# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse

# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

# 中科大源

deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

# 网易163源

deb http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse

Git

apt install git

Python

python-is-python3

python-is-python3是一个很方便的小工具,可以将python3和pip3简写为python和pip

apt install python-is-python3

Pip使用国内源

临时使用,在安装依赖时使用  -i 

pip install markdown -i https://pypi.tuna.tsinghua.edu.cn/simple

永久调整地址到常见国内源

pip config set global.index-url http://mirrors.cloud.tencent.com/pypi/simple

取消设置,恢复默认源

pip config unset global.index-url

常见国内源

# 清华源
https://pypi.tuna.tsinghua.edu.cn/simple

# 中科大源
https://pypi.mirrors.ustc.edu.cn/simple

# 豆瓣源(推荐)
http://pypi.douban.com/simple

# 阿里源
http://mirrors.aliyun.com/pypi/simple

Node

安装

NodeJS使用16.17 LTS,我们使用Package Manager来安装,很方便。

参考NodeSource Node.js Binary Distributions

# Using Ubuntu
curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs

测试

node -v
npm -v

国内源

* 不推荐使用cnpm,会出问题。

通过npm --registry临时指定国内源

npm --registry http://registry.cnpmjs.org info express

通过config配置临时指向国内源

npm config set registry http://registry.npm.taobao.org

常见国内源

# 腾讯云
http://mirrors.cloud.tencent.com/npm

# 淘宝(阿里)源
http://registry.npm.taobao.org
https://registry.npmmirror.com

# 华为源
https://mirrors.huaweicloud.com/repository/npm

Nginx

安装

apt install nginx

配置

Nginx配置确认及重启

配置验证

sudo nginx -t

重载配置

sudo service nginx reload

Server配置

典型的server配置如下

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name _;

	location / {
		try_files $uri $uri/ /index.html;
	}
}

Stream配置

参考stream配置

stream {
	upstream test {
		hash $remote_addr consistent;
		server 127.0.0.1:12345 max_fails=3 fail_timeout=1s;
	}
	server {
		listen 8045;
		proxy_connect_timeout 10s;
		proxy_timeout 5m;
		proxy_pass test;
	}
}

SSL配置

SSL需要监听443端口和80端口,并且使用301将80端口的请求重定向到443端口

需要购买SSL证书或者使用let's encrypt服务申请免费的自签名证书

早前的SSL证书种类繁多,还有OV/EV之类的区别,其中EV SSL证书非常酷,使用了这种证书的网站在大多数浏览器上会显示一个green bar:

Ubuntu18 python默认版本 ubuntu 20.04 python_Ubuntu18 python默认版本

自2019年8月15日起,Chrome和Firefox就已经移除了这个特性,即EV证书指示器将不再在地址栏中显示。

目前来说,这几种SSL证书对于测试网站以及中小型网站的效果都差不多。

在搞到SSL证书后,我们需要下载Nginx的版本,压缩包中有两个文件,一个是公钥文件my-website.crt,一个是私钥文件my-website.key。

我们将这两个文件放到/etc/ssl/com/my-website/下

mkdir -p /etc/ssl/com/my-website/
mv my-website.crt /etc/ssl/com/my-website/
mv my-website.key /etc/ssl/com/my-website/

然后编辑/etc/nginx/sites-available/default:

server {
    listen 443;

    ssl on;
    ssl_certificate /etc/ssl/com/my-website/my-website.crt;
    ssl_certificate_key /etc/ssl/com/my-website/my-website.key;

    root /path/to/webroot;
    server_name my_website.com;

    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;

    location / {
        root /var/www/;
        root  /home/www/public_html/your.domain.com/public/;
        index index.html;
    }
}

执行nginx -t和service nginx reload以使设置生效 

sudo nginx -t
sudo service nginx reload

反向代理设置 

反向代理:可以在网关处将流量依据情况分流至下一级的服务器或者负载均衡中。

参考配置:

