Back to Details

server-management

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Server Management (DigitalOcean)

服务器管理(DigitalOcean)

When to use this skill

何时使用此技能

  • Provisioning a new DigitalOcean Droplet.
  • Configuring Nginx or UFW.
  • Troubleshooting Linux server issues.
  • 部署新的DigitalOcean Droplet。
  • 配置Nginx或UFW。
  • 排查Linux服务器问题。

1. Initial Setup

1. 初始设置

  • User: Create a non-root user with sudo privileges immediately.
  • SSH: Disable password login (
    PermitRootLogin no
    , 
    PasswordAuthentication no
    ). Use SSH keys.
  • 用户:立即创建拥有sudo权限的非root用户。
  • SSH:禁用密码登录(
    PermitRootLogin no
    , 
    PasswordAuthentication no
    )。使用SSH密钥。

2. Security

2. 安全

  • Firewall (UFW):
    bash
    ufw allow OpenSSH
ufw allow 'Nginx Full'
ufw enable
  • Fail2Ban: Install to prevent brute force attacks.
  • 防火墙(UFW):
    bash
    ufw allow OpenSSH
ufw allow 'Nginx Full'
ufw enable
  • Fail2Ban: 安装以防止暴力攻击。

3. Nginx Config

3. Nginx配置

  • Reverse Proxy: Standard pattern for Node/Python apps:
    nginx
    location / {
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
}
  • SSL: Use Certbot (
    python3-certbot-nginx
    ) for auto-renewing Let's Encrypt certificates.
  • 反向代理: 适用于Node/Python应用的标准配置:
    nginx
    location / {
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
}
  • SSL: 使用Certbot(
    python3-certbot-nginx
    )获取自动续期的Let's Encrypt证书。