硬件选型

Intel Celeron N5105 @ 2.00GHz
倍控主板

系统选型

Ubuntu 22.04.2 LTS
(直装，非PVE、ESXI等虚拟化平台方案)

存储系统

2 * ST500DM002-1BD14+1 * WDC WD5000AAKX-7 三块500GB组RAID5 挂载到nextcloud
1 * WDC WD20EZBX-00A 2TB 挂载到/home
1* ST3320813AS 350GB 做监控存储盘
1 * THNSN5128GPUK TOSHIBA 固态128G 挂载到/

解决 linux-ubuntu开机 a start job is runnning for wait for network to be configured

https://blog.csdn.net/qq_43594278/article/details/124403118

输入以下命令 cd /etc/systemd/system/network-online.target.wants/

sudo nano systemd-networkd-wait-online.service

在Service加入TimeoutStartSec=2sec

磁盘操作

mount
umount
sudo fdisk -l
df -lh
分区sudo fdisk /dev/sdb
格式化sudo mkfs.ext4 -F -b 4096 /dev/sdb
文件夹大小du -sh
查uuiddfblkid
ls -al /dev/disk/by-uuid
自动挂载sudo nano /etc/fstab
UUID=30494fb1-12c6-4169-9717-61520a89a88d /home ext4 defaults 0 2
！！！挂载时一定用UUID

组RAID10
https://blog.csdn.net/weixin_38307634/article/details/127984593
https://blog.csdn.net/cyz141001/article/details/128999656
mdadm -D /dev/md0

常用命令

查端口sudo netstat -tlpn
sudo netplan apply

修改本机DNS到127.0.0.1

https://blog.csdn.net/weixin_45808716/article/details/125267517
https://www.elecfans.com/d/1948846.html

sudo nano /etc/systemd/resolved.conf
DNS=127.0.0.1
DNSStubListener=no
systemctl restart systemd-resolved

docker

https://zhuanlan.zhihu.com/p/588264423

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

samba&&NFS

https://www.linuxidc.com/Linux/2018-11/155466.htm
https://blog.csdn.net/iriczhao/article/details/126149918

nextcloud

https://thought-action.com/2021/12/06/docker-nextcloud/
https://www.bilibili.com/read/cv5767806/
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html

docker pull nextcloud

创建临时容器

docker run -d --name tmpcloud -p 3000:80 --volumes-from 容器ID nextcloud

删除原来的容器并创建新容器

docker rm 容器ID
docker run -d --name nextcloud --restart=always -p 3000:80 --volumes-from tmpcloud nextcloud

4.删除掉旧的镜像与临时容器

docker image rm 镜像ID
docker stop tmpcloud
docker rm tmpcloud

新安装容器

docker run -d --restart=always \
--name nextcloud \
-p 3000:80 \
-v /nextcloud:/var/www/html \
nextcloud:latest

部署MariaDb

docker run -d --restart=always \
--name mariadb \
-p 3306:3306 \
-v ~/mariadb:/var/lib/mysql \
--env MYSQL_ROOT_PASSWORD=root_password \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--env MYSQL_PASSWORD=user_password \
mariadb:10.5

部署redis

docker run -d --restart=always --name redis -p 6379:6379 redis --requirepass "mypassword"

nextcloud:fpm（不使用docker-compose部署）

https://hexo.chensmallx.top/2021/04/08/nextcloud-on-docker
https://github.com/nextcloud/docker/issues/398
https://stackoverflow.com/questions/29905953/how-to-correctly-link-php-fpm-and-nginx-docker-containers
https://www.cnblogs.com/xwgli/p/16512462.html

docker run -d --restart=always \
--name nextcloud \
-p 3000:9000 \
-v /nextcloud:/var/www/html \
--link mariadb:mariadb \
--link redis:redis \
nextcloud:stable-fpm-alpine

解决警告

https://github.com/nextcloud/server/issues/25753
https://www.orcy.net.cn/1275.html

进入容器

docker exec -it nextcloud /bin/bash
docker exec -it nextcloud sh

apt update && apt install imagemagick
#此实例中的 php-imagick 模块不支持 SVG。为了获得更好的兼容性，建议安装它
tac config/config.php | sed "1a\ \ 'default_phone_region' => 'CN'," | tac > config.php_backup
cp config.php_backup config/config.php
#进入容器中, 修改 config/config.php 中的配置, 先生成新的配置，确认配置无误后覆盖配置。

