当前位置: article > 正文

NAS Ubuntu all in one软硬件方案_此实例中的 php-imagick 模块不支持 svg

作者：Cpp五条 | 2024-02-26 18:59:44

踩

此实例中的 php-imagick 模块不支持 svg

硬件选型

Intel Celeron N5105 @ 2.00GHz
倍控主板
在这里插入图片描述

系统选型

Ubuntu 22.04.2 LTS
(直装，非PVE、ESXI等虚拟化平台方案)
在这里插入图片描述

存储系统

2 * ST500DM002-1BD14+1 * WDC WD5000AAKX-7 三块500GB组RAID5 挂载到nextcloud
1 * WDC WD20EZBX-00A 2TB 挂载到/home
1* ST3320813AS 350GB 做监控存储盘
1 * THNSN5128GPUK TOSHIBA 固态128G 挂载到/

解决 linux-ubuntu开机 a start job is runnning for wait for network to be configured

https://blog.csdn.net/qq_43594278/article/details/124403118

输入以下命令 cd /etc/systemd/system/network-online.target.wants/

sudo nano systemd-networkd-wait-online.service

在Service加入TimeoutStartSec=2sec

磁盘操作

https://blog.csdn.net/mini_xiang/article/details/54231730

mount
umount
sudo fdisk -l
df -lh
分区sudo fdisk /dev/sdb
格式化sudo mkfs.ext4 -F -b 4096 /dev/sdb
文件夹大小du -sh
查uuiddfblkid
ls -al /dev/disk/by-uuid
自动挂载sudo nano /etc/fstab
UUID=30494fb1-12c6-4169-9717-61520a89a88d /home ext4 defaults 0 2
！！！挂载时一定用UUID
sudo mount -a

系统启动时不自动挂载

https://juejin.cn/s/fstab%E6%8C%82%E8%BD%BD%E5%A4%B1%E8%B4%A5%E6%97%B6%E8%87%AA%E5%8A%A8%E5%BF%BD%E7%95%A5

UUID=*** /mnt/data ext4 defaults,noauto 0 0
sudo mount -a

挂载失败时不影响系统启动

https://systemd-book.junmajinlong.com/systemd_fstab.html
https://lisongmin.github.io/os-systemd-automount/

UUID=**** /home/yangn0/disk100G ext4 defaults,nofail 0 0

target busy

https://blog.csdn.net/mini_xiang/article/details/54231730

fuser -m -v -k /data/3

RAID

https://blog.csdn.net/weixin_38307634/article/details/127984593
https://blog.csdn.net/cyz141001/article/details/128999656
https://blog.csdn.net/qq_44895681/article/details/105657604
https://www.linuxcool.com/mdadm
提高RAID重组速度 https://www.cyberciti.biz/tips/linux-raid-increase-resync-rebuild-speed.html

组RAID1

sudo mdadm -C -v /dev/md0 -l 1 -n 2 /dev/sda /dev/sdb

2023.11.19 RAID故障

RAID5 同时坏掉两块硬盘：
在这里插入图片描述
单独查看各块硬盘，发现 /dev/sdc 早在4月14日已经停止更新状态，也就是说从4月14开始，RAID5一直处于降级状态运行，直到 2023.11.19 第二块硬盘出现问题，RAID挂载不上，才发现问题：

损坏两块硬盘是希捷ST500DM002：在这里插入图片描述

重新组装，加–force解决

 sudo mdadm -v --assemble --force /dev/md0 /dev/sdb /dev/sdc /dev/sda
1

仍然有一块硬盘状态为removed，但是RAID5能正常挂载，状态为降级模式：
在这里插入图片描述

常用命令

查端口sudo netstat -tlpn
sudo netplan apply

CPU、固态等温度

sudo modprobe drivetemp
sensors
1
2

卸载硬盘温度sudo modprobe -r drivetemp
gpu使用情况sudo intel_gpu_top

修改本机DNS到127.0.0.1

https://blog.csdn.net/weixin_45808716/article/details/125267517
https://www.elecfans.com/d/1948846.html

