基础优化
# 更新系统
apt-get -y full-upgrade# 关闭swap
swapoff -a
sed -i 's/^\/swap/#\/swap/' /etc/fstab# 安装工具
apt-get install -y curl git lrzsz net-tools screen vim wget unzip zip# 关闭vim默认的visual模式
sed -i 's/ set mouse.*/ set mouse=/g' /usr/share/vim/vim8*/defaults.vim密钥登录
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N '' -q
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
vi /etc/ssh/sshd_config
#Port 22222
#PermitRootLogin yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#PasswordAuthentication no
#PermitEmptyPasswords no
#RSAAuthentication yes
systemctl restart sshd开启 Google BBR
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -psysctl net.ipv4.tcp_available_congestion_control
#net.ipv4.tcp_available_congestion_control = bbr cubic renolsmod | grep bbr
#tcp_bbr 20480 1安装 Docker-CE
apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update -y
apt-get install -y docker-ce
systemctl enable docker
配置
docker pull teddysun/shadowsocks-libev
mkdir -p /etc/shadowsocks-libev
cat > /etc/shadowsocks-libev/config.json <<EOF
{
"server":"0.0.0.0",
"server_port":9000,
"password":"password0",
"timeout":300,
"method":"aes-256-gcm",
"fast_open":true,
"nameserver":"8.8.8.8",
"mode":"tcp_and_udp"
}
EOF
#host
docker run -d --name ss-libev --network host --restart=always -v /etc/shadowsocks-libev:/etc/shadowsocks-libev teddysun/shadowsocks-libev
#bridge
docker run -d -p 9000:9000 -p 9000:9000/udp --name ss-libev --restart=always -v /etc/shadowsocks-libev:/etc/shadowsocks-libev teddysun/shadowsocks-libevdocker pull teddysun/shadowsocks-r
mkdir -p /etc/shadowsocks-r
cat > /etc/shadowsocks-r/config.json <<EOF
{
"server":"0.0.0.0",
"server_ipv6":"::",
"server_port":9000,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"password0",
"timeout":120,
"method":"aes-256-cfb",
"protocol":"origin",
"protocol_param":"",
"obfs":"plain",
"obfs_param":"",
"redirect":"",
"dns_ipv6":false,
"fast_open":true,
"workers":1
}
EOF
#host
docker run -d --name ssr --network host --restart=always -v /etc/shadowsocks-r:/etc/shadowsocks-r teddysun/shadowsocks-r
#bridge
docker run -d -p 9000:9000 -p 9000:9000/udp --name ssr --restart=always -v /etc/shadowsocks-r:/etc/shadowsocks-r teddysun/shadowsocks-r完全禁用 IPv6
# vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
update-grubDocker重启策略
no 不要自动重启容器。(默认)
on-failure 如果容器由于错误而退出,则重新启动容器,该错误表现为非零退出代码。
always 如果容器停止,请务必重启容器。如果手动停止,则仅在Docker守护程序重新启动或手动重新启动容器本身时才重新启动。(参见重启政策详情中列出的第二个项目)
unless-stopped 类似于always,除了当容器停止(手动或其他方式)时,即使在Docker守护程序重新启动后也不会重新启动容器。
# 如果run时没有添加restart 可以通过update命令追加
docker update --restart=always webfrom:独酌无相亲
发表回复