一边折腾一边做记录,可能有点乱,也有许多错漏的地方。
备份OpenWrt各种配置
备份 Hyper-V 服务器的各种环境
- NextCloud与WordPress数据及数据库已备份及同步完成
rsync -av --delete /my-data/www/html/ root@192.168.33.131:/data-backup- 配置文件目录备份已完成
- 已备份目录
/etc/apache2 - 已备份目录
/etc/mysql - 已备份目录
/etc/lsyncd - 已备份目录
/etc/php/7.4 - 计划任务配置已备份
修改测试主机的IP地址
- 为主服务器让路,腾出我这个IP地址
- 修改配置文件
vi /etc/network/interfaces - 由原来的192.168.33.3修改为192.168.33.87,并成功完成修改与访问。
400GB多的视频文件在NTFS分区上,该如何处理?
正式开始了
准时在2021年10月28日21:30左右 开始了
关闭Windows server 2019主机
接着使用路由器替换了OpenWrt,网络继续正常工作
修改B85主板的 PCIe 1x 接口
也就是爆PCIe 1x插槽的菊花,目的是插入PCIe 16x的显卡。
这B85主板配合E3 1231 V3最神奇的地方是: 我可以不插显卡也能够正常开机并进入系统!
我的另一个Z68配合E3 1230 V2不插显卡,死活不能正常开机启动系统!
改造这个PCIe 1x插槽是为了方便以后如果想要玩显卡直通!虽然只有1x的速度,但直通显卡的目的又不是为了游戏。
不玩显卡直通的情况下,我直接拔掉显卡运行,起码也能省一点点的电。
- 使用小刀爆菊花浪费了不少的时间,由于华硕的PCIe塑料太TM硬了,
- 只爆了一点点实在搞不定,最后使用电络铁,终于把 PCIe 1x 插槽的菊花完爆了,
- 顺利插入PCIe 16x显卡,主机正常启动并显示了,完美!
时间已经来到了10:30左右.
开始为Windows server 2019做一个Ghost备份吧,C盘40GB多左右,极限压缩模式真的非常慢
- 做一个备份吧,万一PVE严重翻车,还能快速恢复到Hyper-V
- 在Windows server 2019的备份盘暂时不挂载到PVE上,用另一个已同步好资料的磁盘挂载到PVE
- 在PVE成功完成后,将NextCloud的资料恢复到SSD上之后,再考虑格式化前任备份盘为LVM-thin
- 在这等待Ghost备份的时间里,又想到了UPS,该如何匹配PVE呢?又是一个头疼的问题
Windows server 2019 系统盘备份完成 时间 23:20
- 将C盘的Ghost备份25GB拷贝至移动磁盘,30M/S的速度太慢了,这垃圾移动硬盘!
- 面对之前在Hyper-V上运行的Win7系统,里面下载了不少的电影,丢弃吗?
- 纠结,从Windows到Linux的迁移,文件系统不同,烦。
下面开始安装PVE
开始安装PVE 23:38
PVE安装完成 2021年10月29日 0:00
开始配置PVE
最基础的配置
- vi编辑器
/etc/vim/vimrc.tiny - 软件源修改为清华镜像源
vi /etc/apt/sources.list - 禁用PVE企业源
vi /etc/apt/sources.list.d/pve-enterprise.list - CT模板改为清华镜像站
/usr/share/perl5/PVE/APLInfo.pm
更新系统
apt update
apt upgrade
reboot
添加SSD硬盘为LVM-thin
- 由于SSD之前是在Windows上使用的,所以直接在PVE的WebUI管理界面 ⇢ 磁盘 ⇢ 擦除磁盘
为SSD分区
root@fzpve:~# fdisk -l
Disk /dev/sdb: 931.51 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: CT1000MX500SSD1
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sda: 119.24 GiB, 128035676160 bytes, 250069680 sectors
Disk model: SanDisk SDSSDHP1
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: A91B586C-3EDC-4722-81A6-525F1F2A13FF
Device Start End Sectors Size Type
/dev/sda1 34 2047 2014 1007K BIOS boot
/dev/sda2 2048 1050623 1048576 512M EFI System
/dev/sda3 1050624 250069646 249019023 118.7G Linux LVM
Disk /dev/mapper/pve-swap: 4 GiB, 4294967296 bytes, 8388608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/pve-root: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
# 创建物理卷PV (volume)
pvcreate /dev/sdb
root@fzpve:~# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created.
# 创建卷组VG (group)
vgcreate vgssd /dev/sdb
root@fzpve:~# vgcreate vgssd /dev/sdb
Volume group "vgssd" successfully created
# 查看SSD可用空间
root@fzpve:~# pvs
PV VG Fmt Attr PSize PFree
/dev/sda3 pve lvm2 a-- <118.74g 4.74g
/dev/sdb vgssd lvm2 a-- 931.51g 931.51g
# 创建 thin-pool (精简池),确定建立920GB,剩余的作为PFree空间
# lvcreate -L 100G -n <poolNAME> <VGNAME>
# lvconvert --type thin-pool <VGNAME>/<poolNAME>
lvcreate -L 920G -n ssdpool vgssd
lvconvert --type thin-pool vgssd/ssdpool
root@fzpve:~# lvcreate -L 920G -n ssdpool vgssd
Logical volume "ssdpool" created.
root@fzpve:~# lvconvert --type thin-pool vgssd/ssdpool
Thin pool volume with chunk size 512.00 KiB can address at most 126.50 TiB of data.
WARNING: Pool zeroing and 512.00 KiB large chunk size slows down thin provisioning.
WARNING: Consider disabling zeroing (-Zn) or using smaller chunk size (<512.00 KiB).
WARNING: Converting vgssd/ssdpool to thin pool's data volume with metadata wiping.
THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.)
Do you really want to convert vgssd/ssdpool? [y/n]: y
Converted vgssd/ssdpool to thin pool.
扩容tmeta空间:
# 查看SSD可用空间
root@fzpve:~# vgs
VG #PV #LV #SN Attr VSize VFree
pve 1 3 0 wz--n- <118.74g 4.74g
vgssd 1 1 0 wz--n- 931.51g <11.29g
# 查看<poolNAME>_tmeta]空间
root@fzpve:~# lvs -a
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
data pve twi-a-tz-- <88.00g 0.00 1.61
[data_tdata] pve Twi-ao---- <88.00g
[data_tmeta] pve ewi-ao---- 1.00g
[lvol0_pmspare] pve ewi------- 1.00g
root pve -wi-ao---- 20.00g
swap pve -wi-ao---- 4.00g
[lvol0_pmspare] vgssd ewi------- 116.00m
ssdpool vgssd twi-a-tz-- 920.00g 0.00 10.42
[ssdpool_tdata] vgssd Twi-ao---- 920.00g
[ssdpool_tmeta] vgssd ewi-ao---- 116.00m
# 扩容[<poolNAME>_tmeta]空间
# lvextend --poolmetadatasize +900M <VGNAME>/<poolNAME>
lvextend --poolmetadatasize +140M vgssd/ssdpool
root@fzpve:~# lvextend --poolmetadatasize +140M vgssd/ssdpool
Size of logical volume vgssd/ssdpool_tmeta changed from 116.00 MiB (29 extents) to 256.00 MiB (64 extents).