添加本地文件到数据库

docker exec --user www-data nextcloud php occ files:scan --all

配置后台任务

crontab -e
*/5 * * * * docker exec --user www-data -i nextcloud php -f /var/www/html/cron.php

配置nginx(https)

root:apt-get install nginx

nano /etc/nginx/conf.d/nextcloud.conf

# fpm版本
upstream php-handler {server localhost:3000;
}server {listen 3001 ssl http2;listen [::]:3001 ssl http2;server_name nas.yangning.work;# Use Mozilla's guidelines for SSL/TLS settings# https://mozilla.github.io/server-side-tls/ssl-config-generator/# NOTE: some settings below might be redundantssl_certificate /home/yangn0/nas.yangning.work_nginx/nas.yangning.work_bundle.pem;ssl_certificate_key /home/yangn0/nas.yangning.work_nginx/nas.yangning.work.key;# Add headers to serve security related headers# Before enabling Strict-Transport-Security headers please read into this# topic first.#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";## WARNING: Only add the preload option once you read about# the consequences in https://hstspreload.org/. This option# will add the domain to a hardcoded list that is shipped# in all major browsers and getting removed from this list# could take several months.add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection "1; mode=block";add_header X-Robots-Tag none;add_header X-Download-Options noopen;add_header X-Permitted-Cross-Domain-Policies none;add_header Referrer-Policy no-referrer;add_header Strict-Transport-Security  15552000;add_header X-Frame-Options SAMEORIGIN;# Remove X-Powered-By, which is an information leakfastcgi_hide_header X-Powered-By;# Path to the root of your installationroot /nextcloud;# The following 2 rules are only needed for the user_webfinger app.# Uncomment it if you're planning to use this app.rewrite ^/.well-known/host-meta /public.php?service=host-meta last;rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;# The following rule is only needed for the Social app.# Uncomment it if you're planning to use this app.location = /.well-known/carddav {return 301 $scheme://$host:$server_port/remote.php/dav;}location = /.well-known/caldav {return 301 $scheme://$host:$server_port/remote.php/dav;}# set max upload sizeclient_max_body_size 512M;fastcgi_buffers 64 4K;# Enable gzip but do not remove ETag headersgzip on;gzip_vary on;gzip_comp_level 4;gzip_min_length 256;gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;# Uncomment if your server is build with the ngx_pagespeed module# This module is currently not supported.#pagespeed off;location / {rewrite ^ /index.php$request_uri;}location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {deny all;}location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {deny all;}location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param PATH_INFO $fastcgi_path_info;fastcgi_param HTTPS on;# Avoid sending the security headers twicefastcgi_param modHeadersAvailable true;# Enable pretty urlsfastcgi_param front_controller_active true;fastcgi_pass php-handler;fastcgi_intercept_errors on;fastcgi_request_buffering off;root /var/www/html/;}location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {try_files $uri/ =404;index index.php;}# Adding the cache control header for js, css and map files# Make sure it is BELOW the PHP blocklocation ~ \.(?:css|js|woff2?|svg|gif|map)$ {try_files $uri /index.php$request_uri;add_header Cache-Control "public, max-age=15778463";# Add headers to serve security related headers (It is intended to# have those duplicated to the ones above)# Before enabling Strict-Transport-Security headers please read into# this topic first.#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";## WARNING: Only add the preload option once you read about# the consequences in https://hstspreload.org/. This option# will add the domain to a hardcoded list that is shipped# in all major browsers and getting removed from this list# could take several months.add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection "1; mode=block";add_header X-Robots-Tag none;add_header X-Download-Options noopen;add_header X-Permitted-Cross-Domain-Policies none;add_header Referrer-Policy no-referrer;# Optional: Don't log access to assetsaccess_log off;}location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {try_files $uri /index.php$request_uri;# Optional: Don't log access to other assetsaccess_log off;}location ^~ /.well-known {rewrite ^/\.well-known/webfinger        /nextcloud/public.php?service=webfinger       last;rewrite ^/\.well-known/nodeinfo         /nextcloud/public.php?service=nodeinfo        last;}
}

重启

service nginx restart

测试

nginx -t

aria2

https://p3terx.com/archives/docker-aria2-pro.html

docker pull p3terx/aria2-pro

docker run -d \--name aria2-pro \--restart unless-stopped \--log-opt max-size=1m \--network host \-e PUID=$UID \-e PGID=$GID \-e RPC_SECRET=**** \-e RPC_PORT=4000 \-e LISTEN_PORT=4001 \-v /home/yangn0/.aria2:/config \-v /downloads:/downloads \-v /:/host \p3terx/aria2-pro

plex

docker pull plexinc/pms-docker
# 创建相关文件夹
# 索取码: https://www.plex.tv/zh/claim/
# 访问 32400/manage
docker run \-d \--name plex \--network=host \--restart=always \-e PLEX_UID=$UID \-e PLEX_GID=$GID \-e TZ="Asia/Shanghai" \-e PLEX_CLAIM="***********************" \-v /:/host \-v /home/yangn0/plex/config:/config \-v /home/yangn0/plex/transcode:/transcode \plexinc/pms-docker