sudo nano /etc/systemd/resolved.conf
DNS=127.0.0.1
DNSStubListener=no
systemctl restart systemd-resolved

docker

https://zhuanlan.zhihu.com/p/588264423

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

samba&&NFS

https://www.linuxidc.com/Linux/2018-11/155466.htm
https://blog.csdn.net/iriczhao/article/details/126149918

nextcloud

https://thought-action.com/2021/12/06/docker-nextcloud/
https://www.bilibili.com/read/cv5767806/
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html

docker pull nextcloud
1

创建临时容器

docker run -d --name tmpcloud -p 3000:80 --volumes-from 容器ID nextcloud
1

删除原来的容器并创建新容器

docker rm 容器ID
docker run -d --name nextcloud --restart=always -p 3000:80 --volumes-from tmpcloud nextcloud 
1
2

4.删除掉旧的镜像与临时容器

docker image rm 镜像ID
docker stop tmpcloud
docker rm tmpcloud
1
2
3

新安装容器

docker run -d --restart=always \
--name nextcloud \
-p 3001:80 \
-v ~/nextcloud/data:/var/www/html/data \
-v ~/nextcloud/config:/var/www/html/config \
-v ~/nextcloud/custom_apps:/var/www/html/custom_apps \
--link mariadb:mariadb \
nextcloud
1
2
3
4
5
6
7
8

部署MariaDb

docker run -d --restart=always \
--name mariadb \
-p 3306:3306 \
-v ~/mariadb:/var/lib/mysql \
--env MYSQL_ROOT_PASSWORD=root_password \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--env MYSQL_PASSWORD=user_password \
mariadb:10.5
1
2
3
4
5
6
7
8
9

部署redis

docker run -d --restart=always --name redis -p 6379:6379 redis --requirepass "mypassword"
1

nextcloud:fpm（不使用docker-compose部署）

https://hexo.chensmallx.top/2021/04/08/nextcloud-on-docker
https://github.com/nextcloud/docker/issues/398
https://stackoverflow.com/questions/29905953/how-to-correctly-link-php-fpm-and-nginx-docker-containers
https://www.cnblogs.com/xwgli/p/16512462.html

docker run -d --restart=always \
--name nextcloud \
-p 3000:9000 \
-v ~/nextcloud:/var/www/html \
-v ~/disk900G:/disk900G \
--link mariadb:mariadb \
--link redis:redis \
nextcloud:25.0.6-fpm
1
2
3
4
5
6
7
8

解决警告

https://github.com/nextcloud/server/issues/25753
https://www.orcy.net.cn/1275.html

电子邮件

https://blog.csdn.net/qq_41437512/article/details/128255445

进入容器

docker exec -it nextcloud /bin/bash
docker exec -it nextcloud sh
1
2

apt update && apt install imagemagick 
#此实例中的 php-imagick 模块不支持 SVG。为了获得更好的兼容性，建议安装它
tac config/config.php | sed "1a\ \ 'default_phone_region' => 'CN'," | tac > config.php_backup
cp config.php_backup config/config.php 
#进入容器中, 修改 config/config.php 中的配置, 先生成新的配置，确认配置无误后覆盖配置。
1
2
3
4
5

HTTP 请求头 “X-Robots-Tag” 没有配置为 “noindex, nofollow”。这是一个潜在的安全或隐私风险，我们建议您调整这项设置

https://help.nextcloud.com/t/x-robots-tag-http-header-not-configured-with-noindex-nofollow-since-nc-26-0-0/158300/4

添加本地文件到数据库

docker exec --user www-data nextcloud php occ files:scan --all
1

docker exec --user www-data nextcloud php occ db:add-missing-indices
1

配置后台任务

crontab -e
*/5 * * * * docker exec --user www-data -i nextcloud php -f /var/www/html/cron.php
1
2