Logical volume vgssd/ssdpool_tmeta successfully resized.
# 查看<poolNAME>_tmeta]空间
root@fzpve:~# lvs -a
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
data pve twi-a-tz-- <88.00g 0.00 1.61
[data_tdata] pve Twi-ao---- <88.00g
[data_tmeta] pve ewi-ao---- 1.00g
[lvol0_pmspare] pve ewi------- 1.00g
root pve -wi-ao---- 20.00g
swap pve -wi-ao---- 4.00g
[lvol0_pmspare] vgssd ewi------- 256.00m
ssdpool vgssd twi-a-tz-- 920.00g 0.00 6.45
[ssdpool_tdata] vgssd Twi-ao---- 920.00g
[ssdpool_tmeta] vgssd ewi-ao---- 256.00m
为PVE添加存储:
# 使用刚才创建的 thin-pool (精简池)
# pvesm add lvmthin <STORAGE_ID> --vgname <VGNAME> --thinpool <poolNAME>
pvesm add lvmthin ssd-data --vgname vgssd --thinpool ssdpool
# 检查存储状态
pvesm status
root@fzpve:~# pvesm status
Name Type Status Total Used Available %
local dir active 20466256 2617908 16783388 12.79%
local-lvm lvmthin active 92270592 0 92270592 0.00%
ssd-data lvmthin active 964689920 0 964689920 0.00%
硬件直通配置
时间来到了 00:55
硬件直通需要以下几个步骤的配置
- 修改grub文件
- 更新grub
- 加载内核模块modules
- 刷新initramfs
- 然后重启主机
- 验证是否开启iommu
修改grub文件:
vi /etc/default/grub
# GRUB_CMDLINE_LINUX_DEFAULT="quiet"做如下修改(intel的CPU)
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"
更新grub:
update-grub
root@fzpve:~# update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.11.22-4-pve
Found initrd image: /boot/initrd.img-5.11.22-4-pve
Found memtest86+ image: /boot/memtest86+.bin
Found memtest86+ multiboot image: /boot/memtest86+_multiboot.bin
Adding boot menu entry for EFI firmware configuration
done
加载内核模块modules:
vi /etc/modules
# 内容如下
vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd
刷新initramfs:
update-initramfs -u -k all
root@fzpve:~# update-initramfs -u -k all
update-initramfs: Generating /boot/initrd.img-5.11.22-4-pve
Running hook script 'zz-proxmox-boot'..
Re-executing '/etc/kernel/postinst.d/zz-proxmox-boot' in new private mount namespace..
No /etc/kernel/proxmox-boot-uuids found, skipping ESP sync.
然后重启主机:
reboot
验证是否开启iommu:
dmesg | grep 'remapping'
root@fzpve:~# dmesg | grep 'remapping'
[ 0.152366] DMAR-IR: Enabled IRQ remapping in xapic mode
[ 0.152367] x2apic: IRQ remapping doesn't support X2APIC mode
- 执行命令后显示如下内容,说明开启成功
DMAR-IR: Enabled IRQ remapping in x2apic mode - 此时输入命令
find /sys/kernel/iommu_groups/ -type l 出现很多直通组,说明成功了
root@fzpve:~# find /sys/kernel/iommu_groups/ -type l
/sys/kernel/iommu_groups/7/devices/0000:00:1c.0
/sys/kernel/iommu_groups/5/devices/0000:00:1a.0
/sys/kernel/iommu_groups/3/devices/0000:00:16.0
/sys/kernel/iommu_groups/11/devices/0000:02:00.0
/sys/kernel/iommu_groups/1/devices/0000:00:01.0
/sys/kernel/iommu_groups/1/devices/0000:01:00.0
/sys/kernel/iommu_groups/1/devices/0000:01:00.1
/sys/kernel/iommu_groups/8/devices/0000:00:1c.1
/sys/kernel/iommu_groups/6/devices/0000:00:1b.0
/sys/kernel/iommu_groups/4/devices/0000:00:19.0
/sys/kernel/iommu_groups/12/devices/0000:03:00.0
/sys/kernel/iommu_groups/12/devices/0000:03:00.1
/sys/kernel/iommu_groups/2/devices/0000:00:14.0
/sys/kernel/iommu_groups/10/devices/0000:00:1f.2
/sys/kernel/iommu_groups/10/devices/0000:00:1f.0
/sys/kernel/iommu_groups/10/devices/0000:00:1f.3
/sys/kernel/iommu_groups/0/devices/0000:00:00.0
/sys/kernel/iommu_groups/9/devices/0000:00:1d.0
配置直通完成 时间来到了 01:09
VM虚拟机部署OpenWrt
首先要建立一个VM虚拟机 硬件配置暂定如下:
- 内存 512MB
- 处理器 2核心
[host,flags=+aes] - BIOS OVMF(UEFI)
- 显示 标准VGA(安装配置完成后,最后选择无显示)
- 机器 q35(最新)
- SCSI控制器 VirtIO SCSI
- 硬盘随便添加一个1G的,然后需要使用img镜像导入的磁盘,之后要删除这个硬盘的。
- 网络设备(net0) 随便添加一个网卡,之后要删除,配置直通网卡的哟。
- EFI磁盘 这个必须要且不能删除。
然后下载OpenWrt
# 直接在PVE上下载即可
wget https://downloads.openwrt.org/releases/21.02.1/targets/x86/64/openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img.gz
root@fzpve:~# sha256sum openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img.gz > openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img.gz.sha256sum
root@fzpve:~# cat openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img.gz.sha256sum
005ab565649e10fec4220ee6cc96f2b35a89c01abf2a6d79ccc990b2f39b476a openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img.gz
# 解压
gzip -d openwrt-21.02.0-x86-64-generic-ext4-combined-efi.img.gz
# 将img磁盘直接导入为VM虚拟磁盘,vmid根据现实灵活修改哟。
# qm importdisk <vmid> <source> <storage> [OPTIONS]
qm importdisk 100 /root/openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img local-lvm
root@fzpve:~# qm importdisk 100 /root/openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img local-lvm
importing disk '/root/openwrt-21.02.1-x86-64-generic-ext4-combined-efi.img' to VM 100 ...
