\u57df\u540d\u7cfb\u7edf<\/h3>\n
\u5728Gandi.net\u4e0a\u83b7\u5f97\u3002<\/p>\n
\u6bcf\u4e2a\u8f6f\u4ef6\u7248\u672c\u5728\u4efb\u52a1\u65f6\u70b9\u4e0a\u7684\u60c5\u51b5<\/h3>\n
\u4e3a\u4e86\u652f\u6301QUIC\uff0c\u9700\u8981\u6784\u5efaNginx\u3002<\/p>\n
\u5bf9\u8c61\u5b58\u50a8<\/h3>\n
\u4f7f\u7528\u4e86\u82a5\u672b\u3002<\/p>\n
\u8bc1\u4e66<\/h3>\n
\u4f7f\u7528ZeroSSL\u3002<\/p>\n
(Note: This is a direct translation of the given statement into Chinese.)<\/p>\n
\u90ae\u7bb1<\/h3>\n
\u4f7f\u7528\u6a31\u82b1\u7684\u90ae\u7bb1\u3002<\/p>\n
\u4e0d\u4f7f\u7528\u7684\u7269\u54c1 (B\u00f9 de<\/h3>\n\n- \n
Docker<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
Cloudflare<\/ul>\n\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5<\/h2>\n\u521b\u5efaVPS\u5b9e\u4f8b<\/h3>\n
\u767b\u5f55KAGOYA\u4e91VPS\u63a7\u5236\u9762\u677f\u3002
\n\u4e3a\u4e86\u4f7f\u7528\u4e0d\u5728\u6a21\u677f\u4e2d\u7684\u8f6f\u4ef6\u5305\uff0c\u4e0a\u4f20Fedora\u7684ISO\u6620\u50cf\u3002
\n\u590d\u5236\u7c98\u8d34\u5230Fedora\u4e0b\u8f7d\u9875\u9762\u7684ISO\u5b9e\u9645URL\u3002
\n\u7531\u4e8eISO\u6620\u50cf\u4f1a\u57281\u5929\u540e\u6d88\u5931\uff0c\u56e0\u6b64\u540d\u79f0\u53ef\u4ee5\u4efb\u610f\u8bbe\u7f6e\u3002<\/p>\n
![\"rezjr97uum9u96g.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d140737434c4406bfa204\/24-0.png\" "\\"\\"")
<\/div>\n\u5982\u679c\u4f7f\u7528\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u6620\u50cf\uff0c\u7531\u4e8eKAGOYA\u7684\u6620\u50cf\u662f\u5728BIOS\u4e0a\u8fd0\u884c\u7684\uff0c\u56e0\u6b64\u65e0\u6cd5\u542f\u52a8\u4ec5\u652f\u6301UEFI\u7684\u81ea\u5b9a\u4e49ISO\uff08\u5982CentOS Stream 9\uff09\u3002<\/div>\n\u8f6c\u5230\u201c\u521b\u5efa\u5b9e\u4f8b\u201d\u9875\u9762\uff0c\u9009\u62e9\u5df2\u4e0a\u4f20\u5230ISO\u6620\u50cf\u7684\u56fe\u50cf\u3002
\n\u9009\u62e9\u4ee5CPU 2\u6838 \/ \u5185\u5b582GB \/ \u5b58\u50a8200GB\u4e3a\u89c4\u683c\u7684\u5b9e\u4f8b\u3002\uff08\u9274\u4e8e\u6b64\u6b21\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\uff0c\u53ef\u80fd\u4e0d\u9700\u8981\u9009\u62e9\u5927\u5bb9\u91cf\u7684\u5b58\u50a8\u3002\uff09
\nvirtio\u4fdd\u6301\u9ed8\u8ba4\u8bbe\u7f6e\u5373\u53ef\u3002
\n\u8f93\u5165\u63a7\u5236\u53f0\u767b\u5f55\u5bc6\u7801\u548c\u5b9e\u4f8b\u540d\u79f0\uff08\u4e3a\u4e86\u7ba1\u7406VPS\uff0c\u540d\u79f0\u53ef\u4ee5\u968f\u610f\uff09\uff0c\u7136\u540e\u521b\u5efa\u5b9e\u4f8b\u3002
\n\u521b\u5efa\u5b9e\u4f8b\u540e\uff0c\u8f6c\u5230\u5b9e\u4f8b\u4fe1\u606f\u9875\u9762\uff0c\u786e\u8ba4\u5206\u914d\u7684IPv4\u548cIPv6\u5730\u5740\u3002<\/p>\n
DNS\u8bb0\u5f55\u6ce8\u518c<\/h3>\n\u6b63\u5f15\u304d \u7684\u610f\u601d\u662f\u201c\u53e4\u65f6\u5019\u8239\u6216\u6c7d\u8f66\u4ece\u80cc\u9762\u53cd\u65b9\u5411\u9a76\u79bb\u201d\u3002<\/h4>\n
\u767b\u5f55Gandi.net\uff0c\u5728\u76ee\u6807\u57df\u540d\u4e2d\u6dfb\u52a0\u4e00\u4e2aA\u8bb0\u5f55\uff08IPv4\uff09\u548c\u4e00\u4e2aAAAA\u8bb0\u5f55\uff08IPv6\uff09\u3002TTL\u4fdd\u6301\u9ed8\u8ba4\u503c\u5373\u53ef\u3002<\/p>\n
\u9006\u5f15\u304d can be paraphrased in Chinese as “\u53cd\u5411\u641c\u7d22” .<\/h4>\n
\u5728KAGOYA\u7684\u5b9e\u4f8b\u4fe1\u606f\u7684\u9006\u5f15\u8bbe\u7f6e\u5904\u8f93\u5165\u57df\u540d\u3002<\/p>\n
“\u5b89\u88c5”<\/h3>\n
\u5f53\u60a8\u542f\u52a8\u63a7\u5236\u53f0\u65f6\uff0c\u5c06\u5f39\u51fa\u4e00\u4e2a\u663e\u793a\u63a7\u5236\u53f0\u7684\u5f39\u7a97\u3002
\n\u7531\u4e8e\u67d0\u4e9b\u6d4f\u89c8\u5668\u4f1a\u5c06\u5f39\u7a97\u963b\u6b62\u4e00\u6b21\uff0c\u60a8\u53ef\u4ee5\u5728\u6388\u6743\u540e\u518d\u6b21\u542f\u52a8\u3002
\n\u6b64\u5916\uff0c\u7531\u4e8e\u5c4f\u5e55\u5f88\u5feb\u4f1a\u8d85\u65f6\uff0c\u60a8\u53ef\u4ee5\u6bcf\u6b21\u6309\u4e0bF5\u6216Ctrl+R\u6765\u91cd\u65b0\u52a0\u8f7d\u9875\u9762\uff0c\u6216\u8005\u91cd\u65b0\u6253\u5f00\u7a97\u53e3\u3002<\/p>\n
\u786e\u8ba4Fedora\u5b89\u88c5\u754c\u9762\u662f\u5426\u663e\u793a\u3002<\/p>\n
\u8bed\u8a00\u8bbe\u7f6e<\/h4>\n
\u7531\u4e8e\u8f6c\u6362\u4e3a\u65e5\u8bed\u53ef\u80fd\u4f1a\u7a0d\u5fae\u9ebb\u70e6\uff0c\u6240\u4ee5\u8bf7\u7ee7\u7eed\u4f7f\u7528\u82f1\u8bed\u3002<\/p>\n
![\"hfyk9gapjgb3t23.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d140737434c4406bfa204\/37-0.png\" "\\"\\"")
<\/div>\n\u5b89\u88c5\u6982\u8ff0<\/h4>\n
\u6309\u7167\u4ee5\u4e0b\u8bbe\u5b9a\u7684\u987a\u5e8f\u8fdb\u884c\u8bb0\u8ff0\u3002<\/p>\n
![\"uxxknkz79537ytd.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d140737434c4406bfa204\/40-0.png\" "\\"\\"")
<\/div>\n\u952e\u76d8<\/h5>\n
\u6839\u636e\u81ea\u5df1\u4f7f\u7528\u7684\u952e\u76d8\u9009\u62e9\u82f1\u8bed\uff08\u7f8e\u56fd\uff09\u6216\u65e5\u8bed\u3002\uff08\u5b9e\u9645\u4e0a\uff0c\u7531\u4e8e\u51e0\u4e4e\u90fd\u662f\u4f7f\u7528SSH\u64cd\u4f5c\uff0c\u9664\u4e86\u6700\u521d\u7684\u5bc6\u7801\u8f93\u5165\u5916\uff0c\u952e\u76d8\u5e76\u4e0d\u592a\u76f8\u5173\u3002\uff09<\/p>\n
\u8bed\u8a00\u652f\u6301<\/h5>\n
\u6682\u65f6\u589e\u52a0\u4e00\u9879\u65e5\u8bed\uff08\u65e5\u672c\uff09\u5185\u5bb9\u3002<\/p>\n
\u8f6f\u4ef6\u9009\u62e9<\/h5>\n
\u786e\u8ba4\u5df2\u9009\u62e9 Fedora \u670d\u52a1\u5668\u7248\u3002<\/p>\n
\u5b89\u88c5\u76ee\u6807\u5730\u70b9<\/h5>\n
\u9009\u62e9Custom\u5e76\u70b9\u51fbDone\u3002<\/p>\n
\u8fdb\u5165\u5206\u533a\u521b\u5efa\u754c\u9762\uff0c\u9996\u5148\u9009\u62e9LVM\u81ea\u52a8\u521b\u5efa(\u70b9\u51fb\u6b64\u5904\u81ea\u52a8\u521b\u5efa)\u3002<\/p>\n
BIOS Boot\u3001\/boot\u3001\/\u8fd9\u4e09\u4e2a\u5206\u533a\u5c06\u81ea\u52a8\u521b\u5efa\u3002<\/p>\n
\u7531\u4e8e2GB\u7684\u5185\u5b58\u4e0d\u8db3\u4ee5\u6784\u5efaMisskey\uff0c\u56e0\u6b64\u4f7f\u7528”+”\u6765\u521b\u5efaswap\u3002\u7531\u4e8e\u6b64\u6b21\u4f7f\u7528\u4e86\u5927\u5bb9\u91cf\u7684\u5b58\u50a8\uff0c\u6240\u4ee5\u521b\u5efa\u4e86\u7a0d\u5fae\u591a\u4e00\u70b9\u76848GiB\u3002<\/p>\n
