Skip to content

Commit

Permalink
site backup
Browse files Browse the repository at this point in the history
  • Loading branch information
@iwyang
iwyang committed Apr 4, 2024
1 parent 70667a5 commit 4ec3f98
Showing 1 changed file with 346 additions and 5 deletions.
351 changes: 346 additions & 5 deletions source/_posts/Debian使用备忘.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ apt remove vim -y
## Debian安装vsftpd

{% note warning no-icon %}
传输大文件慢,可以用transmission下载完后,配合nginx开启目录浏览,配置好SSL使用;也可以用[terminal](https://www.terminal.icu/)(ssh工具)上传下载文件,finashell也行。
传输大文件慢,可以用transmission下载完后,配合nginx开启目录浏览,配置好SSL使用;也可以用[terminal](https://www.terminal.icu/)(ssh工具)上传~~下载~~文件,finashell也行。
{% endnote %}

0.开启21端口:
Expand Down Expand Up @@ -305,7 +305,13 @@ apt autoremove

查看 /etc/postfix是否已经删除掉

## 安装Transmission
## ~~安装Transmission~~

```
{% note primary no-icon %}
速度不及下面的qbittorrent
{% endnote %}
```

1.安装

Expand Down Expand Up @@ -366,8 +372,6 @@ wget https://github.com/ronggang/transmission-web-control/raw/master/release/ins
bash install-tr-control-cn.sh
```

## 配置nginx以及SSL

### 安装nginx

```bash
Expand Down Expand Up @@ -415,7 +419,7 @@ server {
}
```

### debian11配置证书
### debian11配置SSL证书

#### 安装 Certbot

Expand Down Expand Up @@ -499,9 +503,345 @@ crontab -e
openssl x509 -noout -dates -in /etc/letsencrypt/live/example.com/cert.pem
```

## 安装`qbittorrent-nox`

```yaml
apt update
apt install qbittorrent-nox -y
```

### 配置qbittorrent-nox进程守护

**1.** 添加专属的`qbittorrent-nox`用户组

```yaml
adduser --system --group qbittorrent-nox # Debian 11及旧版本
adduser --home /home/qbittorrent-nox --system --group qbittorrent-nox # Debian 12新版本
```

**2.** 将当前用户添加进`qbittorrent-nox`用户组中,注意: "your-username"是你当前用户的名字,比如root账户就是root,ubuntu账户就是ubuntu,可以通过命令`whoami`获取。

```yaml
adduser your-username qbittorrent-nox
```

**3.** 新建systemd文件,如下所示:

```bash
vi /etc/systemd/system/qbittorrent-nox.service
```

```bash
[Unit]
Description=qBittorrent Command Line Client
After=network.target
[Service]
Type=forking
User=qbittorrent-nox
Group=qbittorrent-nox
UMask=007
ExecStart=/usr/bin/qbittorrent-nox -d --webui-port=8080
Restart=on-failure
[Install]
WantedBy=multi-user.target
```

**4.** 启用进程守护,直接执行以下命令就行了,最后一条命令执行完,出现`active`关键字就说明一切都如预期的那样跑起来了。

```
systemctl daemon-reload
systemctl start qbittorrent-nox
systemctl enable qbittorrent-nox
systemctl status qbittorrent-nox
```

至此,在浏览器中输入服务器的IP和qbittorrent-nox的端口就可以进入了,例如[http://1.1.1.1:8080](http://1.1.1.1:8080/),这里的1.1.1.1是服务器的IP,8080是刚才进程守护文件中写入的端口。用户名是admin,用户密码:adminadmin。
强烈建议进去之后,立马修改用户名和用户密码!!!具体位置在`tool>options>webui`这里,还可以修改成中文。

### 修改下载目录

1.设置选项里修改下载目录为:`/home/admin/`

2.修改权限:

```
sudo chmod 755 /home/admin
sudo chown -R qbittorrent-nox: /home/admin
```