Rounding up size to full physical extent 124.00 MiB
Logical volume "vm-100-disk-2" created.
transferred 0.0 B of 120.5 MiB (0.00%)
transferred 2.0 MiB of 120.5 MiB (1.66%)
transferred 4.0 MiB of 120.5 MiB (3.32%)
transferred 6.0 MiB of 120.5 MiB (4.98%)
transferred 50.0 MiB of 120.5 MiB (41.48%)
......
transferred 104.0 MiB of 120.5 MiB (86.29%)
transferred 106.0 MiB of 120.5 MiB (87.94%)
transferred 108.0 MiB of 120.5 MiB (89.60%)
transferred 110.0 MiB of 120.5 MiB (91.26%)
transferred 112.0 MiB of 120.5 MiB (92.92%)
transferred 114.0 MiB of 120.5 MiB (94.58%)
transferred 120.5 MiB of 120.5 MiB (100.00%)
Successfully imported disk as 'unused0:local-lvm:vm-100-disk-2'
最后编辑虚拟机配置
- 硬件
- 将之前创建时的网卡删除,添加PCI设备,先添加一个直通网口作为LAN,之后安装好后再添加WAN口
- 将之前创建虚拟机时的磁盘删除,添加刚才命令导入的虚拟磁盘。
- 剩下的默认吧,检查配置无误后进入下一环节
- 选项
- 开机自动启动 是
- OS类型 Linux 5.x – 2.6 Kernel
- 引导顺序 scsi0 (特别注意这必须选导入的OpenWrt磁盘)
- 剩下的项目默认吧。
82576-0直通作为LAN口
上传gparted-live-1.0.0-3-amd64.iso进行调整OpenWrt分区大小
因为OpenWrt官方镜像默认的根分区只有100MB左右,我们需要将其扩容一下用起来更舒服些。
已完成扩容,关闭虚拟机。
删除 CD-ROM
再到选项选择引导顺序为 scsi0
开启虚拟机测试OpenWRT
我发现双网口的82576网卡直通的时候,不分0或1,都同时直通给OpenWrt的!无法只直通一个口。
这可能是PVE的硬件直通配置还漏了哪个步骤,但已经够用了,所以不纠结这问题先。
时间来到了 2:12
关机,安装硬盘,拷贝数据!!
时间来到了 3:08
发现PVE日志syslog 许多报错
Oct 29 03:00:41 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: illegal attempt to update using time 1635447641 when last update time is 1635465615 (minimum one second step)
Oct 29 03:00:51 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-node/fzpve: /var/lib/rrdcached/db/pve2-node/fzpve: illegal attempt to update using time 1635447651 when last update time is 1635465615 (minimum one second step)
Oct 29 03:00:51 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: illegal attempt to update using time 1635447651 when last update time is 1635465615 (minimum one second step)
Oct 29 03:00:51 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local: /var/lib/rrdcached/db/pve2-storage/fzpve/local: illegal attempt to update using time 1635447651 when last update time is 1635465615 (minimum one second step)
Oct 29 03:01:00 fzpve systemd[1]: Starting Proxmox VE replication runner...
Oct 29 03:01:00 fzpve systemd[1]: pvesr.service: Succeeded.
Oct 29 03:01:00 fzpve systemd[1]: Finished Proxmox VE replication runner.
Oct 29 03:01:01 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-node/fzpve: /var/lib/rrdcached/db/pve2-node/fzpve: illegal attempt to update using time 1635447661 when last update time is 1635465615 (minimum one second step)
Oct 29 03:01:02 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local: /var/lib/rrdcached/db/pve2-storage/fzpve/local: illegal attempt to update using time 1635447661 when last update time is 1635465615 (minimum one second step)
Oct 29 03:01:02 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: illegal attempt to update using time 1635447661 when last update time is 1635465615 (minimum one second step)
Oct 29 03:01:11 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-node/fzpve: /var/lib/rrdcached/db/pve2-node/fzpve: illegal attempt to update using time 1635447671 when last update time is 1635465615 (minimum one second step)
Oct 29 03:01:31 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local: opening '/var/lib/rrdcached/db/pve2-storage/fzpve/local': No such file or directory
Oct 29 03:01:31 fzpve pmxcfs[1065]: [status] notice: RRD create error /var/lib/rrdcached/db/pve2-storage/fzpve/ssd-data: Cannot create temporary file
Oct 29 03:01:31 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/ssd-data: opening '/var/lib/rrdcached/db/pve2-storage/fzpve/ssd-data': No such file or directory
Oct 29 03:01:31 fzpve pmxcfs[1065]: [status] notice: RRD create error /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: Cannot create temporary file
Oct 29 03:01:31 fzpve pmxcfs[1065]: [status] notice: RRD update error /var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm: opening '/var/lib/rrdcached/db/pve2-storage/fzpve/local-lvm': No such file or directory
Oct 29 03:01:37 fzpve systemd[1]: Starting LSB: start or stop rrdcached...
Oct 29 03:01:37 fzpve rrdcached[7353]: rrdcached started.
Oct 29 03:01:37 fzpve systemd[1]: Started LSB: start or stop rrdcached.
Oct 29 03:01:45 fzpve systemd[1]: Stopping The Proxmox VE cluster filesystem...
Oct 29 03:01:45 fzpve pmxcfs[1065]: [main] notice: teardown filesystem
Oct 29 03:01:46 fzpve systemd[4074]: etc-pve.mount: Succeeded.
Oct 29 03:01:46 fzpve systemd[1]: etc-pve.mount: Succeeded.
Oct 29 03:01:47 fzpve pmxcfs[1065]: [main] notice: exit proxmox configuration filesystem (0)
Oct 29 03:01:47 fzpve systemd[1]: pve-cluster.service: Succeeded.
Oct 29 03:01:47 fzpve systemd[1]: Stopped The Proxmox VE cluster filesystem.
Oct 29 03:01:47 fzpve systemd[1]: pve-cluster.service: Consumed 2.237s CPU time.
Oct 29 03:01:47 fzpve systemd[1]: Starting The Proxmox VE cluster filesystem...
Oct 29 03:01:48 fzpve systemd[1]: Started The Proxmox VE cluster filesystem.
Oct 29 03:01:48 fzpve systemd[1]: Condition check resulted in Corosync Cluster Engine being skipped.
Oct 29 03:02:00 fzpve systemd[1]: Starting Proxmox VE replication runner...
Oct 29 03:02:00 fzpve systemd[1]: pvesr.service: Succeeded.