\u7136\u540e\uff0c\u5728Desired Capacity\u7684\/\u5206\u533a\u5904\u586b\u5165\u975e\u5e38\u5927\u7684\u503c\u5e76\u70b9\u51fbUpdate\uff0c\u5269\u4f59\u7684\u5168\u90e8\u5bb9\u91cf\u5c06\u81ea\u52a8\u5206\u914d\u3002<\/p>\n
![\"aj86nb8ie8atm7z.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d140737434c4406bfa204\/49-0.png\" "\\"\\"")
<\/div>\n\u7f51\u7edc\u548c\u4e3b\u673a\u540d<\/h5>\n
\u5728\u4ee5\u592a\u7f51\uff08ens3\uff09\u88ab\u9009\u62e9\u72b6\u6001\u4e0b\uff0c\u70b9\u51fb\u201c\u914d\u7f6e\u201d\u3002<\/p>\n
IPv4 \u914d\u7f6e<\/h6>\n\n\u9805\u76ee\u5024MethodManualAddress\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eIPv4\u306eIPNetmask\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306e\u30b5\u30d6\u30cd\u30c3\u30c8Gateway\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306e\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4DNS servers\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eDNS\u3001
\n\u307e\u305f\u306f\u304a\u597d\u304d\u306aDNS\u30b5\u30fc\u30d0\u306eIP\u3092\u30ab\u30f3\u30de(,)\u5f62\u5f0f\u3067\u5165\u529b<\/div>\n<\/div>\nIPv6\u8bbe\u7f6e<\/h6>\n\n\u9805\u76ee\u5024MethodManualAddress\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eIPv6\u306eIPPrefix64GatewayIPv6\u306e\u5148\u982d4\u3064\u90e8\u5206\u306b::1\u3092\u4ed8\u52a0 (xxxx:yyyy:zzzz:wwww::1)DNS servers\u304a\u597d\u304d\u306aDNS\u30b5\u30fc\u30d0\u306eIP\u3092\u30ab\u30f3\u30de(,)\u5f62\u5f0f\u3067\u5165\u529b<\/div>\n<\/div>\n\u4e00\u65e6\u5b8c\u6210\u8f93\u5165\u4e4b\u540e\uff0c\u8bf7\u4fdd\u5b58\u5e76\u6fc0\u6d3b\u3002\u5982\u679cDNS\u8bb0\u5f55\u5df2\u7ecf\u751f\u6548\uff0c\u5219\u5728\u5f53\u524d\u4e3b\u673a\u540d\u5904\u4f1a\u663e\u793a\u57df\u540d\u3002
\n\u5982\u679c\u663e\u793a\u4e86\u201ckagoya\u201d\u7684\u5185\u5bb9\uff0c\u5219\u8bf7\u5728\u4e3b\u673a\u540d\u5904\u8f93\u5165\u8981\u4f7f\u7528\u7684\u57df\u540d\u5e76\u5e94\u7528\u3002<\/p>\n
\u65f6\u95f4\u548c\u65e5\u671f<\/h5>\n
\u70b9\u51fb\u65e5\u672c\u5730\u533a\u3002\u786e\u4fdd\u65f6\u533a\u8bbe\u7f6e\u4e3aAsia\/Tokyo\uff0c\u7f51\u7edc\u65f6\u95f4\u5df2\u542f\u7528\u3002<\/p>\n
\u7528\u6237\u521b\u5efa<\/h5>\n
\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u786e\u8ba4\u4e24\u4e2a\u590d\u9009\u6846\u90fd\u88ab\u9009\u4e2d\u3002<\/p>\n
\u5f00\u59cb\u5b89\u88c5<\/h5>\n
\u5728\u4ee5\u4e0a\u7684\u8bbe\u7f6e\u4e0b\uff0c\u70b9\u51fb\u201cBegin Installation\u201d\u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5\u3002
\n\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u201cReboot System\u201d\u91cd\u65b0\u542f\u52a8\u3002
\n\u786e\u4fdd\u5b89\u88c5\u7684\u64cd\u4f5c\u7cfb\u7edf\u6210\u529f\u542f\u52a8\u3002<\/p>\n
SSH\u8fde\u63a5\u8bbe\u7f6e<\/h2>\n
\u4f7f\u7528\u624b\u5934\u7684\u7ec8\u7aef\u8f6f\u4ef6\u8fdb\u884cSSH\u8fde\u63a5\uff0c\u4e3a\u4e86\u52a0\u5f3a\u5b89\u5168\u6027\uff0c\u66f4\u6539SSH\u7684\u7aef\u53e3\u53f7\u5e76\u5207\u6362\u5230\u516c\u94a5\u8ba4\u8bc1\u3002<\/p>\n
\u516c\u958b\u5bc6\u94a5\u52a0\u5bc6<\/h3>\n\u6dfb\u52a0\u65b0\u7684\u9470\u5319<\/h4>\n\n- \n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u9375\u3092\u4f5c\u6210\u3059\u308b(\u624b\u9806\u7701\u7565)<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u30b5\u30fc\u30d0\u306bSCP\u306a\u3069\u3092\u7528\u3044\u3066\u4f5c\u6210\u3057\u305f\u516c\u958b\u9375\u3092\u30ea\u30e2\u30fc\u30c8\u306b\u8ee2\u9001\u3059\u308b(\u624b\u9806\u7701\u7565)<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\u4ee5\u4e0b\u30b3\u30de\u30f3\u30c9\u3067authorized_keys\u306b\u9375\u3092\u767b\u9332<\/ul>\n
mkdir<\/span> ~\/.ssh\r\ncat<\/span> (<\/span>\u6301\u3063\u3066\u304d\u305f\u30d5\u30a1\u30a4\u30eb)<\/span> >><\/span> ~\/.ssh\/authorized_keys\r\nchmod <\/span>700 ~\/.ssh\r\nchmod <\/span>600 ~\/.ssh\/authorized_keys\r\nrm<\/span> (<\/span>\u6301\u3063\u3066\u304d\u305f\u30d5\u30a1\u30a4\u30eb)<\/span>\r\n<\/code><\/pre>\n\u516c\u958b\u9375\u8a8d\u8a3c\u3067\u5bfe\u5fdc\u3059\u308b\u79d8\u5bc6\u9375\u3092\u6307\u5b9a\u3057\u3001SSH\u63a5\u7d9a\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/ul>\n\u7981\u6b62\u4f7f\u7528\u5bc6\u7801\u767b\u5f55\u548croot\u767b\u5f55<\/h4>\n
\/etc\/ssh\/sshd_config.d\/\u5185\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u8ffd\u8a18<\/p>\n
PermitRootLogin no\r\nPasswordAuthentication no\r\n<\/code><\/pre>\nsudo systemctl restart sshd.service\u3067SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3001\u4eca\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u7dad\u6301\u3057\u305f\u307e\u307e\u5225\u30bb\u30c3\u30b7\u30e7\u30f3\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u66f4\u6539\u7aef\u53e3\u7f16\u53f7<\/h3>\n\u6dfb\u52a0\u7aef\u53e3\u53f7<\/h4>\n\u66f4\u6539sshd_config\u6587\u4ef6<\/h5>\n
\/etc\/ssh\/sshd_config.d\/\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u8ffd\u8a18<\/p>\n
+ Port 22\r\n+ Port (\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)\r\n<\/span>PermitRootLogin no\r\nPasswordAuthentication no\r\n<\/span><\/code><\/pre>\n\u589e\u52a0\u9632\u706b\u5899<\/h5>\nssh\u306e\u30b5\u30fc\u30d3\u30b9\u30d5\u30a1\u30a4\u30eb\u3092\u8907\u88fd\u3059\u308b<\/ul>\n
sudo cp<\/span> \/usr\/lib\/firewalld\/services\/ssh.xml \/etc\/firewalld\/services\/ssh-alt.xml\r\n<\/code><\/pre>\nssh-alt.xml\u3092\u5909\u66f4<\/p>\n