3.重启qbittorrent-nox

```
systemctl daemon-reload
```

### Nginx反代qbittorrent-nox的Web-GUI

#### 修改监听地址

http+非标端口,总让人强迫症犯了,所以搞了个SSL和Nginx反代,让qbittorrent-nox的Web-GUI看起来舒服一些。
首先,在`tool>options>webui`中,将监听的IP地址从`*`改成`127.0.0.1`,然后执行重启命令`systemctl restart qbittorrent-nox`以生效。这样只有服务器本地才能访问,其他都不行(网页打不开,待后面配置好域名才能访问)

#### 安装 nginx

```yaml
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
```

#### 配置 nginx

```
vi /etc/nginx/conf.d/default.conf
```

**原文件如下:**

```yaml
server {
listen 80;
server_name localhost;

#access_log /var/log/nginx/host.access.log main;

location / {
root /usr/share/nginx/html;
index index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
```

修改配置文件,将`server_name _;`中的`_`改成域名,在`location /`中注释掉`try_files $uri $uri/ =404;`(debian11上没有这一行,不用注释),并将以下内容写入`location /字段`

```yaml
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
http2_push_preload on;
```

##### 配置 Nginx http 80 端口

为了使下面申请证书时能访问 [http://bore.vip/.well-known/acme-challenge/… 这个链接,首先配置好](http://bore.vip/.well-known/acme-challenge/…这个链接,首先配置好)

Nginx 80 端口,保证上述网址能顺利访问,从而顺利申请证书。所以在 nginx 配置的 server 节点下添加:

```
location ~ /.well-known {
allow all;
}
```

最终修改为:

```yaml
server {
listen 80;
server_name qt.bore.vip;

#access_log /var/log/nginx/host.access.log main;

location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
http2_push_preload on;
}

location ~ /.well-known {
allow all;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
```

测试配置是否有问题:

```
nginx -t
```

重启 Nginx 生效:

```
systemctl restart nginx
```

#### debian11 配置SSL证书

实际上,我还添加了SSL(需要先注释掉server中的`listen 80 default_server;``listen [::]:80 default_server;`两行
)。整体示例如下,就不细说了,可以对照着自己配置文件修改。如果不熟悉的,强烈建议使用`Let's Encrypt`等一键SSL/TLS程序添加SSL功能。

##### 安装 Certbot

```
sudo apt-get install letsencrypt -y
```

##### 使用 webroot 自动生成证书

```
certbot certonly --webroot -w /usr/share/nginx/html -d example.com -m [email protected] --agree-tos
```

##### 编辑 `Nginx`

```
vi /etc/nginx/conf.d/default.conf
```

```yaml
server {
#listen 80;
#listen [::]:80;

root /usr/share/nginx/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name qt.bore.vip; # 此处的示例域名为qbt.example.com

location / {
#try_files $uri $uri/ =404;

proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
http2_push_preload on;
}

location ~ /.well-known {
allow all;
}

listen 443 ssl; # managed by Certbot

# RSA certificate
ssl_certificate /etc/letsencrypt/live/qt.bore.vip/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qt.bore.vip/privkey.pem; # managed by Certbot


# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
```

测试配置是否有问题:

```
nginx -t
```

重启 Nginx 生效:

```
systemctl restart nginx
```

##### 自动续期

Let’s Encrypt 的证书有效期为 90 天,不过我们可以通过 crontab 定时运行命令更新证书。

先运行以下命令来测试证书的自动更新:

```
certbot renew --dry-run
```

如果一切正常,就可以编辑 crontab 定期运行以下命令:

```
crontab -e
```

```
30 2 * */2 * /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx
```

查看证书有效期的命令:

```
openssl x509 -noout -dates -in /etc/letsencrypt/live/example.com/cert.pem
```

## 附录

Expand Down Expand Up @@ -614,4 +954,5 @@ anon_root=/data/ftpdata
+ [5.如何在Debian 9上使用VSFTPD设置FTP服务器](https://www.myfreax.com/how-to-setup-ftp-server-with-vsftpd-on-debian-9/)
+ [6.Ubuntu安装Transmission并美化WEB UI实操教程](https://cloud.tencent.com/developer/article/1946063)
+ [7.Update: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/)
+ 8.[Debian 11安装qbittorrent-nox并设置Nginx反代](https://pa.ci/210.html)

0 comments on commit 4ec3f98

Please sign in to comment.