Oct 29 03:02:00 fzpve systemd[1]: Finished Proxmox VE replication runner.
执行如下命令后终于消停了
# 这是错误的命令路径,这个方法失败
root@fzpve:~# cd /var/lib/rrdcached/
root@fzpve:/var/lib/rrdcached# systemctl stop rrdcached
root@fzpve:/var/lib/rrdcached# mv rrdcached rrdcached.bck
mv: cannot stat 'rrdcached': No such file or directory
# 这才是正确的方法
root@fzpve:/var/lib/rrdcached# cd /var/lib/
root@fzpve:/var/lib# systemctl stop rrdcached
root@fzpve:/var/lib# mv rrdcached rrdcached.bck
root@fzpve:/var/lib# systemctl start rrdcached
root@fzpve:/var/lib# systemctl restart pve-cluster
修改Openwrt软件源为清华镜像站:
# openwrt
#src/gz openwrt_core https://downloads.openwrt.org/releases/21.02.1/targets/x86/64/packages
#src/gz openwrt_base https://downloads.openwrt.org/releases/21.02.1/packages/x86_64/base
#src/gz openwrt_luci https://downloads.openwrt.org/releases/21.02.1/packages/x86_64/luci
#src/gz openwrt_packages https://downloads.openwrt.org/releases/21.02.1/packages/x86_64/packages
#src/gz openwrt_routing https://downloads.openwrt.org/releases/21.02.1/packages/x86_64/routing
#src/gz openwrt_telephony https://downloads.openwrt.org/releases/21.02.1/packages/x86_64/telephony
# tsinghua
src/gz openwrt_core https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/21.02.1/targets/x86/64/packages
src/gz openwrt_base https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/21.02.1/packages/x86_64/base
src/gz openwrt_luci https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/21.02.1/packages/x86_64/luci
src/gz openwrt_packages https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/21.02.1/packages/x86_64/packages
src/gz openwrt_routing https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/21.02.1/packages/x86_64/routing
src/gz openwrt_telephony https://mirrors.tuna.tsinghua.edu.cn/openwrt/releases/21.02.1/packages/x86_64/telephony
准备下载CT模板
却发现只有debian10的模板
执行已下命令更新模板
pveam update
即可正常刷出debian11了
CT已经安装好了,基本的配置完成,没有安装AMP环境。
时间已经来到 3:50
好累啊!
关机,然后几分钟后再开,看看PVE日志是否有报错了先吧。
终于正常了,syslog没有报错信息了。
挂载备份磁盘到CT容器 拷贝数据
挂载WD2T磁盘到PVE存储
pvesm add lvmthin wd-backup --vgname vgwd2t --thinpool databackup
在LXC容器添加挂载点
需要修改配置文件进行添加,因为我已经忘记了虚拟磁盘的大小,或是命令有问题吧!
arch: amd64
cores: 4
features: nesting=1
hostname: Debian11-NC
memory: 5120
mp0: wd-backup:vm-100-disk-0,mp=/data-backup,replicate=0,ro=1,size=1000G
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.33.1,hwaddr=0A:FD:83:CE:3B:5A,ip=192.168.33.5/24,type=veth
ostype: debian
rootfs: local-lvm:vm-101-disk-0,size=8G
swap: 2048
unprivileged: 1
# 就是添加这个 unused0: <STORAGE_ID>:<虚拟磁盘>
unused0: local-lvm:vm-101-disk-1
然后在Web UI管理页面进行操作添加磁盘,即可自动识别虚拟磁盘的容量。
创建的挂载点容量很迷,850G的挂载点,虚拟磁盘显示占用912.68G
SSD pool的容量是920G,那不是正好吗?
时间来到 5:00
安装rsync,默认没有rsync
执行数据同步
rsync -av --delete /data-backup/ /web-data/www/
数据已同步完成
openwrt配置ddns 有点复杂
自定义脚本
aly脚本路径
/usr/lib/ddns/update_aliyun_com.sh
太累了,不玩先吧,现在时间是 7:00
2021年10月29日 17:33
继续研究LXC容器的pct管理命令,目的是使用命令管理LXC,从而实现自动快照。
做快照的时候,我的目的是只为LXC的rootfs与备份的HDD磁盘做快照,SSD不参与做快照
因此快照前必须将SSD挂载点删除,然后再执行快照命令,快照完成后,再将SSD添加回来。
特别注意 千万不能在Web UI管理界面容器资源页删除未使用的磁盘!
此操作将会删除虚拟磁盘!!!
PCT管理命令 我们可以使用帮助命令去了解
# PVE 进入 PCT
# pct enter <vmid>
pct enter 103
# exit 退出pct
# 关于pct的使用帮助
pct help
# 具体到哪个命令
pct help set
我需要使用的pct管理命令
# 关闭pct容器
pct shutdown <vmid> [OPTIONS]
root@fzpve:~# pct help shutdown
USAGE: pct shutdown <vmid> [OPTIONS]
Shutdown the container. This will trigger a clean shutdown of the
container, see lxc-stop(1) for details.
<vmid> <integer> (1 - N)
The (unique) ID of the VM.
-forceStop <boolean> (default=0)
Make sure the Container stops.
-timeout <integer> (0 - N) (default=60)
Wait maximal timeout seconds.
# 关闭pct容器示例
pct shutdown 101
# 删除pct挂载点mp[0,1,2,...]
pct set <vmid> -delete mp[n]
root@fzpve:~# pct help set
USAGE: pct set <vmid> [OPTIONS]
Set container options.
<vmid> <integer> (1 - N)
The (unique) ID of the VM.
......
-delete <string>
A list of settings you want to delete.
......
-mp[n] [volume=]<volume> ,mp=<Path> [,acl=<1|0>] [,backup=<1|0>]
[,mountoptions=<opt[;opt...]>] [,quota=<1|0>]
[,replicate=<1|0>] [,ro=<1|0>] [,shared=<1|0>]
[,size=<DiskSize>]
Use volume as container mount point. Use the special syntax
STORAGE_ID:SIZE_IN_GiB to allocate a new volume.
-unused[n] [volume=]<volume>
Reference to unused volumes. This is used internally, and
should not be modified manually.
# 删除pct挂载点示例,得记住配置文件挂载点mp0的配置,比如mp=/data-backup,replicate=0,backup=0,以便再次添加
pct set 101 -delete mp0
# 测试关于unused[n]这个命令,测试只有下面的命令成功添加了磁盘
pct set 101 -unused0 wd-backup:vm-100-disk-0 -mp0 wd-backup:vm-100-disk-0,mp=/data-backu
### 但是上面的命令 -unused0 wd-backup:vm-100-disk-0 是多此一举的。
# 我直接使用如下命令即可再次添加删除的挂载点
pct set 101 -mp0 wd-backup:vm-100-disk-0,mp=/data-backup
# 建立pct快照
pct snapshot <vmid> <snapname> [OPTIONS]
root@fzpve:~# pct help snapshot
USAGE: pct snapshot <vmid> <snapname> [OPTIONS]
Snapshot a container.