<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<service>\r\n- <short>SSH<\/short>\r\n<\/span>+ <short>SSH-ALT<\/short>\r\n<\/span> <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessin g your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.<\/description>\r\n- <port protocol=\"tcp\" port=\"22\"\/>\r\n<\/span>+ <port protocol=\"tcp\" port=\"(\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)\"\/>\r\n<\/span><\/service>\r\n<\/code><\/pre>\n\u4ee5\u4e0b\u3067\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u8ffd\u52a0<\/ul>\n
# ssh-alt\u3092\u53cd\u6620<\/span>\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\nsudo <\/span>firewall-cmd --get-services<\/span> | grep <\/span>ssh-alt\r\n\r\n# ssh-alt\u3092\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u306b\u8ffd\u52a0<\/span>\r\nsudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>ssh-alt\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\n\r\n# \u78ba\u8a8d<\/span>\r\nsudo <\/span>firewall-cmd --list-all<\/span>\r\n<\/code><\/pre>\n\u6dfb\u52a0SELinux\u89c4\u5219<\/h5>\n\u4ee5\u4e0b\u5b9f\u884c<\/ul>\n
sudo <\/span>semanage port --add<\/span> --type<\/span> ssh_port_t --proto<\/span> tcp (<\/span>\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)<\/span>\r\n<\/code><\/pre>\nsudo systemctl restart sshd.service\u3067SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3001\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u5220\u9664\u7aef\u53e3\u53f7\u3002<\/h4>\n\u66f4\u6539sshd_config\u6587\u4ef6<\/h5>\n
\/etc\/ssh\/sshd_config.d\/\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4<\/p>\n
- Port 22\r\n<\/span>Port (\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)\r\nPermitRootLogin no\r\nPasswordAuthentication no\r\n<\/span><\/code><\/pre>\n\u5220\u9664\u9632\u706b\u5899<\/h5>\n\u4ee5\u4e0b\u3067\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u524a\u9664<\/ul>\n
# ssh\u3092\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u304b\u3089\u524a\u9664<\/span>\r\nsudo <\/span>firewall-cmd --permanent<\/span> --remove-service<\/span>=<\/span>ssh\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\n\r\n# \u78ba\u8a8d<\/span>\r\nsudo <\/span>firewall-cmd --list-all<\/span>\r\n<\/code><\/pre>\nsudo systemctl restart sshd.service\u3067SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u5176\u4ed6\u9632\u706b\u5899\u66f4\u65b0<\/h2>\n\u5173\u95ed\u9a7e\u9a76\u8231<\/h3>\nsudo <\/span>firewall-cmd --permanent<\/span> --remove-service<\/span>=<\/span>cockpit\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\nsudo <\/span>systemctl disable --now<\/span> cockpit.socket\r\n<\/code><\/pre>\n\u4f7fHTTP\u534f\u8bae\u8fdb\u884c\u901a\u4fe1\u3002<\/h3>\n\u9632\u706b\u5899\u89c4\u5219<\/h4>\n
\u5982\u679c\u672a\u5b9a\u4e49http3\uff0c\u5219\u901a\u8fc7add-port\u5c06443\/udp\u4f20\u9012\u3002<\/p>\n
sudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>http\r\nsudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>https\r\nsudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>http3\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\n<\/code><\/pre>\nSELinux\u89c4\u5219 (SELinux<\/h4>\nsudo <\/span>setsebool -P<\/span> httpd_can_network_connect 1\r\nsudo <\/span>setsebool -P<\/span> httpd_can_network_relay 1\r\nsudo <\/span>semanage port --add<\/span> --type<\/span> http_port_t --proto<\/span> udp 443\r\n<\/code><\/pre>\n\u9632\u62a4\u4e91<\/h3>\n
\u968f\u4fbf\u653e\u5728\u90a3\u91cc\u3002<\/p>\n
sudo <\/span>dnf install <\/span>fail2ban\r\nsudo <\/span>systemctl enable<\/span> --now<\/span> fail2ban.service\r\n<\/code><\/pre>\n\u69cb\u5efaNginx<\/h2>\n
\u5982\u679c\u8981\u5c06Nginx\u9002\u914dQUIC\u534f\u8bae\uff0c\u90a3\u4e48\u53ea\u4f7f\u7528\u8f6f\u4ef6\u5305\u81ea\u5e26\u7684Nginx\uff0c\u5b83\u662f\u4f7f\u7528\u7684\u5185\u7f6eOpenSSL\uff08\u4e0d\u652f\u6301QUIC\uff09\uff0c\u6240\u4ee5\u65e0\u6cd5\u8fd0\u884cQUIC\u3002
\n\u56e0\u6b64\uff0c\u9700\u8981\u6784\u5efa\u4e00\u4e2a\u96c6\u6210\u4e86\u652f\u6301QUIC\u7684SSL\u8f6f\u4ef6\u5305\u7684Nginx\u3002
\n\u6b64\u5916\uff0c\u7531\u4e8eWasabi\u5b58\u50a8\u4e0d\u80fd\u8fdb\u884c\u516c\u5171\u8bbf\u95ee\uff08\u8bf7\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\uff09\uff0c\u56e0\u6b64\u9700\u8981\u4ee5\u67d0\u79cd\u65b9\u5f0f\u96c6\u6210AWS\u7684\u8eab\u4efd\u9a8c\u8bc1\u8bbf\u95ee\u529f\u80fd\u3002<\/p>\n
<\/p>\n
\u8fd9\u6b21\u6211\u4eec\u5c06\u4f7f\u7528quictls\u6765\u66ff\u4ee3OpenSSL\uff0c\u5e76\u4f7f\u7528ngx_aws_auth\u6a21\u5757\u6765\u8fdb\u884cAWS\u7684\u8ba4\u8bc1\u3002<\/p>\n
\u5b89\u88c5\u57fa\u672c\u8f6f\u4ef6\u5305\u3002<\/h3>\n
\u5b89\u88c5\u901a\u7528\u5305\u4ee5\u6784\u5efa\u3002\u6bcf\u4e2a\u6784\u5efa\u4e2d\u6240\u9700\u7684\u7279\u5b9a\u5305\u4f1a\u9010\u6b21\u5217\u51fa\u3002<\/p>\n
sudo <\/span>dnf groupinstall 'Development Tools'<\/span>\r\nsudo <\/span>dnf install <\/span>cmake\r\n<\/code><\/pre>\n\u5feb\u901fTLS\u7684\u5b89\u88c5<\/h3>\n\u542f\u7528kTLS<\/h4>\n
\u636e\u8bf4\u5c06TLS\u5904\u7406\u59d4\u6258\u7ed9\u5185\u6838\u53ef\u4ee5\u63d0\u9ad8\u6027\u80fd\uff0c\u6240\u4ee5\u6211\u60f3\u8bd5\u4e00\u8bd5\u3002<\/p>\n
sudo <\/span>modprobe tls\r\n<\/code><\/pre>\n\u5b89\u88c5\u5fc5\u8981\u7684\u8f6f\u4ef6\u5305<\/h4>\nsudo <\/span>dnf install <\/span>perl wget gcc gcc-arm-linux-gnu tcp_wrappers\r\n<\/code><\/pre>\n\u4e0b\u8f7d\u6e90\u4ee3\u7801<\/h4>\ncd<\/span> \/usr\/local\/src\r\nsudo <\/span>git clone https:\/\/github.com\/quictls\/openssl.git\r\ncd <\/span>openssl\r\nsudo <\/span>git submodule update --init<\/span>\r\n<\/code><\/pre>\n\u5b89\u88c5<\/h4>\nsudo<\/span> .\/Configure enable-ktls\r\nsudo <\/span>make\r\nsudo <\/span>make install<\/span>\r\n<\/code><\/pre>\n\u8bbe\u7f6e\u5e93\u7684\u8def\u5f84<\/h4>\n
\u7531\u4e8e\/usr\/local\/lib64\u8def\u5f84\u6ca1\u6709\u88ab\u6b63\u786e\u8bbe\u7f6e\uff0c\u6240\u4ee5\u9700\u8981\u5c06\u5176\u6dfb\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d\u901a\u884c\u3002<\/p>\n
