NAS Ubuntu all in one软硬件方案
硬件选型
Intel Celeron N5105 @ 2.00GHz
倍控主板
系统选型
Ubuntu 22.04.2 LTS
(直装,非PVE、ESXI等虚拟化平台方案)
存储系统
2 * ST500DM002-1BD14+1 * WDC WD5000AAKX-7 三块500GB组RAID5 挂载到nextcloud
1 * WDC WD20EZBX-00A 2TB 挂载到/home
1* ST3320813AS 350GB 做监控存储盘
1 * THNSN5128GPUK TOSHIBA 固态128G 挂载到/
解决 linux-ubuntu开机 a start job is runnning for wait for network to be configured
https://blog.csdn.net/qq_43594278/article/details/124403118
输入以下命令 cd /etc/systemd/system/network-online.target.wants/
sudo nano systemd-networkd-wait-online.service
在Service加入TimeoutStartSec=2sec
磁盘操作
mount
umount
sudo fdisk -l
df -lh
分区sudo fdisk /dev/sdb
格式化sudo mkfs.ext4 -F -b 4096 /dev/sdb
文件夹大小du -sh
查uuiddfblkid
ls -al /dev/disk/by-uuid
自动挂载sudo nano /etc/fstab
UUID=30494fb1-12c6-4169-9717-61520a89a88d /home ext4 defaults 0 2
!!!挂载时一定用UUID
组RAID10
https://blog.csdn.net/weixin_38307634/article/details/127984593
https://blog.csdn.net/cyz141001/article/details/128999656
mdadm -D /dev/md0
常用命令
查端口sudo netstat -tlpn
sudo netplan apply
修改本机DNS到127.0.0.1
https://blog.csdn.net/weixin_45808716/article/details/125267517
https://www.elecfans.com/d/1948846.html
sudo nano /etc/systemd/resolved.conf
DNS=127.0.0.1
DNSStubListener=no
systemctl restart systemd-resolved
docker
https://zhuanlan.zhihu.com/p/588264423
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
samba&&NFS
https://www.linuxidc.com/Linux/2018-11/155466.htm
https://blog.csdn.net/iriczhao/article/details/126149918
nextcloud
https://thought-action.com/2021/12/06/docker-nextcloud/
https://www.bilibili.com/read/cv5767806/
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
docker pull nextcloud
创建临时容器
docker run -d --name tmpcloud -p 3000:80 --volumes-from 容器ID nextcloud
删除原来的容器并创建新容器
docker rm 容器ID
docker run -d --name nextcloud --restart=always -p 3000:80 --volumes-from tmpcloud nextcloud
4.删除掉旧的镜像与临时容器
docker image rm 镜像ID
docker stop tmpcloud
docker rm tmpcloud
新安装容器
docker run -d --restart=always \
--name nextcloud \
-p 3000:80 \
-v /nextcloud:/var/www/html \
nextcloud:latest
部署MariaDb
docker run -d --restart=always \
--name mariadb \
-p 3306:3306 \
-v ~/mariadb:/var/lib/mysql \
--env MYSQL_ROOT_PASSWORD=root_password \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--env MYSQL_PASSWORD=user_password \
mariadb:10.5
部署redis
docker run -d --restart=always --name redis -p 6379:6379 redis --requirepass "mypassword"
nextcloud:fpm(不使用docker-compose部署)
https://hexo.chensmallx.top/2021/04/08/nextcloud-on-docker
https://github.com/nextcloud/docker/issues/398
https://stackoverflow.com/questions/29905953/how-to-correctly-link-php-fpm-and-nginx-docker-containers
https://www.cnblogs.com/xwgli/p/16512462.html
docker run -d --restart=always \
--name nextcloud \
-p 3000:9000 \
-v /nextcloud:/var/www/html \
--link mariadb:mariadb \
--link redis:redis \
nextcloud:stable-fpm-alpine
解决警告
https://github.com/nextcloud/server/issues/25753
https://www.orcy.net.cn/1275.html
进入容器
docker exec -it nextcloud /bin/bash
docker exec -it nextcloud sh
apt update && apt install imagemagick
#此实例中的 php-imagick 模块不支持 SVG。为了获得更好的兼容性,建议安装它
tac config/config.php | sed "1a\ \ 'default_phone_region' => 'CN'," | tac > config.php_backup
cp config.php_backup config/config.php
