运维 on bloghttps://blog.waawo.space/categories/%E8%BF%90%E7%BB%B4/Recent content in 运维 on blogHugozh-cnMon, 30 Mar 2026 18:20:00 +0800VPS 初始化配置清单https://blog.waawo.space/posts/vps-init/Mon, 30 Mar 2026 18:20:00 +0800https://blog.waawo.space/posts/vps-init/<p>每次拿到新 VPS 都要做一遍同样的事,整理成清单备用。</p> <h2 id="1-更换-root-密码">1. 更换 root 密码</h2> <p>拿到机器第一件事:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>passwd </span></span></code></pre></div><h2 id="2-更新系统">2. 更新系统</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Debian/Ubuntu</span> </span></span><span style="display:flex;"><span>apt update <span style="color:#f92672">&amp;&amp;</span> apt upgrade -y </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安装常用工具</span> </span></span><span style="display:flex;"><span>apt install -y curl wget git vim htop ufw fail2ban </span></span></code></pre></div><h2 id="3-创建普通用户">3. 创建普通用户</h2> <p>不要直接用 root 操作:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>adduser waawo </span></span><span style="display:flex;"><span>usermod -aG sudo waawo </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 切换到新用户</span> </span></span><span style="display:flex;"><span>su - waawo </span></span></code></pre></div><h2 id="4-配置-ssh-密钥登录">4. 配置 SSH 密钥登录</h2> <p>在本机生成密钥(如果还没有的话):</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>ssh-keygen -t ed25519 -C <span style="color:#e6db74">&#34;your@email.com&#34;</span> </span></span></code></pre></div><p>把公钥上传到服务器:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>ssh-copy-id waawo@your-server-ip </span></span></code></pre></div><p>或者手动复制 <code>~/.ssh/id_ed25519.pub</code> 内容到服务器的 <code>~/.ssh/authorized_keys</code>。</p> <h2 id="5-禁用-ssh-密码登录">5. 禁用 SSH 密码登录</h2> <p>确认密钥登录正常后,再修改 <code>/etc/ssh/sshd_config</code>:</p>Nginx 配置笔记https://blog.waawo.space/posts/nginx-notes/Sun, 22 Feb 2026 21:00:00 +0800https://blog.waawo.space/posts/nginx-notes/<p>Nginx 配置写多了有些细节总记不住,统一整理在这里。</p> <h2 id="安装">安装</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Debian/Ubuntu</span> </span></span><span style="display:flex;"><span>sudo apt install nginx </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Arch Linux</span> </span></span><span style="display:flex;"><span>sudo pacman -S nginx </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 启动</span> </span></span><span style="display:flex;"><span>sudo systemctl enable --now nginx </span></span></code></pre></div><h2 id="配置文件结构">配置文件结构</h2> <pre tabindex="0"><code>/etc/nginx/ ├── nginx.conf # 主配置文件 ├── conf.d/ # 通常在这里放站点配置 └── sites-enabled/ # 部分发行版用这个目录 </code></pre><p><code>nginx.conf</code> 主体结构:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">worker_processes</span> <span style="color:#e6db74">auto</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">events</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">worker_connections</span> <span style="color:#ae81ff">1024</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">http</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">include</span> <span style="color:#e6db74">mime.types</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">default_type</span> <span style="color:#e6db74">application/octet-stream</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">sendfile</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">keepalive_timeout</span> <span style="color:#ae81ff">65</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">include</span> <span style="color:#e6db74">conf.d/*.conf</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h2 id="静态站点">静态站点</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">80</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">example.com</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">root</span> <span style="color:#e6db74">/var/www/html</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">index</span> <span style="color:#e6db74">index.html</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">try_files</span> $uri $uri/ =<span style="color:#ae81ff">404</span>; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h2 id="https-配置">HTTPS 配置</h2> <p>有了证书之后:</p>Docker 基础使用备忘https://blog.waawo.space/posts/docker-basics/Fri, 16 Jan 2026 20:30:00 +0800https://blog.waawo.space/posts/docker-basics/<p>Docker 命令总是记了忘忘了查,干脆整理一份备忘。</p> <h2 id="安装">安装</h2> <p>Arch Linux 上直接用 pacman:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo pacman -S docker docker-compose </span></span><span style="display:flex;"><span>sudo systemctl enable --now docker </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 把当前用户加入 docker 组,避免每次都 sudo</span> </span></span><span style="display:flex;"><span>sudo usermod -aG docker $USER </span></span><span style="display:flex;"><span><span style="color:#75715e"># 需要重新登录才生效</span> </span></span></code></pre></div><h2 id="镜像操作">镜像操作</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 搜索镜像</span> </span></span><span style="display:flex;"><span>docker search nginx </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 拉取镜像</span> </span></span><span style="display:flex;"><span>docker pull nginx </span></span><span style="display:flex;"><span>docker pull nginx:1.25 <span style="color:#75715e"># 指定版本</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 查看本地镜像</span> </span></span><span style="display:flex;"><span>docker images </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 删除镜像</span> </span></span><span style="display:flex;"><span>docker rmi nginx </span></span><span style="display:flex;"><span>docker rmi <span style="color:#66d9ef">$(</span>docker images -q<span style="color:#66d9ef">)</span> <span style="color:#75715e"># 删除所有镜像</span> </span></span></code></pre></div><h2 id="容器操作">容器操作</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 运行容器</span> </span></span><span style="display:flex;"><span>docker run nginx <span style="color:#75715e"># 前台运行</span> </span></span><span style="display:flex;"><span>docker run -d nginx <span style="color:#75715e"># 后台运行</span> </span></span><span style="display:flex;"><span>docker run -d -p 8080:80 nginx <span style="color:#75715e"># 映射端口</span> </span></span><span style="display:flex;"><span>docker run -d -p 8080:80 --name web nginx <span style="color:#75715e"># 命名容器</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 进入容器</span> </span></span><span style="display:flex;"><span>docker exec -it web bash </span></span><span style="display:flex;"><span>docker exec -it web sh <span style="color:#75715e"># 如果没有 bash</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 查看容器</span> </span></span><span style="display:flex;"><span>docker ps <span style="color:#75715e"># 运行中的容器</span> </span></span><span style="display:flex;"><span>docker ps -a <span style="color:#75715e"># 所有容器(含已停止)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 停止 / 启动 / 删除</span> </span></span><span style="display:flex;"><span>docker stop web </span></span><span style="display:flex;"><span>docker start web </span></span><span style="display:flex;"><span>docker rm web </span></span><span style="display:flex;"><span>docker rm -f web <span style="color:#75715e"># 强制删除(运行中也能删)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 查看日志</span> </span></span><span style="display:flex;"><span>docker logs web </span></span><span style="display:flex;"><span>docker logs web -f <span style="color:#75715e"># 实时跟踪</span> </span></span><span style="display:flex;"><span>docker logs web --tail <span style="color:#ae81ff">50</span> <span style="color:#75715e"># 最后 50 行</span> </span></span></code></pre></div><h2 id="数据卷">数据卷</h2> <p>容器删了数据就没了,用 volume 持久化:</p>