服务器配置指南
详细的 VPS 和云服务器配置教程,从基础设置到高级优化。
🚀 快速开始
系统初始化
1. 更新系统
# Ubuntu/Debian
sudo apt update && sudo apt upgrade -y
# CentOS/RHEL
sudo yum update -y
# Rocky Linux/AlmaLinux
sudo dnf update -y
2. 设置时区
# 查看当前时区
timedatectl
# 设置为中国时区
sudo timedatectl set-timezone Asia/Shanghai
# 或者使用传统方法
sudo ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
3. 配置主机名
# 设置主机名
sudo hostnamectl set-hostname your-hostname
# 编辑 hosts 文件
sudo nano /etc/hosts
# 添加: 127.0.0.1 your-hostname
🔒 安全配置
SSH 安全设置
1. 创建新用户
# 创建新用户
sudo adduser newuser
# 添加到 sudo 组
sudo usermod -aG sudo newuser
# 切换到新用户
su - newuser
2. 配置 SSH 密钥
# 在本地生成密钥对
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# 上传公钥到服务器
ssh-copy-id newuser@server_ip
# 或手动添加
mkdir -p ~/.ssh
echo "your_public_key" >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
3. 修改 SSH 配置
sudo nano /etc/ssh/sshd_config
推荐配置:
# 修改默认端口
Port 2222
# 禁用 root 登录
PermitRootLogin no
# 禁用密码登录
PasswordAuthentication no
# 只允许密钥登录
PubkeyAuthentication yes
# 限制登录用户
AllowUsers newuser
# 设置连接超时
ClientAliveInterval 300
ClientAliveCountMax 2
重启 SSH 服务:
sudo systemctl restart ssh
防火墙配置
UFW (Ubuntu/Debian)
# 启用防火墙
sudo ufw enable
# 允许 SSH (自定义端口)
sudo ufw allow 2222/tcp
# 允许 HTTP/HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# 查看状态
sudo ufw status
Firewalld (CentOS/RHEL)
# 启动防火墙
sudo systemctl start firewalld
sudo systemctl enable firewalld
# 添加服务
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
# 添加自定义端口
sudo firewall-cmd --permanent --add-port=2222/tcp
# 重载配置
sudo firewall-cmd --reload
Fail2Ban 防护
# 安装 Fail2Ban
sudo apt install fail2ban # Ubuntu/Debian
sudo yum install fail2ban # CentOS
# 创建配置文件
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# 编辑配置
sudo nano /etc/fail2ban/jail.local
基本配置:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3
[sshd]
enabled = true
port = 2222
logpath = /var/log/auth.log
启动服务:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
🌐 Web 服务器配置
Nginx 安装配置
1. 安装 Nginx
# Ubuntu/Debian
sudo apt install nginx
# CentOS/RHEL
sudo yum install nginx
# 启动服务
sudo systemctl start nginx
sudo systemctl enable nginx
2. 基本配置
# 编辑主配置文件
sudo nano /etc/nginx/nginx.conf
优化配置:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript;
# 安全头部
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
3. 站点配置
# 创建站点配置
sudo nano /etc/nginx/sites-available/example.com
基本站点配置:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/html;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
启用站点:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Apache 安装配置
1. 安装 Apache
# Ubuntu/Debian
sudo apt install apache2
# CentOS/RHEL
sudo yum install httpd
# 启动服务
sudo systemctl start apache2 # Ubuntu
sudo systemctl start httpd # CentOS
sudo systemctl enable apache2 # Ubuntu
sudo systemctl enable httpd # CentOS
2. 基本配置
# Ubuntu
sudo nano /etc/apache2/apache2.conf
# CentOS
sudo nano /etc/httpd/conf/httpd.conf
3. 虚拟主机配置
# Ubuntu
sudo nano /etc/apache2/sites-available/example.com.conf
# CentOS
sudo nano /etc/httpd/conf.d/example.com.conf
配置示例:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
启用站点:
# Ubuntu
sudo a2ensite example.com.conf
sudo systemctl reload apache2
# CentOS
sudo systemctl reload httpd
🗄️ 数据库配置
MySQL/MariaDB
1. 安装
# Ubuntu/Debian
sudo apt install mysql-server
# CentOS/RHEL
sudo yum install mariadb-server mariadb
# 启动服务
sudo systemctl start mysql # Ubuntu
sudo systemctl start mariadb # CentOS
sudo systemctl enable mysql # Ubuntu
sudo systemctl enable mariadb # CentOS
2. 安全配置
sudo mysql_secure_installation
3. 创建数据库和用户
-- 登录 MySQL
sudo mysql -u root -p
-- 创建数据库
CREATE DATABASE myapp;
-- 创建用户
