常用脚本整理
综合工具箱
wget -O box.sh https://raw.githubusercontent.com/BlueSkyXN/SKY-BOX/main/box.sh && chmod +x box.sh && clear && ./box.sh
反向代理相关
宝塔反向代理:
location / {
proxy_pass http://127.0.0.1:6666/; # 修改成自己所以代理的ip+端口
rewrite ^/(.*)$ /$1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_set_header X-Forwarded-Proto https;
}
Nginx Proxy Manager反向代理:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
[[proxy_set_header]] X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto "https"; [[强制开启https]]
proxy_set_header X-NginX-Proxy true;
[[--解决转https代理后wss协议无法连接的问题]]
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
[[proxy_set_header]] Connection "keep-alive";
proxy_set_header Host $http_host;
proxy_pass http://192.168.3.220:80; [[使用docker的内部地址,需要在docker配置工具中查看]]
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_upgrade;
proxy_redirect off; [[重定向]] off=>改成http:// https://
}
location / {
proxy_pass http://192.168.1.1:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
BBR
centos
wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh
# 一键开启BBR (注意:需要Linux Kernel 内核升级到 4.9 及以上版本可以实现 BBR 加速)
uname -srm
# 输出结果
Linux 3.10.0-957.12.2.el7.x86_64 x86_64
3 - 内核版本.
10 - 主修订版本.
0-957 - 次要修订版本.
12 - 补丁版本.
一般来说,ubuntu18.04以上就可以(默认内核4.15)
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
sysctl net.ipv4.tcp_available_congestion_control
lsmod | grep bbr
Docker
更新/安装必备软件
apt-get update && apt-get install -y wget vim
使用官方安装脚本自动安装
curl -fsSL https://test.docker.com -o test-docker.sh
sudo sh test-docker.sh
非大陆docker安装
wget -qO- get.docker.com | bash
卸载Docker
sudo apt-get purge docker-ce docker-ce-cli containerd.io
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
docker-compose安装
curl -L "https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 根据当前最新版本进行修改
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version # 查看版本
国内安装docker
curl -sSL https://get.daocloud.io/docker | sh
申请证书
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --register-account -m xxxx@gmail.com
~/.acme.sh/acme.sh --issue -d 自己的域名 --standalone
下载证书
~/.acme.sh/acme.sh --installcert -d 自己的域名 --key-file /home/nginx/certs/key.pem --fullchain-file /home/nginx/certs/cert.pem
一键申请证书脚本
wget https://raw.githubusercontent.com/yirenchengfeng1/linux/main/acme.sh
运行 Certbot 申请证书
sudo certbot certonly \
--manual \
--preferred-challenges=dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
-d '*.example.com' \ # 替换为你的通配符域名(如 *.yourdomain.com)
-d example.com # 可选:同时包含根域名
1、根据提示配置 DNS 记录
Certbot 会要求你添加一条 DNS TXT 记录,例如:
_acme-challenge.example.com. 300 IN TXT "gfj9Xq...Rg85nM"
登录你的域名 DNS 管理平台(如 Cloudflare、阿里云等),添加该 TXT 记录。
等待 DNS 记录生效(可能需要几分钟),然后按回车继续。
2、确认证书生成
证书文件将保存在 /etc/letsencrypt/live/example.com/ 目录下:
证书文件:fullchain.pem
私钥文件:privkey.pem
评论区