服务器环境配置记录（Ubuntu）#

📋 概述#

本文档记录了 Ubuntu 服务器环境的完整配置流程，包括系统初始化、软件安装、服务配置等步骤。

🌐 中文语言环境配置#

1
# 安装中文语言包
2
sudo apt install language-pack-zh-hans language-pack-zh-hans-base
3

4
# 设置系统语言环境
5
sudo update-locale LANG=zh_CN.UTF-8
6

7
# 永久生效配置
8
echo 'export LANG=zh_CN.UTF-8' >> ~/.bashrc

⚙️ 基础系统配置#

APT 软件包管理#

1
# 安装常用工具
2
sudo apt install neofetch net-tools p7zip-full
3

4
# 移除不必要的预装软件
5
sudo apt remove cloud-guest-utils landscape-common pollinate \
6
    ubuntu-pro-client tmux cloud-initramfs-copymods \
7
    cloud-initramfs-dyn-netconf lxd-agent-loader lxd-installer fwupd
8

9
# 系统更新
10
sudo apt update && sudo apt upgrade -y
11
sudo apt autoremove -y

🔐 自动登录配置#

NOTE
修改系统服务文件启用自动登录功能。

编辑 /usr/lib/systemd/system/getty@.service：

1
[Service]
2
ExecStart=-/sbin/agetty --autologin jhll1124 --noclear %I $TERM

🔑 SSH 密钥认证配置#

TIP
配置 SSH 公钥认证以提高安全性和便利性。

1
# 将公钥添加到授权密钥文件
2
mkdir -p ~/.ssh
3
chmod 700 ~/.ssh
4
echo "你的公钥内容" >> ~/.ssh/authorized_keys
5
chmod 600 ~/.ssh/authorized_keys
6

7
# 可选：禁用密码登录（仅密钥登录）
8
sudo nano /etc/ssh/sshd_config
9
# 修改：PasswordAuthentication no
10
sudo systemctl restart ssh

💾 存储配置#

硬盘自动挂载#

1
# 创建挂载点目录
2
sudo mkdir /mnt/***
3
sudo chmod 777 /mnt/*

编辑 /etc/fstab 添加挂载配置：

1
# 数据硬盘挂载
2
/dev/sda4   /mnt/jhll        ntfs-3g    defaults    0   0
3
/dev/sda3   /mnt/data        ntfs-3g    defaults    0   0
4
/dev/sda5   /mnt/ll          ntfs-3g    defaults    0   0
5
/dev/sda6   /mnt/jhll/ext4   ext4       defaults    0   0
6

7
# 内存盘配置（27GB临时存储）
8
tmpfs       /mnt/tmpfs       tmpfs      defaults,size=27G   0   0

🐚 Shell 环境配置#

Fish Shell 安装配置#

1
# 安装 Fish Shell
2
sudo apt install fish
3

4
# 设置 Fish 为默认 Shell
5
chsh -s /usr/bin/fish
6

7
# 安全配置
8
sudo passwd -d jhll1124

🚫 服务优化与禁用#

禁用不必要的系统服务#

1
sudo systemctl disable x11-common apache2 netplan-ovs-cleanup cryptdisks-early cryptdisks snapd.apparmor snapd.autoimport snapd.core-fixup snapd.failure snapd.recovery-chooser-trigger snapd.seeded snapd snapd.snap-repair snapd.system-shutdown
2
sudo systemctl disable snapd.socket

📊 日志系统优化#

WARNING
减少磁盘写入，延长 SSD 寿命。

1
# 禁用系统日志服务
2
sudo systemctl disable rsyslog systemd-journald
3

4
# 配置 Journald 不存储日志
5
sudo nano /etc/systemd/journald.conf
6
# 修改为：Storage=none
7

8
# 清理现有日志
9
sudo truncate -s 0 /var/log/*
10
sudo rm -rf /var/log/journal

📁 Server 目录准备#

1
# 创建服务目录结构
2
sudo cp -r /path2/server /server
3
sudo chown -R $(whoami):$(whoami) /server
4
sudo chmod -R 775 /server

🖼️ Python 图片服务 (RandPic)#

Systemd 服务配置#

创建 /etc/systemd/system/randpic.service：

1
[Unit]
2
Description=Random Image HTTP Service
3
After=network.target
4

5
[Service]
6
ExecStart=sudo /usr/bin/python3 /server/RandPic.py
7
Restart=always
8
RestartSec=2
9

10
[Install]
11
WantedBy=multi-user.target

启用服务：

1
sudo systemctl enable randpic
2
sudo systemctl start randpic

📝 博客服务 (Fuwari 框架)#

项目初始化#

1
cd /server
2
git clone https://github.com/CuteLeaf/Firefly.git
3
cd Firefly
4
pnpm install