\/etc\/ld.so.conf.d\/\u5185\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u8ffd\u8a18<\/p>\n
\/usr\/local\/lib\r\n\/usr\/local\/lib64\r\n<\/code><\/pre>\nsudo ldconfig\u3067\u53cd\u6620<\/p>\n
openssl version\u3092\u5b9f\u884c\u3057\u3001\u30d0\u30fc\u30b8\u30e7\u30f3\u306b+quic\u304c\u3064\u3044\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u7559\u4e0bquictls\u7684\u6e90\u4ee3\u7801\u4f9b\u5728\u6784\u5efaNginx\u65f6\u4f7f\u7528\u3002<\/p>\n
\u51c6\u5907AWS\u4ee3\u7406\u6a21\u5757<\/h3>\n
\u542c\u8bf4Wasabi\u65e0\u6cd5\u8fdb\u884c\u516c\u5171\u8bbf\u95ee\uff0c\u5e76\u4e14\u4f3c\u4e4e\u65e0\u6cd5\u6b63\u5e38\u4f7f\u7528SigV4\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6362\u53e5\u8bdd\u8bf4\uff0c\u5b83\u4e0d\u8d77\u4f5c\u7528\u3002<\/p>\n
<\/p>\n
\u7531\u4e8e\u6ca1\u6709\u529e\u6cd5\uff0c\u4e3a\u4e86\u80fd\u591f\u4f7f\u7528SigV2\u8fdb\u884c\u8ba4\u8bc1\uff0c\u9700\u8981\u5c06\u6a21\u5757\u66f4\u6539\u4e3aV2\u5206\u652f\u7684\u7248\u672c\u3002<\/p>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>git clone https:\/\/github.com\/anomalizer\/ngx_aws_auth.git\r\ncd <\/span>ngx_aws_auth\r\nsudo <\/span>git checkout AuthV2\r\n<\/code><\/pre>\n\u7531\u4e8e\u8fd9\u662f\u4e00\u4e2a\u65e7\u7684\u7a0b\u5e8f\uff0c\u5982\u679c\u4fdd\u6301\u4e0d\u53d8\uff0c\u5c06\u65e0\u6cd5\u5728\u5f53\u524d\u7684Nginx\u6784\u5efa\u8fc7\u7a0b\u4e2d\u8fd0\u884c\u3002
\n\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff0c\u4e8b\u5148\u5bf9\u4ee3\u7801\u8fdb\u884c\u90e8\u5206\u66f4\u6539\u3002<\/p>\n
sudo sed<\/span> -i<\/span> -e<\/span> 's\/\\(ngx_http_variable_unknown_header(\\)\\(val\\)\/\\1r, \\2\/'<\/span> ngx_http_aws_auth_module.c\r\n<\/code><\/pre>\n\u63d0\u4f9bBrotli\u538b\u7f29\u6a21\u5757<\/h3>\n
\u542c\u8bf4\u901a\u4fe1\u91cf\u8981\u51cf\u5c11\uff1f\u90a3\u5c31\u8d81\u673a\u8bd5\u8bd5\u770b\u3002<\/p>\n
<\/p>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>git clone https:\/\/github.com\/google\/ngx_brotli.git\r\ncd <\/span>ngx_brotli\r\nsudo <\/span>git submodule update --init<\/span>\r\n<\/code><\/pre>\n\u5b89\u88c5Nginx<\/h3>\n\u6dfb\u52a0\u7528\u6237<\/h4>\nsudo <\/span>useradd --system<\/span> --comment<\/span> 'Nginx web server'<\/span> --home-dir<\/span> \/var\/local\/lib\/nginx --shell<\/span> \/sbin\/nologin nginx\r\n<\/code><\/pre>\n\u5b89\u88c5\u6240\u9700\u7684\u8f6f\u4ef6\u5305<\/h4>\n
\u7531\u4e8e\u8fc7\u5ea6\u914d\u7f6e\u9009\u9879\uff0c\u5bfc\u81f4\u6240\u9700\u7684\u8f6f\u4ef6\u5305\u6570\u91cf\u589e\u52a0\u3002\u5982\u679c\u4e0d\u9700\u8981\u7684\u8bdd\uff0c\u4e5f\u8bb8\u53ef\u4ee5\u5220\u9664\u9009\u9879\u3002<\/p>\n
sudo <\/span>dnf install <\/span>pcre-devel libxslt-devel gd-devel GeoIP-devel gperftools\r\n<\/code><\/pre>\n\u8bf7\u4e0b\u8f7d\u8d44\u6e90\u3002<\/h4>\n
\u5728\u4e0b\u8f7d\u7f51\u7ad9\u4e0a\u67e5\u770b\u516c\u5f0f\u7684\u7248\u672c\u4fe1\u606f\uff0c\u7136\u540e\u4e0b\u8f7d\u76f8\u5e94\u7684\u7248\u672c\u3002<\/p>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>curl -O<\/span> https:\/\/nginx.org\/download\/nginx-1.25.2.tar.gz\r\nsudo tar <\/span>xvf nginx-1.25.2.tar.gz\r\ncd <\/span>nginx-1.25.2\r\n<\/code><\/pre>\n\u8fdb\u884c\u914d\u7f6e<\/h4>\n
\u7531\u4e8e\u8bd5\u9519\u7684\u7ed3\u679c\uff0c\u6211\u4eec\u9009\u62e9\u4e86\u4ee5\u4e0b\u9009\u9879\u8fdb\u884c\u6267\u884c\u3002\u7531\u4e8e\u5bf9\u7ec6\u8282\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u6240\u4ee5\u7701\u7565\u3002<\/p>\n
sudo<\/span> .\/configure \\<\/span>\r\n--prefix<\/span>=<\/span>\/var\/local\/nginx \\<\/span>\r\n--sbin-path<\/span>=<\/span>\/usr\/local\/sbin\/nginx \\<\/span>\r\n--modules-path<\/span>=<\/span>\/usr\/local\/lib64\/nginx\/modules \\<\/span>\r\n--conf-path<\/span>=<\/span>\/usr\/local\/etc\/nginx\/nginx.conf \\<\/span>\r\n--error-log-path<\/span>=<\/span>\/var\/local\/log\/nginx\/error.log \\<\/span>\r\n--http-log-path<\/span>=<\/span>\/var\/local\/log\/nginx\/access.log \\<\/span>\r\n--http-client-body-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/client_body \\<\/span>\r\n--http-proxy-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/proxy \\<\/span>\r\n--http-fastcgi-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/fastcgi \\<\/span>\r\n--http-uwsgi-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/uwsgi \\<\/span>\r\n--http-scgi-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/scgi \\<\/span>\r\n--pid-path<\/span>
- Docker<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u9375\u3092\u4f5c\u6210\u3059\u308b(\u624b\u9806\u7701\u7565)<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u30b5\u30fc\u30d0\u306bSCP\u306a\u3069\u3092\u7528\u3044\u3066\u4f5c\u6210\u3057\u305f\u516c\u958b\u9375\u3092\u30ea\u30e2\u30fc\u30c8\u306b\u8ee2\u9001\u3059\u308b(\u624b\u9806\u7701\u7565)<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- \u4ee5\u4e0b\u30b3\u30de\u30f3\u30c9\u3067authorized_keys\u306b\u9375\u3092\u767b\u9332<\/ul>\n
mkdir<\/span> ~\/.ssh\r\ncat<\/span> (<\/span>\u6301\u3063\u3066\u304d\u305f\u30d5\u30a1\u30a4\u30eb)<\/span> >><\/span> ~\/.ssh\/authorized_keys\r\nchmod <\/span>700 ~\/.ssh\r\nchmod <\/span>600 ~\/.ssh\/authorized_keys\r\nrm<\/span> (<\/span>\u6301\u3063\u3066\u304d\u305f\u30d5\u30a1\u30a4\u30eb)<\/span>\r\n<\/code><\/pre>\n- \u516c\u958b\u9375\u8a8d\u8a3c\u3067\u5bfe\u5fdc\u3059\u308b\u79d8\u5bc6\u9375\u3092\u6307\u5b9a\u3057\u3001SSH\u63a5\u7d9a\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/ul>\n
\u7981\u6b62\u4f7f\u7528\u5bc6\u7801\u767b\u5f55\u548croot\u767b\u5f55<\/h4>\n
