Last active
August 29, 2015 14:13
-
-
Save caorong/05f0169668720afb79db to your computer and use it in GitHub Desktop.
vps config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get install git vim gcc make libc6-dev build-essential | |
# change timezone | |
sudo dpkg-reconfigure tzdata | |
wget https://bootstrap.pypa.io/get-pip.py | |
# remove ssh passwordlogin | |
vim /etc/ssh/sshd_config | |
PasswordAuthentication no | |
# download java | |
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html | |
wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jdk-7u75-linux-x64.tar.gz | |
# set redis run on background localhost | |
daemonize yes | |
bind 127.0.0.1 | |
## vpn | |
apt-get install pptpd | |
## 注意, > =覆盖, >> = append | |
echo $'localip 192.168.10.1\nremoteip 192.168.10.10-40' >> /etc/pptpd.conf | |
/etc/ppp/chap-secrets #输入密码 | |
echo $'ms-dns 8.8.8.8\nms-dns 8.8.4.4\n' >> /etc/ppp/pptpd-options | |
# set ipforward | |
root@vultr:~# echo $'net.ipv4.ip_forward = 1\n' >> /etc/sysctl.conf | |
root@vultr:~# sysctl -p | |
net.ipv4.ip_forward = 1 | |
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE | |
# supervisor + shadowsocks | |
# iptables | |
# for bandwagong pptp vpn | |
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o venet0 -j MASQUERADE | |
iptables -I FORWARD -s 192.168.10.0/24 -j ACCEPT | |
iptables -I FORWARD -d 192.168.10.0/24 -j ACCEPT | |
# for linode | |
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE | |
# remote mysql whitelist | |
iptables -N mysql # create chain for mysql | |
iptables -A mysql --src 127.0.0.1 -j ACCEPT | |
iptables -A mysql --src 1.1.1.1.1 -j ACCEPT | |
iptables -A mysql --src 106.xx.xx.xx -j ACCEPT | |
iptables -A mysql --src 45.xx.xx.xx -j ACCEPT | |
iptables -A mysql -j DROP # drop packets from other hosts | |
iptables -I INPUT -m tcp -p tcp --dport 3306 -j mysql # use chain for packets to MySQL port | |
#### save | |
iptables-save > /etc/iptables.conf | |
#### restore | |
iptables-restore < /etc/iptables.conf | |
## 开机自启动 | |
###################### | |
/etc/rc.local | |
###################### | |
iptables-restore < /etc/iptables.conf | |
/usr/sbin/nginx | |
/root/redis-2.8.19/src/redis-server & | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment