From 3c5246afb562416c6c005eadebf4bac3179ac41e Mon Sep 17 00:00:00 2001 From: Joywayer Date: Fri, 24 Apr 2026 11:13:49 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0rustdesk?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 44 +++-- joplin/.env.example | 62 ++++++ joplin/README.md | 365 +++++++++++++++++++++++++++++++++++ joplin/backup.sh | 79 ++++++++ joplin/deploy.sh | 191 ++++++++++++++++++ joplin/docker-compose.yml | 66 +++++++ joplin/nginx/joplin.conf | 58 ++++++ joplin/uninstall.sh | 158 +++++++++++++++ portainer/docker-compose.yml | 6 +- rustdesk/.env.example | 28 +++ rustdesk/README.md | 150 ++++++++++++++ rustdesk/backup.sh | 69 +++++++ rustdesk/deploy.sh | 233 ++++++++++++++++++++++ rustdesk/docker-compose.yml | 44 +++++ rustdesk/nginx/rustdesk.conf | 76 ++++++++ rustdesk/uninstall.sh | 168 ++++++++++++++++ siyuan/docker-compose.yml | 2 +- 17 files changed, 1780 insertions(+), 19 deletions(-) create mode 100644 joplin/.env.example create mode 100644 joplin/README.md create mode 100644 joplin/backup.sh create mode 100644 joplin/deploy.sh create mode 100644 joplin/docker-compose.yml create mode 100644 joplin/nginx/joplin.conf create mode 100644 joplin/uninstall.sh create mode 100644 rustdesk/.env.example create mode 100644 rustdesk/README.md create mode 100644 rustdesk/backup.sh create mode 100644 rustdesk/deploy.sh create mode 100644 rustdesk/docker-compose.yml create mode 100644 rustdesk/nginx/rustdesk.conf create mode 100644 rustdesk/uninstall.sh diff --git a/README.md b/README.md index 2a1cb99..a7b82ff 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ | [gitea/](gitea/) | Git 代码托管(Gitea + MySQL 8.4) | 443, 2222 | | [certd/](certd/) | SSL 证书自动化管理(Certd) | 443 | | [vaultwarden/](vaultwarden/) | 密码管理器(Vaultwarden / Bitwarden 兼容) | 443 | +| [joplin/](joplin/) | 笔记同步服务器(Joplin Server + PostgreSQL) | 443 | | [siyuan/](siyuan/) | 知识管理笔记(思源笔记 SiYuan) | 443 | | [portainer/](portainer/) | Docker 可视化管理(Portainer CE) | 443 | @@ -21,14 +22,14 @@ │ (系统包) │ ← Let's Encrypt 证书 └──────┬──────┘ │ - ┌──────────────┬───────┼───────┬──────────────┐ - │ │ │ │ │ - ┌──────▼──────┐ ┌────▼────┐ ┌▼─────┐ ┌▼─────────┐ ┌─▼────────┐ - │ Gitea │ │ Certd │ │SiYuan│ │Vaultwarden│ │Portainer │ - │ :3000(内部) │ │ :7001 │ │:6806 │ │ :8080 │ │ :9000 │ - │ + MySQL 8.4 │ │ │ │ │ │ │ │ │ - └─────────────┘ └─────────┘ └──────┘ └───────────┘ └──────────┘ - Docker Docker Docker Docker Docker + ┌──────────┬──────────┬───────┼───────┬──────────┬──────────┐ + │ │ │ │ │ │ │ + ┌──▼───────┐ ┌▼───────┐ ┌▼─────┐ ┌▼─────┐ ┌▼────────┐ ┌▼────────┐ + │ Gitea │ │ Certd │ │Joplin│ │SiYuan│ │Vaultwar.│ │Portainer│ + │:3000(内) │ │ :7001 │ │:22300│ │:6806 │ │ :8080 │ │ :9000 │ + │+MySQL 8.4│ │ │ │+PgSQL│ │ │ │ │ │ │ + └──────────┘ └────────┘ └──────┘ └──────┘ └─────────┘ └─────────┘ + Docker Docker Docker Docker Docker Docker ``` 所有服务通过 Nginx 反向代理提供 HTTPS 访问,容器端口仅监听 `127.0.0.1`。 @@ -56,6 +57,12 @@ docker/ │ ├── backup.sh │ ├── nginx/certd.conf │ └── README.md +├── joplin/ # Joplin Server 笔记同步 +│ ├── docker-compose.yml # Joplin Server + PostgreSQL 容器编排 +│ ├── deploy.sh # 部署脚本(依赖 base/) +│ ├── backup.sh +│ ├── nginx/joplin.conf +│ └── README.md ├── vaultwarden/ # Vaultwarden 密码管理 │ ├── docker-compose.yml │ ├── deploy.sh # 部署脚本(依赖 base/) @@ -82,7 +89,7 @@ docker/ ```bash # 1. 上传所有文件到服务器 -scp -r base/ gitea/ certd/ vaultwarden/ siyuan/ portainer/ root@:/opt/ +scp -r base/ gitea/ certd/ joplin/ vaultwarden/ siyuan/ portainer/ root@:/opt/ # 2. 安装基础环境 ssh root@ @@ -102,19 +109,25 @@ bash deploy.sh vi .env bash deploy.sh -# 5. 部署 Vaultwarden +# 5. 部署 Joplin Server +cd /opt/joplin +bash deploy.sh +vi .env +bash deploy.sh + +# 6. 部署 Vaultwarden cd /opt/vaultwarden bash deploy.sh vi .env bash deploy.sh -# 6. 部署 SiYuan +# 7. 部署 SiYuan cd /opt/siyuan bash deploy.sh vi .env bash deploy.sh -# 7. 部署 Portainer(Docker 可视化管理) +# 8. 部署 Portainer(Docker 可视化管理) cd /opt/portainer bash deploy.sh vi .env @@ -160,6 +173,7 @@ bash deploy.sh |------|------|----------| | Gitea | `git.example.com` | A → 服务器 IP | | Certd | `cert.example.com` | A → 服务器 IP | +| Joplin | `joplin.example.com` | A → 服务器 IP | | Vaultwarden | `vault.example.com` | A → 服务器 IP | | SiYuan | `note.example.com` | A → 服务器 IP | @@ -174,6 +188,9 @@ cd /opt/gitea && docker compose ps # Certd cd /opt/certd && docker compose ps +# Joplin +cd /opt/joplin && docker compose ps + # Vaultwarden cd /opt/vaultwarden && docker compose ps @@ -186,6 +203,7 @@ cd /opt/siyuan && docker compose ps ```bash cd /opt/gitea && bash backup.sh cd /opt/certd && bash backup.sh +cd /opt/joplin && bash backup.sh cd /opt/vaultwarden && bash backup.sh cd /opt/siyuan && bash backup.sh ``` @@ -204,7 +222,7 @@ certbot renew --dry-run ## 注意事项 -- **Gitea 的 deploy.sh 是自包含的**,不依赖 base/(历史兼容)。Certd、Vaultwarden 和 SiYuan 依赖 base/。 +- **Gitea 的 deploy.sh 是自包含的**,不依赖 base/(历史兼容)。Certd、Joplin、Vaultwarden 和 SiYuan 依赖 base/。 - 所有容器端口仅监听 `127.0.0.1`,通过 Nginx 反向代理对外提供 HTTPS 服务。 - `.env` 文件包含敏感信息,不要提交到公开仓库。 - 首次部署每个服务时需要运行两次 `deploy.sh`:第一次生成 `.env`,修改配置后第二次正式部署。 diff --git a/joplin/.env.example b/joplin/.env.example new file mode 100644 index 0000000..8ef0e14 --- /dev/null +++ b/joplin/.env.example @@ -0,0 +1,62 @@ +# ===== Joplin Server 基础配置 ===== + +# Joplin 访问域名(必须修改) +JOPLIN_DOMAIN=joplin.example.com + +# Let's Encrypt 邮箱(必须修改) +CERTBOT_EMAIL=admin@example.com + +# ===== 数据库配置 ===== + +# PostgreSQL 密码(必须修改为强密码) +POSTGRES_PASSWORD=changeme + +# PostgreSQL 数据库名 +POSTGRES_DATABASE=joplin + +# PostgreSQL 用户名 +POSTGRES_USER=joplin + +# ===== 镜像配置 ===== + +# Joplin Server 镜像 +JOPLIN_IMAGE=joplin/server:latest +# 使用固定版本号(推荐生产环境): +# JOPLIN_IMAGE=joplin/server:3.2.1 + +# PostgreSQL 镜像 +POSTGRES_IMAGE=postgres:16-alpine + +# ===== 目录配置 ===== + +# PostgreSQL 数据目录 +JOPLIN_DB_DIR=/data/joplin/db + +# 备份目录 +BACKUP_DIR=/var/backups/joplin + +# ===== 邮件配置(可选,用于密码重置等)===== + +# 是否启用邮件(0=禁用,1=启用) +MAILER_ENABLED=0 + +# SMTP 服务器 +MAILER_HOST=smtp.example.com + +# SMTP 端口 +MAILER_PORT=465 + +# SMTP 加密(tls 或 starttls) +MAILER_SECURITY=tls + +# SMTP 用户名 +MAILER_AUTH_USER= + +# SMTP 密码 +MAILER_AUTH_PASSWORD= + +# 发件人名称 +MAILER_NOREPLY_NAME=Joplin + +# 发件人邮箱 +MAILER_NOREPLY_EMAIL=noreply@example.com diff --git a/joplin/README.md b/joplin/README.md new file mode 100644 index 0000000..816c539 --- /dev/null +++ b/joplin/README.md @@ -0,0 +1,365 @@ +# Joplin Server 部署指南 + +开源笔记同步服务器,支持端到端加密,配合 Joplin 客户端实现多端同步。 + +## 功能特性 + +- 多端同步(Windows / macOS / Linux / Android / iOS) +- 端到端加密(E2EE) +- Markdown 编辑,完整笔记本管理 +- Web Clipper 浏览器剪藏 +- REST API 扩展 +- 丰富的插件生态 + +## 技术栈 + +| 组件 | 版本 | 说明 | +|------|------|------| +| Joplin Server | latest | 笔记同步服务器 | +| PostgreSQL | 16-alpine | 关系型数据库 | +| Nginx | 系统包 | 反向代理 + HTTPS 接入 | +| Docker | 最新版 | 容器运行环境 | + +## 前置条件 + +1. 一台 Linux 服务器(Ubuntu 22.04/24.04 推荐) +2. 一个已解析到服务器的域名(如 `joplin.example.com`) +3. 服务器 80/443 端口可从外网访问 +4. 至少 512MB 可用内存(PostgreSQL + Joplin Server) + +## 目录结构 + +``` +joplin/ +├── docker-compose.yml # 容器编排(Joplin Server + PostgreSQL) +├── .env.example # 配置模板 +├── deploy.sh # 一键部署脚本 +├── backup.sh # 备份脚本 +├── uninstall.sh # 完全卸载脚本 +├── nginx/ +│ └── joplin.conf # Nginx 反向代理配置 +└── README.md # 本文件 +``` + +服务器上的数据目录: + +``` +/data/joplin/db/ # PostgreSQL 数据 +/var/backups/joplin/ # 备份文件 +``` + +## 快速部署 + +### 第一步:上传文件到服务器 + +```bash +# 在本地执行,上传 joplin 目录 +scp -r joplin/ root@<服务器IP>:/opt/joplin + +# 如果服务器上还没有部署过 base(首台服务或全新服务器),还需上传 base +scp -r base/ root@<服务器IP>:/opt/base +``` + +### 第二步:登录服务器执行部署 + +```bash +ssh root@<服务器IP> + +# 如果是全新服务器,先安装基础环境 +cd /opt/base +cp .env.example .env +# 可选:编辑 .env 配置 Docker 镜像加速 +bash setup.sh + +# 部署 Joplin Server +cd /opt/joplin +bash deploy.sh +# 首次运行会生成 .env,按提示修改配置后重新运行 +vi .env +bash deploy.sh +``` + +### 第三步:配置域名解析 + +在域名服务商(如阿里云 DNS)添加 A 记录: + +| 记录类型 | 主机记录 | 记录值 | +|----------|----------|--------| +| A | joplin | `<服务器公网IP>` | + +### 第四步:登录管理后台 + +1. 浏览器访问 `https://joplin.yourdomain.com` +2. 默认账号: `admin@localhost` +3. 默认密码: `admin` + +> **⚠️ 安全提醒:请立即登录并修改默认密码!** + +## 配置说明 + +### .env 配置项 + +| 变量 | 说明 | 默认值 | +|------|------|--------| +| `JOPLIN_DOMAIN` | 访问域名 | 必填 | +| `CERTBOT_EMAIL` | Let's Encrypt 邮箱 | 必填 | +| `POSTGRES_PASSWORD` | 数据库密码 | 必填 | +| `POSTGRES_DATABASE` | 数据库名 | `joplin` | +| `POSTGRES_USER` | 数据库用户 | `joplin` | +| `JOPLIN_IMAGE` | Joplin Server 镜像 | `joplin/server:latest` | +| `POSTGRES_IMAGE` | PostgreSQL 镜像 | `postgres:16-alpine` | +| `JOPLIN_DB_DIR` | 数据库数据目录 | `/data/joplin/db` | +| `BACKUP_DIR` | 备份目录 | `/var/backups/joplin` | +| `MAILER_ENABLED` | 启用邮件 | `0` | + +## 客户端配置 + +### 桌面端(Windows / macOS / Linux) + +1. 