入手了 BuyVM 2 刀的 VPS

date
Jan 5, 2024
outer_link
slug
buyvm-512m-vps
status
Published
tags
diary
tech
summary
难得看到 BuyVM 在我上班的时候上架了 512M 内存的 VPS,虽然没有存储块,但还是入手一个,再慢慢蹲存储。记录一下开机后的一些脚本操作。
type
Post
配置为:单核, 512MB内存, 10GB NVMe磁盘, 1000Mbps带宽不限流量,DDOS 防护。提供1个 IPv4 和一组 IPv6/48。安装了 Debian 11 的系统。
更新 apt:
apt-get update

设置交换(swap)

初装的系统默认没有设置交换的,但设置交换对 512M 内存的 VPS 来说太重要了,直接按照DigitalOcean 的这篇文章设置即可。
How To Add Swap Space on Debian 11 | DigitalOcean
One way to guard against out-of-memory errors in applications is to add some swap space to your server. In this guide, we will cover how to add a swap file t…
How To Add Swap Space on Debian 11 | DigitalOcean
https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-debian-11
How To Add Swap Space on Debian 11 | DigitalOcean

使用 fail2ban 保护 SSH

安装 iptables:
apt-get install iptables
再安装 fail2ban:
sudo apt-get install fail2ban
配置 /etc/fail2ban/jail.conf
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
# 以空格分隔的列表,可以是 IP 地址、CIDR 前缀或者 DNS 主机名
# 用于指定哪些地址可以忽略 fail2ban 防御
ignoreip = 127.0.0.1 172.31.0.0/24 10.10.0.0/24 192.168.0.0/24
 
# 客户端主机被禁止的时长(秒)
bantime = 86400
 
# 客户端主机被禁止前允许失败的次数 
maxretry = 5
 
# 查找失败次数的时长(秒)
findtime = 600
 
mta = sendmail
 
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=your@email.com, sender=fail2ban@email.com]
# Debian 系的发行版 
logpath = /var/log/auth.log

# ssh 服务的最大尝试次数 
maxretry = 3
重启 fail2ban 服务:
sudo service fail2ban restart
验证 fail2ban 是否在运行:
sudo fail2ban-client ping
如果正常运行,则会返回 Server replied: pong
运行 sudo tail -f /var/log/fail2ban.log 可以查看事件。
root@localhost:~# sudo tail -f /var/log/fail2ban.log
2024-01-03 19:24:05,262 fail2ban.filter         [327]: INFO    [sshd] Found 141.98.11.11 - 2024-01-03 19:24:05
2024-01-03 19:24:05,269 fail2ban.filter         [327]: INFO    [ssh-iptables] Found 141.98.11.11 - 2024-01-03 19:24:05
2024-01-03 19:24:07,866 fail2ban.filter         [327]: INFO    [sshd] Found 141.98.11.11 - 2024-01-03 19:24:07
2024-01-03 19:24:07,873 fail2ban.filter         [327]: INFO    [ssh-iptables] Found 141.98.11.11 - 2024-01-03 19:24:07
2024-01-03 19:28:43,050 fail2ban.filter         [327]: INFO    [sshd] Found 143.198.198.94 - 2024-01-03 19:28:42
2024-01-03 19:28:43,113 fail2ban.filter         [327]: INFO    [ssh-iptables] Found 143.198.198.94 - 2024-01-03 19:28:42
2024-01-03 19:31:15,945 fail2ban.filter         [327]: INFO    [sshd] Found 148.72.212.19 - 2024-01-03 19:31:15
2024-01-03 19:31:15,945 fail2ban.filter         [327]: INFO    [ssh-iptables] Found 148.72.212.19 - 2024-01-03 19:31:15
2024-01-03 19:31:56,392 fail2ban.filter         [327]: INFO    [ssh-iptables] Found 5.42.85.159 - 2024-01-03 19:31:56
2024-01-03 19:31:56,392 fail2ban.filter         [327]: INFO    [sshd] Found 5.42.85.159 - 2024-01-03 19:31:56
很短的时间内就封禁了好几个 ip

