工作需求经常需要安装Ubuntu虚拟服务器,考虑到LTS和社区成熟度选用20.04,Python使用3.8,Node使用16.17。废话不多说开始流程。
* 很多设置由于低安全性不适合用于生产环境,但是作为测试或者Demo还是不错的。
Ubuntu 20.04 LTS
安装
云服务器可以直接加载现成的os镜像;
自行安装需要从Ubuntu官网下载20.04 LTS的iso文件,使用BOOT的方式安装。
首次进入可以先更新一下pkg
sudo apt update
sudp apt upgrade
* 使用国内源
首先备份源文件
sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
修改源文件
sudo nano /etc/apt/sources.list
常用国内源:
# 阿里云源
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
# 清华源
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# 中科大源
deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# 网易163源
deb http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
Git
apt install git
Python
python-is-python3
python-is-python3是一个很方便的小工具,可以将python3和pip3简写为python和pip
apt install python-is-python3
Pip使用国内源
临时使用,在安装依赖时使用 -i
pip install markdown -i https://pypi.tuna.tsinghua.edu.cn/simple
永久调整地址到常见国内源
pip config set global.index-url http://mirrors.cloud.tencent.com/pypi/simple
取消设置,恢复默认源
pip config unset global.index-url
常见国内源
# 清华源
https://pypi.tuna.tsinghua.edu.cn/simple
# 中科大源
https://pypi.mirrors.ustc.edu.cn/simple
# 豆瓣源(推荐)
http://pypi.douban.com/simple
# 阿里源
http://mirrors.aliyun.com/pypi/simple
Node
安装
NodeJS使用16.17 LTS,我们使用Package Manager来安装,很方便。
# Using Ubuntu
curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs
测试
node -v
npm -v
国内源
* 不推荐使用cnpm,会出问题。
通过npm --registry临时指定国内源
npm --registry http://registry.cnpmjs.org info express
通过config配置临时指向国内源
npm config set registry http://registry.npm.taobao.org
常见国内源
# 腾讯云
http://mirrors.cloud.tencent.com/npm
# 淘宝(阿里)源
http://registry.npm.taobao.org
https://registry.npmmirror.com
# 华为源
https://mirrors.huaweicloud.com/repository/npm
Nginx
安装
apt install nginx
配置
Nginx配置确认及重启
配置验证
sudo nginx -t
重载配置
sudo service nginx reload
Server配置
典型的server配置如下
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
try_files $uri $uri/ /index.html;
}
}
Stream配置
参考stream配置
stream {
upstream test {
hash $remote_addr consistent;
server 127.0.0.1:12345 max_fails=3 fail_timeout=1s;
}
server {
listen 8045;
proxy_connect_timeout 10s;
proxy_timeout 5m;
proxy_pass test;
}
}
SSL配置
SSL需要监听443端口和80端口,并且使用301将80端口的请求重定向到443端口
需要购买SSL证书或者使用let's encrypt服务申请免费的自签名证书
早前的SSL证书种类繁多,还有OV/EV之类的区别,其中EV SSL证书非常酷,使用了这种证书的网站在大多数浏览器上会显示一个green bar:
自2019年8月15日起,Chrome和Firefox就已经移除了这个特性,即EV证书指示器将不再在地址栏中显示。
目前来说,这几种SSL证书对于测试网站以及中小型网站的效果都差不多。
在搞到SSL证书后,我们需要下载Nginx的版本,压缩包中有两个文件,一个是公钥文件my-website.crt,一个是私钥文件my-website.key。
我们将这两个文件放到/etc/ssl/com/my-website/下
mkdir -p /etc/ssl/com/my-website/
mv my-website.crt /etc/ssl/com/my-website/
mv my-website.key /etc/ssl/com/my-website/
然后编辑/etc/nginx/sites-available/default:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/com/my-website/my-website.crt;
ssl_certificate_key /etc/ssl/com/my-website/my-website.key;
root /path/to/webroot;
server_name my_website.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}
执行nginx -t和service nginx reload以使设置生效
sudo nginx -t
sudo service nginx reload
反向代理设置
反向代理:可以在网关处将流量依据情况分流至下一级的服务器或者负载均衡中。
参考配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
proxy_pass http://127.0.0.1:12345;
}
}
更复杂的情况可以使用upstream来确定各个server的权重和参数。
搭配Lua食用
大佬,我不建议自己搞lua-nginx-module插件,可以看看现成的一些开源方案,比如APISIX。个中细节已经超出了本文的内容,不做赘述。
MySQL
安装
前序已经更新了package索引,我们这里直接安装:
sudo apt install mysql-server
确认MySQL服务已经在运行:
sudo systemctl start mysql.service
在运行安全安装脚本前需要先设置root的password,我们进入MySQL Cli
sudo mysql
使用ALTER命令修改root的password
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
退出mysql-cli
exit
执行安全安装脚本
sudo mysql_secure_installation
配置
开启外网访问MySQL服务
云服务器安全组需要开启3306端口
Ubuntu UFW启用端口3306
sudo ufw allow mysql
调整mysqld.cnf文件
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
将bind-address调整为0.0.0.0
. . .
