Ubuntu系统部署后优化-网络配置
Ubuntu系统配置调整
前期准备
#更改主机名,重启后不变
hostnamectl set-hostname Zabbix-Server01
#更改主机名,重启后变回从前
hostname Zabbix-Server01
#手动主机重命名(改名之后需要重启)
vim /etc/hostname
#再把/etc/hosts下127.0.0.1的名称改成hostname的名称(此步骤其实不用操作,重启后即可根据hostname变化)
vim /etc/hosts最小化安装后,root没有密码,基础组件没有
#首先应该设置root密码
sudo passwd root
#安装vim
sudo apt-get install vim
#查看磁盘空间
df -h
fdisk -l
#查看端口号
ss -tulpn | grep 8080
#查看端口号2
netstat -tulpn | grep 8080
#查看进程号
ps -ef | grep mysql
1、修改ip地址
关于NetworkManager停用并启用systemd-networkd的方法:相关阅读
#首先,运行以下命令以禁用NetworkManager
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager
sudo systemctl mask NetworkManager
#接下来,启动并启用systemd-networkd:
sudo systemctl unmask systemd-networkd.service
sudo systemctl enable systemd-networkd.service
sudo systemctl start systemd-networkd.service遇到问题的时候,需要使用systemctl mask来禁用服务:相关阅读
修改IP的配置文件
sudo vim /etc/netplan/00-installer-config.yam我们第一次打开时看到的是这样的:
#This is the network config written by 'subiquity'
network:
ethernets:
ens33:
dhcp4: true
version: 2然后按i输入以下内容。设置为静态IP,以及IP地址,dns,网关
network:
version: 2
ethernets:
ens33:
dhcp4: no
addresses: [10.0.0.2/24]
gateway4: 10.0.0.1
nameservers:
addresses: [123.150.150.150,219.150.32.132]如果你遇到高版本的systemd-networkd服务,还会遇到如下报错:
“gateway4 has been deprecated, use default routes instead. See the 'Default routes' section of the documentation for more details.”
翻译:“gateway4”已经被弃用,请改用默认路由。有关详细信息,请参阅文档的“默认路由”部分。
这时,你就要用routes语法了,如下:
# This is the network config written by 'subiquity'
network:
ethernets:
ens160:
dhcp4: no
addresses: [10.10.8.201/24]
routes:
- to: 0.0.0.0/0
via: 10.10.8.254
nameservers:
addresses: [123.150.150.150,219.150.32.132]
version: 20.0.0.0/0还可以替换成default写法也是正确的。以下配置是Ubuntu 24.04.1 LTS的官方语法文档写法。
network:
ethernets:
ens160:
addresses:
- 10.107.171.6/24
nameservers:
addresses:
- 123.150.150.150
search: []
routes:
- to: default
via: 10.107.171.254
version: 2还可以编写多个网卡例如:配置eno1和eno2
如果你有两块网卡(例如eno1和eno2),并且希望在这两个网口中设置不同的静态IP地址,并且各自拥有默认路由,您需要在Netplan配置中分别为它们配置静态地址和路由。不过,通常一个系统只会有一个默认路由以避免路由冲突。如果您确实需要两块网卡都有出站流量的能力,可以为每块网卡配置特定的路由,但只有一个会被视为默认路由。这里,我将展示如何为两块网卡配置静态IP,并为其中一个网口设置默认路由,另一个网卡只能添加特定的路由规则(非默认路由,网络里叫做明细路由)。
假设让eno1处理常规互联网流量(默认路由),而eno2用于特定网络或备份路径,可以这样配置:
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
addresses: [10.10.8.10/24]
gateway4: 10.10.8.1 # 设置eno1为默认路由
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
eno2:
dhcp4: no
addresses: [192.168.1.10/24]
routes:
- to: 192.168.2.0/24 # 为eno2添加特定网络路由
via: 192.168.1.1 # 假设这是通往特定网络的下一跳
nameservers:
addresses: [8.8.8.8, 8.8.4.4]在这个配置中,eno1配置了默认路由,处理所有未指定的出站流量。而eno2则配置了一个特定的路由规则,用于到达192.168.2.0/24这个网络。请注意,除非有特殊需求,否则通常只设置一个默认路由以避免路由混乱。
如果你需要配置多个明细路由,你需要这样写
eno2:
dhcp4: no
addresses: [192.168.1.10/24]
routes:
- to: 192.168.2.0/24 # 第一条路由规则
via: 192.168.1.1 # 对应第一条路由的目的网络下一跳地址
- to: 192.168.3.0/24 # 第二条路由规则
via: 192.168.1.1 # 对应第二条路由的目的网络下一跳地址
nameservers:
addresses: [8.8.8.8, 8.8.4.4]网卡修改成功后,应用网络配置
sudo netplan apply
systemctl restart systemd-networkd.service
你还可以systemd-resolved 来管理 DNS 设置,这样可以不在网卡中配置DNS
不过前提是运行并设置自动启动
systemctl start systemd-resolved