<vmid> <integer> (1 - N)
The (unique) ID of the VM.
<snapname> <string>
The name of the snapshot.
-description <string>
A textual description or comment.
# 建立pct快照示例
pct snapshot 101 debian_snap20211029
# 建立快照之后当然是再次添加刚才已经删除的挂载点啦
# pct set <vmid> -mp[n] <STORAGE_ID>:<VM-DISK-NAME>,mp=<Path>,backup=<1|0>,replicate=<1|0>
pct set 101 -mp0 wd-backup:vm-100-disk-0,mp=/data-backup,backup=0,replicate=0
# 开启pct容器
# pct start <vmid>
pct start 100
时间来到了 20:20
配置了一个LXC容器模板,并且做了一个备份
然后完整克隆了2个基于这个模板的完整克隆,分别用于NextCloud与OnlyOffice
部署证书吧 了解一下pve用的什么证书
- 貌似PVE有集成acme脚本?
- 但是PVE集成的这个acme什么鬼来滴?我根本不懂怎么使用。
安装acme.sh 按照之前的旧方法搞
# 在PVE上安装acme.sh
curl https://get.acme.sh | sh
## 居然安装出错,再次尝试还是同样的报错,PVE貌似只能使用他集成的ACME
root@fzpve:~# curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 937 0 937 0 0 795 0 --:--:-- 0:00:01 --:--:-- 795
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 203k 100 203k 0 0 808 0 0:04:18 0:04:18 --:--:-- 67051
[Fri 29 Oct 2021 09:33:46 PM CST] Installing from online archive.
[Fri 29 Oct 2021 09:33:46 PM CST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Fri 29 Oct 2021 09:37:56 PM CST] Extracting master.tar.gz
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
sh: 6676: gtar: not found
[Fri 29 Oct 2021 09:37:56 PM CST] Extraction error.
PVE集成的ACME貌似需要注册账户 而且有点繁琐
还是在LXC容器安装ACME试试吧
LXC没有curl,需要安装
apt install curl
然后再安装acme.sh
root@Debian11-Cloud:~# curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 937 0 937 0 0 264 0 --:--:-- 0:00:03 --:--:-- 264
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 203k 100 203k 0 0 174k 0 0:00:01 0:00:01 --:--:-- 174k
[Fri 29 Oct 2021 10:56:08 PM CST] Installing from online archive.
[Fri 29 Oct 2021 10:56:08 PM CST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Fri 29 Oct 2021 10:56:12 PM CST] Extracting master.tar.gz
[Fri 29 Oct 2021 10:56:12 PM CST] It is recommended to install socat first.
[Fri 29 Oct 2021 10:56:12 PM CST] We use socat for standalone server if you use standalone mode.
[Fri 29 Oct 2021 10:56:12 PM CST] If you don't use standalone mode, just ignore this warning.
[Fri 29 Oct 2021 10:56:12 PM CST] Installing to /root/.acme.sh
[Fri 29 Oct 2021 10:56:12 PM CST] Installed to /root/.acme.sh/acme.sh
[Fri 29 Oct 2021 10:56:12 PM CST] Installing alias to '/root/.bashrc'
[Fri 29 Oct 2021 10:56:12 PM CST] OK, Close and reopen your terminal to start using acme.sh
[Fri 29 Oct 2021 10:56:12 PM CST] Installing cron job
no crontab for root
no crontab for root
[Fri 29 Oct 2021 10:56:12 PM CST] Good, bash is found, so change the shebang to use bash as preferred.
[Fri 29 Oct 2021 10:56:13 PM CST] OK
[Fri 29 Oct 2021 10:56:13 PM CST] Install success!
配置API key
export Ali_Key="L************S"
export Ali_Secret="O***************************F"
root@Debian11-Cloud:~# export Ali_Key="L************S"
root@Debian11-Cloud:~# export Ali_Secret="O**********************F"
申请证书
申请的是通配符证书
/root/.acme.sh/acme.sh --issue --dns dns_ali -d sgtfz.top -d *.sgtfz.top
### 貌似也是无法申请证书,需要注册账户了。
root@Debian11-Cloud:~# /root/.acme.sh/acme.sh --issue --dns dns_ali -d sgtfz.top -d *.sgtfz.top
[Fri 29 Oct 2021 11:04:00 PM CST] Using CA: https://acme.zerossl.com/v2/DV90
[Fri 29 Oct 2021 11:04:00 PM CST] Create account key ok.
[Fri 29 Oct 2021 11:04:00 PM CST] No EAB credentials found for ZeroSSL, let's get one
[Fri 29 Oct 2021 11:04:00 PM CST] acme.sh is using ZeroSSL as default CA now.
[Fri 29 Oct 2021 11:04:00 PM CST] Please update your account with an email address first.
[Fri 29 Oct 2021 11:04:00 PM CST] acme.sh --register-account -m my@example.com
[Fri 29 Oct 2021 11:04:00 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
[Fri 29 Oct 2021 11:04:00 PM CST] Please add '--debug' or '--log' to check more details.
[Fri 29 Oct 2021 11:04:00 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
### 注册zerossl账户
/root/.acme.sh/acme.sh --register-account -m sgtdjfz@live.cn --server zerossl
### 注册完成
root@Debian11-Cloud:~# /root/.acme.sh/acme.sh --register-account -m sgtdjfz@live.cn --server zerossl
[Fri 29 Oct 2021 11:34:08 PM CST] No EAB credentials found for ZeroSSL, let's get one
[Fri 29 Oct 2021 11:34:09 PM CST] Registering account: https://acme.zerossl.com/v2/DV90
[Fri 29 Oct 2021 11:34:13 PM CST] Registered
[Fri 29 Oct 2021 11:34:13 PM CST] ACCOUNT_THUMBPRINT='QGg******************_cPkL6QhfI'
