Linux 命令集合
路由配置
ip route add 192.168.1.0/24 via 10.0.0.4 #添加一条明细路由
ip route #查看当前路由
> default via 10.0.0.3 dev vmbr0 proto kernel onlink #默认路由
> 10.0.0.0/24 dev vmbr0 proto kernel scope link src 10.0.0.254
> 192.168.1.0/24 via 10.0.0.4 dev vmbr0 #刚添加的路由
ip route del 192.168.1.0/24 via 10.0.0.4 #删除一条明细路由
vps 测速
一键测速
wget https://raw.github.com/sivel/speedtest-cli/master/speedtest.py
python speedtest.py
一键vps性能测试
wget -qO- bench.sh | bash
#或者下面这命令下载执行
curl -Lso- bench.sh | bash
临时全局代理
export http_proxy=http://10.0.0.2:8000
export https_proxy=http://10.0.0.2:8000
取消代理,环境变量都用unset释放
unset http_proxy
unset https_proxy
vi编辑器异常
sed -i "s/compatible/nocompatible/g" /etc/vim/vimrc.tiny
echo 'set backspace=2' >> /etc/vim/vimrc.tiny
echo -e 'let skip_defaults_vim = 1\nif has("mouse")\n \
set mouse-=a\nendif' | tee ~/.vimrc > /dev/null
ssh允许root登录
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' \
/etc/ssh/sshd_config && systemctl restart ssh
ssh公钥登录
实现A机器免密登录B机器 A机器配置如下(windows 10/11 使用powershell,命令一致)
cd ~/.ssh #没有这个文件夹可自行创建
ssh-keygen -t rsa -b 4096 # 更安全的加密方式使用 ecdsa 或 ed25519
> Generating public/private rsa key pair.
> Enter file in which to save the key (/root/.ssh/id_rsa):
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /root/.ssh/id_rsa
> Your public key has been saved in /root/.ssh/id_rsa.pub
> The key fingerprint is:
> SHA256:70E82+HNRclj6ACSz***********ZsZI99vuYGiKOqUgk root@wwe
> The key's randomart image is:
> +---[RSA 3072]----+
> | .=o.o |
> | o.B+ . o .|
> | O +o . =.|
> |E * * oo....|
> | . . + S = +. .|
> | o + + * = . |
> | . . . + + + |
> |. . . . + |
> |..... . +. |
> +----[SHA256]-----+
ls
> authorized_keys id_rsa id_rsa.pub
# 创建完成后,拷贝id_rsa.pub的内容到B机器~/.ssh/authorized_keys中
# 使用ssh-copy-id命令拷贝或者手动拷贝均可
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 [email protected]
openssl自签证书
自签ecc私钥private.key及证书cert.crt,更安全
openssl ecparam -name secp384r1 -genkey -noout -out private.key
openssl req -x509 -new -key private.key -out cert.crt -days 3650
创建一个RSA私钥key.pem及证书cert.pem,兼容性更强
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 365
nginx 反向代理
apt install nginx #debian 安装nginx
创建一个代理文件nano /etc/nginx/conf.d/proxy.conf
server {
listen 8888 ssl; #替换实际端口号
server_name _; # 替换为你的服务器名或IP
#没有ssl证书或计划用http访问,删除下面两行
ssl_certificate /etc/nginx/conf.d/cert.pem; # 替换为你的证书文件路径
ssl_certificate_key /etc/nginx/conf.d/key.pem; # 替换为你的私钥文件路径
location / {
proxy_pass https://192.168.1.100;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
保存:ctrl+x y,然后验证并重载nginx
nginx -t #验证配置无误
nginx -s reload #重载nginx
haproxy 反向代理
apt install haproxy #安装haproxy
cat cert.pem key.pem | tee /etc/haproxy/haproxy.pem #合并证书与私钥
nano /etc/haproxy/haproxy.cfg
#在最后加上两行
frontend ssl_front
bind *:8888 ssl crt /cert/haproxy.pem
mode tcp
default_backend ssl_back
backend ssl_back
mode tcp
server web1 192.168.1.100 check ssl verify none
验证并重载haproxy
haproxy -c -f /etc/haproxy/haproxy.cfg #检查配置是否有误
systemctl reload haproxy
docker kill --signal=HUP haproxy # 容器运行的haproxy可以用这个命令重载
haproxy acl
匹配链接为https://192-168-1-100-443.abc.com:8888/webapi/entry.cgi?SYNO.API.Auth路由到web_proxy
frontend http-in
bind *:80
bind *:8888 ssl crt /etc/haproxy/ssl/ssl.pem alpn h2,http/1.1
option accept-invalid-http-request
http-request set-header X-Forwarded-Proto https if { ssl_fc }
rspdel Strict-Transport-Security
acl host_match hdr(host) -i 192-168-1-100-443.abc.com:8888
# 定义一个 ACL 来匹配特定的 URL 路径
acl path_match path -i /webapi/entry.cgi
# 定义一个 ACL 来匹配查询参数
acl query_match url_param(api) -m str SYNO.API.Auth
# 使用这些 ACL 来选择后端
use_backend web_proxy if host_match path_match query_match
default_backend web
backend web_proxy
mode http
server web1 192.168.1.100:443 check ssl verify none
backend web
....... #按自己逻辑加
磁盘格式转换
qemu-img convert -f qcow2 -O vmdk centos.qcow2 centos.vmdk
一键xray
#自用脚本
bash <(curl -sSL https://alist.xiaoyue.pro/d/bash/xray.sh)
#国内访问不了github用下面这个走代理
bash <(curl -sSL https://alist.xiaoyue.pro/d/bash/xray_cn.sh)