服务器配置

由于经常安装云服务器，再次记录下。
服务器系统为Center OS

安装相关包

yum install -y gcc
yum install -y openssl
yum install -y openssl-devel
yum install -y zlib-devel
yum install -y git
yum install -y unzip

禁用密码登陆，使用秘钥登陆

vim /etc/ssh/sshd_config

# 是否让 sshd 去检查用户家目录或相关档案的权限数据，
# 这是为了担心使用者将某些重要档案的权限设错，可能会导致一些问题所致。
# 例如使用者的 ~.ssh/ 权限设错时，某些特殊情况下会不许用户登入
StrictModes no
# 是否允许用户自行使用成对的密钥系统进行登入行为，仅针对 version 2。
# 至于自制的公钥数据就放置于用户家目录下的 .ssh/authorized_keys 内
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys
#有了证书登录了，就禁用密码登录吧，安全要紧
PasswordAuthentication no

#重启服务

#ubuntu
/etc/init.d/ssh restart

#centos
service sshd restart

升级VIM8

yum install ncurses-devel
wget https://github.com/vim/vim/archive/v8.0.1376.zip
unzip master.zip
cd vim-master
cd src/
./configure
make
sudo make install
vim

//配置增强版VIM
//安装
bash <(curl -fsSL https://raw.githubusercontent.com/liuchengxu/space-vim/master/install.sh)
//卸载
bash <(curl -fsSL https://raw.githubusercontent.com/liuchengxu/space-vim/master/uninstall.sh)

安装oh-my-zsh

//安装zsh
yum -y install zsh

//切换shell
chsh -s /bin/zsh

//安装oh my zsh
//curl
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
//wget 
sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

//添加插件
git clone https://github.com/zsh-users/zsh-autosuggestions $ZSH_CUSTOM/plugins/zsh-autosuggestions

//vim .zshrc中找到plugins
//plugins=(zsh-autosuggestions)

安装Python3

wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tgz
tar xzvf Python-3.6.1.tgz

修改Pyhton3安装配置 解决SSL模块无法使用问题

vim Modules/Setup.dist 或
vim Modules/Setup
# Socket module helper for socket(2)
_socket socketmodule.c timemodule.c
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
#SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto

安装Python3

cd Python-3.6.1
mkdir /usr/local/python3.6
./configure --prefix=/usr/local/python3.6
make
make install

替换原有的Python链接

mv /usr/bin/python /usr/bin/python_bak
ln -s /usr/local/python3.1/bin/python3.1  /usr/bin/python 
注意要修改yum文件，yum依赖系统的python
vim /usr/bin/yum
打开文件后，将/usr/bin/python修改成/usr/bin/python_bak即可

安装ufw

//ubuntu
apt-get install ufw -y 

//debian
apt-get install ufw -y

//center os
yum install epel-release -y
yum install --enablerepo="epel" ufw -y

ufw相关配置

https://linuxconfig.org/how-to-install-and-use-ufw-firewall-on-linux

http://notes.maxwi.com/2017/01/19/linux-command-tools-ufw

//默认配置
ufw default deny incoming
ufw default allow outgoing

cloudflare ufw配置

cloudflare-ufw.sh, 参考链接:

#!/bin/sh

DIR="$(dirname $(readlink -f $0))"
cd $DIR
wget https://www.cloudflare.com/ips-v4 -O ips-v4.tmp
wget https://www.cloudflare.com/ips-v6 -O ips-v6.tmp
mv ips-v4.tmp ips-v4
mv ips-v6.tmp ips-v6

for cfip in `cat ips-v4`; do ufw allow from $cfip; done
for cfip in `cat ips-v6`; do ufw allow from $cfip; done

ufw reload > /dev/null

# OTHER EXAMPLE RULES
# Examples to retrict to port 80
#for cfip in `cat ips-v4`; do ufw allow from $cfip to any port 80 proto tcp; done
#for cfip in `cat ips-v6`; do ufw allow from $cfip to any port 80 proto tcp; done

# Examples to restrict to port 443
#for cfip in `cat ips-v4`; do ufw allow from $cfip to any port 443 proto tcp; done
#for cfip in `cat ips-v6`; do ufw allow from $cfip to any port 443 proto tcp; done

配置运行：

sudo crontab -e

0 0 * * 1 /opt/cloudflare/cloudflare-ufw.sh > /dev/null 2>&1