#进入容器中, 修改 config/config.php 中的配置, 先生成新的配置,确认配置无误后覆盖配置。
添加本地文件到数据库
docker exec --user www-data nextcloud php occ files:scan --all
配置后台任务
crontab -e
*/5 * * * * docker exec --user www-data -i nextcloud php -f /var/www/html/cron.php
配置nginx(https)
root:apt-get install nginx
nano /etc/nginx/conf.d/nextcloud.conf
# fpm版本
upstream php-handler {server localhost:3000;
}server {listen 3001 ssl http2;listen [::]:3001 ssl http2;server_name nas.yangning.work;# Use Mozilla's guidelines for SSL/TLS settings# https://mozilla.github.io/server-side-tls/ssl-config-generator/# NOTE: some settings below might be redundantssl_certificate /home/yangn0/nas.yangning.work_nginx/nas.yangning.work_bundle.pem;ssl_certificate_key /home/yangn0/nas.yangning.work_nginx/nas.yangning.work.key;# Add headers to serve security related headers# Before enabling Strict-Transport-Security headers please read into this# topic first.#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";## WARNING: Only add the preload option once you read about# the consequences in https://hstspreload.org/. This option# will add the domain to a hardcoded list that is shipped# in all major browsers and getting removed from this list# could take several months.add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection "1; mode=block";add_header X-Robots-Tag none;add_header X-Download-Options noopen;add_header X-Permitted-Cross-Domain-Policies none;add_header Referrer-Policy no-referrer;add_header Strict-Transport-Security 15552000;add_header X-Frame-Options SAMEORIGIN;# Remove X-Powered-By, which is an information leakfastcgi_hide_header X-Powered-By;# Path to the root of your installationroot /nextcloud;# The following 2 rules are only needed for the user_webfinger app.# Uncomment it if you're planning to use this app.rewrite ^/.well-known/host-meta /public.php?service=host-meta last;rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;# The following rule is only needed for the Social app.# Uncomment it if you're planning to use this app.location = /.well-known/carddav {return 301 $scheme://$host:$server_port/remote.php/dav;}location = /.well-known/caldav {return 301 $scheme://$host:$server_port/remote.php/dav;}# set max upload sizeclient_max_body_size 512M;fastcgi_buffers 64 4K;# Enable gzip but do not remove ETag headersgzip on;gzip_vary on;gzip_comp_level 4;gzip_min_length 256;gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;# Uncomment if your server is build with the ngx_pagespeed module# This module is currently not supported.#pagespeed off;location / {rewrite ^ /index.php$request_uri;}location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {deny all;}location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {deny all;}location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param PATH_INFO $fastcgi_path_info;fastcgi_param HTTPS on;# Avoid sending the security headers twicefastcgi_param modHeadersAvailable true;# Enable pretty urlsfastcgi_param front_controller_active true;fastcgi_pass php-handler;fastcgi_intercept_errors on;fastcgi_request_buffering off;root /var/www/html/;}location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {try_files $uri/ =404;index index.php;}# Adding the cache control header for js, css and map files# Make sure it is BELOW the PHP blocklocation ~ \.