使用指令#

下列指令均需要在项目根目录执行：

Command	Action
`pnpm install`	安装依赖
`pnpm dev`	在 `localhost:4321` 启动本地开发服务器
`pnpm build`	构建网站至 `./dist/`
`pnpm preview`	本地预览已构建的网站
`pnpm new-post <filename>`	创建新文章

📁 文件列表服务 (Oplist)#

安装配置#

1
# 解压安装
2
tar -zxvf openlist-linux-amd64.tar.gz
3
sudo mv openlist /usr/local/bin/alist
4

5
# 初始化服务
6
alist server

SSL 证书配置#

编辑 ~/data/config.json：

1
{
2
  "cert_file": "/server/cert/server.pem",
3
  "key_file": "/server/cert/server-key.pem"
4
}

Systemd 服务配置#

创建 /etc/systemd/system/alist.service：

1
[Unit]
2
Description=Alist File List Service
3
After=network.target
4

5
[Service]
6
Type=simple
7
ExecStart=/usr/bin/sudo alist server
8
WorkingDirectory=~
9
Restart=on-failure
10
User=jhll1124
11

12
[Install]
13
WantedBy=multi-user.target

启用服务：

1
sudo systemctl enable alist
2
sudo systemctl start alist

🌐 Caddy Web 服务器配置#

安装#

1
sudo apt install caddy
2
sudo systemctl enable caddy

或者使用官方稳定最新版本：

1
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
2
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
3
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
4
sudo apt update
5
sudo apt install caddy

站点配置#

Caddy 中文文档 | 原文

配置文件位置：/etc/caddy/Caddyfile，并确保其权限：

1
sudo chmod 777 /etc/caddy/Caddyfile

临时启动 caddy：

1
sudo caddy run --environ --config /etc/caddy/Caddyfile

如果要配置 ACME，将 tls 块修改为以下配置，通过 DNS 验证网站所有权，此处以 Cloudflare API 为例，请确保该 API 有更改 DNS 记录的权限：

1
    tls {
2
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
3
    }

注意，DNS 验证需要：

安装带 DNS 插件的 Caddy：

1
sudo caddy add-package github.com/caddy-dns/cloudflare

如果不能安装插件，则需要开放 80 端口，直接删除 tls 行，通过 HTTP 验证

CAUTION
以下为完整 Caddy 配置，仅供参考，请勿全部照搬，否则后果自负。

1
(errors) {
2
  handle_errors {
3
    root /server/error
4
    rewrite /{http.error.status_code}.html
5
    file_server
6
  }
7
}
8

9
cialo.site {
10
  tls /server/cert/cialo.site_bundle.crt /server/cert/cialo.site.key
11
  root /server/data
12
  import errors
13
    encode gzip
14
    handle /pic/* {
15
    reverse_proxy http://127.0.0.1:5737
16
  }
17
  handle /img/* {
18
    file_server browse
19
  }
20
  handle /html/* {
21
    file_server browse
22
  }
23
  handle /file/* {
24
    file_server browse
25
  }
26
  handle /* {
27
    error 403
28
  }
29
}
30

31
https://cialo.site:52011 {
32
  tls /server/cert/cialo.site_bundle.crt /server/cert/cialo.site.key
33
  import errors
34
  reverse_proxy https://127.0.0.1:5201 {
35
    transport http {
36
      tls_insecure_skip_verify
37
    }
38
  }
39
}
40

41
https://cialo.site:30721 {
42
  tls /server/cert/cialo.site_bundle.crt /server/cert/cialo.site.key
43
  import errors
44
  reverse_proxy http://172.17.0.1:80
45
}

🔄 动态 DNS 服务 (DDNS-GO)#

安装部署#

1
# 解压安装
2
tar -xvf ddns-go_6.8.0_linux_x86_64.tar.gz
3
sudo mv ddns-go /usr/local/bin/
4

5
# 安装为系统服务
6
sudo ddns-go -s install

🔒 网络安全配置#

V2Ray 代理服务#

1
sudo apt install v2ray
2
sudo cp /path2/config.json /etc/v2ray/config.json

mkcert SSL 证书信任#

复制证书到 /etc/ssl/certs 或 /usr/local/share/ca-certificates/ 并执行：

1
sudo update-ca-certificates --fresh

🛠️ 系统维护#

重建 grub-efi#

1
# 重新安装 GRUB EFI
2
sudo apt install grub-efi-amd64 grub-efi-amd64-signed grub-common grub2-common
3
sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ubuntu
4
sudo update-grub