开启硬件转码

https://chuckdickey.com/2022/03/plex-hardware-transcoding-with-a-jasper-lake-intel-celeron-n5105-cpu-on-ubuntu-server

挂载阿里云盘

https://hub.docker.com/r/dovorluthien/aliyundriver-webdav

获取token

JSON.parse(localStorage.token).refresh_token

docker pull dovorluthien/aliyundriver-webdav

docker run -d --name=webdav-aliyundriver --restart=always -p 5000:8080 -v /aliyun-driver/:/etc/aliyun-driver/ -e TZ="Asia/Shanghai" -e ALIYUNDRIVE_REFRESH_TOKEN="**********************" -e ALIYUNDRIVE_AUTH_USER_NAME=admin -e ALIYUNDRIVE_AUTH_PASSWORD=**** -e JAVA_OPTS=-Xmx1g dovorluthien/aliyundriver-webdav

挂载webdav到目录

apt install davfs2
mkdir /aliyun-driver/aliyun/
mount -t davfs -o uid=33 -o gid=33 http://127.0.0.1:5000 /aliyun-driver/aliyun

nano  /etc/davfs2/secrets
http://127.0.0.1:5000 admin ****

davfs2不支持流式传输，plex扫描很慢。
https://www.reddit.com/r/PleX/comments/6wrbww/plex_with_webdav_source_on_linux/
WebDAV is absolutely a stupid and shit way to go about this

umount http://127.0.0.1:5000
apt purge davfs2

tinymediamanager

docker run -d \--name=tinymediamanager \-p 5000:4000 \-v /home/yangning/tinymediamanager:/data \-v /:/host \-e USER_ID=0 \-e GROUP_ID=0 \tinymediamanager/tinymediamanager:latest

HomeAssistant

https://www.home-assistant.io/installation/linux

install

docker run -d \--name homeassistant \--privileged \--restart=unless-stopped \-e TZ=Asia/Shanghai \-v ~/HomeAssistant:/config \--network=host \ghcr.io/home-assistant/home-assistant:stable

http://< host >:8123

Mosquitto docker部署MQTT服务器

https://blog.csdn.net/weixin_42534563/article/details/124252477

docker run -it --name=mosquitto \
--restart=unless-stopped \
-p 1883:1883 \
-d eclipse-mosquitto

3、更改账号密码：
（1）、进入容器中
docker exec -it mosquitto sh
（2）、进入cd /mosquitto/config，打开配置文件 vi mosquitto.conf
（3）、增加listener 1883，这个不添加，只有本机才能够访问，其它地址访问不了。
设置allow_anonymous false ，这个配置文件中有，打开注释即可，含义为不允许匿名登录。可以 / allow_anonymous false 进行搜索，按n键搜索下一条。
搜索password_file，打开注释，在password_file后面加上 /mosquitto/config/pwdfile.conf，保存退出，写绝对地址，不要写相对地址，这个设置的是存放密码的文件的位置。
（4）、退出到mosquitto.conf 所在位置，建立一个文件touch pwdfile.conf,
写入账号密码：mosquitto_passwd -b pwdfile.conf admin public （admin 是账号，public 是密码）
（5）、退出容器，重启服务。docker restart mosquitto。

clash

https://github.com/Dreamacro/clash/issues/2566
https://zhuanlan.zhihu.com/p/423684520（iptabes有问题）

docker run \
--restart=unless-stopped \
--name clash -d \
-v /home/yangn0/clash/:/root/.config/clash/ \
--network="host" \
dreamacro/clash