(?:css|js|woff2?|svg|gif|map)$ {try_files $uri /index.php$request_uri;add_header Cache-Control "public, max-age=15778463";# Add headers to serve security related headers (It is intended to# have those duplicated to the ones above)# Before enabling Strict-Transport-Security headers please read into# this topic first.#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";## WARNING: Only add the preload option once you read about# the consequences in https://hstspreload.org/. This option# will add the domain to a hardcoded list that is shipped# in all major browsers and getting removed from this list# could take several months.add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection "1; mode=block";add_header X-Robots-Tag none;add_header X-Download-Options noopen;add_header X-Permitted-Cross-Domain-Policies none;add_header Referrer-Policy no-referrer;# Optional: Don't log access to assetsaccess_log off;}location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {try_files $uri /index.php$request_uri;# Optional: Don't log access to other assetsaccess_log off;}location ^~ /.well-known {rewrite ^/\.well-known/webfinger /nextcloud/public.php?service=webfinger last;rewrite ^/\.well-known/nodeinfo /nextcloud/public.php?service=nodeinfo last;}
}
重启
service nginx restart
测试
nginx -t
aria2
https://p3terx.com/archives/docker-aria2-pro.html
docker pull p3terx/aria2-pro
docker run -d \--name aria2-pro \--restart unless-stopped \--log-opt max-size=1m \--network host \-e PUID=$UID \-e PGID=$GID \-e RPC_SECRET=**** \-e RPC_PORT=4000 \-e LISTEN_PORT=4001 \-v /home/yangn0/.aria2:/config \-v /downloads:/downloads \-v /:/host \p3terx/aria2-pro
plex
docker pull plexinc/pms-docker
# 创建相关文件夹
# 索取码: https://www.plex.tv/zh/claim/
# 访问 32400/manage
docker run \-d \--name plex \--network=host \--restart=always \-e PLEX_UID=$UID \-e PLEX_GID=$GID \-e TZ="Asia/Shanghai" \-e PLEX_CLAIM="***********************" \-v /:/host \-v /home/yangn0/plex/config:/config \-v /home/yangn0/plex/transcode:/transcode \plexinc/pms-docker
开启硬件转码
https://chuckdickey.com/2022/03/plex-hardware-transcoding-with-a-jasper-lake-intel-celeron-n5105-cpu-on-ubuntu-server
挂载阿里云盘
https://hub.docker.com/r/dovorluthien/aliyundriver-webdav
获取token
JSON.parse(localStorage.token).refresh_token
docker pull dovorluthien/aliyundriver-webdav
docker run -d --name=webdav-aliyundriver --restart=always -p 5000:8080 -v /aliyun-driver/:/etc/aliyun-driver/ -e TZ="Asia/Shanghai" -e ALIYUNDRIVE_REFRESH_TOKEN="**********************" -e ALIYUNDRIVE_AUTH_USER_NAME=admin -e ALIYUNDRIVE_AUTH_PASSWORD=**** -e JAVA_OPTS=-Xmx1g dovorluthien/aliyundriver-webdav
挂载webdav到目录
apt install davfs2
mkdir /aliyun-driver/aliyun/
mount -t davfs -o uid=33 -o gid=33 http://127.0.0.1:5000 /aliyun-driver/aliyun
nano /etc/davfs2/secrets
http://127.0.0.1:5000 admin ****
davfs2不支持流式传输,plex扫描很慢。
https://www.reddit.com/r/PleX/comments/6wrbww/plex_with_webdav_source_on_linux/
WebDAV is absolutely a stupid and shit way to go about this
umount http://127.0.0.1:5000
apt purge davfs2
tinymediamanager
