1. ssh

1.1 安装open ssh

apt install openssh-server
/etc/init.d/ssh restart
vim /etc/ssh/sshd_config    # 根据需要修改

1.2 生成密钥

ssh-keygen生成公钥、私钥, 公钥放在服务器改名为authorizedkeys, 私钥放在客户端

1.3 修改密钥权限

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

2. nginx & let’s encrypt

2.1 Ref

https://www.nginx.com/resources/wiki/
https://github.com/certbot/certbot

2.2 安装nginx

add-apt-repository -y ppa:nginx/stable
apt update
apt install nginx

2.3 查看nginx安装的模块

nginx -V
ls /usr/lib/nginx/modules   # 可选方式

2.4 配置/etc/nginx/nginx.conf

查看bitbucket仓库

2.5 配置nginx server

删除/etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
添加/etc/nginx/sites-available/yourdomain, 查看bitbucket仓库

2.6 建立软链接

ln -s /etc/nginx/sites-available/yourdomain /etc/nginx/sites-enabled/yourdomain

2.7 启动nginx

service nginx startnginx -s start

2.8 签发证书

apt install software-properties-common
add-apt-repository ppa:certbot/certbot
apt update
apt install python-certbot-nginx
certbot --nginx certonly  # if error, next
certbot --authenticator standalone --installer nginx -d example.com --pre-hook "service nginx stop" --post-hook "ser vice nginx start"

2.9 配置证书到站点

/etc/nginx/sites-available/yourdomain

listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/yourdomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain/privkey.pem;

2.10 自动更新证书

crontabcertbot renew. 由于Cloudflare有HTTP Proxy, 域名对应IP非原始IP, 故无法自动更新, 需要先取消代理, 再更新

2.11 撤销删除证书

certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem
certbot delete --cert-name example.com

3. 配置mail

3.1 设置DNS记录

3.2 安装Postfix

apt update
apt install postfix

安装时选择Internet Site, 之后System mail name填写yourdomain

3.3 查看Postfix配置

postconf可以查看所有配置, 如postconf mail_version查看版本, postconf mail_spool_directory查看邮件保存位置

3.4 修改AWS Security Groups

Edit inbound rules添加SMTP TCP 25端口

3.5 测试

echo "Test mail" | sendmail [email protected]

3.6 用Nginx代理邮件

https://www.nginx.com/resources/admin-guide/mail-proxy/
https://www.nginx.com/resources/wiki/start/topics/examples/imapauthenticatewithapachephpscript/

4. jupyter

Official

4.1 Install

pip3 install jupyter

4.2 Change config

jupyter notebook --generate-config    # This will generate a file ~/.jupyter/jupyter_notebook_config.py
vim ~/.jupyter/jupyter_notebook_config.py

generate passwd:

ipython
from notebook.auth import passwd
passwd()

Create dir: mkdir Jupyter
Change ip, port, password and so on:

c.NotebookApp.ip = '127.0.0.1'
c.NotebookApp.port = '10010'
c.NotebookApp.password = 'yourpasswd'
c.NotebookApp.notebook_dir = '/home/username/Jupyter'   # If use relative path, just Jupyter

4.3 Run

jupyter notebook

4.4 Nginx 反向代理

上述运行之后的jupyter只能在本地浏览器打开, 因为ip配置的是127.0.0.1而不是0.0.0.0, 端口号10010也没有在aws安全组策略中开启
有意这样做的原因是想利用Nginx反代指向jupyter, 这样可以使用80端口.
其中需要注意的一点是在配置文件里添加:

c.NotebookApp.allow_origin = 'http://yourdomain'
c.NotebookApp.allow_remote_access = True
c.NotebookApp.trust_xheaders = True

之后 jupyter notebook &> /dev/null & 后台运行jupyter
Nginx反向代理配置可以从Bitbucket仓库获得, 注意代理中添加的 WebSocket support 相关配置

4.5 Install kernels

Please Refer to https://github.com/jupyter/jupyter/wiki/Jupyter-kernels
for example:

pip3 install octave_kernel
python -m octave_kernel.install

5. VPN

5.1 Install

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \
VPN_IPSEC_PSK='your_ipsec_pre_shared_key' \
VPN_USER='your_vpn_username' \
VPN_PASSWORD='your_vpn_password' sh vpnsetup.sh

Can also edit pre shared key, username, password in vpnsetup.sh
Then edit inbound rule, add 500,4500 port.

5.2 Clients

Ubuntu: https://github.com/nm-l2tp/network-manager-l2tp

git clone https://github.com/nm-l2tp/network-manager-l2tp.git
cd network-manager-l2tp
apt install autoconf autogen intltool
apt install libglib2.0-dev
apt install ppp-dev
./autogen.sh
./configure \
  --disable-static --prefix=/usr \
  --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu \
  --libexecdir=/usr/lib/NetworkManager \
  --localstatedir=/var \
  --with-pppd-plugin-dir=/usr/lib/pppd/2.4.7
make

5.3 Uninstall

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/uninstall.md

6. 配置Docker

6.1 Docker Hub

Create a repo in docker hub

6.2 Source file

Create a repo in bitbucket

6.3 Webhook

Add webhook to docker hub repo.

6.4 Pull & Run

docker pull username/repo
docker run -p 80:80 -p 443:443 -dit username/repo

6.5 Other command

docker ps
docker ps -a
docker images -a
docker attach $ID
docker stop $ID

7. MOTD

7.1 Install fortune and cowsay

apt install fortune
apt install fortunes
apt install cowsay

7.2 Change motd

vim /etc/update-motd.d/999-fortune
Add:

#!bin/sh
/usr/games/fortune | /usr/games/cowsay

Then: chmod 755 /etc/update-motd.d/999-fortune
To test: run-parts /etc/update-motd.d

8. Shadowsocks

8.1 Install

apt install python-pip
pip install shadowsocks

8.2 Run

sudo ssserver -c shadowsocks.conf -d start