📦 系统备份与恢复#

1
# 完整系统备份
2
sudo tar -cvpzf /path2/server-citlali.tar.gz -C /mount .
3

4
# 系统恢复
5
sudo tar -xvpzf /path2/server-citlali.tar.gz -C /mount

CAUTION
双系统环境下请确保关闭 Windows 快速启动功能，避免文件系统冲突。

⚠️ 暂不使用服务#

🌐 Nginx Web 服务器配置#

1
sudo apt install nginx
2
sudo systemctl enable nginx

配置文件位置：/etc/nginx/sites-available/default

CAUTION
以下为完整 Nginx 配置，仅供参考，请勿全部照搬，否则后果自负。
配置较长，可点击展开查看。

点击展开 Nginx 完整配置

1
server {
2
    charset utf-8;
3

4
    listen 443 ssl http2 default_server;
5
    listen [::]:443 ssl http2 default_server;
6

7
    ssl_certificate /server/cert/cialo.site_bundle.crt;
8
    ssl_certificate_key /server/cert/cialo.site.key;
9

10
    root /server/data;
11

12
    index index.html index.htm index.php;
13

14
    server_name _;
15

16
    error_page 403 /403.html;
17
    location = /403.html {
18
        root   /server/error;
19
    }
20
    error_page 404 /404.html;
21
    location = /404.html {
22
        root   /server/error;
23
    }
24

25
    location ~ \.php$ {
26
        fastcgi_pass   unix:/run/php/php8.3-fpm.sock;
27
        fastcgi_index  index.php;
28
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
29
        include        fastcgi_params;
30
    }
31

32
    location / {
33
        deny all;
34
    }
35

36
    location /img/ {
37
        autoindex on;
38
        autoindex_exact_size off;
39
        autoindex_localtime on;
40
    }
41

42
    location /html/ {
43
        autoindex on;
44
        autoindex_exact_size off;
45
        autoindex_localtime on;
46
    }
47

48
    location /file/ {
49
        autoindex on;
50
        autoindex_exact_size off;
51
        autoindex_localtime on;
52
    }
53
}
54

55
server {
56
    listen 52011 ssl http2;
57

58
    ssl_certificate /server/cert/cialo.site_bundle.crt;
59
    ssl_certificate_key /server/cert/cialo.site.key;
60

61
    proxy_buffering off;
62
    proxy_request_buffering off;
63

64
    client_max_body_size 0;
65

66
    proxy_connect_timeout 300s;
67
    proxy_send_timeout 365d;
68
    proxy_read_timeout 365d;
69
    send_timeout 365d;
70

71
    location / {
72
        proxy_pass https://127.0.0.1:5201;
73

74
        proxy_ssl_verify off;
75

76
        proxy_set_header Host $host;
77
        proxy_set_header X-Real-IP $remote_addr;
78
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
79
        proxy_set_header X-Forwarded-Proto $scheme;
80
    }
81
}
82

83
server {
84
    listen 30721 ssl http2;
85

86
    ssl_certificate /server/cert/cialo.site_bundle.crt;
87
    ssl_certificate_key /server/cert/cialo.site.key;
88

89
    proxy_buffering off;
90
    proxy_request_buffering off;
91

92
    location / {
93
        proxy_pass http://172.17.0.1;
94
        proxy_set_header Host $host;
95
        proxy_set_header X-Real-IP $remote_addr;
96
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
97
        proxy_set_header X-Forwarded-Proto $scheme;
98
    }
99
}

点击展开 Nginx 备用注释配置

综述层

1
# You should look at the following URL's in order to grasp a solid understanding
2
# of Nginx configuration files in order to fully unleash the power of Nginx.
3
# https://www.nginx.com/resources/wiki/start/
4
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
5
# https://wiki.debian.org/Nginx/DirectoryStructure
6
#
7
# In most cases, administrators will remove this file from sites-enabled/ and
8
# leave it as reference inside of sites-available where it will continue to be
9
# updated by the nginx packaging team.
10
#
11
# This file will automatically load configuration files provided by other
12
# applications, such as Drupal or Wordpress. These applications will be made
13
# available underneath a path with that package name, such as /drupal8.
14
#
15
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
16

