Setup vpn

1. ssh 登录服务器

1. vscode 打开 本地ssh 配置文件

code ~/.ssh

2. 编辑配置文件 ~/.ssh/config

Host xxx	
	HostName x.x.x.x
	User root

3. ssh pubkey login

ssh-copy-id xxx

4. login

# ssh User
# ssh 命令行登录
ssh xxx
# 或者vscode  Remote Development

2. 安装 Oh-my-zsh

# yum install zsh 
# apt-get install zsh
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

配置 zsh

cd ~
vim .zshrc  # open config file 
# change zsh_theme
# ZSH_THEME="agnoster"
source .zshrc # save and reload 

Refer

• zsh plugin config

3.配置vim

vim 配置文件位置 /etc/vim/vimrc ~/.vimrc

vim ~/.vimrc

配置

set nocompatible
set number
syntax on
set showmode
set showcmd
set encoding=utf-8
set t_Co=256
set autoindent
set cursorline
"set cursorcolumn
set laststatus=2
set ruler
set showmatch
set spell spelllang=en_us
set nobackup
set noswapfile

Refer

• 阮一峰 vim入门

4. IPsec

1. 安装vpn 服务

wget https://git.io/vpnsetup -O vpn.sh && sudo sh vpn.sh

2. 安装 IKEv2

# 升级Libreswan

wget https://git.io/vpnupgrade -O vpnup.sh && sudo sh vpnup.sh
wget https://git.io/ikev2setup -O ~/ikev2.sh 
sudo bash ~/ikev2.sh --auto
#  安装 IKE v2
sudo ikev2.sh

3. 配置，修改，查看账号

sudo ikev2.sh

sudo ikev2.sh --listclients     # 列出证书
sudo ikev2.sh --addclient xxx       # 添加证书
sudo ikev2.sh --exportclient xxx      #  导出证书
sudo ikev2.sh --revokeclient xxx      # 吊销证书

service ipsec restart  # 重启
ipsec status  # 检查 IPsec VPN 服务器状态：
ipsec trafficstatus #  查看当前已建立的 VPN 连接：

5. 客户端配置

1. 下载配置文件到本地

cd ~
scp xx:/xxx/file file

2. vscode 右键 download 【推荐】

Refer:

• 配置 IKEv2 VPN 客户端

6.服务器安全

1. 开启防火墙

ubuntu

sudo apt-get install ufw
sudo ufw enable
sudo ufw default deny
sudo ufw allow 22/tcp # 22 tcp 
sudo ufw allow 53  # 允许外部访问53端口(tcp/udp)
sudo ufw status
sudo ufw allow from x.x.x.x # 允许此IP访问所有的本机端口
sudo ufw delete allow 53

centos

systemctl status firewalld # status
systemctl enable firewalld #  open firewall when boot
systemctl start firewalld  # open 
systemctl stop firewalld
firewall-cmd --state
firewall-cmd --list-all 
firewall-cmd --list-ports # list ports 
firewall-cmd --add-port=2888/tcp --permanent    # add port 
firewall-cmd --add-port=65001-65010/tcp --permanent # range 
firewall-cmd --remove-port=2888/tcp --permanent   
sudo firewall-cmd --reload  # reload to works 

2. 创建账户

ubuntu

sudo adduser xxx

cat /etc/passwd   # 查看对应的账户，权限

3. 关闭ssh 密码登录，防止ssh 爆破

编辑ssh配置文件 /etc/ssh/sshd_config

MaxAuthTries 3
MaxSessions 3
PasswordAuthentication no
PermitEmptyPasswords no

重启 ssh 服务 systemctl restart sshd

7. 安装nginx

如果选择安装 宝塔面板，则可以跳过该步骤，宝塔面板提供了nginx 安装配置

ubuntu

1. 安装 nginx

sudo apt update
sudo apt install nginx
sudo systemctl status nginx # 查看nginx 启动了没
sudo ufw allow 'Nginx Full'  # 防火墙 开启端口

sudo ufw status 查看开放端口

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6) 

2. 配置nginx

Nginx 配置目录 /etc/nginx/

Test configuration nginx -t

重启nginx nginx -s reload

3. 配置域名解析

4. 卸载nginx

ubuntu

systemctl stop nginx  # stop 
systemctl status nginx 
apt-get --purge remove nginx # remove 
apt-get autoremove # auto remove useless 
dpkg --get-selections|grep nginx  # check nginx related lib 
# libnginx-mod-http-image-filter			deinstall
# libnginx-mod-http-xslt-filter			deinstall
# libnginx-mod-mail				deinstall
# libnginx-mod-stream				deinstall
# nginx-common					deinstall
apt-get --purge remove libnginx-mod-http-image-filter nginx-common libnginx-mod-stream	libnginx-mod-mail	

8. CD

Github Actions 实现 CI CD 自动打包发布到服务器；

项目目录下创建 .github/workflows/publish.yml文件

自动部署 静态资源文件 actions

# This is a basic workflow to help you get started with Actions
name: publish doc to server

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    # [ master ]
    branches:
      - master
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  publish-doc:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
      - name: Checkout branch
        uses: actions/checkout@v2
        with:
          ref: master
      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
      # - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - name: List files in the repository
        run: |
          ls ${{ github.workspace }}
      - run: echo "🍏 This job's status is ${{ job.status }}."
      # prepare env
      - name: Prepare env
        run: |
          source ~/.bashrc
          node -v
          curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
          export NVM_DIR="$HOME/.nvm"
          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
          nvm install
          nvm use
          node -v
          npm config list
      # Runs a single command using the runners shell
      - name: Install and build
        run: |
          npm ci
          npm run build
          echo "Npm run build success"
      # Runs a set of commands using the runners shell
      - name: Deploy
        uses: easingthemes/ssh-deploy@main
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SERVER_SSH_KEY }}
          ARGS: '-rltgoDzvO --delete'
          SOURCE: 'docs/.vuepress/dist/'
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          TARGET: ${{ secrets.REMOTE_TARGET }}
          # EXCLUDE: '/dist/, /node_modules/'

Refer:

• easingthemes/ssh-deploy

9. nvm 安装node

1. 安装 nvm

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
cd ~ && source .zshrc
# 没生效的情况下 把一下加到 ~/.zshrc ~/.bashrc 文件末尾
# export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
# [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
nvm -v

1. 安装node版本

nvm use  #  use .nvmrc 配置文件 
nvm install  # install .nvmrc 文件下的版本
nvm ls-remote       #   查看版本
nvm install --lts   #   Install the latest LTS version
nvm use --lts      # use xx node
nvm current > .nvmrc  #  default nvm config node version

其他项目里面增加.nvmrc配置文件

3. 安装 pm2

npm i pm2 -g
pm2 start app/index.js 
pm2 list
pm2 stop xxx
pm2 restart xxx
pm2 delete  xxx
pm2 logs
pm2 logs --format
pm2 logs --json
pm2 flush 
pm2 reload app.js # 热重载 

Refer:

• nvm-sh
• pm2

10. 宝塔面板

安装前查看 最新面板安装脚本

wget -O install.sh http://download.bt.cn/install/install-ubuntu_6.0.sh && sudo bash install.sh

配置防火墙：

ubuntu

bt # check bt pannel

ufw status
ufw delete allow 8888/tcp
vim /etc/ssh/sshd_config  # 编辑sshd 禁用密码登录
systemctl restart sshd

Refer:

• 宝塔Linux面板7.7.0版本
• 宝塔使用手册