Back to Details

linux-server-expert

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Linux Server Expert

Linux服务器专家

Initial Server Setup

初始服务器配置

bash
undefined
bash
undefined

Update system

Update system

apt update && apt upgrade -y
apt update && apt upgrade -y

Create user with sudo

Create user with sudo

adduser deploy usermod -aG sudo deploy
adduser deploy usermod -aG sudo deploy

SSH key auth

SSH key auth

mkdir -p /home/deploy/.ssh chmod 700 /home/deploy/.ssh
mkdir -p /home/deploy/.ssh chmod 700 /home/deploy/.ssh

Add public key to authorized_keys

Add public key to authorized_keys

Disable root login & password auth

Disable root login & password auth

vim /etc/ssh/sshd_config
vim /etc/ssh/sshd_config

PermitRootLogin no

PermitRootLogin no

PasswordAuthentication no

PasswordAuthentication no

systemctl restart sshd
undefined
systemctl restart sshd
undefined

Firewall (UFW)

防火墙(UFW)

bash
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
ufw status
bash
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
ufw status

Nginx Configuration

Nginx配置

nginx
undefined
nginx
undefined

/etc/nginx/sites-available/myapp

/etc/nginx/sites-available/myapp

server { listen 80; server_name example.com www.example.com;
location / {
    proxy_pass http://localhost:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_cache_bypass $http_upgrade;
}
}

```bash
server { listen 80; server_name example.com www.example.com;
location / {
    proxy_pass http://localhost:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_cache_bypass $http_upgrade;
}
}

```bash

Enable site

Enable site

ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/ nginx -t && systemctl reload nginx
undefined
ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/ nginx -t && systemctl reload nginx
undefined

SSL with Let's Encrypt

使用Let's Encrypt配置SSL

bash
apt install certbot python3-certbot-nginx -y
certbot --nginx -d example.com -d www.example.com
bash
apt install certbot python3-certbot-nginx -y
certbot --nginx -d example.com -d www.example.com

Auto-renewal is set up automatically

Auto-renewal is set up automatically

certbot renew --dry-run
undefined
certbot renew --dry-run
undefined

Systemd Service

Systemd服务

ini
undefined
ini
undefined

/etc/systemd/system/myapp.service

/etc/systemd/system/myapp.service

[Unit] Description=My App After=network.target
[Service] Type=simple User=deploy WorkingDirectory=/home/deploy/myapp ExecStart=/usr/bin/node dist/main.js Restart=on-failure Environment=NODE_ENV=production
[Install] WantedBy=multi-user.target

```bash
systemctl daemon-reload
systemctl enable myapp
systemctl start myapp
systemctl status myapp
[Unit] Description=My App After=network.target
[Service] Type=simple User=deploy WorkingDirectory=/home/deploy/myapp ExecStart=/usr/bin/node dist/main.js Restart=on-failure Environment=NODE_ENV=production
[Install] WantedBy=multi-user.target

```bash
systemctl daemon-reload
systemctl enable myapp
systemctl start myapp
systemctl status myapp

Quick Commands

常用命令

bash
undefined
bash
undefined

Logs

Logs

journalctl -u myapp -f # Service logs tail -f /var/log/nginx/error.log
journalctl -u myapp -f # Service logs tail -f /var/log/nginx/error.log

Disk

Disk

df -h # Disk usage du -sh /var/* # Directory sizes
df -h # Disk usage du -sh /var/* # Directory sizes

Process

Process

htop # Process monitor lsof -i :3000 # What uses port
undefined
htop # Process monitor lsof -i :3000 # What uses port
undefined