\/etc\/ssh\/sshd_config.d\/\u5185\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u8ffd\u8a18<\/p>\n
PermitRootLogin no\r\nPasswordAuthentication no\r\n<\/code><\/pre>\nsudo systemctl restart sshd.service\u3067SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3001\u4eca\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u7dad\u6301\u3057\u305f\u307e\u307e\u5225\u30bb\u30c3\u30b7\u30e7\u30f3\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u66f4\u6539\u7aef\u53e3\u7f16\u53f7<\/h3>\n
\u6dfb\u52a0\u7aef\u53e3\u53f7<\/h4>\n
\u66f4\u6539sshd_config\u6587\u4ef6<\/h5>\n
\/etc\/ssh\/sshd_config.d\/\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u8ffd\u8a18<\/p>\n
+ Port 22\r\n+ Port (\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)\r\n<\/span>PermitRootLogin no\r\nPasswordAuthentication no\r\n<\/span><\/code><\/pre>\n\u589e\u52a0\u9632\u706b\u5899<\/h5>\n
- ssh\u306e\u30b5\u30fc\u30d3\u30b9\u30d5\u30a1\u30a4\u30eb\u3092\u8907\u88fd\u3059\u308b<\/ul>\n
sudo cp<\/span> \/usr\/lib\/firewalld\/services\/ssh.xml \/etc\/firewalld\/services\/ssh-alt.xml\r\n<\/code><\/pre>\nssh-alt.xml\u3092\u5909\u66f4<\/p>\n
<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<service>\r\n- <short>SSH<\/short>\r\n<\/span>+ <short>SSH-ALT<\/short>\r\n<\/span> <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessin g your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.<\/description>\r\n- <port protocol=\"tcp\" port=\"22\"\/>\r\n<\/span>+ <port protocol=\"tcp\" port=\"(\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)\"\/>\r\n<\/span><\/service>\r\n<\/code><\/pre>\n- \u4ee5\u4e0b\u3067\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u8ffd\u52a0<\/ul>\n
# ssh-alt\u3092\u53cd\u6620<\/span>\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\nsudo <\/span>firewall-cmd --get-services<\/span> | grep <\/span>ssh-alt\r\n\r\n# ssh-alt\u3092\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u306b\u8ffd\u52a0<\/span>\r\nsudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>ssh-alt\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\n\r\n# \u78ba\u8a8d<\/span>\r\nsudo <\/span>firewall-cmd --list-all<\/span>\r\n<\/code><\/pre>\n\u6dfb\u52a0SELinux\u89c4\u5219<\/h5>\n
- \u4ee5\u4e0b\u5b9f\u884c<\/ul>\n
sudo <\/span>semanage port --add<\/span> --type<\/span> ssh_port_t --proto<\/span> tcp (<\/span>\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)<\/span>\r\n<\/code><\/pre>\nsudo systemctl restart sshd.service\u3067SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3001\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u5220\u9664\u7aef\u53e3\u53f7\u3002<\/h4>\n
\u66f4\u6539sshd_config\u6587\u4ef6<\/h5>\n
\/etc\/ssh\/sshd_config.d\/\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4<\/p>\n
- Port 22\r\n<\/span>Port (\u5909\u66f4\u5f8c\u306e\u30dd\u30fc\u30c8\u756a\u53f7)\r\nPermitRootLogin no\r\nPasswordAuthentication no\r\n<\/span><\/code><\/pre>\n\u5220\u9664\u9632\u706b\u5899<\/h5>\n
- \u4ee5\u4e0b\u3067\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u524a\u9664<\/ul>\n
# ssh\u3092\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u30eb\u30fc\u30eb\u304b\u3089\u524a\u9664<\/span>\r\nsudo <\/span>firewall-cmd --permanent<\/span> --remove-service<\/span>=<\/span>ssh\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\n\r\n# \u78ba\u8a8d<\/span>\r\nsudo <\/span>firewall-cmd --list-all<\/span>\r\n<\/code><\/pre>\nsudo systemctl restart sshd.service\u3067SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u5176\u4ed6\u9632\u706b\u5899\u66f4\u65b0<\/h2>\n
\u5173\u95ed\u9a7e\u9a76\u8231<\/h3>\n
sudo <\/span>firewall-cmd --permanent<\/span> --remove-service<\/span>=<\/span>cockpit\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\nsudo <\/span>systemctl disable --now<\/span> cockpit.socket\r\n<\/code><\/pre>\n\u4f7fHTTP\u534f\u8bae\u8fdb\u884c\u901a\u4fe1\u3002<\/h3>\n
\u9632\u706b\u5899\u89c4\u5219<\/h4>\n
\u5982\u679c\u672a\u5b9a\u4e49http3\uff0c\u5219\u901a\u8fc7add-port\u5c06443\/udp\u4f20\u9012\u3002<\/p>\n
sudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>http\r\nsudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>https\r\nsudo <\/span>firewall-cmd --permanent<\/span> --add-service<\/span>=<\/span>http3\r\nsudo <\/span>firewall-cmd --reload<\/span>\r\n<\/code><\/pre>\nSELinux\u89c4\u5219 (SELinux<\/h4>\n
sudo <\/span>setsebool -P<\/span> httpd_can_network_connect 1\r\nsudo <\/span>setsebool -P<\/span> httpd_can_network_relay 1\r\nsudo <\/span>semanage port --add<\/span> --type<\/span> http_port_t --proto<\/span> udp 443\r\n<\/code><\/pre>\n\u9632\u62a4\u4e91<\/h3>\n
\u968f\u4fbf\u653e\u5728\u90a3\u91cc\u3002<\/p>\n
sudo <\/span>dnf install <\/span>fail2ban\r\nsudo <\/span>systemctl enable<\/span> --now<\/span> fail2ban.service\r\n<\/code><\/pre>\n\u69cb\u5efaNginx<\/h2>\n
\u5982\u679c\u8981\u5c06Nginx\u9002\u914dQUIC\u534f\u8bae\uff0c\u90a3\u4e48\u53ea\u4f7f\u7528\u8f6f\u4ef6\u5305\u81ea\u5e26\u7684Nginx\uff0c\u5b83\u662f\u4f7f\u7528\u7684\u5185\u7f6eOpenSSL\uff08\u4e0d\u652f\u6301QUIC\uff09\uff0c\u6240\u4ee5\u65e0\u6cd5\u8fd0\u884cQUIC\u3002
\n\u56e0\u6b64\uff0c\u9700\u8981\u6784\u5efa\u4e00\u4e2a\u96c6\u6210\u4e86\u652f\u6301QUIC\u7684SSL\u8f6f\u4ef6\u5305\u7684Nginx\u3002
\n\u6b64\u5916\uff0c\u7531\u4e8eWasabi\u5b58\u50a8\u4e0d\u80fd\u8fdb\u884c\u516c\u5171\u8bbf\u95ee\uff08\u8bf7\u53c2\u8003\u4ee5\u4e0b\u4fe1\u606f\uff09\uff0c\u56e0\u6b64\u9700\u8981\u4ee5\u67d0\u79cd\u65b9\u5f0f\u96c6\u6210AWS\u7684\u8eab\u4efd\u9a8c\u8bc1\u8bbf\u95ee\u529f\u80fd\u3002<\/p>\n<\/p>\n
