主机评测 https://www.zhujiceping.com/
# 卸载docker
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装docker
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
# 启动
sudo systemctl start docker
# 设置开启启动
sudo systemctl enable docker
# 验证docker版本
docker --version
vpn
github仓库地址:https://github.com/p4gefau1t/trojan-go
docker run \
-d \
--name=icql-trojan \
-v /data/docker/trojan:/config \
--net=host \
--restart=always \
p4gefau1t/trojan-go:latest \
/config/server.json
----------------------
server.json文件
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": vpn端口,例如 20001,
"remote_addr": "伪装的域名或IP,例如github-page",
"remote_port": 伪装的域名或IP端口,例如80,
"password": ["vpn密码"],
"ssl": {
"cert": "*.crt",
"key": "*.key",
"fallback_port": 伪装的域名端口80
}
}
---------------------
tcp加速
wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh
容器管理
docker run \
-d \
--name=icql-portainer \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /data/docker/portainer/data:/data \
-p 10000:9000 \
--restart=always \
portainer/portainer-ce:latest
docker run -d \
--name=icql-code \
-e PUID=0 \
-e PGID=0 \
-e TZ=Asia/Shanghai \
-e PASSWORD=密码 \
-e DEFAULT_WORKSPACE=/config/workspace \
-p 10001:8443 \
-v /data/docker/code:/config \
--restart unless-stopped \
lscr.io/linuxserver/code-server:latest
去除使用 https 要求
edge://flags/ 或 chrome://flags
找到 Insecure origins treated as secure 改成 启用,并在下方输入框输入 http://server.icql.work:10001
docker run -d \
--name=icql-firefox \
--privileged \
--security-opt seccomp=unconfined \
-e PUID=0 \
-e PGID=0 \
-e TZ=Asia/Shanghai \
-e LC_ALL=zh_CN.UTF-8 \
-e CUSTOM_USER=用户名 \
-e PASSWORD=密码 \
-e TITLE=icql \
-e FIREFOX_CLI=https://www.linuxserver.io \
-p 10002:3000 \
-v /data/docker/firefox/nginx:/run/nginx \
-v /data/docker/firefox/config:/config \
-v /data/docker/firefox/fonts:/usr/share/fonts \
--shm-size="3gb" \
--restart=always \
lscr.io/linuxserver/firefox:latest
docker run -d \
--name icql-wechat \
-v /data/docker/wechat/.xwechat:/root/.xwechat \
-v /data/docker/wechat/xwechat_files:/root/xwechat_files \
-v /data/docker/wechat/downloads:/root/downloads \
-v /dev/snd:/dev/snd \
-p xxx:5800 \
-p xxx:5900 \
-e LANG=zh_CN.UTF-8 \
-e USER_ID=0 \
-e GROUP_ID=0 \
-e WEB_AUDIO=1 \
-e TZ=Asia/Shanghai \
-e WEB_AUTHENTICATION=1 \
-e WEB_AUTHENTICATION_USERNAME=root \
-e WEB_AUTHENTICATION_PASSWORD= \
--restart unless-stopped \
--privileged \
ricwang/docker-wechat:latest
docker run \
-d \
--name=icqlchen-redis \
-v /Users/icqlchen/workspace/docker/redis/data:/data \
-v /Users/icqlchen/workspace/docker/redis/conf:/usr/local/etc/redis \
-p 26379:6379 \
--restart=always \
redis:latest
--------------
配置文件
redis.conf
bind 0.0.0.0
protected-mode no
appendonly yes
requirepass root
docker run \
-d \
--name=icqlchen-mariadb \
--env=MYSQL_ROOT_PASSWORD=root \
-v /Users/icqlchen/workspace/docker/mariadb/data:/var/lib/mysql \
-v /Users/icqlchen/workspace/docker/mariadb/conf:/etc/mysql \
-p 23306:3306 \
--restart=always \
mariadb:latest
---------------
配置文件
my.cnf
[mysqld]
character-set-server=utf8
default-time-zone='+08:00'
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
docker run \
-d \
--name=icqlchen-elasticsearch \