docker run -d \--name=tinymediamanager \-p 5000:4000 \-v /home/yangning/tinymediamanager:/data \-v /:/host \-e USER_ID=0 \-e GROUP_ID=0 \tinymediamanager/tinymediamanager:latest
HomeAssistant
https://www.home-assistant.io/installation/linux
install
docker run -d \--name homeassistant \--privileged \--restart=unless-stopped \-e TZ=Asia/Shanghai \-v ~/HomeAssistant:/config \--network=host \ghcr.io/home-assistant/home-assistant:stable
http://< host >:8123
Mosquitto docker部署MQTT服务器
https://blog.csdn.net/weixin_42534563/article/details/124252477
docker run -it --name=mosquitto \
--restart=unless-stopped \
-p 1883:1883 \
-d eclipse-mosquitto
3、更改账号密码:
(1)、进入容器中
docker exec -it mosquitto sh
(2)、进入cd /mosquitto/config,打开配置文件 vi mosquitto.conf
(3)、增加listener 1883,这个不添加,只有本机才能够访问,其它地址访问不了。
设置allow_anonymous false ,这个配置文件中有,打开注释即可,含义为不允许匿名登录。可以 / allow_anonymous false 进行搜索,按n键搜索下一条。
搜索password_file,打开注释,在password_file后面加上 /mosquitto/config/pwdfile.conf,保存退出,写绝对地址,不要写相对地址,这个设置的是存放密码的文件的位置。
(4)、退出到mosquitto.conf 所在位置,建立一个文件touch pwdfile.conf,
写入账号密码:mosquitto_passwd -b pwdfile.conf admin public (admin 是账号,public 是密码)
(5)、退出容器,重启服务。docker restart mosquitto。
clash
https://github.com/Dreamacro/clash/issues/2566
https://zhuanlan.zhihu.com/p/423684520(iptabes有问题)
docker run \
--restart=unless-stopped \
--name clash -d \
-v /home/yangn0/clash/:/root/.config/clash/ \
--network="host" \
dreamacro/clash
set_iptables.sh
#在nat表中新建一个clash规则链
iptables -t nat -N CLASH
#排除环形地址与保留地址,匹配之后直接RETURN
iptables -t nat -A CLASH -d 0.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 10.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 127.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 169.254.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 172.16.0.0/12 -j RETURN
iptables -t nat -A CLASH -d 192.168.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 224.0.0.0/4 -j RETURN
iptables -t nat -A CLASH -d 240.0.0.0/4 -j RETURNiptables -t nat -A OUTPUT -p tcp -d 198.18.0.0/16 -j REDIRECT --to-port 7892
#重定向tcp流量到本机7892端口
iptables -t nat -A CLASH -p tcp -j REDIRECT --to-port 7892
#拦截外部tcp数据并交给clash规则链处理
iptables -t nat -A PREROUTING -p tcp -j CLASH#在nat表中新建一个clash_dns规则链
iptables -t nat -N CLASH_DNS
#清空clash_dns规则链
iptables -t nat -F CLASH_DNS
#重定向udp流量到本机1053端口
iptables -t nat -A CLASH_DNS -p udp -j REDIRECT --to-port 1053
#抓取本机产生的53端口流量交给clash_dns规则链处理
iptables -t nat -I OUTPUT -p udp --dport 53 -j CLASH_DNS
#拦截外部upd的53端口流量交给clash_dns规则链处理
iptables -t nat -I PREROUTING -p udp --dport 53 -j CLASH_DNS
路由表持久化
sudo apt install iptables-persistent
第一次安装时会问询是否保存当前路由表配置,保存之后每次重启就都可以恢复为保存时的配置。
如果对路由表有所修改,需要重新保存,则运行如下命令。
sudo dpkg-reconfigure iptables-persistent
路由表复原
iptables -t nat -D PREROUTING -p tcp -j CLASH
iptables -t nat -D OUTPUT -p udp --dport 53 -j CLASH_DNS
iptables -t nat -D PREROUTING -p udp --dport 53 -j CLASH_DNS
iptables -t nat -F CLASH
iptables -t nat -X CLASH
iptables -t nat -F CLASH
iptables -t nat -X CLASH_DNS
NAS Ubuntu all in one软硬件方案相关推荐
- 安装Ubuntu时的硬盘分区方案
安装Ubuntu时的硬盘分区方案 如果你准备在硬盘里只安装Ubuntu一个操作系统的话,建议你采用一个"/".一个"swap"和一个"/home&qu ...
- 山东智慧电子秤农贸市场升级软硬件方案
疫情的原因让很多之前没有关注的问题成为了必须要关注的,比如和我们生活密切相关的食材安全以及溯源等.而这些的源头就是我们日常最常接触的农贸市场,如何做好农贸市场的智慧化.可视化.信息化是很多农贸市场必须 ...
