获取服务器与基础配置
- 学生账户
- “免费服务”创建"Ubuntu服务"。创建时打开所有默认端口
ssh链接后
sudo apt update
sudo apt install cockpit
sudo apt install cockpit-podman net-tools
- 网络打开入站规则,允许9090端口TCP
- 关闭网络服务22端口
阿里云的ddns
参照: https://developer.aliyun.com/article/1328033
其中RAM用户最少需要以下权限: AliyunDNSFullAccess 、 AliyunDomainReadonlyAccess
附:当前配置信息
[aliyun]
# 阿里云的AccessKeyId
accessKeyId=AccessKeyId
# 阿里云的AccessKeySecret
accessKeySecret=AccessKeySecret
# 域名的Endpoint,详情:https://api.aliyun.com/product/Domain
# 地点 服务地址
# 华东1(杭州) domain.aliyuncs.com
# 新加坡 domain-intl.aliyuncs.com
domainEndpoint=domain.aliyuncs.com
# dns的Endpoint,详情:https://api.aliyun.com/product/Alidns
# 亚太地区
# 地点 服务地址
# 华北1(青岛) dns.aliyuncs.com
# 华北2(北京) alidns.cn-beijing.aliyuncs.com
# 华北3(张家口) alidns.cn-zhangjiakou.aliyuncs.com
# 华北5(呼和浩特) alidns.cn-huhehaote.aliyuncs.com
# 华北6(乌兰察布) dns.aliyuncs.com
# 华东1(杭州) alidns.cn-hangzhou.aliyuncs.com
# 华东2(上海) alidns.cn-shanghai.aliyuncs.com
# 华南1(深圳) alidns.cn-shenzhen.aliyuncs.com
# 西南1(成都) alidns.cn-chengdu.aliyuncs.com
# 中国(香港) alidns.cn-hongkong.aliyuncs.com
# 日本(东京) alidns.ap-northeast-1.aliyuncs.com
# 新加坡 alidns.ap-southeast-1.aliyuncs.com
# 澳大利亚(悉尼) alidns.ap-southeast-2.aliyuncs.com
# 马来西亚(吉隆坡) alidns.ap-southeast-3.aliyuncs.com
# 印度尼西亚(雅加达) alidns.ap-southeast-5.aliyuncs.com
# 欧洲与美洲
# 美国(弗吉尼亚) alidns.us-east-1.aliyuncs.com
# 美国(硅谷) alidns.us-west-1.aliyuncs.com
# 英国(伦敦) alidns.eu-west-1.aliyuncs.com
# 德国(法兰克福) alidns.eu-central-1.aliyuncs.com
# 中东与印度
# 印度(孟买) alidns.ap-south-1.aliyuncs.com
# 阿联酋(迪拜) alidns.me-east-1.aliyuncs.com
# 行业云
# 华东1 金融云 alidns.cn-hangzhou-finance.aliyuncs.com
# 华东2 金融云 alidns.cn-shanghai-finance-1.aliyuncs.com
# 华南1 金融云 alidns.cn-shenzhen-finance-1.aliyuncs.com
# 华北2 金融云(邀测) dns.aliyuncs.com
dnsEndpoint=alidns.cn-shenzhen.aliyuncs.com
[domain]
# 域名列表,多个用逗号隔开
domainList=*.meix.top
# 解析类型,只能填写 ipv4 和 ipv6 (注意全部小写且不能为大写)
dnsType=ipv4
[time]
# 执行类型,可选值:single 和 repetition ,single:只执行一次,需要配合系统的定时任务执行。repetition重复执行,需要配合durationMinute配置项执行
type=single
# 时隔多久同步一次域名解析,单位为分钟
durationMinute=10
附2:自启脚本
#!/bin/bash
# 检查是否以 sudo 权限运行
if [ "$EUID" -ne 0 ]; then
echo "请使用 sudo 权限运行此脚本。"
exit 1
fi
# 获取脚本自身实际目录
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
# 安装至指定目录 /usr/local
cp -r $SCRIPT_DIR /usr/local
# 创建变量值并赋予执行权限
SERVICE_PATH="/usr/local/ddns"
SERVICE_FILE_EXE="greateme_ddns"
SERVICE_FILE_CONF="conf/config.ini"
chmod +x $SERVICE_PATH/$SERVICE_FILE_EXE
# 创建 systemd 服务单元文件
SERVICE_FILE="/etc/systemd/system/ddns_aliyun.service"
