caorong/vps config

## vps config
apt-get install git vim gcc make libc6-dev build-essential

# change timezone
sudo dpkg-reconfigure tzdata

wget https://bootstrap.pypa.io/get-pip.py

# remove ssh passwordlogin
vim /etc/ssh/sshd_config
PasswordAuthentication no

# download java
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jdk-7u75-linux-x64.tar.gz

# set redis run on background localhost
daemonize yes
bind 127.0.0.1

## vpn
apt-get install pptpd
## 注意， > ＝覆盖， >> ＝ append
echo $'localip 192.168.10.1\nremoteip 192.168.10.10-40' >> /etc/pptpd.conf
/etc/ppp/chap-secrets #输入密码
echo $'ms-dns 8.8.8.8\nms-dns 8.8.4.4\n' >> /etc/ppp/pptpd-options

# set ipforward
root@vultr:~# echo $'net.ipv4.ip_forward = 1\n' >> /etc/sysctl.conf
root@vultr:~# sysctl -p
net.ipv4.ip_forward = 1

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE

# supervisor + shadowsocks

# iptables

# for bandwagong pptp vpn

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o venet0 -j MASQUERADE
iptables -I FORWARD -s 192.168.10.0/24 -j ACCEPT
iptables -I FORWARD -d 192.168.10.0/24 -j ACCEPT

# for linode
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE


# remote mysql whitelist
iptables -N mysql # create chain for mysql
iptables -A mysql --src 127.0.0.1 -j ACCEPT
iptables -A mysql --src 1.1.1.1.1 -j ACCEPT
iptables -A mysql --src 106.xx.xx.xx -j ACCEPT
iptables -A mysql --src 45.xx.xx.xx -j ACCEPT
iptables -A mysql -j DROP # drop packets from other hosts
iptables -I INPUT -m tcp -p tcp --dport 3306 -j mysql # use chain for packets to MySQL port

#### save
iptables-save > /etc/iptables.conf

#### restore
iptables-restore < /etc/iptables.conf


## 开机自启动
######################
/etc/rc.local
######################

iptables-restore < /etc/iptables.conf
/usr/sbin/nginx
/root/redis-2.8.19/src/redis-server &
	apt-get install git vim gcc make libc6-dev build-essential

	# change timezone
	sudo dpkg-reconfigure tzdata

	wget https://bootstrap.pypa.io/get-pip.py

	# remove ssh passwordlogin
	vim /etc/ssh/sshd_config
	PasswordAuthentication no

	# download java
	http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

	wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jdk-7u75-linux-x64.tar.gz

	# set redis run on background localhost
	daemonize yes
	bind 127.0.0.1

	## vpn
	apt-get install pptpd
	## 注意， > ＝覆盖， >> ＝ append
	echo $'localip 192.168.10.1\nremoteip 192.168.10.10-40' >> /etc/pptpd.conf
	/etc/ppp/chap-secrets #输入密码
	echo $'ms-dns 8.8.8.8\nms-dns 8.8.4.4\n' >> /etc/ppp/pptpd-options

	# set ipforward
	root@vultr:~# echo $'net.ipv4.ip_forward = 1\n' >> /etc/sysctl.conf
	root@vultr:~# sysctl -p
	net.ipv4.ip_forward = 1

	iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE

	# supervisor + shadowsocks

	# iptables

	# for bandwagong pptp vpn

	iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o venet0 -j MASQUERADE
	iptables -I FORWARD -s 192.168.10.0/24 -j ACCEPT
	iptables -I FORWARD -d 192.168.10.0/24 -j ACCEPT

	# for linode
	iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE


	# remote mysql whitelist
	iptables -N mysql # create chain for mysql
	iptables -A mysql --src 127.0.0.1 -j ACCEPT
	iptables -A mysql --src 1.1.1.1.1 -j ACCEPT
	iptables -A mysql --src 106.xx.xx.xx -j ACCEPT
	iptables -A mysql --src 45.xx.xx.xx -j ACCEPT
	iptables -A mysql -j DROP # drop packets from other hosts
	iptables -I INPUT -m tcp -p tcp --dport 3306 -j mysql # use chain for packets to MySQL port

	#### save
	iptables-save > /etc/iptables.conf

	#### restore
	iptables-restore < /etc/iptables.conf



	## 开机自启动
	######################
	/etc/rc.local
	######################

	iptables-restore < /etc/iptables.conf
	/usr/sbin/nginx
	/root/redis-2.8.19/src/redis-server &