-v /Users/icqlchen/workspace/docker/elasticsearch/data:/usr/share/elasticsearch/data \
-v /Users/icqlchen/workspace/docker/elasticsearch/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-p 29200:9200 \
-p 29300:9300 \
-e "discovery.type=single-node" \
--restart=no \
elasticsearch:8.2.3
docker run \
-d \
--name=icqlchen-kibana \
-v /Users/icqlchen/workspace/docker/kibana/conf/kibana.yml:/usr/share/kibana/config/kibana.yml \
-p 25601:5601 \
--restart=no \
kibana:8.2.3
------------------
配置文件
elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.enabled: false
-------------------
kibana.yml
ip和地址,如果是连接本地es,需要查看es的ip,docker inspect 容器ID,查看ipAddress
elasticsearch.hosts: ["http://172.17.0.4:9200"]
--------------------
arm
7以下的版本,arm版
karlhendrik/elasticsearch:6.8.2
elasticsearch.yml
去掉 xpack.security.enabled: false
karlhendrik/kibana:6.8.2
docker run \
-d \
--name=icql-nginx \
-v /data/docker/nginx/conf:/etc/nginx \
-v /data/docker/nginx/log:/var/log/nginx \
--net=host \
--restart=always \
nginx:latest
配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
#主模块指令,实现对配置文件所包含的文件的设定,可以减少主配置文件的复杂度
include mime.types;
#核心模块指令,默认设置为二进制流,也就是当文件类型未定义时使用这种方式
default_type application/octet-stream;
#日志
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
#设置允许客户端请求的最大的单个文件字节数
client_max_body_size 20M;
#指定来自客户端请求头的headebuffer大小
client_header_buffer_size 32k;
#指定连接请求试图写入缓存文件的目录路径
client_body_temp_path /dev/shm/client_body_temp;
#开启高效文件传输模式
sendfile on;
#开启防止网络阻塞
tcp_nopush on;
#开启防止网络阻塞
tcp_nodelay on;
#设置客户端连接保存活动的超时时间
#keepalive_timeout 0; # 无限时间
keepalive_timeout 65;
#设置客户端请求读取header超时时间
client_header_timeout 10;
#设置客户端请求body读取超时时间
client_body_timeout 10;
#HttpGZip模块配置
#开启gzip压缩
gzip on;
#设置允许压缩的页面最小字节数
gzip_min_length 1k;
#申请4个单位为16K的内存作为压缩结果流缓存
gzip_buffers 4 16k;
#设置识别http协议的版本,默认为1.1
gzip_http_version 1.1;
#指定gzip压缩比,1-9数字越小,压缩比越小,速度越快
gzip_comp_level 2;
#指定压缩的类型
gzip_types text/plain application/x-javascript text/css application/xml;
#让前端的缓存服务器进过gzip压缩的页面
gzip_vary on;
# server {
# listen 80; #监听端口
# server_name web.icql.work; #请求域名
# return 301 https://$host$request_uri; #重定向至https访问
# }
# server {
# listen 443 ssl; #监听端口
# server_name web.icql.work; #请求域名
# ssl_certificate ssl/web.icql.work.crt; #crt证书路径
# ssl_certificate_key ssl/web.icql.work.key; #crt证书key路径
# ssl_session_timeout 5m; #会话超时时间
# ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #SSL协议
#
# # 拦截所有请求
# location / {
# proxy_http_version 1.1;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# proxy_max_temp_file_size 0;
# proxy_connect_timeout 60; #nginx与upstream server的连接超时时间(单位:s)
# proxy_send_timeout 90; #nginx发送数据至 upstream server超时, 默认60s, 如果连续的60s内没有发送1个字节, 连接关闭
# proxy_read_timeout 90; #nginx接收 upstream server数据超时, 默认60s, 如果连续的60s内没有收到1个字节, 连接关闭
# proxy_buffer_size 4k; #代理请求缓存区_这个缓存区间会保存用户的头信息以供Nginx进行规则处理_一般只要能保存下头信息即可
# proxy_buffers 4 32k; #同上 告诉Nginx保存单个用的几个Buffer最大用多大空间
# proxy_busy_buffers_size 64k; #如果系统很忙的时候可以申请更大的proxy_buffers 官方推荐*2
# proxy_temp_file_write_size 64k; #proxy缓存临时文件的大小
#
# proxy_pass https://127.0.0.1:20002;
# }
# }
server {
listen 20000; #监听端口
server_name server.icql.work; #请求域名
autoindex on;
autoindex_exact_size off;
location / {
root /var/log/nginx/download;
}
}
}