echo "[Unit]" > $SERVICE_FILE
echo "Description=Greateme DDNS Service" >> $SERVICE_FILE
echo "After=network.target" >> $SERVICE_FILE
echo "" >> $SERVICE_FILE
echo "[Service]" >> $SERVICE_FILE
echo "ExecStart=$SERVICE_PATH/$SERVICE_FILE_EXE $SERVICE_PATH/$SERVICE_FILE_CONF" >> $SERVICE_FILE
echo "Restart=on-failure" >> $SERVICE_FILE
echo "RestartSec=5" >> $SERVICE_FILE
echo "" >> $SERVICE_FILE
echo "[Install]" >> $SERVICE_FILE
echo "WantedBy=multi-user.target" >> $SERVICE_FILE
# 重新加载 systemd 配置
systemctl daemon-reload
# 启用并启动服务
systemctl enable ddns_aliyun.service
systemctl start ddns_aliyun.service
# 检查服务状态
systemctl status ddns_aliyun.service
M365配置
链接m365开发计划的域邮箱服务器
1、管理员登陆后台,找到添加域名
2、向域名DNS中,添加指定解析记录
3、添加邮箱服务,向域名DNS中,添加指定解析记录
4、已有用户更新主邮箱别名
https 与 反向代理
- 安装 acme
sudo apt-get update
sudo apt-get install socat
curl https://get.acme.sh | sh -s [email protected]
- 配置环境变量,阿里云的AccessKeySecret,同上
export Ali_Key="AccessKeySecret_Ali_Key"
export Ali_Secret="AccessKeySecret_Ali_Secret"
- acme 生成证书:
bash .acme.sh/acme.sh --issue --dns dns_ali -d meix.top -d *.meix.top --standalone
# 证书生成在:
[Sat Aug 10 11:08:35 UTC 2024] Your cert is in: /home/.acme.sh/meix.top_ecc/meix.top.cer
[Sat Aug 10 11:08:35 UTC 2024] Your cert key is in: /home/.acme.sh/meix.top_ecc/meix.top.key
[Sat Aug 10 11:08:35 UTC 2024] The intermediate CA cert is in: /home/.acme.sh/meix.top_ecc/ca.cer
[Sat Aug 10 11:08:35 UTC 2024] And the full-chain cert is in: /home/.acme.sh/meix.top_ecc/fullchain.cer
- 安装配置nginx
sudo apt install nginx
vim /etc/nginx/nginx.conf
# 重新加载 nginx
nginx -t && nginx -s reload
附录1 :配置,cockpit需要参照:https://cockpit-project.org/external/wiki/Proxying-Cockpit-over-NGINX
vim /etc/cockpit/cockpit.conf
[WebService]
Origins = https://cockpit.meix.top wss://cockpit.meix.top
ProtocolHeader = X-Forwarded-Proto
systemctl restart cockpit
附录2 :当前nginx配置
events {}
http {
ssl_certificate /home/.acme.sh/meix.top_ecc/fullchain.cer;
ssl_certificate_key /home/.acme.sh/meix.top_ecc/meix.top.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server {
listen 80;
server_name meix.top;
# Redirect HTTP to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen 443 ssl;
server_name test.meix.top;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://127.0.0.1:9090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}
}
安全
关闭除80、443之外的其他所有端口
标签:aliyuncs,SERVICE,top,配置,FILE,alidns,Azure,服务器,com From: https://www.cnblogs.com/qq2220545672/p/18353340