\u8fd9\u6b21\u6211\u4eec\u5c06\u4f7f\u7528quictls\u6765\u66ff\u4ee3OpenSSL\uff0c\u5e76\u4f7f\u7528ngx_aws_auth\u6a21\u5757\u6765\u8fdb\u884cAWS\u7684\u8ba4\u8bc1\u3002<\/p>\n
\u5b89\u88c5\u57fa\u672c\u8f6f\u4ef6\u5305\u3002<\/h3>\n
\u5b89\u88c5\u901a\u7528\u5305\u4ee5\u6784\u5efa\u3002\u6bcf\u4e2a\u6784\u5efa\u4e2d\u6240\u9700\u7684\u7279\u5b9a\u5305\u4f1a\u9010\u6b21\u5217\u51fa\u3002<\/p>\n
sudo <\/span>dnf groupinstall 'Development Tools'<\/span>\r\nsudo <\/span>dnf install <\/span>cmake\r\n<\/code><\/pre>\n\u5feb\u901fTLS\u7684\u5b89\u88c5<\/h3>\n
\u542f\u7528kTLS<\/h4>\n
\u636e\u8bf4\u5c06TLS\u5904\u7406\u59d4\u6258\u7ed9\u5185\u6838\u53ef\u4ee5\u63d0\u9ad8\u6027\u80fd\uff0c\u6240\u4ee5\u6211\u60f3\u8bd5\u4e00\u8bd5\u3002<\/p>\n
sudo <\/span>modprobe tls\r\n<\/code><\/pre>\n\u5b89\u88c5\u5fc5\u8981\u7684\u8f6f\u4ef6\u5305<\/h4>\n
sudo <\/span>dnf install <\/span>perl wget gcc gcc-arm-linux-gnu tcp_wrappers\r\n<\/code><\/pre>\n\u4e0b\u8f7d\u6e90\u4ee3\u7801<\/h4>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>git clone https:\/\/github.com\/quictls\/openssl.git\r\ncd <\/span>openssl\r\nsudo <\/span>git submodule update --init<\/span>\r\n<\/code><\/pre>\n\u5b89\u88c5<\/h4>\n
sudo<\/span> .\/Configure enable-ktls\r\nsudo <\/span>make\r\nsudo <\/span>make install<\/span>\r\n<\/code><\/pre>\n\u8bbe\u7f6e\u5e93\u7684\u8def\u5f84<\/h4>\n
\u7531\u4e8e\/usr\/local\/lib64\u8def\u5f84\u6ca1\u6709\u88ab\u6b63\u786e\u8bbe\u7f6e\uff0c\u6240\u4ee5\u9700\u8981\u5c06\u5176\u6dfb\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d\u901a\u884c\u3002<\/p>\n
\/etc\/ld.so.conf.d\/\u5185\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u8ffd\u8a18<\/p>\n
\/usr\/local\/lib\r\n\/usr\/local\/lib64\r\n<\/code><\/pre>\nsudo ldconfig\u3067\u53cd\u6620<\/p>\n
openssl version\u3092\u5b9f\u884c\u3057\u3001\u30d0\u30fc\u30b8\u30e7\u30f3\u306b+quic\u304c\u3064\u3044\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b<\/p>\n
\u7559\u4e0bquictls\u7684\u6e90\u4ee3\u7801\u4f9b\u5728\u6784\u5efaNginx\u65f6\u4f7f\u7528\u3002<\/p>\n
\u51c6\u5907AWS\u4ee3\u7406\u6a21\u5757<\/h3>\n
\u542c\u8bf4Wasabi\u65e0\u6cd5\u8fdb\u884c\u516c\u5171\u8bbf\u95ee\uff0c\u5e76\u4e14\u4f3c\u4e4e\u65e0\u6cd5\u6b63\u5e38\u4f7f\u7528SigV4\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6362\u53e5\u8bdd\u8bf4\uff0c\u5b83\u4e0d\u8d77\u4f5c\u7528\u3002<\/p>\n
<\/p>\n
\u7531\u4e8e\u6ca1\u6709\u529e\u6cd5\uff0c\u4e3a\u4e86\u80fd\u591f\u4f7f\u7528SigV2\u8fdb\u884c\u8ba4\u8bc1\uff0c\u9700\u8981\u5c06\u6a21\u5757\u66f4\u6539\u4e3aV2\u5206\u652f\u7684\u7248\u672c\u3002<\/p>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>git clone https:\/\/github.com\/anomalizer\/ngx_aws_auth.git\r\ncd <\/span>ngx_aws_auth\r\nsudo <\/span>git checkout AuthV2\r\n<\/code><\/pre>\n\u7531\u4e8e\u8fd9\u662f\u4e00\u4e2a\u65e7\u7684\u7a0b\u5e8f\uff0c\u5982\u679c\u4fdd\u6301\u4e0d\u53d8\uff0c\u5c06\u65e0\u6cd5\u5728\u5f53\u524d\u7684Nginx\u6784\u5efa\u8fc7\u7a0b\u4e2d\u8fd0\u884c\u3002
\n\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff0c\u4e8b\u5148\u5bf9\u4ee3\u7801\u8fdb\u884c\u90e8\u5206\u66f4\u6539\u3002<\/p>\nsudo sed<\/span> -i<\/span> -e<\/span> 's\/\\(ngx_http_variable_unknown_header(\\)\\(val\\)\/\\1r, \\2\/'<\/span> ngx_http_aws_auth_module.c\r\n<\/code><\/pre>\n\u63d0\u4f9bBrotli\u538b\u7f29\u6a21\u5757<\/h3>\n
\u542c\u8bf4\u901a\u4fe1\u91cf\u8981\u51cf\u5c11\uff1f\u90a3\u5c31\u8d81\u673a\u8bd5\u8bd5\u770b\u3002<\/p>\n
<\/p>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>git clone https:\/\/github.com\/google\/ngx_brotli.git\r\ncd <\/span>ngx_brotli\r\nsudo <\/span>git submodule update --init<\/span>\r\n<\/code><\/pre>\n\u5b89\u88c5Nginx<\/h3>\n
\u6dfb\u52a0\u7528\u6237<\/h4>\n
sudo <\/span>useradd --system<\/span> --comment<\/span> 'Nginx web server'<\/span> --home-dir<\/span> \/var\/local\/lib\/nginx --shell<\/span> \/sbin\/nologin nginx\r\n<\/code><\/pre>\n\u5b89\u88c5\u6240\u9700\u7684\u8f6f\u4ef6\u5305<\/h4>\n
\u7531\u4e8e\u8fc7\u5ea6\u914d\u7f6e\u9009\u9879\uff0c\u5bfc\u81f4\u6240\u9700\u7684\u8f6f\u4ef6\u5305\u6570\u91cf\u589e\u52a0\u3002\u5982\u679c\u4e0d\u9700\u8981\u7684\u8bdd\uff0c\u4e5f\u8bb8\u53ef\u4ee5\u5220\u9664\u9009\u9879\u3002<\/p>\n
sudo <\/span>dnf install <\/span>pcre-devel libxslt-devel gd-devel GeoIP-devel gperftools\r\n<\/code><\/pre>\n\u8bf7\u4e0b\u8f7d\u8d44\u6e90\u3002<\/h4>\n
\u5728\u4e0b\u8f7d\u7f51\u7ad9\u4e0a\u67e5\u770b\u516c\u5f0f\u7684\u7248\u672c\u4fe1\u606f\uff0c\u7136\u540e\u4e0b\u8f7d\u76f8\u5e94\u7684\u7248\u672c\u3002<\/p>\n
cd<\/span> \/usr\/local\/src\r\nsudo <\/span>curl -O<\/span> https:\/\/nginx.org\/download\/nginx-1.25.2.tar.gz\r\nsudo tar <\/span>xvf nginx-1.25.2.tar.gz\r\ncd <\/span>nginx-1.25.2\r\n<\/code><\/pre>\n\u8fdb\u884c\u914d\u7f6e<\/h4>\n
\u7531\u4e8e\u8bd5\u9519\u7684\u7ed3\u679c\uff0c\u6211\u4eec\u9009\u62e9\u4e86\u4ee5\u4e0b\u9009\u9879\u8fdb\u884c\u6267\u884c\u3002\u7531\u4e8e\u5bf9\u7ec6\u8282\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u6240\u4ee5\u7701\u7565\u3002<\/p>\n
sudo<\/span> .\/configure \\<\/span>\r\n--prefix<\/span>=<\/span>\/var\/local\/nginx \\<\/span>\r\n--sbin-path<\/span>=<\/span>\/usr\/local\/sbin\/nginx \\<\/span>\r\n--modules-path<\/span>=<\/span>\/usr\/local\/lib64\/nginx\/modules \\<\/span>\r\n--conf-path<\/span>=<\/span>\/usr\/local\/etc\/nginx\/nginx.conf \\<\/span>\r\n--error-log-path<\/span>=<\/span>\/var\/local\/log\/nginx\/error.log \\<\/span>\r\n--http-log-path<\/span>=<\/span>\/var\/local\/log\/nginx\/access.log \\<\/span>\r\n--http-client-body-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/client_body \\<\/span>\r\n--http-proxy-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/proxy \\<\/span>\r\n--http-fastcgi-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/fastcgi \\<\/span>\r\n--http-uwsgi-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/uwsgi \\<\/span>\r\n--http-scgi-temp-path<\/span>=<\/span>\/var\/local\/lib\/nginx\/tmp\/scgi \\<\/span>\r\n--pid-path<\/span>