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'strong_password';
-- 授权
GRANT ALL PRIVILEGES ON myapp.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;
-- 退出
EXIT;
PostgreSQL
1. 安装
# Ubuntu/Debian
sudo apt install postgresql postgresql-contrib
# CentOS/RHEL
sudo yum install postgresql-server postgresql-contrib
# 初始化数据库 (CentOS)
sudo postgresql-setup initdb
# 启动服务
sudo systemctl start postgresql
sudo systemctl enable postgresql
2. 配置
# 切换到 postgres 用户
sudo -u postgres psql
-- 创建数据库
CREATE DATABASE myapp;
-- 创建用户
CREATE USER appuser WITH PASSWORD 'strong_password';
-- 授权
GRANT ALL PRIVILEGES ON DATABASE myapp TO appuser;
-- 退出
\q
🐳 Docker 配置
安装 Docker
1. 官方安装脚本
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
2. 手动安装 (Ubuntu)
# 更新包索引
sudo apt update
# 安装依赖
sudo apt install apt-transport-https ca-certificates curl gnupg lsb-release
# 添加 Docker GPG 密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 添加仓库
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装 Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
3. 配置 Docker
# 启动服务
sudo systemctl start docker
sudo systemctl enable docker
# 添加用户到 docker 组
sudo usermod -aG docker $USER
# 重新登录或执行
newgrp docker
# 测试安装
docker run hello-world
Docker Compose
# 安装 Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 添加执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 验证安装
docker-compose --version
📊 监控配置
系统监控
1. htop
sudo apt install htop
2. Netdata (实时监控)
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
访问: http://your-server-ip:19999
3. Prometheus + Grafana
# docker-compose.yml
version: '3.8'
services:
prometheus:
image: prom/prometheus
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
grafana:
image: grafana/grafana
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
日志管理
1. 配置 rsyslog
sudo nano /etc/rsyslog.conf
2. 日志轮转
sudo nano /etc/logrotate.d/custom
配置示例:
/var/log/myapp/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 644 www-data www-data
}
🔧 性能优化
系统优化
1. 内核参数优化
sudo nano /etc/sysctl.conf
添加优化参数:
# 网络优化
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# 文件描述符限制
fs.file-max = 2097152
# 虚拟内存优化
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
应用配置:
sudo sysctl -p
2. 文件描述符限制
sudo nano /etc/security/limits.conf
添加:
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
应用优化
1. PHP 优化 (如果使用)
sudo nano /etc/php/8.1/fpm/php.ini
关键配置:
memory_limit = 256M
max_execution_time = 300
upload_max_filesize = 64M
post_max_size = 64M
max_input_vars = 3000
opcache.enable = 1
opcache.memory_consumption = 128
opcache.max_accelerated_files = 4000
2. MySQL 优化
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
基本优化:
[mysqld]
innodb_buffer_pool_size = 1G
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 2
query_cache_size = 64M
query_cache_type = 1
🔄 备份策略
自动备份脚本
#!/bin/bash
# backup.sh
BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d_%H%M%S)
# 数据库备份
mysqldump -u root -p'password' --all-databases > $BACKUP_DIR/mysql_$DATE.sql
# 文件备份
tar -czf $BACKUP_DIR/files_$DATE.tar.gz /var/www/html
# 清理旧备份 (保留7天)
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
echo "Backup completed: $DATE"
设置定时任务:
crontab -e
# 每天凌晨2点备份
0 2 * * * /path/to/backup.sh
📝 配置检查清单
基础配置
- [ ] 系统更新完成
- [ ] 时区设置正确
- [ ] 主机名配置
- [ ] 新用户创建
- [ ] SSH 密钥配置
安全配置
- [ ] SSH 端口修改
- [ ] 禁用 root 登录
- [ ] 防火墙配置
- [ ] Fail2Ban 安装
- [ ] SSL 证书配置
服务配置
- [ ] Web 服务器安装
- [ ] 数据库配置
- [ ] PHP/应用环境
- [ ] 域名解析
- [ ] 备份策略
监控配置
- [ ] 系统监控
- [ ] 日志配置
- [ ] 性能监控
- [ ] 告警设置
🆘 故障排除
常见问题
1. SSH 连接失败
- 检查端口是否正确
- 确认防火墙规则
- 验证密钥配置
2. Web 服务无法访问
- 检查服务状态
- 确认端口开放
- 查看错误日志
3. 数据库连接失败
- 验证用户权限
- 检查配置文件
- 查看数据库日志