[前言]
租用VPS跟本地端上所使用的機器一定會有些不一樣的地方。
像是少很多套件,需要自己安裝,有些設定不會有,要自己手動在設定等。
本文是在紀錄所有VPS上剛安裝好一個新的Ubuntu 之後,所要處理的問題。
整理在這裡方便日後碰到問題以便查詢。
同時本文章會不定期的更新,因為碰到的問題,只會多,不會減少。
下列是初始化的腳本,腳本使用方法如下:
1 2 3 | chmod 700 initial_ubuntu.sh./initial_ubuntu.sh your_user_name |
[腳本內容]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Firstly, we have to login the root user via ssh. | |
| # install some required package | |
| # set locales (zh_TW.UTF-8 or en_US.UTF-8) | |
| # some VPS hosting provider has not installed the sudo package. | |
| # You should run this command: "apt-get install sudo" by root manually. | |
| sudo locale-gen "en_US.UTF-8" | |
| sudo dpkg-reconfigure locales | |
| sudo echo 'LC_ALL="en_US.UTF-8"' > /etc/default/locale | |
| export USERNAME=$1 | |
| if [ "$USERNAME" = "" ] | |
| then | |
| echo 'please add the user name!' | |
| exit 1; | |
| fi | |
| apt-get update | |
| apt-get install sudo | |
| echo 'Upgrading the package...It will be let user type the yes | no' | |
| echo 'We have to notice that this upgrade package will be installed the Apache2 HTTP server...' | |
| # skip the kernel update (OpenVZ is not allowed updating the Kernel.) | |
| sudo apt-mark hold linux-image-generic linux-headers-generic | |
| sudo apt-get upgrade | |
| sudo apt-get install -y curl wget vim ufw | |
| sudo useradd -m $USERNAME | |
| sudo usermod -s /bin/bash $USERNAME | |
| sudo adduser $USERNAME sudo | |
| echo 'Please set password for the $USERNAME ...' | |
| sudo passwd $USERNAME | |
| sudo ufw enable | |
| sudo ufw default deny | |
| sudo ufw allow in ssh | |
| sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config | |
| sudo echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config | |
| sudo service ssh restart | |
| echo 'done. You should reboot now' | |
| # edit profile and bashrc | |
| #if [ -n "$BASH_VERSION" ]; then | |
| # include .bashrc if it exists | |
| # if [ -f "$HOME/.bashrc" ]; then | |
| # . "$HOME/.bashrc" | |
| # fi | |
| # fi | |
| # set current timezone | |
| sudo dpkg-reconfigure tzdata | |
| # create the .bashrc in home directory. | |
| # Please refer this link:https://gist.github.com/mvanderw/dfe5984b1e57a17cad87 to view the default .bashrc file | |
| # Prevent the Burte force attatck with the fail2ban | |
| # See more details are about this link: https://www.linode.com/docs/security/using-fail2ban-for-security | |
| sudo apt-get install fail2ban | |
| sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local | |
| sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| # vim /etc/fail2ban/jail.local and edit the following settings. | |
| # "bantime" is the number of seconds that a host is banned. | |
| #bantime = 600 | |
| # A host is banned if it has generated "maxretry" during the last "findtime" | |
| # seconds. | |
| #findtime = 600 | |
| #maxretry = 3 | |
| # start the fail2ban client | |
| fail2ban-client start | |
| # check the fail2ban client status | |
| fail2ban-client status | |
| exit 0; |
by [腳本說明]
分成幾個部份:
- 調整locale語系與編碼
- 調整時區(timezone: Asia/Taipei)
- 調整防火牆
- 新增一個使用者,並自行設定密碼
- 調整ssh 設定,禁止root 使用者登入。延長ssh 連線時間
- 安裝所需要的套件,更新所需要的套件
- 自行新增.bashrc 與 .bash_profile 至使用者家目錄下(參考49~55行,60~61行)
因為hosting provider 為了能夠快速的把作業系統安裝好,通常所使用的鏡像基本上都是最小化的安裝。
因此多少都會遺漏部份的套件,因此這部份需要自己安裝,另外,因為國際的關係,所以語系通常都是使用en_US.utf-8 作為locale。因此在腳本特別針對這一部份,進行語系的修正。在server 上面的中文網頁不會有問題的窘境。
[參考資料]