2024-08-14 11:08:44 +08:00
|
|
|
# Setup m-labs-intl.com server
|
2024-06-19 15:33:22 +08:00
|
|
|
|
2024-08-14 11:08:44 +08:00
|
|
|
```shell
|
2024-08-19 17:23:37 +08:00
|
|
|
apt install git nginx-full python3 python3.12-venv python3-pip dante-server
|
2024-06-19 15:33:22 +08:00
|
|
|
snap install --classic certbot
|
|
|
|
ln -s /snap/bin/certbot /usr/bin/certbot
|
|
|
|
useradd -m rfqserver
|
|
|
|
useradd -m zolaupd
|
|
|
|
|
|
|
|
cp m-labs-intl.com /etc/nginx/sites-available/
|
|
|
|
cp nginx.conf /etc/nginx/
|
|
|
|
ln -s /etc/nginx/sites-available/m-labs-intl.com /etc/nginx/sites-enabled/
|
|
|
|
|
2024-08-19 17:23:37 +08:00
|
|
|
cp danted.conf /etc/
|
|
|
|
|
2024-06-19 15:33:22 +08:00
|
|
|
mkdir -p /var/www/m-labs-intl.com/html
|
|
|
|
chown -R zolaupd /var/www/m-labs-intl.com/
|
|
|
|
|
|
|
|
cp runrfq.sh /home/rfqserver/
|
|
|
|
cp mail.secret /home/rfqserver/
|
|
|
|
chown rfqserver /home/rfqserver/runrfq.sh
|
|
|
|
chmod +x /home/rfqserver/runrfq.sh
|
|
|
|
chown rfqserver /home/rfqserver/mail.secret
|
|
|
|
|
|
|
|
|
|
|
|
sudo -u zolaupd sh -c '
|
|
|
|
cd /home/zolaupd;
|
|
|
|
mkdir /home/zolaupd/.ssh;
|
|
|
|
echo -n "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1OJJM8g/1ffxDjN31XKEfGmrYaW03lwpyTa1UGWqVx
|
|
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6R6XK0IiuAKxVKvSABm4m9bfOlvfJcMvTpjenuXUPv" > /home/zolaupd/.ssh/authorized_keys
|
|
|
|
chmod 700 .ssh/
|
|
|
|
chmod 600 .ssh/authorized_keys
|
|
|
|
'
|
|
|
|
|
|
|
|
sudo -u rfqserver sh -c '
|
|
|
|
cd /home/rfqserver;
|
|
|
|
git clone https://git.m-labs.hk/M-Labs/web2019.git;
|
|
|
|
cd web2019;
|
|
|
|
python3 -m venv ./venv;
|
|
|
|
source venv/bin/activate;
|
|
|
|
pip install -r requirements.txt;
|
|
|
|
'
|
|
|
|
|
|
|
|
cp rfq.service /etc/systemd/system/
|
|
|
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
systemctl enable rfq.service
|
|
|
|
systemctl start rfq.service
|
2024-08-19 17:23:37 +08:00
|
|
|
systemctl enable danted.service
|
2024-06-19 15:33:22 +08:00
|
|
|
|
|
|
|
service nginx restart
|
2024-08-19 17:23:37 +08:00
|
|
|
service danted restart
|
2024-06-19 15:33:22 +08:00
|
|
|
|
|
|
|
certbot --nginx
|
|
|
|
|
|
|
|
service nginx restart
|
2024-08-01 16:34:12 +08:00
|
|
|
|
2024-08-15 13:09:00 +08:00
|
|
|
ufw default deny
|
|
|
|
ufw allow from 94.190.212.123
|
|
|
|
ufw allow from 2001:470:f891:1:5999:5529:5d:f71d
|
|
|
|
ufw allow from 202.77.7.238
|
|
|
|
ufw allow from 2001:470:18:390::2
|
|
|
|
ufw allow "Nginx HTTP"
|
|
|
|
ufw allow "Nginx HTTPS"
|
|
|
|
ufw limit OpenSSH
|
|
|
|
ufw default allow outgoing
|
|
|
|
ufw limit 25/tcp
|
|
|
|
ufw limit 587/tcp
|
|
|
|
ufw show added
|
|
|
|
ufw enable
|
2024-08-14 11:08:44 +08:00
|
|
|
```
|