配置 IPv6

首先要登录 https://manage.buyvm.net/ 创建一个 IPv6 的地址,然后修改 interfaces
nano /etc/network/interfaces
iface eth0 inet6 static
	address IPv6地址
	netmask 48
	gateway 网关
重启即可。

挂载硬盘

我购买的是 512GB 的硬盘,首先登录 https://manage.buyvm.net/volumes/ 挂载硬盘。
然后登录 SSH:
root@localhost:~# fdisk -l
Disk /dev/vda: 10 GiB, 10737418240 bytes, 20971520 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x08d476af

Device     Boot Start      End  Sectors Size Id Type
/dev/vda1  *     2048 20969215 20967168  10G 83 Linux


Disk /dev/sda: 512 GiB, 549755813888 bytes, 1073741824 sectors
Disk model: SLAB            
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
可以看到已经多了一个 512GB 的存储
查看硬盘的序列号:
root@localhost:~# ls /dev/disk/by-id/
ata-QEMU_DVD-ROM_QM00004  scsi-0BUYVM_SLAB_VOLUME-25428
scsi-0BUYVM_SLAB_VOLUME-25428 就是硬盘的序列号
将硬盘格式化:
root@localhost:~# mkfs.ext4 -F /dev/disk/by-id/scsi-0BUYVM_SLAB_VOLUME-25428
mke2fs 1.46.2 (28-Feb-2021)
Discarding device blocks: done                            
Creating filesystem with 134217728 4k blocks and 33554432 inodes
Filesystem UUID: f29b2d68-20fd-4538-9da1-e02e374e88ef
Superblock backups stored on blocks: 
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
        4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
        102400000

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done
创建挂载目录,这里我挂载在了 /mnt/vol25428 下面,以对应上面的序列号:
mkdir -p /mnt/vol25428
挂载硬盘到该目录:
mount -o discard,defaults /dev/disk/by-id/scsi-0BUYVM_SLAB_VOLUME-25428 /mnt/vol25428
查看是否成功挂载:
root@localhost:/mnt# df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            214M     0  214M   0% /dev
tmpfs            47M  464K   46M   1% /run
/dev/vda1       9.8G  2.5G  6.9G  27% /
tmpfs           231M     0  231M   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs            47M     0   47M   0% /run/user/0
/dev/sda        503G   28K  478G   1% /mnt/vol25428
然后给予文件夹 777 读写权限:
chmod -R 777 /mnt/vol25428/
最后设置开机自动挂载硬盘:
echo '/dev/disk/by-id/scsi-0BUYVM_SLAB_VOLUME-25428 /mnt/vol25428 ext4 defaults,nofail,discard 0 0' | tee -a /etc/fstab
重启查看是否成功挂载即可。

安装 PT

运行脚本,按照提示操作即可:
bash <(wget -qO- https://raw.githubusercontent.com/jerry048/Dedicated-Seedbox/main/Install.sh) <用戶名稱> <用戶密碼> <緩存大小(單位:MiB)>

按装 Alist:

运行脚本:
root@localhost:#curl -fsSL "https://alist.nn.ci/v3.sh" | bash -s install
Alist 安装成功!

访问地址:http://YOUR_IP:5244/

配置文件路径:/opt/alist/data/config.json
---------如何获取密码?--------
先cd到alist所在目录:
cd /opt/alist
随机设置新密码:
./alist admin random
或者手动设置新密码:
./alist admin set NEW_PASSWORD
----------------------------
启动服务中

查看状态:systemctl status alist
启动服务:systemctl start alist
重启服务:systemctl restart alist
停止服务:systemctl stop alist

温馨提示:如果端口无法正常访问,请检查 服务器安全组、本机防火墙、Alist状态
 
---
Share with Twitter

© YM.SI 2023 - 2024 - Build with Next.js & Notion