<\/p>\n
- \n
- \n
<\/p>\n
- Cloudflare<\/ul>\n
\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5<\/h2>\n\u521b\u5efaVPS\u5b9e\u4f8b<\/h3>\n
\u767b\u5f55KAGOYA\u4e91VPS\u63a7\u5236\u9762\u677f\u3002
\n\u4e3a\u4e86\u4f7f\u7528\u4e0d\u5728\u6a21\u677f\u4e2d\u7684\u8f6f\u4ef6\u5305\uff0c\u4e0a\u4f20Fedora\u7684ISO\u6620\u50cf\u3002
\n\u590d\u5236\u7c98\u8d34\u5230Fedora\u4e0b\u8f7d\u9875\u9762\u7684ISO\u5b9e\u9645URL\u3002
\n\u7531\u4e8eISO\u6620\u50cf\u4f1a\u57281\u5929\u540e\u6d88\u5931\uff0c\u56e0\u6b64\u540d\u79f0\u53ef\u4ee5\u4efb\u610f\u8bbe\u7f6e\u3002<\/p>\n
<\/div>\n\u8f6c\u5230\u201c\u521b\u5efa\u5b9e\u4f8b\u201d\u9875\u9762\uff0c\u9009\u62e9\u5df2\u4e0a\u4f20\u5230ISO\u6620\u50cf\u7684\u56fe\u50cf\u3002
\n\u9009\u62e9\u4ee5CPU 2\u6838 \/ \u5185\u5b582GB \/ \u5b58\u50a8200GB\u4e3a\u89c4\u683c\u7684\u5b9e\u4f8b\u3002\uff08\u9274\u4e8e\u6b64\u6b21\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\uff0c\u53ef\u80fd\u4e0d\u9700\u8981\u9009\u62e9\u5927\u5bb9\u91cf\u7684\u5b58\u50a8\u3002\uff09
\nvirtio\u4fdd\u6301\u9ed8\u8ba4\u8bbe\u7f6e\u5373\u53ef\u3002
\n\u8f93\u5165\u63a7\u5236\u53f0\u767b\u5f55\u5bc6\u7801\u548c\u5b9e\u4f8b\u540d\u79f0\uff08\u4e3a\u4e86\u7ba1\u7406VPS\uff0c\u540d\u79f0\u53ef\u4ee5\u968f\u610f\uff09\uff0c\u7136\u540e\u521b\u5efa\u5b9e\u4f8b\u3002
\n\u521b\u5efa\u5b9e\u4f8b\u540e\uff0c\u8f6c\u5230\u5b9e\u4f8b\u4fe1\u606f\u9875\u9762\uff0c\u786e\u8ba4\u5206\u914d\u7684IPv4\u548cIPv6\u5730\u5740\u3002<\/p>\n
DNS\u8bb0\u5f55\u6ce8\u518c<\/h3>\n\u6b63\u5f15\u304d \u7684\u610f\u601d\u662f\u201c\u53e4\u65f6\u5019\u8239\u6216\u6c7d\u8f66\u4ece\u80cc\u9762\u53cd\u65b9\u5411\u9a76\u79bb\u201d\u3002<\/h4>\n
\u767b\u5f55Gandi.net\uff0c\u5728\u76ee\u6807\u57df\u540d\u4e2d\u6dfb\u52a0\u4e00\u4e2aA\u8bb0\u5f55\uff08IPv4\uff09\u548c\u4e00\u4e2aAAAA\u8bb0\u5f55\uff08IPv6\uff09\u3002TTL\u4fdd\u6301\u9ed8\u8ba4\u503c\u5373\u53ef\u3002<\/p>\n
\u9006\u5f15\u304d can be paraphrased in Chinese as “\u53cd\u5411\u641c\u7d22” .<\/h4>\n
\u5728KAGOYA\u7684\u5b9e\u4f8b\u4fe1\u606f\u7684\u9006\u5f15\u8bbe\u7f6e\u5904\u8f93\u5165\u57df\u540d\u3002<\/p>\n
“\u5b89\u88c5”<\/h3>\n
\u5f53\u60a8\u542f\u52a8\u63a7\u5236\u53f0\u65f6\uff0c\u5c06\u5f39\u51fa\u4e00\u4e2a\u663e\u793a\u63a7\u5236\u53f0\u7684\u5f39\u7a97\u3002
\n\u7531\u4e8e\u67d0\u4e9b\u6d4f\u89c8\u5668\u4f1a\u5c06\u5f39\u7a97\u963b\u6b62\u4e00\u6b21\uff0c\u60a8\u53ef\u4ee5\u5728\u6388\u6743\u540e\u518d\u6b21\u542f\u52a8\u3002
\n\u6b64\u5916\uff0c\u7531\u4e8e\u5c4f\u5e55\u5f88\u5feb\u4f1a\u8d85\u65f6\uff0c\u60a8\u53ef\u4ee5\u6bcf\u6b21\u6309\u4e0bF5\u6216Ctrl+R\u6765\u91cd\u65b0\u52a0\u8f7d\u9875\u9762\uff0c\u6216\u8005\u91cd\u65b0\u6253\u5f00\u7a97\u53e3\u3002<\/p>\n
\u786e\u8ba4Fedora\u5b89\u88c5\u754c\u9762\u662f\u5426\u663e\u793a\u3002<\/p>\n
\u8bed\u8a00\u8bbe\u7f6e<\/h4>\n
\u7531\u4e8e\u8f6c\u6362\u4e3a\u65e5\u8bed\u53ef\u80fd\u4f1a\u7a0d\u5fae\u9ebb\u70e6\uff0c\u6240\u4ee5\u8bf7\u7ee7\u7eed\u4f7f\u7528\u82f1\u8bed\u3002<\/p>\n
<\/div>\n\u5b89\u88c5\u6982\u8ff0<\/h4>\n
\u6309\u7167\u4ee5\u4e0b\u8bbe\u5b9a\u7684\u987a\u5e8f\u8fdb\u884c\u8bb0\u8ff0\u3002<\/p>\n
<\/div>\n\u952e\u76d8<\/h5>\n
\u6839\u636e\u81ea\u5df1\u4f7f\u7528\u7684\u952e\u76d8\u9009\u62e9\u82f1\u8bed\uff08\u7f8e\u56fd\uff09\u6216\u65e5\u8bed\u3002\uff08\u5b9e\u9645\u4e0a\uff0c\u7531\u4e8e\u51e0\u4e4e\u90fd\u662f\u4f7f\u7528SSH\u64cd\u4f5c\uff0c\u9664\u4e86\u6700\u521d\u7684\u5bc6\u7801\u8f93\u5165\u5916\uff0c\u952e\u76d8\u5e76\u4e0d\u592a\u76f8\u5173\u3002\uff09<\/p>\n
\u8bed\u8a00\u652f\u6301<\/h5>\n
\u6682\u65f6\u589e\u52a0\u4e00\u9879\u65e5\u8bed\uff08\u65e5\u672c\uff09\u5185\u5bb9\u3002<\/p>\n
\u8f6f\u4ef6\u9009\u62e9<\/h5>\n
\u786e\u8ba4\u5df2\u9009\u62e9 Fedora \u670d\u52a1\u5668\u7248\u3002<\/p>\n
\u5b89\u88c5\u76ee\u6807\u5730\u70b9<\/h5>\n
\u9009\u62e9Custom\u5e76\u70b9\u51fbDone\u3002<\/p>\n
\u8fdb\u5165\u5206\u533a\u521b\u5efa\u754c\u9762\uff0c\u9996\u5148\u9009\u62e9LVM\u81ea\u52a8\u521b\u5efa(\u70b9\u51fb\u6b64\u5904\u81ea\u52a8\u521b\u5efa)\u3002<\/p>\n
BIOS Boot\u3001\/boot\u3001\/\u8fd9\u4e09\u4e2a\u5206\u533a\u5c06\u81ea\u52a8\u521b\u5efa\u3002<\/p>\n
\u7531\u4e8e2GB\u7684\u5185\u5b58\u4e0d\u8db3\u4ee5\u6784\u5efaMisskey\uff0c\u56e0\u6b64\u4f7f\u7528”+”\u6765\u521b\u5efaswap\u3002\u7531\u4e8e\u6b64\u6b21\u4f7f\u7528\u4e86\u5927\u5bb9\u91cf\u7684\u5b58\u50a8\uff0c\u6240\u4ee5\u521b\u5efa\u4e86\u7a0d\u5fae\u591a\u4e00\u70b9\u76848GiB\u3002<\/p>\n
\u7136\u540e\uff0c\u5728Desired Capacity\u7684\/\u5206\u533a\u5904\u586b\u5165\u975e\u5e38\u5927\u7684\u503c\u5e76\u70b9\u51fbUpdate\uff0c\u5269\u4f59\u7684\u5168\u90e8\u5bb9\u91cf\u5c06\u81ea\u52a8\u5206\u914d\u3002<\/p>\n
<\/div>\n\u7f51\u7edc\u548c\u4e3b\u673a\u540d<\/h5>\n
\u5728\u4ee5\u592a\u7f51\uff08ens3\uff09\u88ab\u9009\u62e9\u72b6\u6001\u4e0b\uff0c\u70b9\u51fb\u201c\u914d\u7f6e\u201d\u3002<\/p>\n
IPv4 \u914d\u7f6e<\/h6>\n\n\u9805\u76ee\u5024MethodManualAddress\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eIPv4\u306eIPNetmask\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306e\u30b5\u30d6\u30cd\u30c3\u30c8Gateway\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306e\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4DNS servers\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eDNS\u3001