配置nginx(https)

https://github.com/nextcloud/docker/issues/398#issuecomment-1354107446

sudo apt-get install nginx

nano /etc/nginx/conf.d/nextcloud.conf
1

# fpm版本
upstream php-handler {
    server localhost:3000;
}

server {
    listen 3001 ssl http2;
    listen [::]:3001 ssl http2;
    server_name cloud.yangning.work;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /home/yangn0/cloud.yangning.work_nginx/cloud.yangning.work_bundle.pem;
    ssl_certificate_key /home/yangn0/cloud.yangning.work_nginx/cloud.yangning.work.key;


    # set max upload size
    client_max_body_size 20G;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "noindex, nofollow"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Strict-Transport-Security "max-age=15768000" always;
    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /home/yangn0/nextcloud;

    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        # Required for legacy support
        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
        fastcgi_index index.php;
        fastcgi_param PATH_INFO $path_info;
        #fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        #root /var/www/html;
    }

    location ~ \.(?:css|js|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

重启

service nginx restart
1

测试

nginx -t
1

添加用户组

sudo usermod -a -G www-data yangn0

config.php

<?php
$CONFIG = array (
  //'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis', // 分布式缓存使用Redis
'memcache.locking' => '\\OC\\Memcache\\Redis', // 启用Redis缓存的文件锁
'redis' => array(
  'host' => 'redis', // 这里和mariadb的逻辑相同，填写容器links时映射的主机名
  'port' => 6379,
  'password' => '********' // 这是之前在配置docker-compose时配置的redis密码
),
'filelocking.enabled' => 'true',
'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '**********',
  'passwordsalt' => '******',
  'secret' => '*******',
  'trusted_domains' =>
  array (
    0 => 'cloud.yangning.work:3001',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '25.0.6.1',
  'overwrite.cli.url' => 'https://cloud.yangning.work:3001',
  'dbname' => 'nextcloud',
  'dbhost' => 'mariadb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '************',
  'installed' => true,
  'mail_from_address' => 'yangn0',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'qq.com',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.qq.com',
  'mail_smtpport' => '465',
  'mail_smtpname' => '792301982',
  'mail_smtppassword' => '************************',
  'default_phone_region' => 'CN',
);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

aria2

https://p3terx.com/archives/docker-aria2-pro.html

docker pull p3terx/aria2-pro
1

docker run -d \
    --name aria2-pro \
    --restart unless-stopped \
    --log-opt max-size=1m \
    --network host \
    -e PUID=$UID \
    -e PGID=$GID \
    -e RPC_SECRET=**** \
    -e RPC_PORT=4000 \
    -e LISTEN_PORT=4001 \
    -v /home/yangn0/.aria2:/config \
    -v /:/host \
    p3terx/aria2-pro	
1
2
3
4
5
6
7
8
9
10
11
12
13

plex

docker pull plexinc/pms-docker
# 创建相关文件夹
# 索取码: https://www.plex.tv/zh/claim/
# 访问 32400/manage
docker run \
  -d \
  --name plex \
  --network=host \
  --restart=always \
  -e PLEX_UID=$UID \
  -e PLEX_GID=$GID \
  -e TZ="Asia/Shanghai" \
  -e PLEX_CLAIM="***********************" \
  -v /:/host \
  -v /home/yangn0/plex/config:/config \
  -v /home/yangn0/plex/transcode:/transcode \
  --device=/dev/dri:/dev/dri \
  plexinc/pms-docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

update

docker run \
  -d \
  --name plex \
  --network=host \
  --restart=always \
  -e PLEX_UID=$UID \
  -e PLEX_GID=$GID \
  -e TZ="Asia/Shanghai" \
  -v /:/host \
  -v /home/yangn0/plex/config:/config \
  -v /home/yangn0/plex/transcode:/transcode \
  --device=/dev/dri:/dev/dri \
  plexinc/pms-docker
1
2
3
4
5
6
7
8
9
10
11
12
13

开启硬件转码

https://chuckdickey.com/2022/03/plex-hardware-transcoding-with-a-jasper-lake-intel-celeron-n5105-cpu-on-ubuntu-server

