2019年11月

Debian apt 源更新, https 错误。

apt-get install ca-certificates

Ign:1 https://mirrors.tuna.tsinghua.edu.cn/debian stretch InRelease
Ign:2 https://mirrors.tuna.tsinghua.edu.cn/debian stretch-updates InRelease          
Hit:4 http://cdn-fastly.deb.debian.org/debian buster InRelease                                                             
Hit:5 http://cdn-fastly.deb.debian.org/debian buster-updates InRelease                                                     
Hit:3 http://security-cdn.debian.org/debian-security buster/updates InRelease                                              
Ign:6 https://mirrors.tuna.tsinghua.edu.cn/debian stretch-backports InRelease                        
Ign:7 https://mirrors.tuna.tsinghua.edu.cn/debian-security stretch/updates InRelease
Err:8 https://mirrors.tuna.tsinghua.edu.cn/debian stretch Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Err:9 https://mirrors.tuna.tsinghua.edu.cn/debian stretch-updates Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Err:10 https://mirrors.tuna.tsinghua.edu.cn/debian stretch-backports Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Err:11 https://mirrors.tuna.tsinghua.edu.cn/debian-security stretch/updates Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]

You can add [trusted=yes] in the sources.list. For example:

deb [trusted=yes] http://ppa.launchpad.net/repo_name/pkg/ubuntu vivid main
deb-src [trusted=yes] http://ppa.launchpad.net/repo_name/pkg/ubuntu vivid main

askubuntu

deb [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
# deb-src [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
deb [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
# deb-src [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
deb [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
# deb-src [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
deb [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
# deb-src [trusted=yes] https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free

docker volume create lichee-build-env_data
docker run -d -p 2222:22 --name=lichee-build-env -v lichee-build-env_data:/data itscaro/debian-ssh:latest

Dockerfile

FROM debian:latest

MAINTAINER Minh-Quan TRAN "xwiron@aliyun.com"

RUN apt-get update && \
        apt-get install -y nano && \
        apt-get install -y vim && \
        apt-get install -y openssh-server && \
        rm -rf /var/lib/apt/lists/* && \
        apt-get clean

RUN echo 'root:root' |chpasswd

RUN sed -ri 's/^PermitRootLogin\s+.*/PermitRootLogin yes/' /etc/ssh/sshd_config && \
        sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config

RUN mkdir -p /var/run/sshd

EXPOSE 22

# '-D':demean '-d':debug
CMD    ["/usr/sbin/sshd", "-D"]

Build docker image.

mkdir debian-ssh
vi ./debian-ssh/Dockerfile
docker build -t xwiron/debian-ssh:basic debian-ssh

Add user

groupadd iron
useradd iron:iron
cp -r /etc/skel /home/iron
chown -R iron:iron /home/iron

# bash pat config
chsh -s [/path/to/bash]
chsh -s /bin/bash

portainer

docker volume create portainer_data
docker run --name portainer \
           --restart=always \
           -p 8000:8000 -p 9000:9000 \
           -v /var/run/docker.sock:/var/run/docker.sock \
           -v portainer_data:/data \
           -d portainer/portainer:latest

postgresql

docker volume create postgresql-v12_data
docker run --name postgres-v12 \
           --restart=always \
           -p 5432:5432 \
           -e POSTGRES_PASSWORD=password \
           -v postgresql-v12_data:/var/lib/postgresql/data \
           -d postgres:12

pgadmin4

docker run -p 80:80 \
    --restart=always \
    --name pgadmin4 \
    -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \
    -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \
    -d dpage/pgadmin4:latest

redis

docker volume create redis_data
docker run --restart=always \
           --name redis \
           -p 6739:6739 \
           -v /myredis/conf/redis.conf:/usr/local/etc/redis/redis.conf \
           -v redis_data:/data \
           -d redis:latest

gogs

docker volume create gogs_data
docker run --name gogs \
           --restart=always \
           -p 3000:3000 \
           -v gogs_data:/data \
           -d gogs/gogs:latest

softethervpn

docker run --name=softether\
    --cap-add NET_ADMIN \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -p 1701:1701/udp \
    -p 1194:1194/udp \
    -p 5555:5555/tcp \
    -e SPW=ServerManagementPassword \
    -e HPW=HubManagementPassword \
    -v /<path>/softether/vpn_server.config:/usr/vpnserver/vpn_server.config \
    siomiz/softethervpn:latest

emqx

docker run --restart=always \
        --name emqx \
        -p 18083:18083 \
        -p 8083:8083 \
        -p 1883:1883 \
        -d emqx/emqx:latest

docker run --restart=always \
        --name emqx-edge \
        -p 18084:18083 \
        -p 8883:8083 \
        -p 18833:1883 \
        -d emqx/emqx-edge:latest

haproxy

docker run --restart=always \
    --name haproxy \
    -p 2018:2018 \
    -p 2019:2019 \
    -v /[user path]/haproxy:/usr/local/etc/haproxy \
    -d haproxy:latest

haproxy.cfg

frontend secure         #自定义一个frontend,也可以放在listen或者backend中
    mode http
    bind  0.0.0.0:8901  #监听的ip端口号
    stats enable        #开关
    stats uri  /        #访问的uri   ip:8888/admin?admin
    stats hide-version  #隐藏HAProxy的版本号
    stats admin if TRUE #管理界面,如果认证成功了,可通过webui管理节点
    stats refresh  30s  #统计页面自动刷新时间
    timeout client  120000

listen test1
    bind 0.0.0.0:2018
    mode tcp
    option tcplog
    timeout connect 5000
    timeout client  120000
    timeout server  120000
    #maxconn 4086
    #log 127.0.0.1 local0 debug
    server s1 127.0.0.1:2018

caddy

docker run --restart=always \
    --name caddy\
    -p 2015:2015\
    -v /srv/www:/<path>/caddy/www \
    -d abiosoft/caddy:latest

apache-php7.4

docker run --name apache-php7.4 \
  --restart=always \
  -p 80:80 -p 443:443 \
  -v /<path>/www:/app \
  -d webdevops/php-apache:7.4

apache-php8.2

docker run --name apache-php8.2 \
--restart=always \
  -p 80:80 -p 443:443 \
  -v /<path>/www:/app \
  -d webdevops/php-apache:8.2

nodejs/PM2

  1. 允许root用户远程登录

    修改ssh服务配置文件

    sudo vi /etc/ssh/sshd_config

    调整 PermitRootLogin 参数值为 yes,如下图:

{A45A4D02-353E-41C4-B9F1-B01132809973}_20191105181519.jpg

  1. 允许无密码登录

    同上,修改ssh服务配置文件,两种情况:

    1) 将PermitEmptyPasswords yes前面的#号去掉

    2) 将PermitEmptyPasswords 参数值修改为yes

  1. 1
  2. 2
  3. 3