\n\u307e\u305f\u306f\u304a\u597d\u304d\u306aDNS\u30b5\u30fc\u30d0\u306eIP\u3092\u30ab\u30f3\u30de(,)\u5f62\u5f0f\u3067\u5165\u529b<\/div>\n<\/div>\nIPv6\u8bbe\u7f6e<\/h6>\n\n\u9805\u76ee\u5024MethodManualAddress\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eIPv6\u306eIPPrefix64GatewayIPv6\u306e\u5148\u982d4\u3064\u90e8\u5206\u306b::1\u3092\u4ed8\u52a0 (xxxx:yyyy:zzzz:wwww::1)DNS servers\u304a\u597d\u304d\u306aDNS\u30b5\u30fc\u30d0\u306eIP\u3092\u30ab\u30f3\u30de(,)\u5f62\u5f0f\u3067\u5165\u529b<\/div>\n<\/div>\n\u4e00\u65e6\u5b8c\u6210\u8f93\u5165\u4e4b\u540e\uff0c\u8bf7\u4fdd\u5b58\u5e76\u6fc0\u6d3b\u3002\u5982\u679cDNS\u8bb0\u5f55\u5df2\u7ecf\u751f\u6548\uff0c\u5219\u5728\u5f53\u524d\u4e3b\u673a\u540d\u5904\u4f1a\u663e\u793a\u57df\u540d\u3002
\n\u5982\u679c\u663e\u793a\u4e86\u201ckagoya\u201d\u7684\u5185\u5bb9\uff0c\u5219\u8bf7\u5728\u4e3b\u673a\u540d\u5904\u8f93\u5165\u8981\u4f7f\u7528\u7684\u57df\u540d\u5e76\u5e94\u7528\u3002<\/p>\n
\u65f6\u95f4\u548c\u65e5\u671f<\/h5>\n
\u70b9\u51fb\u65e5\u672c\u5730\u533a\u3002\u786e\u4fdd\u65f6\u533a\u8bbe\u7f6e\u4e3aAsia\/Tokyo\uff0c\u7f51\u7edc\u65f6\u95f4\u5df2\u542f\u7528\u3002<\/p>\n
\u7528\u6237\u521b\u5efa<\/h5>\n
\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u786e\u8ba4\u4e24\u4e2a\u590d\u9009\u6846\u90fd\u88ab\u9009\u4e2d\u3002<\/p>\n
\u5f00\u59cb\u5b89\u88c5<\/h5>\n
\u5728\u4ee5\u4e0a\u7684\u8bbe\u7f6e\u4e0b\uff0c\u70b9\u51fb\u201cBegin Installation\u201d\u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5\u3002
\n\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u201cReboot System\u201d\u91cd\u65b0\u542f\u52a8\u3002
\n\u786e\u4fdd\u5b89\u88c5\u7684\u64cd\u4f5c\u7cfb\u7edf\u6210\u529f\u542f\u52a8\u3002<\/p>\n
SSH\u8fde\u63a5\u8bbe\u7f6e<\/h2>\n
\u4f7f\u7528\u624b\u5934\u7684\u7ec8\u7aef\u8f6f\u4ef6\u8fdb\u884cSSH\u8fde\u63a5\uff0c\u4e3a\u4e86\u52a0\u5f3a\u5b89\u5168\u6027\uff0c\u66f4\u6539SSH\u7684\u7aef\u53e3\u53f7\u5e76\u5207\u6362\u5230\u516c\u94a5\u8ba4\u8bc1\u3002<\/p>\n
\u516c\u958b\u5bc6\u94a5\u52a0\u5bc6<\/h3>\n\u6dfb\u52a0\u65b0\u7684\u9470\u5319<\/h4>\n\n
\n\u307e\u305f\u306f\u304a\u597d\u304d\u306aDNS\u30b5\u30fc\u30d0\u306eIP\u3092\u30ab\u30f3\u30de(,)\u5f62\u5f0f\u3067\u5165\u529b<\/div>\n<\/div>\n
IPv6\u8bbe\u7f6e<\/h6>\n\n\u9805\u76ee\u5024MethodManualAddress\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u753b\u9762\u306eIPv6\u306eIPPrefix64GatewayIPv6\u306e\u5148\u982d4\u3064\u90e8\u5206\u306b::1\u3092\u4ed8\u52a0 (xxxx:yyyy:zzzz:wwww::1)DNS servers\u304a\u597d\u304d\u306aDNS\u30b5\u30fc\u30d0\u306eIP\u3092\u30ab\u30f3\u30de(,)\u5f62\u5f0f\u3067\u5165\u529b<\/div>\n<\/div>\n\u4e00\u65e6\u5b8c\u6210\u8f93\u5165\u4e4b\u540e\uff0c\u8bf7\u4fdd\u5b58\u5e76\u6fc0\u6d3b\u3002\u5982\u679cDNS\u8bb0\u5f55\u5df2\u7ecf\u751f\u6548\uff0c\u5219\u5728\u5f53\u524d\u4e3b\u673a\u540d\u5904\u4f1a\u663e\u793a\u57df\u540d\u3002
\n\u5982\u679c\u663e\u793a\u4e86\u201ckagoya\u201d\u7684\u5185\u5bb9\uff0c\u5219\u8bf7\u5728\u4e3b\u673a\u540d\u5904\u8f93\u5165\u8981\u4f7f\u7528\u7684\u57df\u540d\u5e76\u5e94\u7528\u3002<\/p>\n
\u65f6\u95f4\u548c\u65e5\u671f<\/h5>\n
\u70b9\u51fb\u65e5\u672c\u5730\u533a\u3002\u786e\u4fdd\u65f6\u533a\u8bbe\u7f6e\u4e3aAsia\/Tokyo\uff0c\u7f51\u7edc\u65f6\u95f4\u5df2\u542f\u7528\u3002<\/p>\n
\u7528\u6237\u521b\u5efa<\/h5>\n
\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u786e\u8ba4\u4e24\u4e2a\u590d\u9009\u6846\u90fd\u88ab\u9009\u4e2d\u3002<\/p>\n
\u5f00\u59cb\u5b89\u88c5<\/h5>\n
\u5728\u4ee5\u4e0a\u7684\u8bbe\u7f6e\u4e0b\uff0c\u70b9\u51fb\u201cBegin Installation\u201d\u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5\u3002
\n\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u201cReboot System\u201d\u91cd\u65b0\u542f\u52a8\u3002
\n\u786e\u4fdd\u5b89\u88c5\u7684\u64cd\u4f5c\u7cfb\u7edf\u6210\u529f\u542f\u52a8\u3002<\/p>\n
SSH\u8fde\u63a5\u8bbe\u7f6e<\/h2>\n
\u4f7f\u7528\u624b\u5934\u7684\u7ec8\u7aef\u8f6f\u4ef6\u8fdb\u884cSSH\u8fde\u63a5\uff0c\u4e3a\u4e86\u52a0\u5f3a\u5b89\u5168\u6027\uff0c\u66f4\u6539SSH\u7684\u7aef\u53e3\u53f7\u5e76\u5207\u6362\u5230\u516c\u94a5\u8ba4\u8bc1\u3002<\/p>\n
\u516c\u958b\u5bc6\u94a5\u52a0\u5bc6<\/h3>\n\u6dfb\u52a0\u65b0\u7684\u9470\u5319<\/h4>\n\n
\u4e00\u65e6\u5b8c\u6210\u8f93\u5165\u4e4b\u540e\uff0c\u8bf7\u4fdd\u5b58\u5e76\u6fc0\u6d3b\u3002\u5982\u679cDNS\u8bb0\u5f55\u5df2\u7ecf\u751f\u6548\uff0c\u5219\u5728\u5f53\u524d\u4e3b\u673a\u540d\u5904\u4f1a\u663e\u793a\u57df\u540d\u3002
\n\u5982\u679c\u663e\u793a\u4e86\u201ckagoya\u201d\u7684\u5185\u5bb9\uff0c\u5219\u8bf7\u5728\u4e3b\u673a\u540d\u5904\u8f93\u5165\u8981\u4f7f\u7528\u7684\u57df\u540d\u5e76\u5e94\u7528\u3002<\/p>\n
\u65f6\u95f4\u548c\u65e5\u671f<\/h5>\n
\u70b9\u51fb\u65e5\u672c\u5730\u533a\u3002\u786e\u4fdd\u65f6\u533a\u8bbe\u7f6e\u4e3aAsia\/Tokyo\uff0c\u7f51\u7edc\u65f6\u95f4\u5df2\u542f\u7528\u3002<\/p>\n
\u7528\u6237\u521b\u5efa<\/h5>\n
\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u786e\u8ba4\u4e24\u4e2a\u590d\u9009\u6846\u90fd\u88ab\u9009\u4e2d\u3002<\/p>\n
\u5f00\u59cb\u5b89\u88c5<\/h5>\n
\u5728\u4ee5\u4e0a\u7684\u8bbe\u7f6e\u4e0b\uff0c\u70b9\u51fb\u201cBegin Installation\u201d\u6309\u94ae\uff0c\u5f00\u59cb\u5b89\u88c5\u3002
\n\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u201cReboot System\u201d\u91cd\u65b0\u542f\u52a8\u3002
\n\u786e\u4fdd\u5b89\u88c5\u7684\u64cd\u4f5c\u7cfb\u7edf\u6210\u529f\u542f\u52a8\u3002<\/p>\n
SSH\u8fde\u63a5\u8bbe\u7f6e<\/h2>\n
\u4f7f\u7528\u624b\u5934\u7684\u7ec8\u7aef\u8f6f\u4ef6\u8fdb\u884cSSH\u8fde\u63a5\uff0c\u4e3a\u4e86\u52a0\u5f3a\u5b89\u5168\u6027\uff0c\u66f4\u6539SSH\u7684\u7aef\u53e3\u53f7\u5e76\u5207\u6362\u5230\u516c\u94a5\u8ba4\u8bc1\u3002<\/p>\n
\u516c\u958b\u5bc6\u94a5\u52a0\u5bc6<\/h3>\n\u6dfb\u52a0\u65b0\u7684\u9470\u5319<\/h4>\n\n
- \n