阿里云盘Webdav

https://github.com/messense/aliyundrive-webdav

docker run -d --name=aliyundrive-webdav --restart=unless-stopped -p 5000:8080 \
  -v /etc/aliyundrive-webdav/:/etc/aliyundrive-webdav/ \
  -e REFRESH_TOKEN='your refresh token' \
  -e WEBDAV_AUTH_USER=admin \
  -e WEBDAV_AUTH_PASSWORD=admin \
  messense/aliyundrive-webdav
1
2
3
4
5
6

尝试让plex挂载

davfs2不支持流式传输，plex扫描很慢。
https://www.reddit.com/r/PleX/comments/6wrbww/plex_with_webdav_source_on_linux/
WebDAV is absolutely a stupid and shit way to go about this

定期备份到阿里云盘

将阿里云盘webdav挂载到nextcloud的外部存储
使用nextcloud的backup应用

https://apps.nextcloud.com/apps/backup

The Backup App creates and stores backup images of your Nextcloud:

Backup the instance, its apps, your data and your database,
Administrator can configure the time slots for automated backup,
Full and Partial backup, with different frequencies,
2-pass to limit downtime (maintenance mode) of your instance,
Compression and encryption,
Upload your encrypted backup on an external filesystem,
Download and search for your data,
Restore single file or the entire instance.
1
2
3
4
5
6
7
8
9
10

webdav 方案不可行，当前aliyun webdav 项目上传大文件有问题。

https://github.com/tickstep/aliyunpan

./aliyunpan sync start -ldir "/home/yangn0/nextcloud.tgz" -pdir "/NASbackups" -mode "upload"
1

使用备选方案，先由Nextcloud的backup应用备份到本地，再使用crontab aliyunCLI项目命令，定期上传至阿里云。

Stucks in status “Not packed yet”

https://github.com/nextcloud/backup/issues/510

开启维护模式：

docker exec --user www-data -i nextcloud php occ maintenance:mode --on
1

关闭维护模式：

docker exec --user www-data -i nextcloud php occ maintenance:mode --off
1

tinymediamanager

docker run -d \
    --name=tinymediamanager \
    -p 5000:4000 \
    -v /home/yangning/tinymediamanager:/data \
    -v /:/host \
    -e USER_ID=0 \
    -e GROUP_ID=0 \
    tinymediamanager/tinymediamanager:latest
1
2
3
4
5
6
7
8

HomeAssistant

https://www.home-assistant.io/installation/linux

install

docker run -d \
  --name homeassistant \
  --privileged \
  --restart=unless-stopped \
  -e TZ=Asia/Shanghai \
  -v ~/HomeAssistant:/config \
  --network=host \
  ghcr.io/home-assistant/home-assistant:stable
1
2
3
4
5
6
7
8

http://< host >:8123

Mosquitto docker部署MQTT服务器

https://blog.csdn.net/weixin_42534563/article/details/124252477

docker run -it --name=mosquitto \
--restart=unless-stopped \
-p 1883:1883 \
-d eclipse-mosquitto
1
2
3
4

3、更改账号密码：
（1）、进入容器中
docker exec -it mosquitto sh
（2）、进入cd /mosquitto/config，打开配置文件 vi mosquitto.conf
（3）、增加listener 1883，这个不添加，只有本机才能够访问，其它地址访问不了。
设置allow_anonymous false ，这个配置文件中有，打开注释即可，含义为不允许匿名登录。可以 / allow_anonymous false 进行搜索，按n键搜索下一条。
搜索password_file，打开注释，在password_file后面加上 /mosquitto/config/pwdfile.conf，保存退出，写绝对地址，不要写相对地址，这个设置的是存放密码的文件的位置。
（4）、退出到mosquitto.conf 所在位置，建立一个文件touch pwdfile.conf,
写入账号密码：mosquitto_passwd -b pwdfile.conf admin public （admin 是账号，public 是密码）
（5）、退出容器，重启服务。docker restart mosquitto。

c

https://github.com/Dreamacro/clash/issues/2566
https://zhuanlan.zhihu.com/p/423684520（iptabes有问题）

docker run \
--restart=unless-stopped \
--name clash -d \
-v /home/yangn0/clash/:/root/.config/clash/ \
--network="host" \
dreamacro/clash
1
2
3
4
5
6

set_iptables.sh

#在nat表中新建一个clash规则链
iptables -t nat -N CLASH
#排除环形地址与保留地址，匹配之后直接RETURN
iptables -t nat -A CLASH -d 0.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 10.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 127.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 169.254.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 172.16.0.0/12 -j RETURN
iptables -t nat -A CLASH -d 192.168.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 224.0.0.0/4 -j RETURN
iptables -t nat -A CLASH -d 240.0.0.0/4 -j RETURN

iptables -t nat -A OUTPUT -p tcp -d 198.18.0.0/16 -j REDIRECT --to-port 7892
#重定向tcp流量到本机7892端口
iptables -t nat -A CLASH -p tcp -j REDIRECT --to-port 7892
#拦截外部tcp数据并交给clash规则链处理
iptables -t nat -A PREROUTING -p tcp -j CLASH

#在nat表中新建一个clash_dns规则链
iptables -t nat -N CLASH_DNS
#清空clash_dns规则链
iptables -t nat -F CLASH_DNS
#重定向udp流量到本机1053端口
iptables -t nat -A CLASH_DNS -p udp -j REDIRECT --to-port 1053
#抓取本机产生的53端口流量交给clash_dns规则链处理
iptables -t nat -I OUTPUT -p udp --dport 53 -j CLASH_DNS
#拦截外部upd的53端口流量交给clash_dns规则链处理
iptables -t nat -I PREROUTING -p udp --dport 53 -j CLASH_DNS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

路由表持久化

sudo apt install iptables-persistent
第一次安装时会问询是否保存当前路由表配置，保存之后每次重启就都可以恢复为保存时的配置。
如果对路由表有所修改，需要重新保存，则运行如下命令。
sudo dpkg-reconfigure iptables-persistent

路由表复原

iptables -t nat -D PREROUTING -p tcp -j CLASH
iptables -t nat -D OUTPUT -p udp --dport 53 -j CLASH_DNS
iptables -t nat -D PREROUTING -p udp --dport 53 -j CLASH_DNS
iptables -t nat -F CLASH
iptables -t nat -X CLASH
iptables -t nat -F CLASH
iptables -t nat -X CLASH_DNS
1
2
3
4
5
6
7

WordPress

docker pull wordpress
1

docker run --name wordpress \
--link mariadb:mysql \
-p 1080:80 \
--restart=unless-stopped \
--volume ~/wordpress:/var/www/html \
-d wordpress 
1
2
3
4
5
6

NAS-tools

docker pull jxxghp/nas-tools:latest
1

docker run -d \
    --name nas-tools \
    --hostname nas-tools \
    -p 5000:3000   `# 默认的webui控制端口` \
    -v ~/config:/config  `# 冒号左边请修改为你想在主机上保存配置文件的路径` \
    -v /:/host    `# 媒体目录，多个目录需要分别映射进来` \
    -e PUID=1000     `# 想切换为哪个用户来运行程序，该用户的uid，详见下方说明` \
    -e PGID=1000     `# 想切换为哪个用户来运行程序，该用户的gid，详见下方说明` \
    -e UMASK=000  `# 掩码权限，默认000，可以考虑设置为022` \
    -e NASTOOL_AUTO_UPDATE=false `# 如需在启动容器时自动升级程程序请设置为true` \
    -e NASTOOL_CN_UPDATE=true `# 如果开启了容器启动自动升级程序，并且网络不太友好时，可以设置为true，会使用国内源进行软件更新` \
    jxxghp/nas-tools
1
2
3
4
5
6
7
8
9
10
11
12

Kubespider

docker run -itd --name kubespider  -v ~/.config/kubespider/:/app/.config -p 3080:3080 --restart=unless-stopped cesign/kubespider:latest
1

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/Cpp五条/article/detail/146105