# 可选部分
bbr 加速
| wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh |
添加虚拟内存(交换)
| wget https://www.moerats.com/usr/shell/swap.sh && bash swap.sh |
安装 warp
| wget -N https://gitlab.com/fscarmen/warp/-/raw/main/menu.sh && bash menu.sh d |
安装 docker
| curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun |
| 或 |
| curl -fsSL https://get.docker.com | sh |
| |
| apt install docker-compose |
# 安装
开启防火墙
| iptables -P INPUT ACCEPT |
| iptables -P FORWARD ACCEPT |
| iptables -P OUTPUT ACCEPT |
| iptables -F |
安装 alist
| apt-get update |
| mkdir alist |
| cd alist |
| wget https://github.com/alist-org/alist/releases/download/v3.25.1/alist-linux-musl-amd64.tar.gz |
| tar -zxvf alist-linux-musl-amd64.tar.gz |
| ./alist server |
# 修改 config.json
# 添加守护进程
在 /etc/systemd/system/ 下
新建 alist.service
| [Unit] |
| Description=alist |
| After=network.target |
| |
| [Service] |
| Type=simple |
| WorkingDirectory=/root/alist |
| ExecStart=/root/alist/alist server |
| Restart=on-failure |
| |
| [Install] |
| WantedBy=multi-user.target |
设置开机自启动该服务:
| systemctl enable alist.service |
启动
# 配置 nginx
# 申请证书部分
| 安装acme: |
| curl https://get.acme.sh | sh |
| |
| 安装socat: |
| apt install socat |
| |
| 添加软链接: |
| ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh |
| |
| 切换CA机构: |
| acme.sh --set-default-ca --server letsencrypt |
| |
| 申请证书: |
| acme.sh --issue -d lib.skuo.cf --standalone -k ec-256 |
| |
| 安装证书: |
| acme.sh --installcert -d lib.skuo.cf --ecc --key-file /root/alist/shu/server.key --fullchain-file /root/alist/shu/server.crt |
# 安装 nginx
在 etc/nginx/nginx.conf 添加,在 http 里面添加:
| server { |
| listen 80; |
| listen 443 ssl http2; |
| server_name dddd.com; |
| |
| |
| if ($server_port !~ 443){ |
| rewrite ^(/.*)$ https://$host$1 permanent; |
| } |
| |
| |
| ssl_certificate /root/alist/shu/server.crt; |
| ssl_certificate_key /root/alist/shu/server.key; |
| ssl_session_timeout 1d; |
| ssl_session_cache shared:MozSSL:10m; |
| ssl_session_tickets off; |
| |
| ssl_protocols TLSv1.2 TLSv1.3; |
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; |
| ssl_prefer_server_ciphers off; |
| |
| location / { |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| proxy_set_header X-Forwarded-Proto $scheme; |
| |
| proxy_set_header X-Forwarded-Host $http_host; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_set_header Range $http_range; |
| proxy_set_header If-Range $http_if_range; |
| proxy_redirect off; |
| proxy_pass http://127.0.0.1:5244; |
| |
| client_max_body_size 20000m; |
| } |
| |
| |
| location /xuirack { |
| proxy_redirect off; |
| proxy_pass http://127.0.0.1:1928; |
| proxy_http_version 1.1; |
| proxy_set_header Upgrade $http_upgrade; |
| proxy_set_header Connection upgrade; |
| proxy_set_header Host $http_host; |
| } |
| |
| |
| location /1927xui { |
| proxy_redirect off; |
| proxy_pass http://127.0.0.1:1929; |
| proxy_http_version 1.1; |
| proxy_set_header Host $host; |
| } |
| } |
重载 nginx 配置
| systemctl reload nginx.service |
# 也可以不用安装 nginx
