Skip to content

Instantly share code, notes, and snippets.

@FishHawk

FishHawk/机翻站部署流程.md

Last active June 8, 2025 11:42
Show Gist options
  • Save FishHawk/796cd6b8ebb27767d19b0a46b995d819 to your computer and use it in GitHub Desktop.
Save FishHawk/796cd6b8ebb27767d19b0a46b995d819 to your computer and use it in GitHub Desktop.
Download ZIP
机翻站部署流程
Raw
机翻站部署流程.md

机翻站部署流程

服务器准备

apt install vim
> /etc/motd # 清空登录信息

https://github.com/yboetz/motd

关闭 ssh 密码登录

shuf -i 10000-60000 -n 1 # 生成随机端口

vim /etc/ssh/sshd_config
# Port 47679
# PasswordAuthentication no

systemctl restart sshd

使用以下命令测试:

ssh [email protected] -o PubkeyAuthentication=no -o PreferredAuthentications=password

配置防火墙

注意要改 ssh 的端口号

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority 0; policy drop;
                ct state invalid counter drop comment "early drop of invalid packets"
                ct state {established, related} counter accept comment "accept all connections related to connections made by us"
                iif lo accept comment "accept loopback"
                iif != lo ip daddr 127.0.0.1/8 counter drop comment "drop connections to loopback not coming from loopback"
                iif != lo ip6 daddr ::1/128 counter drop comment "drop connections to loopback not coming from loopback"
                ip protocol icmp counter accept comment "accept all ICMP types"
                meta l4proto ipv6-icmp counter accept comment "accept all ICMP types"
                udp dport mdns ip daddr 224.0.0.251 counter accept comment "IPv4 mDNS"
                udp dport mdns ip6 daddr ff02::fb counter accept comment "IPv6 mDNS"
                tcp dport 47679 counter accept comment "accept SSH"
                counter comment "count dropped packets"
        }

        chain forward {
                type filter hook forward priority 0; policy accept;
        }

        chain postrouting {
                type nat hook postrouting priority srcnat; policy accept;
                iifname "docker0" masquerade
                iifname "br-*" masquerade 
        }
}

vim /etc/nftables.conf
systemctl restart nftable

部署网站

安装 docker

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install the Docker packages:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

安装 ES 插件

cd auto-novel
mkdir -p data/es/plugins
chmod 777 -R data/es/plugins
chmod 777 -R data/es/data
docker run --rm -it --entrypoint bash -v ${PWD}/data/es/plugins:/usr/share/elasticsearch/plugins elasticsearch:8.6.1

# In container
bin/elasticsearch-plugin install analysis-icu

启动网站

cd auto-novel
vim docker-compose.yml
vim .env
docker-compose up -d

使用以下命令测试:

curl http://127.0.0.1

上线网站

安装 Cloudflared

# Add Cloudflare's package signing key:
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

# Add Cloudflare's apt repo to your apt repositories:
echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

# Update repositories and install cloudflared:
sudo apt-get update && sudo apt-get install cloudflared
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment