服务器配置记录

Supervisord部署

作用：方便管理各种程序的方案

官方文档 https://supervisord.org/installing.html

有多种安装方式，考虑到环境是Ubuntu的，自己选择的安装方式如下：

sudo apt update -y
sudo apt install supervisor -y

选择这个就可以方便的用sudo systemctl enable supervisor.service等命令操作了。

搭配echo_supervisord_conf输出的示例配置文件，修改一些适合自己的配置如下：

/etc/supervisor/supervisord.conf

...
[inet_http_server]         ; inet (TCP) server disabled by default
port=127.0.0.1:9001        ; ip_address:port specifier, *:port for all iface
;username=user              ; default is no username (open server)
;password=123               

[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
logfile_maxbytes=50MB        ; max main logfile bytes b4 rotation; default 50MB
logfile_backups=10           ; # of main logfile backups; 0 means none, default 10
...

测试用的脚本
/etc/supervisor/check.conf

[program:check]
command=/home/root/check.sh              ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=999                  ; the relative start priority (default 999)
;autostart=true                ; start at supervisord start (default: true)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
autorestart=true        ; when to restart if exited after running (def: unexpected)
exitcodes=0                   ; 'expected' exit codes used with autorestart (default 0)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; setuid to this UNIX account to run the program
redirect_stderr=true          ; redirect proc stderr to stdout (default false)
# stdout_logfile=/var/log/supervisor/%(program_name)s.log        ; stdout log path, NONE for none; default AUTO
stdout_logfile=AUTO        ; stdout log path, NONE for none; default AUTO
stdout_logfile_maxbytes=10MB   ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=10     ; # of stdout logfile backups (0 means none, default 10)
;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stdout_syslog=false           ; send stdout to syslog with process name (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (0 means none, default 10)
;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;stderr_syslog=false           ; send stderr to syslog with process name (default false)
;environment=A="1",B="2"       ; process environment additions (def no adds)
;serverurl=AUTO                ; override serverurl computation (childutils)

/home/root/check.sh

#!/bin/bash

# 设置循环间隔（秒）
INTERVAL=1  # 每隔1秒打印一次时间

while true; do
    # 获取并打印当前时间
    echo "Current date and time: $(date)"

    # 等待一段时间再进行下一次迭代
    sleep $INTERVAL
done

如此即完成了配置

启动服务和配置开机自启

sudo systemctl start supervisor
sudo systemctl enable supervisor

fail2ban部署

作用：基于日志分析和IP拦截的流量屏蔽工具。拦截IP，比如拦截ssh爆破攻击，http路径遍历攻击等。

仓库地址 https://github.com/fail2ban/fail2ban
官网 www.fail2ban.org

sudo apt update -y
sudo apt install fail2ban -y
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

自定义规则位置：/etc/fail2ban/jail.d/jail.local
自定义过滤器位置：/etc/fail2ban/filter.d
自定义动作位置：/etc/fail2ban/action.d

docker部署

# 因为本来就没装docker所以不需要预先卸载
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg lsb-release

#添加 Docker 官方 GPG key （可能国内现在访问会存在问题）
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

#添加 apt 源:
#Docker官方源
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update

#安装最新版本的Docker
sudo apt install -y docker-ce docker-ce-cli containerd.io

#查看Docker版本
sudo docker version

#查看Docker运行状态
sudo systemctl status docker