17
# Virtual Host configuration for example.com
18
#
19
# You can move that to a different file under sites-available/ and symlink that
20
# to sites-enabled/ to enable it.
21
#
22
#server {
23
#  listen 80;
24
#  listen [::]:80;
25
#
26
#  server_name example.com;
27
#
28
#  root /var/www/example.com;
29
#  index index.html;
30
#
31
#  location / {
32
#    try_files $uri $uri/ =404;
33
#  }
34
#}

server 层

1
    # Note: You should disable gzip for SSL traffic.
2
    # See: https://bugs.debian.org/773332
3
    #
4
    # Read up on ssl_ciphers to ensure a secure configuration.
5
    # See: https://bugs.debian.org/765782
6
    #
7
    # Self signed certs generated by the ssl-cert package
8
    # Don't use them in a production server!
9
    #
10
    # include snippets/snakeoil.conf;
11

12
    location / {
13
        # First attempt to serve request as file, then
14
        # as directory, then fall back to displaying a 404.
15
        try_files $uri $uri/ =404;
16
    }
17

18
    # pass PHP scripts to FastCGI server
19
    #
20
    #location ~ \.php$ {
21
    #  include snippets/fastcgi-php.conf;
22
    #
23
    #  # With php-fpm (or other unix sockets):
24
    #  fastcgi_pass unix:/run/php/php7.4-fpm.sock;
25
    #  # With php-cgi (or other tcp sockets):
26
    #  fastcgi_pass 127.0.0.1:9000;
27
    #}
28

29
    # deny access to .htaccess files, if Apache's document root
30
    # concurs with nginx's one
31
    #
32
    #location ~ /\.ht {
33
    #  deny all;
34
    #}

📁 SMB 文件共享服务#

WARNING
当前暂不使用 SMB 服务，使用 Windows 自带 SMB 功能

1
# 安装 Samba 服务
2
sudo apt install samba
3

4
# 创建专用用户
5
sudo useradd smbuser
6
sudo passwd smbuser
7
sudo systemctl enable smbd

SMB 配置文件 /etc/samba/smb.conf 内容：

1
[global]
2
   min protocol = SMB2
3
   max protocol = SMB3
4

5
[server]
6
   path = /mnt
7
   read only = no
8
   browsable = yes
9
   guest ok = yes
10
   force user = smbuser

🤖 QQ 机器人服务 (QBot/NapCat)#

WARNING
当前暂不使用 QQ 机器人功能

1
# 切换到临时文件系统
2
cd /mnt/tmpfs
3

4
# 复制安装包并安装
5
sudo cp QQ.deb .
6
sudo bash NapCat-Installer.sh
7

8
# 设置权限
9
sudo chmod -R 775 /opt

NOTE
WebUI 配置说明
添加 WebSocket 客户端: ws://localhost:2536/OneBotv11

🐘 PHP 环境支持#

WARNING
当前暂不使用 PHP 支持

1
# 添加 PHP PPA 仓库
2
sudo add-apt-repository ppa:ondrej/php
3
# 按回车确认
4

5
# 安装 PHP 和 FPM
6
sudo apt install php php-fpm
7

8
# 配置 PHP
9
sudo cp /path2/php.ini /etc/php/8.3/cli/php.ini
10
sudo cp /path2/php.ini /etc/php/8.3/fpm/php.ini
11

12
# PHP-FPM 会自动注册为系统服务
13
systemctl status php8.3-fpm

📊 服务状态检查#

配置完成后，使用以下命令验证服务状态：

1
systemctl status randpic fuwari alist nginx ddns-go

所有服务应显示为 active (running) 状态。

Lovely firefly!

Amidst Silenced Stars, I Deep Sleep

服务器配置（Ubuntu）

服务器环境配置记录（Ubuntu）#

📋 概述#

🌐 中文语言环境配置#

⚙️ 基础系统配置#

APT 软件包管理#

🔐 自动登录配置#

🔑 SSH 密钥认证配置#

💾 存储配置#

硬盘自动挂载#

🐚 Shell 环境配置#

Fish Shell 安装配置#

🚫 服务优化与禁用#

禁用不必要的系统服务#

📊 日志系统优化#

📁 Server 目录准备#

🖼️ Python 图片服务 (RandPic)#

Systemd 服务配置#

📝 博客服务 (Fuwari 框架)#

项目初始化#

使用指令#

📁 文件列表服务 (Oplist)#

安装配置#

SSL 证书配置#

Systemd 服务配置#

🌐 Caddy Web 服务器配置#

安装#

站点配置#

🔄 动态 DNS 服务 (DDNS-GO)#

安装部署#

🔒 网络安全配置#

V2Ray 代理服务#

mkcert SSL 证书信任#

🛠️ 系统维护#

重建 grub-efi#

📦 系统备份与恢复#

⚠️ 暂不使用服务#

🌐 Nginx Web 服务器配置#

📁 SMB 文件共享服务#

🤖 QQ 机器人服务 (QBot/NapCat)#

🐘 PHP 环境支持#

📊 服务状态检查#

分享

目录