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0
. . .
保存文件,重启mysql
sudo systemctl restart mysql
允许远程通过root用户访问MySQL
首先,在安全安装脚本中,需要将Disallow root login remotely?设置为no。
然后我们会需要在mysql中更新root账号的host为%
mysql -u root -p
UPDATE mysql.user SET host='%' WHERE user='root';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
FLUSH PRIVILEGES;
使用DataGrip等工具尝试登录,应当可以远程登录数据库
Warning:你最好知道远程使用root账号登录mysql的隐患,最佳实践还是推荐使用一个高级别的非root账号,并在mysql中对该账号进行host和privilege的锁定。
Python安装mysqlclient时报错 OSError: mysql_config not found的解决方案
需要安装mysql-config。
mysql:
sudo apt-get install libmysqlclient-dev
mariadb:
sudo apt-get install libmariadbclient-dev
安装Redis
安装
sudo apt install redis-server
配置
设置服务
编辑配置文件
sudo nano /etc/redis/redis.conf
设置supervised为systemd
. . .
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous liveness pings back to your supervisor.
supervised systemd
. . .
设置密码
在redis.conf中,找到requirepass,取消注释,并且填写密码
使用openssl创建密码
openssl rand 60 | openssl base64 -A
output:
RBOJ9cCNoGCKhlEBwQLHri1g+atWgn4Xn4HwNUbtzoVxAYxkiYBi7aufl4MILv1nxBqR4L6NNzI0X6cE
设置密码
/etc/redis/redis.conf
requirepass RBOJ9cCNoGCKhlEBwQLHri1g+atWgn4Xn4HwNUbtzoVxAYxkiYBi7aufl4MILv1nxBqR4L6NNzI0X6cE
远程连接
云服务器安全组增加redis端口
在redis.conf中找到bind 127.0.0.1 ::1,注释掉
#bind 127.0.0.1 ::1
重启redis
sudo service redis restart
在ufw中添加redis的允许
sudo ufw allow redis
安装Conda
前提
需要一个非root用户并且设置好了sudo权限
安装
去Anaconda | Anaconda Distribution 找到最新的Linux 64-Bit x86的安装包地址
cd /tmp
curl https://repo.anaconda.com/archive/Anaconda3-2020.02-Linux-x86_64.sh --output anaconda.sh
sha256sum anaconda.sh
bash anaconda.sh
按照指引完成安装。
安装完成后激活conda环境:
source ~/.bashrc
如果创建新用户,需要将其加入conda组。
附加:
Ubuntu添加用户
使用root或者具有sudo权限的用户创建
su root
使用adduser [username]命令创建新用户,会需要输入password
adduser Erik
* 将用户加入到指定的用户组
usermod -aG conda,sudo Erik
* 激活用户的conda环境
su Erik
source /etc/profile
conda init
source /home/Erik/.bashrc
参考文献:
- Get Ubuntu Server | Download | Ubuntu
- Node.js
- distributions/README.md at master · nodesource/distributions · GitHub
- How To Install MySQL on Ubuntu 20.04 | DigitalOcean
- How To Install and Secure Redis on Ubuntu 20.04 | DigitalOcean
- Anaconda | Anaconda Distribution
- How to Install Anaconda on Ubuntu 18.04 or 20.04 {Tutorial}