set_iptables.sh

#在nat表中新建一个clash规则链
iptables -t nat -N CLASH
#排除环形地址与保留地址，匹配之后直接RETURN
iptables -t nat -A CLASH -d 0.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 10.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 127.0.0.0/8 -j RETURN
iptables -t nat -A CLASH -d 169.254.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 172.16.0.0/12 -j RETURN
iptables -t nat -A CLASH -d 192.168.0.0/16 -j RETURN
iptables -t nat -A CLASH -d 224.0.0.0/4 -j RETURN
iptables -t nat -A CLASH -d 240.0.0.0/4 -j RETURNiptables -t nat -A OUTPUT -p tcp -d 198.18.0.0/16 -j REDIRECT --to-port 7892
#重定向tcp流量到本机7892端口
iptables -t nat -A CLASH -p tcp -j REDIRECT --to-port 7892
#拦截外部tcp数据并交给clash规则链处理
iptables -t nat -A PREROUTING -p tcp -j CLASH#在nat表中新建一个clash_dns规则链
iptables -t nat -N CLASH_DNS
#清空clash_dns规则链
iptables -t nat -F CLASH_DNS
#重定向udp流量到本机1053端口
iptables -t nat -A CLASH_DNS -p udp -j REDIRECT --to-port 1053
#抓取本机产生的53端口流量交给clash_dns规则链处理
iptables -t nat -I OUTPUT -p udp --dport 53 -j CLASH_DNS
#拦截外部upd的53端口流量交给clash_dns规则链处理
iptables -t nat -I PREROUTING -p udp --dport 53 -j CLASH_DNS

路由表持久化

sudo apt install iptables-persistent
第一次安装时会问询是否保存当前路由表配置，保存之后每次重启就都可以恢复为保存时的配置。
如果对路由表有所修改，需要重新保存，则运行如下命令。
sudo dpkg-reconfigure iptables-persistent

路由表复原

iptables -t nat -D PREROUTING -p tcp -j CLASH
iptables -t nat -D OUTPUT -p udp --dport 53 -j CLASH_DNS
iptables -t nat -D PREROUTING -p udp --dport 53 -j CLASH_DNS
iptables -t nat -F CLASH
iptables -t nat -X CLASH
iptables -t nat -F CLASH
iptables -t nat -X CLASH_DNS

NAS Ubuntu all in one软硬件方案相关推荐

安装Ubuntu时的硬盘分区方案
安装Ubuntu时的硬盘分区方案如果你准备在硬盘里只安装Ubuntu一个操作系统的话,建议你采用一个"/".一个"swap"和一个"/home&qu ...
山东智慧电子秤农贸市场升级软硬件方案
疫情的原因让很多之前没有关注的问题成为了必须要关注的,比如和我们生活密切相关的食材安全以及溯源等.而这些的源头就是我们日常最常接触的农贸市场,如何做好农贸市场的智慧化.可视化.信息化是很多农贸市场必须 ...
DAS、NAS、SAN、iSCSI 存储方案概述
目前服务器所使用的专业存储方案有DAS.NAS.SAN.iSCSI几种.存储根据服务器类型可以分为:封闭系统的存储和开放系统的存储: (1)封闭系统主要指大型机. (2)开放系统指基于包括Window ...
ubuntu系统安装时的分区方案
安装Ubuntu的时候很多人都推荐在安装的时候选择更多选项,然后手动给swap,home等分区.虽然直接选择默认的选项安装其实也可以,最简单的莫过于"清除整个硬盘并安装Ubuntu" ...
ubuntu 16.04硬盘分区方案
如果你准备在硬盘里只安装Ubuntu一个操作系统的话,建议你采用一个"/".一个"swap"和一个"/home"的三分区方案: / : 10 ...
安装ubuntu系统时硬盘分区方案
硬盘分区概述一块硬盘最多可以分4个主分区,主分区之外的成为扩展分区.硬盘可以没有扩展分区,但必须有主分区.在主分区中要有一个激活分区用来启动Windows系统,在扩展分区中可以建立若干个逻辑分区. ...
Realtek ALC268集成声卡驱动成绩在ubuntu下的处置责罚方案
作者: Lynghu 出自: http://www.linuxdiyf.com 置信许多国际的朋友也会需求处置责罚这个成绩,所以我在用中文庞大年夜写一下.我的电脑是Acer Aspire 53 ...
Ubuntu：查询计算机软硬件信息
造冰箱的大熊猫,本文适用于Ubuntu 16.04@cnblogs 2019/1/1 1.查询Linux内核版本在命令行中通过命令"uname -rv"获取内核版本信息,执行实 ...
鸿蒙+瑞芯微直播一体机方案 8K 8核CPU软硬件方案
为什么越来越多的人选择直播一体机? 直播设备有哪些?直播机价格-开播鸭智能直播机专业的视频直播软件,高效便捷,满足您的各种需求,专业提供,便捷高效的操作,让您更简单,更便捷,高性能专业视频直播.有了 ...

NAS Ubuntu all in one软硬件方案