第一步 添加SWAP
- wget -O box.sh https://raw.githubusercontent.com/BlueSkyXN/SKY-BOX/main/box.sh && chmod +x box.sh && clear && sudo ./box.sh
- 大小输入4096,设置4G大小的swap空间
第二步 安装docker
- sudo apt update
- sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- sudo apt update
- sudo apt install docker-ce
- sudo systemctl status docker
- sudo curl -L "https://github.com/docker/compose/releases/download/v2.6.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
- sudo chmod +x /usr/local/bin/docker-compose
- docker-compose --version
第三步 docker安装NPM面板
- mkdir ngpm && cd ngpm
- nano docker-compose.yml
- sudo docker-compose up -d
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- 控制台防火墙开放81端口
- 登录到 http://ip:81
- Email: [email protected]
- Password: changeme
- sudo ip addr show docker0
- 反代 Nginx Proxy Manager
- 示例:https://npm2.j11.fun/
- 控制台防火墙开关闭81端口
第四步 启用rc.local
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
- sudo nano /etc/systemd/system/rc-local.service
- sudo nano /etc/rc.local
- sudo chmod +x /etc/rc.local
- sudo systemctl enable rc-local
- sudo systemctl start rc-local.service
- sudo systemctl status rc-local.service
- cat /tmp/added_script.log
#!/bin/sh -e
## rc.local
#start script
#end script
echo "added sucessfully!" > /tmp/added_script.log
exit 0
第五步 关闭阿里云盾
- 按此操作关闭云盾 https://help.aliyun.com/document_detail/31777.html
- wget http://update.aegis.aliyun.com/download/uninstall.sh && chmod +x uninstall.sh &&./uninstall.sh
- wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh && chmod +x quartz_uninstall.sh && ./quartz_uninstall.sh
- sudo rm -r /usr/local/aegis
- sudo systemctl disable aliyun.service
- sudo rm /usr/sbin/aliyun-service
- sudo rm /usr/sbin/aliyun-service.backup
- sudo rm /usr/sbin/aliyun_installer
- sudo rm /etc/systemd/system/aliyun.service
- sudo rm /lib/systemd/system/aliyun.service
- rm uninstall.sh quartz_uninstall.sh
- ARCH=amd64
- /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} uninstall
- /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} stop
- /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} stop
- /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} uninstall
- rm -rf /usr/local/cloudmonitor
- pkill aliyun-service
- rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
- rm -rf /usr/local/aegis*
- ps -aux | grep -E 'aliyun|AliYunDun'
第六步 屏蔽阿里云盾IP
#!/bin/bash
/usr/sbin/iptables -F
/usr/sbin/ip6tables -F
/usr/sbin/iptables -I INPUT -s 140.205.201.0/28 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.201.16/29 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.201.32/28 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.192/29 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.200/30 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.184/29 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.183/32 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.206/32 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.205/32 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.195/32 -j DROP
/usr/sbin/iptables -I INPUT -s 140.205.225.204/32 -j DROP
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/usr/sbin/ip6tables -A INPUT -i lo -j ACCEPT
/usr/sbin/ip6tables -A OUTPUT -o lo -j ACCEPT
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp ! --dport 22 -j DROP
/usr/sbin/ip6tables -A INPUT -p tcp ! --dport 22 -j DROP
/usr/sbin/iptables -I INPUT -s 172.16.0.0/12 -j ACCEPT
/usr/sbin/iptables -I OUTPUT -s 172.16.0.0/12 -j ACCEPT
/usr/sbin/iptables -I INPUT -p tcp -m multiport --dports 80,443,8024 -j ACCEPT
/usr/sbin/iptables -I INPUT -p udp --dport 6000:6002 -j ACCEPT
/usr/sbin/iptables -I INPUT -p tcp --dport 21000:22000 -j ACCEPT
- nano noyd.sh && chmod +x noyd.sh
- 将 noyd.sh 添加到第四步的rc.local里执行
- reboot
- iptables -L
- ps -aux | grep -E 'aliyun|AliYunDun'
Comments NOTHING