## 设置默认CA为zerossl
/root/.acme.sh/acme.sh --set-default-ca --server zerossl
## 再来申请证书!尼玛!搞错域名了!
/root/.acme.sh/acme.sh --issue --dns dns_ali -d sgtfz.cn -d *.sgtfz.cn
## 惨了!
## 难道又要折腾公网sgtfz.cn的证书了?不管先了。
# 继续申请sgtfz.top的的证书吧!!
/root/.acme.sh/acme.sh --issue --dns dns_ali -d sgtfz.top -d *.sgtfz.top
-----END CERTIFICATE-----
[Fri 29 Oct 2021 11:47:14 PM CST] Your cert is in: /root/.acme.sh/sgtfz.top/sgtfz.top.cer
[Fri 29 Oct 2021 11:47:14 PM CST] Your cert key is in: /root/.acme.sh/sgtfz.top/sgtfz.top.key
[Fri 29 Oct 2021 11:47:14 PM CST] The intermediate CA cert is in: /root/.acme.sh/sgtfz.top/ca.cer
[Fri 29 Oct 2021 11:47:14 PM CST] And the full chain certs is there: /root/.acme.sh/sgtfz.top/fullchain.cer
## 删除本地的sgtfz.cn误操作的证书
/root/.acme.sh/acme.sh --remove -d sgtfz.cn -d *.sgtfz.cn
root@Debian11-Cloud:~# /root/.acme.sh/acme.sh --remove -d sgtfz.cn -d *.sgtfz.cn
[Fri 29 Oct 2021 11:53:50 PM CST] sgtfz.cn is removed, the key and cert files are in /root/.acme.sh/sgtfz.cn
[Fri 29 Oct 2021 11:53:50 PM CST] You can remove them by yourself.
# 删除sgtfz.cn下载的证书目录
rm -r /root/.acme.sh/sgtfz.cn
# 让acme自动更新
root@Debian11-Cloud:~# /root/.acme.sh/acme.sh --upgrade --auto-upgrade
[Sat 30 Oct 2021 12:14:49 AM CST] Already uptodate!
[Sat 30 Oct 2021 12:14:49 AM CST] Upgrade success!
2021年10月30日 00:10
是时候布置AMP环境了
#根据自己需需要部署nextcloud的环境安装如下软件包
apt install apache2;\
apt install php-fpm;\
apt install php-apcu php-bcmath php-curl php-gd php-gmp php-intl;\
apt install php-imagick php-mbstring php-mysql php-redis php-xml php-zip;\
apt install libmagickcore-6.q16-6-extra;\
apt install ffmpeg;\
apt install redis-server;\
apt install mariadb-server mariadb-client;
配置MariaDB数据库
初始化数据库:
mysql_secure_installation
Enter current password for root (enter for none): #直接按回车即可
Switch to unix_socket authentication [Y/n] y
Change the root password? [Y/n] n #不用设置root用户密码,因为我们使用unix_socket免密
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
数据库的一些基本配置
#登录数据库,root身份下,直接免密登录
mysql
#查看字符集
show variables like '%character%';
# 操作记录
root@Debian11-Cloud:~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 52
Server version: 10.5.12-MariaDB-0+deb11u1 Debian 11
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show variables like '%character%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8mb4 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8mb4 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.001 sec)
#修改字符集
cp /etc/mysql/mariadb.conf.d/50-client.cnf{,.backup};\
vi /etc/mysql/mariadb.conf.d/50-client.cnf
[client]
default-character-set = utf8mb4
cp /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf{,.backup};\
vi /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf
[mysql]
default-character-set = utf8mb4
# 再次检查字符集
root@Debian11-Cloud:~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 53
Server version: 10.5.12-MariaDB-0+deb11u1 Debian 11
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show variables like '%character%';
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8mb4 |
| character_set_connection | utf8mb4 |
| character_set_database | utf8mb4 |
| character_set_filesystem | binary |
| character_set_results | utf8mb4 |
| character_set_server | utf8mb4 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.001 sec)
#针对nextcloud的一些数据库调优
cp /etc/mysql/mariadb.conf.d/50-server.cnf{,.backup};\
vi /etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
innodb_buffer_pool_size=1G
innodb_io_capacity=4000
# 单服务器环境使用数据库就加上此配置项,如果此配置项有注释就去掉注释。
skip-external-locking
配置apache
# 开启支持php-fpm模块
a2enmod proxy_fcgi setenvif
a2enmod mpm_event
a2enconf php-fpm
# 操作记录
root@Debian11-Cloud:~# a2enmod proxy_fcgi setenvif
Considering dependency proxy for proxy_fcgi:
Module proxy already enabled
Module proxy_fcgi already enabled
Module setenvif already enabled
root@Debian11-Cloud:~# a2enmod mpm_event
Considering conflict mpm_worker for mpm_event:
Considering conflict mpm_prefork for mpm_event:
Module mpm_event already enabled
# 这儿报错是什么情况?先不管
root@Debian11-Cloud:~# a2enconf php-fpm
ERROR: Conf php-fpm does not exist!
# 正确姿势
a2enconf php7.4-fpm
#开启重写模块
a2enmod rewrite
root@Debian11-Cloud:~# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
root@Debian11-Cloud:~# systemctl restart apache2
# 开启ssl,http2
a2enmod ssl
a2enmod http2
root@Debian11-Cloud:~# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
root@Debian11-Cloud:~# a2enmod http2
Enabling module http2.
