--- title: 阿里云香港轻量应用服务器使用记录 tags: [] id: '1997' categories: - - 运维 date: 2022-07-07 06:31:59 --- ## 第一步 添加SWAP * wget -O box.sh https://raw.githubusercontent.com/BlueSkyXN/SKY-BOX/main/box.sh && chmod +x box.sh && clear && sudo ./box.sh * 大小输入4096,设置4G大小的swap空间 ## 第二步 安装docker * sudo apt update * sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common * curl -fsSL https://download.docker.com/linux/ubuntu/gpg sudo apt-key add - * sudo add-apt-repository "deb \[arch=amd64\] https://download.docker.com/linux/ubuntu $(lsb\_release -cs) stable" * sudo apt update * sudo apt install docker-ce * sudo systemctl status docker * sudo curl -L "https://github.com/docker/compose/releases/download/v2.6.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose * sudo chmod +x /usr/local/bin/docker-compose * docker-compose --version ## 第三步 docker安装NPM面板 * mkdir ngpm && cd ngpm * nano docker-compose.yml * sudo docker-compose up -d ```yml version: '3' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' - '81:81' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt ``` * 控制台防火墙开放81端口 * 登录到 http://ip:81 * Email: admin@example.com * Password: changeme * sudo ip addr show docker0 * 反代 Nginx Proxy Manager * 示例:https://npm2.j11.fun/ * 控制台防火墙开关闭81端口 ## 第四步 启用rc.local ```ini [Unit] Description=/etc/rc.local Compatibility ConditionPathExists=/etc/rc.local [Service] Type=forking ExecStart=/etc/rc.local start TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes SysVStartPriority=99 ``` * sudo nano /etc/systemd/system/rc-local.service * sudo nano /etc/rc.local * sudo chmod +x /etc/rc.local * sudo systemctl enable rc-local * sudo systemctl start rc-local.service * sudo systemctl status rc-local.service * cat /tmp/added\_script.log ```sh #!/bin/sh -e ## rc.local #start script #end script echo "added sucessfully!" > /tmp/added_script.log exit 0 ``` ## 第五步 关闭阿里云盾 * 按此操作关闭云盾 [https://help.aliyun.com/document\_detail/31777.html](https://help.aliyun.com/document_detail/31777.html) * wget http://update.aegis.aliyun.com/download/uninstall.sh && chmod +x uninstall.sh &&./uninstall.sh * wget http://update.aegis.aliyun.com/download/quartz\_uninstall.sh && chmod +x quartz\_uninstall.sh && ./quartz\_uninstall.sh * sudo rm -r /usr/local/aegis * sudo systemctl disable aliyun.service * sudo rm /usr/sbin/aliyun-service * sudo rm /usr/sbin/aliyun-service.backup * sudo rm /usr/sbin/aliyun\_installer * sudo rm /etc/systemd/system/aliyun.service * sudo rm /lib/systemd/system/aliyun.service * rm uninstall.sh quartz\_uninstall.sh * ARCH=amd64 * /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} uninstall * /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} stop * /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} stop * /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} uninstall * rm -rf /usr/local/cloudmonitor * pkill aliyun-service * rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service * rm -rf /usr/local/aegis\* * ps -aux grep -E 'aliyunAliYunDun' ## 第六步 屏蔽**阿里云盾IP** ```sh #!/bin/bash /usr/sbin/iptables -F /usr/sbin/ip6tables -F /usr/sbin/iptables -I INPUT -s 140.205.201.0/28 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.201.16/29 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.201.32/28 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.192/29 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.200/30 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.184/29 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.183/32 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.206/32 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.205/32 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.195/32 -j DROP /usr/sbin/iptables -I INPUT -s 140.205.225.204/32 -j DROP /usr/sbin/iptables -A INPUT -i lo -j ACCEPT /usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT /usr/sbin/ip6tables -A INPUT -i lo -j ACCEPT /usr/sbin/ip6tables -A OUTPUT -o lo -j ACCEPT /usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /usr/sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /usr/sbin/ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /usr/sbin/iptables -A INPUT -p tcp ! --dport 22 -j DROP /usr/sbin/ip6tables -A INPUT -p tcp ! --dport 22 -j DROP /usr/sbin/iptables -I INPUT -s 172.16.0.0/12 -j ACCEPT /usr/sbin/iptables -I OUTPUT -s 172.16.0.0/12 -j ACCEPT /usr/sbin/iptables -I INPUT -p tcp -m multiport --dports 80,443,8024 -j ACCEPT /usr/sbin/iptables -I INPUT -p udp --dport 6000:6002 -j ACCEPT /usr/sbin/iptables -I INPUT -p tcp --dport 21000:22000 -j ACCEPT ``` * nano noyd.sh && chmod +x noyd.sh * 将 noyd.sh 添加到第四步的rc.local里执行 * reboot * iptables -L * ps -aux grep -E 'aliyunAliYunDun'