服务安装

开启 root 用户登录

设置 root 用户密码

sudo passwd root

设置允许 root 用户通过 ssh 密钥登录

# 1.修改ssh配置
sudo vim /etc/ssh/sshd_config

# 2.打开注释
PermitRootLogin prohibit-password

# 3.将 /home/ubuntu/.ssh/authorized_keys copy 到 /root/.ssh/authorized_keys
sudo cp /home/ubuntu/.ssh/authorized_keys /root/.ssh/authorized_keys

# 4.重启ssh
sudo systemctl restart ssh

# 5.防火墙开启22端口 云服务器可以使用云服务商的防火墙
sudo ufw enable
sudo ufw allow 22
sudo ufw allow 2222 # 如果需要
sudo ufw reload
sudo ufw status

安装 docker 环境

安装 docker 和 docker-compose

https://cloud.tencent.com/document/product/1207/45596

# 更新软件
sudo apt update && sudo apt upgrade -y
sudo apt install -y vim htop git-all zip

# 卸载docker
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

# 安装docker
sudo apt-get update
sudo apt-get install ca-certificates curl -y
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://mirrors.cloud.tencent.com/docker-ce/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# ubuntu
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.cloud.tencent.com/docker-ce/linux/ubuntu/ \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# debian
echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.cloud.tencent.com/docker-ce/linux/debian/ \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker

# 安装docker-compose
sudo curl -SL https://$PROXY_USER:$PROXY_PASS@github-proxy.explorexd.uk/https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# 开启远程管理
vim /usr/lib/systemd/system/docker.service
# 添加配置 -H tcp://0.0.0.0:2375
# ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H fd:// --containerd=/run/containerd/containerd.sock
systemctl daemon-reload && systemctl restart docker
# 添加防火墙规则，仅允许指定IP访问2375端口
sudo ufw allow from 10.0.16.9 to any port 2375
sudo ufw deny 2375
sudo ufw reload

修改 docker 配置文件

/etc/docker/daemon.json

{
  "registry-mirrors": [
    "https://mirror.ccs.tencentyun.com"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "20m",
    "max-file": "7"
  }
}

安装 ufw-docker

https://github.com/chaifeng/ufw-docker?tab=readme-ov-file#solving-ufw-and-docker-issues

sudo wget -O /usr/local/bin/ufw-docker https://$PROXY_USER:$PROXY_PASS@github-proxy.explorexd.uk/https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
sudo ufw-docker install

设置 ufw 局域网规则

sudo ufw allow from 10.0.16.9
sudo ufw allow from 10.0.16.4
sudo ufw allow from 10.0.8.7
sudo ufw allow from 10.0.20.3
sudo ufw allow from 10.0.24.2
sudo ufw deny 2375
ufw reload

安装 ZSH 终端

安装 zsh 和 oh my zsh 和插件

https://www.haoyep.com/posts/zsh-config-oh-my-zsh/

# 更新软件源
sudo apt update && sudo apt upgrade -y
# 安装 zsh git curl
sudo apt install zsh git curl -y
# 切换终端
chsh -s /bin/zsh
# 安装oh my zsh
sh -c "$(curl -fsSL https://gitee.com/pocmon/ohmyzsh/raw/master/tools/install.sh)"

# zsh-autosuggestions
git clone https://$PROXY_USER:$PROXY_PASS@github-proxy.explorexd.uk/https://github.com/zsh-users/zsh-autosuggestions.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions

# zsh-syntax-highlighting
git clone https://$PROXY_USER:$PROXY_PASS@github-proxy.explorexd.uk/https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting

在 ~/.zshrc 设置 plugins=(git zsh-autosuggestions zsh-syntax-highlighting)

安装 gitlab-runner

安装 gitlab-runner 配置 root 用户启动 https://www.cnblogs.com/wu-wu/p/13426658.html

# 安装gitlab-runner（不推荐）
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash

# 腾讯源（推荐） Ubuntu24.04 文档：https://mirrors.tuna.tsinghua.edu.cn/help/gitlab-runner/
curl -L https://packages.gitlab.com/runner/gitlab-runner/gpgkey | gpg --dearmor > /usr/share/keyrings/gitlab-runner.gpg
# ubuntu
echo 'deb [signed-by=/usr/share/keyrings/gitlab-runner.gpg] https://mirrors.cloud.tencent.com/gitlab-runner/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/gitlab-runner.list
# debian
echo 'deb [signed-by=/usr/share/keyrings/gitlab-runner.gpg] https://mirrors.tuna.tsinghua.edu.cn/gitlab-runner/debian bookworm main' | sudo tee /etc/apt/sources.list.d/gitlab-runner.list


apt-cache madison gitlab-runner
apt-get update
sudo apt install gitlab-runner=17.5.5-1

