vps配置优化指南
一键dd
wget --no-check-certificate -qO InstallNET.sh 'https://raw.githubusercontent.com/leitbogioro/Tools/master/Linux_reinstall/InstallNET.sh' && chmod a+x InstallNET.sh
bash InstallNET.sh -debian
#或者这个脚本
curl -O https://raw.githubusercontent.com/bin456789/reinstall/main/reinstall.sh || wget -O reinstall.sh $_
bash reinstall.sh debian 12安全加固
修改ssh端口
vim /etc/ssh/sshd_config
systemctl restart sshdfail2ban
#vim /etc/fail2ban/jail.local
[sshd]
port = 666
bantime = 6d
maxretry = 3
backend = systemd
enable=true
systemctl restart fail2ban添加swap内存
cd /var/
dd if=/dev/zero of=swapfile bs=1M count=1024
/sbin/mkswap swapfile
/sbin/swapon swapfile
chmod 0644 /var/swapfile
echo "/var/swapfile swap swap defaults 0 0" >>/etc/fstab或者一键脚本
wget https://www.moerats.com/usr/shell/swap.sh && bash swap.sh安装docker
curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable dockerdocker iptables 在ExecStart=/usr/bin/dockerd后面添加 --iptables=false
vim /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker一键添加bbr
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
sysctl net.ipv4.tcp_available_congestion_control
lsmod | grep bbr一键屏蔽ping
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
echo "net.ipv6.icmp.echo_ignore_all = 1" >> /etc/sysctl.conf
sysctl -p设置ip
#ipv4优先
sed -i 's/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/' /etc/gai.conf
#屏蔽ipv6
echo -e "net.ipv6.conf.all.disable_ipv6=1\nnet.ipv6.conf.default.disable_ipv6=1\nnet.ipv6.conf.lo.disable_ipv6=1" >> /etc/sysctl.conf && sysctl -pvps性能测试
curl -sL yabs.sh | bash -s -- -5 -i安装warp
wget -N https://raw.githubusercontent.com/fscarmen/warp/main/menu.sh && bash menu.sh