systemctl enable systemd-resolved单独修改 systemd-resolved 配置文件
vim /etc/systemd/resolved.conf找到 [Resolve] 部分添加或修改以下行:
[Resolve]
DNS=8.8.8.8 8.8.4.4cat /etc/systemd/resolved.conf | grep ^DNS
DNS=8.8.8.8 8.8.4.4重启 systemd-resolved 服务以应用更改
systemctl restart systemd-resolved
2、修改时区
# 1. 用timedatectl命令查看当前时区状态(确认当前为 UTC)
timedatectl
Local time: Tue 2025-02-18 03:05:52 UTC
Universal time: Tue 2025-02-18 03:05:52 UTC
RTC time: Tue 2025-02-18 03:05:52
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
# 2. 列出可用时区(过滤中国时区)
timedatectl list-timezones | grep -i Asia/Shanghai
# 3. 设置中国时区
sudo timedatectl set-timezone Asia/Shanghai
# 4. 验证结果
date -R
# 正确输出应显示:Tue, 18 Feb 2025 11:02:00 +08003、配置ssh登录
#安装ssh服务器
sudo apt install openssh-server
#修改ssh的配置文件
vim /etc/ssh/sshd_config
把这个
#PermitRootLogin prohibit-password
修改成
PermitRootLogin yes
重启ssh
systemctl restart ssh.service4、更换阿里源以 Ubuntu 22.04版本为例
Ubuntu官方提供的其他全球各地镜像加速源地址如下:镜像 : Ubuntu
备份配置文件后,直接编辑vim /etc/apt/sources.list,
cp /etc/apt/sources.list{,.bak}
vim /etc/apt/sources.list把内容替换如下:
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb https://mirrors.aliyun.com/ubuntu/ jammy universe
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy universe
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates universe
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb https://mirrors.aliyun.com/ubuntu/ jammy multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted
deb http://security.ubuntu.com/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security universe
deb http://security.ubuntu.com/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security multiverse配置完成后,wq保存、执行更新,更新后重启
sudo apt update && sudo apt upgrade -y
rebootUbuntu 24.04 版本更换新了管理模式,新的源文件路径也被移动到了/etc/apt/sources.list.d/ubuntu.sources
你可以按照如下内容配置该文件
Types: deb deb-src
URIs: https://mirrors.aliyun.com/ubuntu/
Suites: noble noble-security noble-updates noble-proposed noble-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg你可能会遇到证书问题,更新根证书库命令
sudo apt update --allow-insecure-repositories
sudo apt install --reinstall ca-certificates
sudo update-ca-certificates --fresh4、系统优化
#安装 lrzsz
apt install -y lrzsz
#从服务器下载 hello-world.tar 文件到本地,可以使用 sz 命令(需要安装 lrzsz)
sz hello-world.tar
#上传本地 hello-world.tar 文件到另一台服务器,可以使用 rz 命令(需要安装 lrzsz)
rz
#修改文件描述符和进程数
sudo sed -i '/^# End of file/,$d' /etc/security/limits.conf
sudo sh -c "cat >> /etc/security/limits.conf <<EOF
# End of file
root - nproc 512000
* - nproc 512000
root - nofile 512000
* - nofile 512000
EOF"
#软件源替换成阿里云的写法
sudo sed -i.bak 's/http:\/\/.*.ubuntu.com/http:\/\/mirrors.aliyun.com/g' /etc/apt/sources.list
#更新
sudo apt update && sudo apt upgrade -y
#重启
reboot5、切换中文提示:
# 安装中文语言支持包
sudo apt install -y language-pack-zh-hans language-pack-zh-hans-base fonts-noto-cjk manpages-zh
# 生成中文locale配置
sudo locale-gen zh_CN.UTF-8
# 设置默认语言(选择zh_CN.UTF-8)
sudo update-locale LANG=zh_CN.UTF-8 LANGUAGE=zh_CN:zh
# 查看当前语言环境
locale
# 应显示类似:
LANG=zh_CN.UTF-8
LANGUAGE=zh_CN:zh
# 立即生效(当前会话):
export LANG=zh_CN.UTF-8
# 永久生效(所有用户)
echo "LANG=zh_CN.UTF-8" | sudo tee /etc/default/locale
