记一些 vps 相关

腾讯云,centos7

git

装个 git 新版(2.16)

yum install https://centos7.iuscommunity.org/ius-release.rpm
yum install git

Caddy

Caddyfile

http://www.ddatsh.com, http://ddatsh.com, https://www.ddatsh.com {
    tls /etc/ssl/caddy/fullchain.cer /etc/ssl/caddy/*.ddatsh.com.key
    redir https://ddatsh.com{uri}
}

https://ddatsh.com {
    minify 
    gzip
    header / -Server
    tls /etc/ssl/caddy/fullchain.cer /etc/ssl/caddy/*.ddatsh.com.key
    root /data/www/ddatsh.com/public
    git {
        repo git@gitee.com:/xx/ddatsh.com
        key /data/www/.ssh/id_rsa
        path /data/www/ddatsh.com
        then hugo --destination=/data/www/ddatsh.com/public
        hook /webhook xx
        hook_type generic
        clone_args --recursive
        pull_args --recurse-submodules
    }
    hugo
}

https://ddatsh.com/admin {
    tls /etc/ssl/caddy/fullchain.cer /etc/ssl/caddy/*.ddatsh.com.key
    redir https://ddatsh.com
}

http://present.ddatsh.com, https://present.ddatsh.com {
    redir 301 {
        if {>X-Forwarded-Proto} is http
        /  https://{host}{uri}
    }
    gzip
    minify
    header / -Server
    tls /etc/ssl/caddy/fullchain.cer /etc/ssl/caddy/*.ddatsh.com.key
    root /data/www/present
    git {
        repo git@gitee.com:/xx/present
        key /data/www/.ssh/id_rsa
        hook /webhook xx
        hook_type generic
        clone_args --recursive
        pull_args --recurse-submodules
    }
    proxy / http://127.0.0.1:3999

    proxy /socket 127.0.0.1:3999 {
        header_upstream Origin http://127.0.0.1:3999
        header_upstream Host 127.0.0.1:3999
        websocket
    }
}

http://lic.ddatsh.com, https://lic.ddatsh.com {
    redir 301 {
                if {>X-Forwarded-Proto} is http
               /  https://{host}{uri}
    }
    header / -Server
    tls /etc/ssl/caddy/fullchain.cer /etc/ssl/caddy/*.ddatsh.com.key
    proxy / 127.0.0.1:8001
}

http://git.ddatsh.com, https://git.ddatsh.com {
    redir 301 {
        if {>X-Forwarded-Proto} is http
        /  https://{host}{uri}
    }
    gzip
    header / -Server
            tls /etc/ssl/caddy/fullchain.cer /etc/ssl/caddy/*.ddatsh.com.key
    proxy / http://127.0.0.1:3000 {
        except /css /fonts /js /img /assets /plugins
    }
    root /data/www/gogs/public
}

gogs

到mysql 查看最新是 el7-多少.rpm

wget http://repo.mysql.com/mysql57-community-release-el7-11.noarch.rpm
rpm -ivh mysql57-community-release-el7-11.noarch.rpm

disable ius,不然报和mariadb 冲突

yum --disablerepo=ius --enablerepo=epel install  mysql mysql-community-server

通过ssh,本地连VPS MYSQL,不需要vps暴露3306

ssh  -p 22222 -v  -f root@x.ddatsh.com -L 3307:127.0.0.1:3306 -N
groupadd git
adduser git -g git

fail2ban

/etc/fail2ban/jail.local

[DEFAULT]
# 以空格分隔的列表,可以是 IP 地址、CIDR 前缀或者 DNS 主机名
# 用于指定哪些地址可以忽略 fail2ban 防御
#ignoreip = 127.0.0.1 172.31.0.0/24 10.10.0.0/24 192.168.0.0/24

# 客户端主机被禁止的时长(秒)
bantime = 86400

# 客户端主机被禁止前允许失败的次数
maxretry = 1

# 查找失败次数的时长(秒)
findtime = 600

mta = sendmail

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=22222, protocol=tcp]
sendmail-whois[name=SSH, dest=your@email.com, sender=fail2ban@email.com]
# Debian 系的发行版
logpath = /var/log/auth.log
# Red Hat 系的发行版
logpath = /var/log/secure
# ssh 服务的最大尝试次数
maxretry = 1

fil2ban-client status ssh-iptables
fail2ban-client set ssh-iptables unbanip ipXX