# 删除gitlab-runner
sudo gitlab-runner uninstall
# 安装并设置--user(设置为root)
gitlab-runner install --working-directory /home/gitlab-runner --user root
# 重启gitlab-runner
sudo systemctl restart gitlab-runner
# 查看当前runner用户
ps aux|grep gitlab-runner

开发环境

安装 sdkman

# 安装
export SDKMAN_DIR="/opt/sdkman"
export SDKMAN_DIR_RAW="/opt/sdkman"
sudo curl -s "https://get.sdkman.io" | bash

# 添加启动文件
sudo vim /etc/profile.d/sdkman.sh

# 文件内容
#THIS MUST BE AT THE END OF THE FILE FOR SDKMAN TO WORK!!!
export SDKMAN_DIR=/opt/sdkman
[[ -s "$SDKMAN_DIR/bin/sdkman-init.sh" ]] && source "$SDKMAN_DIR/bin/sdkman-init.sh"

# 添加docker环境变量文件
sudo vim /etc/profile.d/docker.sh

# 文件内容
# 腾讯云容器仓库
export DOCKER_REGISTRY_USERNAME='xxx'
export DOCKER_REGISTRY_PASSWORD='xxx'

# 修改 ~/.bashrc 和 ~/.zshrc
# Load /etc/profile.d
if [ -d /etc/profile.d ]; then
  for i in /etc/profile.d/*.sh; do
    if [ -r $i ]; then
      . $i
    fi
  done
  unset i
fi

安装 nvm

# 安装
mkdir -p /opt/nvm
export NVM_DIR="/opt/nvm"
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

# 配置
vim /etc/profile.d/nvm.sh
# 内容
export NVM_DIR="/opt/nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

# 修改 ~/.bashrc 和 ~/.zshrc
# Load /etc/profile.d
if [ -d /etc/profile.d ]; then
  for i in /etc/profile.d/*.sh; do
    if [ -r $i ]; then
      . $i
    fi
  done
  unset i
fi

安装 rvm

ubuntu 安装 rvm：https://github.com/rvm/ubuntu\_rvm

安装 pyenv

# 安装依赖
sudo apt update
sudo apt install build-essential libssl-dev zlib1g-dev \
libbz2-dev libreadline-dev libsqlite3-dev curl git \
libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev

# 安装
export PYENV_ROOT="/opt/pyenv"
curl https://pyenv.run | bash

# 配置
vim /etc/profile.d/pyenv.sh
# 内容
export PYENV_ROOT="/opt/pyenv"
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init -)"
pyenv shell 3.12.7 2.7.18

安装 gvm

# 安装依赖
sudo apt-get install curl git mercurial make binutils bison gcc build-essential

# 安装
 curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer -o /tmp/gvm-installer.sh
 bash /tmp/gvm-installer.sh master /opt

 # 配置
vim /etc/profile.d/gvm.sh
# 内容
[[ -s "/opt/gvm/scripts/gvm" ]] && source "/opt/gvm/scripts/gvm"

其他选项

关闭内存交换空间

# 检查当前交换状态：
sudo swapon --show
# 修改 /etc/fstab 文件，注释包含 swap 的行，通常看起来像这样：/swapfile none swap sw 0 0
sudo vim /etc/fstab
# 关闭交换
sudo swapoff -a
# 删除交换文件
sudo rm -rf /swapfile

创建 ssh 秘钥，供 git 使用

 ssh-keygen -t rsa -b 4096 -C "403735024@qq.com"

安装腾讯云相关 python SDK

pip3 install --upgrade tencentcloud-sdk-python --break-system-packages
pip3 install -U cos-python-sdk-v5 --break-system-packages
pip3 install paramiko scp --break-system-packages