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name _;

	location / {
		proxy_pass http://127.0.0.1:12345;
	}
}

更复杂的情况可以使用upstream来确定各个server的权重和参数。

搭配Lua食用

大佬,我不建议自己搞lua-nginx-module插件,可以看看现成的一些开源方案,比如APISIX。个中细节已经超出了本文的内容,不做赘述。

MySQL

安装

前序已经更新了package索引,我们这里直接安装:

sudo apt install mysql-server

确认MySQL服务已经在运行:

sudo systemctl start mysql.service

在运行安全安装脚本前需要先设置root的password,我们进入MySQL Cli

sudo mysql

使用ALTER命令修改root的password

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

退出mysql-cli

exit

执行安全安装脚本

sudo mysql_secure_installation

配置

开启外网访问MySQL服务

云服务器安全组需要开启3306端口

Ubuntu UFW启用端口3306

sudo ufw allow mysql

调整mysqld.cnf文件

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

将bind-address调整为0.0.0.0

. . .
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 0.0.0.0
. . .

保存文件,重启mysql

sudo systemctl restart mysql

允许远程通过root用户访问MySQL

首先,在安全安装脚本中,需要将Disallow root login remotely?设置为no。

然后我们会需要在mysql中更新root账号的host为%

mysql -u root -p
UPDATE mysql.user SET host='%' WHERE user='root';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
FLUSH PRIVILEGES;

使用DataGrip等工具尝试登录,应当可以远程登录数据库

Warning:你最好知道远程使用root账号登录mysql的隐患,最佳实践还是推荐使用一个高级别的非root账号,并在mysql中对该账号进行host和privilege的锁定。

Python安装mysqlclient时报错 OSError: mysql_config not found的解决方案

需要安装mysql-config。

mysql:

sudo apt-get install libmysqlclient-dev

mariadb:

sudo apt-get install libmariadbclient-dev

安装Redis

安装

sudo apt install redis-server

配置

设置服务

编辑配置文件

sudo nano /etc/redis/redis.conf

设置supervised为systemd

. . .

# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
#   supervised no      - no supervision interaction
#   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
#   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
#   supervised auto    - detect upstart or systemd method based on
#                        UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
#       They do not enable continuous liveness pings back to your supervisor.
supervised systemd

. . .

设置密码

在redis.conf中,找到requirepass,取消注释,并且填写密码

使用openssl创建密码

openssl rand 60 | openssl base64 -A

output:
RBOJ9cCNoGCKhlEBwQLHri1g+atWgn4Xn4HwNUbtzoVxAYxkiYBi7aufl4MILv1nxBqR4L6NNzI0X6cE

设置密码

/etc/redis/redis.conf
requirepass RBOJ9cCNoGCKhlEBwQLHri1g+atWgn4Xn4HwNUbtzoVxAYxkiYBi7aufl4MILv1nxBqR4L6NNzI0X6cE

远程连接

云服务器安全组增加redis端口

在redis.conf中找到bind 127.0.0.1 ::1,注释掉

#bind 127.0.0.1 ::1

重启redis

sudo service redis restart

在ufw中添加redis的允许 

sudo ufw allow redis

安装Conda

前提

需要一个非root用户并且设置好了sudo权限

安装

Anaconda | Anaconda Distribution 找到最新的Linux 64-Bit x86的安装包地址

cd /tmp

curl https://repo.anaconda.com/archive/Anaconda3-2020.02-Linux-x86_64.sh --output anaconda.sh

sha256sum anaconda.sh

bash anaconda.sh

按照指引完成安装。

安装完成后激活conda环境:

source ~/.bashrc

如果创建新用户,需要将其加入conda组。

附加:

Ubuntu添加用户

使用root或者具有sudo权限的用户创建

su root

使用adduser [username]命令创建新用户,会需要输入password

adduser Erik

* 将用户加入到指定的用户组

usermod -aG conda,sudo Erik

* 激活用户的conda环境

su Erik
source /etc/profile
conda init
source /home/Erik/.bashrc

参考文献:

  1. Get Ubuntu Server | Download | Ubuntu

  2. Node.js
  3. distributions/README.md at master · nodesource/distributions · GitHub
  4. How To Install MySQL on Ubuntu 20.04 | DigitalOcean
  5. How To Install and Secure Redis on Ubuntu 20.04 | DigitalOcean
  6. Anaconda | Anaconda Distribution
  7. How to Install Anaconda on Ubuntu 18.04 or 20.04 {Tutorial}