Easy-Linux-Plan

发布于 2021-09-15  165 次阅读


重新配置Linux远程服务器的一些参数,获得更好的使用体验。


安装并配置Shell

# Install zsh
apt-get install zsh
# Install oh-my-zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
# Install powerlevel10k
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k

然后自己配置。

需要在合适的终端上安装字体


安装build-essential编译相关

apt-get install build-essential

安装Nginx

apt-get install nginx

重新设置SSH

vim /etc/ssh/sshd_config
# Configure `PermitRootLogin` to make user root could login in remote server
PermitRootLogin yes
# Configure `PubkeyAuthentication` to set public key of root login
PubkeyAuthentication yes
# Configure `AuthorizedKeysFile` to set default login public key
AuthorizedKeysFile .ssh/authorized_keys
# Configure `X11Forwarding` to make the SSH jumpserver
X11Forwarding yes

添加公钥文件到authorized_keys

安装 fail2ban,阻止扫描攻击

apt-get install fail2ban

考虑到我们完全使用公钥登录,所以自然不会失败,设置较为严厉的规则。

vim /etc/fail2ban/jail.d/defaults-debian.conf

# Sample configure file
[sshd]
enabled = true
maxretry = 1
bantime = 1h

安装acme.sh并自动更新证书

curl https://get.acme.sh | sh -s [email protected]

acme.sh --issue -d example.com --nginx --server letsencrypt

acme.sh --install-cert -d example.com \
--key-file       /somefolder/key.pem \
--fullchain-file /somefolder/cert.pem \
--reloadcmd     "service nginx force-reload"
It is my final heart.
最后更新于 2024-02-07