- DAS、NAS、SAN、iSCSI 存储方案概述
目前服务器所使用的专业存储方案有DAS.NAS.SAN.iSCSI几种.存储根据服务器类型可以分为:封闭系统的存储和开放系统的存储: (1)封闭系统主要指大型机. (2)开放系统指基于包括Window ...
- ubuntu系统安装时的分区方案
安装Ubuntu的时候很多人都推荐在安装的时候选择更多选项,然后手动给swap,home等分区.虽然直接选择默认的选项安装其实也可以,最简单的莫过于"清除整个硬盘并安装Ubuntu" ...
- ubuntu 16.04硬盘分区方案
如果你准备在硬盘里只安装Ubuntu一个操作系统的话,建议你采用一个"/".一个"swap"和一个"/home"的三分区方案: / : 10 ...
- 安装ubuntu系统时硬盘分区方案
硬盘分区概述 一块硬盘最多可以分4个主分区,主分区之外的成为扩展分区.硬盘可以没有扩展分区,但必须有主分区.在主分区中要有一个激活分区用来启动Windows系统,在扩展分区中可以建立若干个逻辑分区. ...
- Realtek ALC268集成声卡驱动成绩在ubuntu下的处置责罚方案
作者: Lynghu 出自: http://www.linuxdiyf.com 置信许多国际的朋友也会需求处置责罚这个成绩,所以我在用中文庞大年夜写一下.我的电脑是Acer Aspire 53 ...
- Ubuntu:查询计算机软硬件信息
造冰箱的大熊猫,本文适用于Ubuntu 16.04@cnblogs 2019/1/1 1.查询Linux内核版本 在命令行中通过命令"uname -rv"获取内核版本信息,执行实 ...
- 鸿蒙+瑞芯微直播一体机方案 8K 8核CPU软硬件方案
为什么越来越多的人选择直播一体机? 直播设备有哪些?直播机价格-开播鸭智能直播机 专业的视频直播软件,高效便捷,满足您的各种需求,专业提供,便捷高效的操作,让您更简单,更便捷,高性能专业视频直播.有了 ...
最新文章
- SpringMVC+MyBatis+Redis开启二级缓存配置
- c/c++笔试面试题(4)
- 神经网络与深度学习——TensorFlow2.0实战(笔记)(三)(第一个Python程序)
- python 爬虫_BeautifulSoup详细用法
- [转载]设计模式解密(23) - 总结篇
- LaunchImage命名与AppIcon命名(ios设置 启动图片和AppIcon图片)
- delphi微信云支付,D7~XE10可用
- ora 01033 linux,ORA-01033: ORACLE initialization or shutdown in progres
- python 用列表筛选法求素数
- 大学计算机专业绩点3.7什么水平,大学绩点3.0什么水平 绩点达到多少算优秀
- 前端——知乎APP“我的收藏”勾选优化想法
- banne图怎么设计才会有更多的点击率
- python画代码雨
- 非递归的归并排序(详细解析)
- qt保存文件的默认路径_Qt Quick QSettings 配置信息保存位置
- 六大类专业搜索工具(转)
- DAZ 3D 软件简单安装和使用
- Unknown error finalizing or resetting statement (5: database is locked)
- BASE理论(基本可用策略+ 最终一致性实现)
- html模拟自动点击
热门文章
- 潍坊职业学院计算机应用技术代码,潍坊职业学院计算机应用(软件外包)专业开展“日语书法比赛”活动...
- 虚拟机中CentOS 7安装过程
- P5.js之数组使用——绘制水墨画笔,实现跟随鼠标移动的效果
- Joe Ross 交易书籍 中英文名
- Spring Cloud Gateway 网关整合 Knife4j
- 山西2021高考成绩查询任玥,高考倒计时60天!华师为你加油!
- 超9成SCI论文发在国外!中文期刊到底差在哪?
- 中兴C600 EPON配置
- 响应式设计布局要不要了解一下?
- 标准化工作导则第1部分_网站服务| 第1部分