To activate the new configuration, you need to run:
systemctl restart apache2
# 隐藏apache2版本号
cp /etc/apache2/conf-available/security.conf{,.backup};\
vi /etc/apache2/conf-available/security.conf
# 隐藏apache版本号。
ServerTokens Prod
# 或是 ServerTokens OS 修改为 ServerTokens Prod
# ServerSignature off 由原来的On改为Off
ServerSignature off
配置php
# 配置PHP.ini
cp /etc/php/7.4/fpm/php.ini{,.backup};\
vi /etc/php/7.4/fpm/php.ini
# 大概有以下的配置内容
memory_limit = 1024M
post_max_size = 8G
upload_max_filesize = 8G
max_execution_time = 3600
max_input_time = 3600
; 隐藏 PHP 版本号,debian默认已经是off
expose_php = Off
# opcache配置项
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.save_comments=1
# redis配置项
redis.session.locking_enabled=1
redis.session.lock_retries=-1
redis.session.lock_wait_time=10000
;apc.enable_cli=1 此条目还要在cli目录配置此项开启,否正nextcloud的occ命令无法使用
apc.enable_cli=1
# 配置/cli/PHP.ini
cp /etc/php/7.4/cli/php.ini{,.backup};\
vi /etc/php/7.4/cli/php.ini
# 在配置文件最后添加
apc.enable_cli=1
# 配置www.conf
cp /etc/php/7.4/fpm/pool.d/www.conf{,.backup};\
vi /etc/php/7.4/fpm/pool.d/www.conf
pm = dynamic
pm.max_children = 18
pm.start_servers = 8
pm.min_spare_servers = 4
pm.max_spare_servers = 16
AMP配置大概基本完成,真TM累
创建数据库
时间来到了1:15
root@Debian11-Cloud:~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 54
Server version: 10.5.12-MariaDB-0+deb11u1 Debian 11
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# 查看用户的授权方式
# 正常情况下root用户没有设置密码invalid,只有本地登录root用户才能通过unix_socket免密登录。
MariaDB [(none)]> select Host,User,Password,plugin from mysql.user;
+-----------+-------------+----------+-----------------------+
| Host | User | Password | plugin |
+-----------+-------------+----------+-----------------------+
| localhost | mariadb.sys | | mysql_native_password |
| localhost | root | invalid | mysql_native_password |
| localhost | mysql | invalid | mysql_native_password |
+-----------+-------------+----------+-----------------------+
3 rows in set (0.001 sec)
#创建数据库
#创建数据库用户及密码
#创建数据库
create database wordpress;
create database nextcloud;
#创建用户及密码
create user 'c***p'@'localhost' identified by 'S**密码**l';
create user 'c***c'@'localhost' identified by 'L**密码**l';
#授权
grant all on wordpress.* to 'c***p'@'localhost';
grant all on nextcloud.* to 'c***c'@'localhost';
#刷新权限
flush privileges;
#查看数据库
show databases;
#查看数据库的用户们
select host,user from mysql.user;
#创建数据库
#创建数据库用户及密码
## 操作记录
MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> create database nextcloud;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> create user 'c***p'@'localhost' identified by 'S**密码**l';
Query OK, 0 rows affected (0.005 sec)
MariaDB [(none)]> create user 'c***c'@'localhost' identified by 'L**密码**l';
Query OK, 0 rows affected (0.005 sec)
MariaDB [(none)]> grant all on wordpress.* to 'c***p'@'localhost';
Query OK, 0 rows affected (0.005 sec)
MariaDB [(none)]> grant all on nextcloud.* to 'c***c'@'localhost';
Query OK, 0 rows affected (0.009 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| nextcloud |
| performance_schema |
| wordpress |
+--------------------+
5 rows in set (0.000 sec)
MariaDB [(none)]> select host,user from mysql.user;
+-----------+-------------+
| Host | User |
+-----------+-------------+
| localhost | c***c |
| localhost | c***p |
| localhost | mariadb.sys |
| localhost | mysql |
| localhost | root |
+-----------+-------------+
5 rows in set (0.000 sec)
MariaDB [(none)]> select Host,User,Password,plugin from mysql.user;
+-----------+-------------+-------------------------------------------+-----------------------+
| Host | User | Password | plugin |
+-----------+-------------+-------------------------------------------+-----------------------+
| localhost | mariadb.sys | | mysql_native_password |
| localhost | root | invalid | mysql_native_password |
| localhost | mysql | invalid | mysql_native_password |
| localhost | c***p | *D47204E111DE8AA0063727E425BE318FC1CCFF1E | mysql_native_password |
| localhost | c***c | *89E56EC22FF7C9B9CF3B5D66745C42537E6E2D66 | mysql_native_password |
+-----------+-------------+-------------------------------------------+-----------------------+
5 rows in set (0.001 sec)
挂载磁盘到PCT
时间来到了 1:38
# 命令给pct容器挂载磁盘,非常顺利
pct set 103 -mp0 ssd-data:vm-101-disk-0,mp=/site-data
# 命令pct开机
pct start 103
部署网站
时间来到了 1:48
# 首先安装证书到apache2的目录
# 创建证书存放目录
mkdir /etc/apache2/cert
# 安装证书,证书匹配apache与nginx。
# nginx使用key.pem、chain.pem
# apache使用cert.pem、key.pem、chain.pem
acme.sh --install-cert -d sgtfz.top \
--cert-file /etc/apache2/cert/sgtfztop_cert.pem \
--key-file /etc/apache2/cert/sgtfztop_key.pem \
--fullchain-file /etc/apache2/cert/sgtfztop_chain.pem \
--reloadcmd "service apache2 force-reload"
## 操作记录
root@Debian11-Cloud:~# /root/.acme.sh/acme.sh --install-cert -d sgtfz.top \
--cert-file /etc/apache2/cert/sgtfztop_cert.pem \
--key-file /etc/apache2/cert/sgtfztop_key.pem \
--fullchain-file /etc/apache2/cert/sgtfztop_chain.pem \
--reloadcmd "service apache2 force-reload"
[Sat 30 Oct 2021 01:56:04 AM CST] Installing cert to: /etc/apache2/cert/sgtfztop_cert.pem
[Sat 30 Oct 2021 01:56:04 AM CST] Installing key to: /etc/apache2/cert/sgtfztop_key.pem
[Sat 30 Oct 2021 01:56:04 AM CST] Installing full chain to: /etc/apache2/cert/sgtfztop_chain.pem
[Sat 30 Oct 2021 01:56:04 AM CST] Run reload cmd: service apache2 force-reload
[Sat 30 Oct 2021 01:56:04 AM CST] Reload success
创建网站的apache配置文件
## 站点配置文件存放路径
## /etc/apache2/sites-available/
#建立NextCloud站点配置文件
vi /etc/apache2/sites-available/nextcloud.conf
<VirtualHost 192.168.33.8:80>
# nextcloud 根目录
DocumentRoot /site-data/www/nextcloud/
# 指定 nextcloud 使用的域名
ServerName cloud.sgtfz.top
# nextcloud 根目录规则
<Directory /site-data/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
<VirtualHost *:443>
# 开启 HTTP/2
Protocols h2 h2c http/1.1
# nextcloud 根目录
DocumentRoot "/site-data/www/nextcloud/"
# 指定 nextcloud 使用的域名
ServerName cloud.sgtfz.top:443
# 日志
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Enable/Disable SSL for this virtual host.
SSLEngine on
# 证书公钥配置
SSLCertificateFile /etc/apache2/cert/sgtfztop_cert.pem
# 证书私钥配置
SSLCertificateKeyFile /etc/apache2/cert/sgtfztop_key.pem
# 证书链配置
SSLCertificateChainFile /etc/apache2/cert/sgtfztop_chain.pem
SSLUseStapling on
SSLStaplingReturnResponderErrors off
SSLStaplingResponderTimeout 5
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
#建立WordPress站点配置文件
vi /etc/apache2/sites-available/wordpress.conf
<VirtualHost *:80>
# wordpress 根目录
DocumentRoot /site-data/www/wordpress/
# 指定 wordpress 使用的域名
ServerName sgtfz.top
# wordpress 根目录规则
<Directory /site-data/www/wordpress/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
# 开启 HTTP/2
Protocols h2 h2c http/1.1
# wordpress 根目录
DocumentRoot "/site-data/www/wordpress/"
# 指定 wordpress 使用的域名
ServerName sgtfz.top:443
# 日志
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Enable/Disable SSL for this virtual host.
