I recently made the configuration of the applet server. This article is a record of the server configuration, which is convenient for future installation and configuration.
Buy server
The reason for choosing Tencent Cloud is very simple, that is, it is cheap, 选用成都区
and the minimum configuration is only 29 yuan per month.
In Tencent cloud registration visit the official website you can buy the server.
The server system I chose is ubuntu.
server configuration
Use the new user after starting the service (this step is not necessary).
New user
First confirm that the root user is used to log in. If not, use the following command to switch
sudo su
Use adduser
command to create user
adduser username # username替换为你自己的用户名
The next steps will let you enter your password and personal information, just set it yourself.
Use usermod
command to add new users to the sudo
group.
usermod -aG sudo username
Close ssh password login use key to login
Install openssh
Because it is a new system, first run apt-get update
sudo apt-get update
sudo apt-get install openssh-server
Start ssh service
You can temporarily switch to root authority through the sudo su command (not all accounts can be switched to root authority, only users who meet the rules in the / etc / sudoers file can switch to root identity)
sudo su
/etc/init.d/ssh start
Login with key
- The server generates a key pair:
cd /home/gs # 打开新建的用户目录
mkdir .ssh
cd .ssh
ssh-keygen -b 2048 -t rsa
The basic usage of ssh-keygen:
After -b is to specify the length of the encrypted string. After
-t is to specify the encryption algorithm. Common encryption algorithms are rsa, dsa, etc
The files generated by default are as follows:
id_rsa.pub # 公钥文件
id_rsa # 私钥文件
- New authorized_keys file
Copy the contents of the id_rsa.pub file of the local machine to the authorized_keys file
- Test if you can log in using the public key
ssh name@host # name 是机器的用户名 host 是机器的地址
Close ssh password login
After confirming that you can log in with the private key, close the ssh password to log in.
sudo su
vim /etc/ssh/sshd_config
Change PasswordAuthentication yes to PasswordAuthentication no
Restart the system
sudo su
reboot
Build a development environment
Install zsh
Enter the following command in the terminal to install:
sudo apt-get install zsh
Enter the following command to replace zsh with your default shell:
chsh -s /bin/zsh
Restart the terminal and use zsh
Install oh-my-zsh
- Install via curl
curl -L https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh | sh
- Install via wget
wget https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O - | sh
Install pip
sudo apt-get install python-pip # 安装 pip
pip install --upgrade pip
sudo apt-get install python3-pip # 安装 pip3
pip3 install --upgrade pip
Install virtualenv
Because I use python3 as the development environment, so use here pip3
sudo pip3 install virtualenv
sudo pip3 install virtualenvwrapper
Add the following in .zshrc
export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3
export WORKON_HOME=$HOME/.virtualenvs
source /usr/local/bin/virtualenvwrapper.sh
Then execute the command:
source .zshrc
You can now enter workon
test whether virtualenvwrapper has been successfully installed.
Create a virtual environment
mkvirtualenv py3 -p python3 # -p 参数指定 python 版本
Test the virtual environment
workon py3
Install ipython
First enter the py3 virtual environment
workon py3
Install ipython using pip
pip install ipython # 安装 ipython
Configure vim
Python vim configuration uses py-vim
Need to install ctags and cmake
sudo apt-get install ctags
sudo apt-get install cmake
Then clone py-vim to the server
git clone https://github.com/gusibi/py-vim
cd py-vim
sh setup.sh
Configure https with Caddy
Caddy is a new web server, written by go, which uses the https protocol by default. caddy is simple to configure and easy to use.
Install caddy binaries
The Caddy project provides an installation script that can retrieve and install the binary files of the Caddy server. You can execute the following command to install directly:
curl -s https://getcaddy.com | bash
During the installation process, the script will use sudo to gain administrative privileges to place Caddy files in a system-wide directory, so you may be prompted to enter a password.
Configure caddy necessary directories
Caddy's automatic TLS support and unit files require specific directories and file permissions. We will create them in this step.
First, create a directory that will hold the main configuration file Caddyfile.
# 创建一个目录,该目录将容纳主要的配置文件Caddyfile
sudo mkdir /etc/caddy
# 将此目录的所有者更改为root用户及其组到www-data ,以便Caddy可以读取它
sudo chown -R root:www-data /etc/caddy
# 创建一个空的Caddyfile
sudo touch /etc/caddy/Caddyfile
# 在/etc/ssl创建另一个目录用来存储自动获得的SSL私钥和证书
sudo mkdir /etc/ssl/caddy
# 将此目录的所有者更改为root用户及其组到www-data
sudo chown -R www-data:root /etc/ssl/caddy
# 确保没有人可以通过删除其他人的所有访问权限来读取这些文件。
sudo chmod 0770 /etc/ssl/caddy
# 创建的最终目录是网站的发布目录
sudo mkdir /var/www
# 该目录应由www-data完全拥有。
sudo chown www-data:www-data /var/www
# 创建日志目录
sudo mkdir /var/log/caddy
# 将此目录的所有者更改为root用户及其组到www-data
sudo chown -R www-data:root /var/log/caddy
Configure caddy as a system service
Download the file from the official Caddy repository. The additional -o parameter of the curl command will save the file in the / etc / systemd / system / directory and make it visible to systemd.
sudo curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service
reload system service
sudo systemctl daemon-reload
Set caddy to boot
sudo systemctl enable caddy.service
Check if the caddy service is officially loaded
sudo systemctl status caddy.service
Allow HTTP and HTTPS connections
Caddy uses HTTP and HTTPS protocols to provide websites, so we need to allow access to the corresponding ports so that the network can be obtained from the network
sudo ufw allow http
sudo ufw allow https
Now modify the caddy configuration / etc / caddy / Caddyfile
https://your.domain { # 启用 https
gzip
log /var/log/caddy/access.log # 指定日志目录
proxy / http://127.0.0.1:8888 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
Save the file and start caddy
sudo systemctl start caddy # 启动 caddy
sudo systemctl restart caddy # 重启 caddy
sudo systemctl stop caddy # 关闭 caddy
Now start the service, access https://your.domain
should be able to see the data.
Log files in /var/log/caddy/
the directory.
to sum up
The development of small programs requires https, and here we use caddy as the web server. After the server is configured, it can be directly stored as a mirror, and the service can be started directly from the mirror in the future, so there is no need to configure the environment.
Reference link
- How To Create a Sudo User on Ubuntu
- zsh installation and configuration
- virtualenvwrapper
- py-vim
- Install MongoDB Community Edition on Ubuntu
- Use Caddy instead of Nginx, upgrade the entire site https, configuration is simpler
- how-to-host-a-website-with-caddy-on-ubuntu-16-04
Finally, thank you girlfriend for your support.
Welcome to follow (April_Louisa) | Invite me to drink Fanta |
---|---|