SSLEngine on
# 证书公钥配置
SSLCertificateFile /etc/apache2/cert/sgtfztop_cert.pem
# 证书私钥配置
SSLCertificateKeyFile /etc/apache2/cert/sgtfztop_key.pem
# 证书链配置
SSLCertificateChainFile /etc/apache2/cert/sgtfztop_chain.pem
SSLUseStapling on
SSLStaplingReturnResponderErrors off
SSLStaplingResponderTimeout 5
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
# 站点总目录配置文件
# 路径 /etc/apache2/conf-available/ 的配置文件
vi /etc/apache2/conf-available/site-data.conf
ServerName localhost:80
# site-data DocumentRoot
<Directory "/site-data/www">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
然后开启网站配置文件
a2enconf site-data
a2ensite wordpress
a2ensite nextcloud
# 操作记录
root@Debian11-Cloud:~# a2enconf site-data
Enabling conf site-data.
To activate the new configuration, you need to run:
systemctl reload apache2
root@Debian11-Cloud:~# a2ensite wordpress
Enabling site wordpress.
To activate the new configuration, you need to run:
systemctl reload apache2
root@Debian11-Cloud:~# a2ensite nextcloud
Enabling site nextcloud.
To activate the new configuration, you need to run:
systemctl reload apache2
停止apache2
systemctl stop apache2
上传并导入NextCloud与WordPress的数据库
创建用户
adduser sgtfz
# 操作记录,按向导操作各种资料留空,至Is the information correct?,直接y即可。
root@Debian11-Cloud:~# adduser sgtfz
Adding user `sgtfz' ...
Adding new group `sgtfz' (1000) ...
Adding new user `sgtfz' (1000) with group `sgtfz' ...
Creating home directory `/home/sgtfz' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for sgtfz
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
# 去TND,搞着搞着就没有保存到密码,现在忘了普通用户的密码了
# 修改普通用户sgtfz密码
passwd sgtfz
# 修改完成,爽呆了~!!
# 登录数据库
mysql
# 选择数据库
use nextcloud;
# 导入nextcloud的数据库
source /home/sgtfz/nextcloud_202110281906.sql;
# 继续wordpress的数据库
use wordpress;
source /home/sgtfz/wordpress_202110281906.sql;
# 顺利完成导入数据库
编辑WordPress与NextCloud配置文件的数据库用户及密码
# 编辑wordpress配置文件wp-config.php
vi /site-data/www/wordpress/wp-config.php
# nextcloud的配置文件还要修改一下目录路径,数据库用户及密码
vi /site-data/www/nextcloud/config/config.php
重启LXC,测试网站
reboot
遇到apache无法启动
报错日志如下:
[Sat Oct 30 03:39:56.096910 2021] [ssl:emerg] [pid 661:tid 139811129806144] AH01958: SSLStapling: no stapling cache available
[Sat Oct 30 03:39:56.096942 2021] [ssl:emerg] [pid 661:tid 139811129806144] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
禁用以下配置文件,apache就能起来
认真检查这两个网站的配置文件,没有发现有什么不妥啊?那么问题出在哪里?
a2dissite wordpress
a2dissite nextcloud
apache 启动失败已解决
如果长时间没有折腾,真的可以忘记很多以前经历过的事情,所以再好的记忆力都不如认真的记录下来。
- 查看apache报错日志大概与证书的配置文件相关,我漏了这个配置文件没有检查与配置
- 就这
/etc/apache2/mods-enabled/ssl.conf
root@Debian11-Cloud:~# cat /etc/apache2/mods-enabled/ssl.conf
<IfModule mod_ssl.c>
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. See the
# ciphers(1) man page from the openssl package for list of all available
# options.
# Enable only secure ciphers:
#SSLCipherSuite HIGH:!aNULL
# sgtfz 20211030 这里注意啦!
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
# SSL server cipher order preference:
# Use server priorities for cipher algorithm choice.
# Clients may prefer lower grade encryption. You should enable this
# option if you want to enforce stronger encryption, and can afford
# the CPU cost, and did not override SSLCipherSuite in a way that puts
# insecure ciphers first.
# Default: Off
#SSLHonorCipherOrder on
# sgtfz 20211030 这里注意啦!
SSLHonorCipherOrder off
SSLSessionTickets off
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
#SSLProtocol all -SSLv3
# sgtfz 20211030
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on
# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On
# ssl_stapling_cache
# sgtfz - 20211030 这里注意啦!
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling_cache(128000)
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
配置nextcloud后台任务
crontab -u www-data -e
# 每10分钟执行一次
*/10 * * * * php -f /site-data/www/nextcloud/cron.php
# 配置顺利完成
又一个不眠之夜
时间来到了 5:13
折腾这方面的东西,也只有晚上没有人打扰思路才能清晰。
但是全程总体非常顺利,Proxmox VE可玩性确实更高!
在这个主机(B85 + E3-1231V3)上运行非常舒服,对比我最古老的那个主机(Z68 + E3-1230V2)明显好不少。
可能是华硕主板B85M(MATX),比微星主板Z68(ATX)更优秀的原因。
微星的Z68启动的时候有PVE有几个报错的提示:ACPI Error
华硕的B85M没有此问题
在华硕B85M主板上的,PVE的VM虚拟机同样的OpenWrt占用资源更低一些,这也许是因为OpenWrt的3个网口都是直接使用硬件直通网卡。
Windows Terminal ssh 连接报错解决
在折腾的中途使用 Windows Terminal ssh 连接服务器却报错
ssh连接到指定服务器报错如下:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Y+VRt0Y***********************************l4TLM.
Please contact your system administrator.
Add correct host key in C:\\Users\\sgtfz/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\sgtfz/.ssh/known_hosts:1
ECDSA host key for 192.168.33.8 has changed and you have requested strict checking.
Host key verification failed.
解决方法
打开当前用户目录路径如下:
C:\Users\sgtfz\.ssh- 编辑known_hosts文件
# 哪个IP地址无法用ssh连接的,整行删掉即可。
192.168.33.8 ecdsa-sha2-nistp256 AAAAE2VjZHNh****uerLgqcnkItfIAsuyD9*****cP8ipTxIj2Cj6lw=
192.168.33.131 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY*************f54zj69xxmXTmXunQvUxmkM=
192.168.33.6 ecdsa-sha2-nistp256 AAAAE2V***uerLgqcnkItfIAsuyD9+fhI/JtZ/dXacP8ipTxIj2Cj6lw=
192.168.33.1 ssh-rsa AAAAB3N*************************************E+k0diaOcB