下载 Joplin 桌面客户端:https://joplinapp.org/help/install +2. 打开设置 → 同步 +3. 同步目标选择 **Joplin Server** +4. 填写: + - **服务器 URL**: `https://joplin.yourdomain.com` + - **邮箱**: `admin@localhost`(或你修改后的邮箱) + - **密码**: 你的登录密码 +5. 点击「检查同步配置」确认连接成功 + +### Android + +从以下渠道下载 Joplin Android 客户端: + +- **GitHub Releases**: https://github.com/laurent22/joplin-android/releases (下载 `.apk`) +- **F-Droid**: 搜索 "Joplin" +- **Google Play**: 搜索 "Joplin" + +同步配置与桌面端相同。 + +### iOS + +从 App Store 搜索 "Joplin" 下载,同步配置与桌面端相同。 + +### 启用端到端加密(推荐) + +1. 在任意一个客户端中:设置 → 加密 → 启用端到端加密 +2. 设置加密密码(**务必牢记,丢失无法恢复数据**) +3. 其他客户端同步后会提示输入加密密码 + +> **注意**:启用 E2EE 后,Web 界面将无法查看笔记内容(因为服务器无法解密),仅客户端可用。 + +## 日常运维 + +### 查看日志 + +```bash +cd /opt/joplin +docker compose logs -f +docker compose logs -f joplin # 仅 Joplin Server +docker compose logs -f joplin-db # 仅 PostgreSQL +docker compose logs --tail 100 +``` + +### 备份 + +```bash +cd /opt/joplin +bash backup.sh +``` + +备份内容包括: +- PostgreSQL 数据库(使用 `pg_dump`,格式为 custom) +- 部署配置(`docker-compose.yml` + `.env` + `nginx/`) + +备份文件保存在 `/var/backups/joplin/`,自动清理 30 天前的旧备份。 + +### 恢复备份 + +```bash +# 查看可用备份 +ls /var/backups/joplin/ + +# 确保容器运行中 +cd /opt/joplin && docker compose up -d + +# 恢复数据库 +docker compose exec -T joplin-db pg_restore \ + -U joplin -d joplin --clean \ + < /var/backups/joplin/<日期>/joplin-db.dump + +# 重启服务 +docker compose restart +``` + +### 升级 + +```bash +cd /opt/joplin + +# 1. 备份当前数据 +bash backup.sh + +# 2. 拉取新镜像 +docker compose pull + +# 3. 停止旧容器并启动新容器 +docker compose down +docker compose up -d + +# 4. 检查运行状态 +docker compose ps +docker compose logs --tail 20 +``` + +### 停止 / 启动 + +```bash +cd /opt/joplin +docker compose down # 停止 +docker compose up -d # 启动 +docker compose restart # 重启 +``` + +## 用户管理 + +### 创建新用户 + +1. 以管理员登录 Web 界面 +2. 进入「Admin」→「Users」→「Add user」 +3. 填写邮箱和密码 + +### 修改管理员密码 + +1. 以 `admin@localhost` 登录 Web 界面 +2. 点击右上角用户图标 → Profile +3. 修改密码 + +## 完全卸载 + +如果需要从服务器上完全移除 Joplin Server,使用卸载脚本: + +```bash +cd /opt/joplin +bash uninstall.sh +``` + +脚本会**交互式确认**每个危险操作,按顺序执行: + +| 步骤 | 操作 | 确认方式 | +|------|------|----------| +| 0 | 卸载前备份(可选) | y/N | +| 1 | 停止并删除 Joplin + PostgreSQL 容器 | 输入 YES | +| 2 | 删除 Docker 镜像 | 自动 | +| 3 | 删除 Nginx 站点配置并重载 | 自动 | +| 4 | 删除 Let's Encrypt SSL 证书 | 自动 | +| 5 | 清理 Certbot 定时任务(仅当无其他证书时) | 自动 | +| 6 | 删除数据目录 | 输入 DELETE | +| 7 | 删除部署目录 `/opt/joplin` | y/N | + +**备份目录 `/var/backups/joplin/` 始终保留**,不会被删除。 + +
+手动卸载步骤(不使用脚本) + +```bash +cd /opt/joplin + +# 1. 建议先备份 +bash backup.sh + +# 2. 停止并删除容器 +docker compose down -v + +# 3. 删除 Docker 镜像(可选) +docker image rm joplin/server:latest postgres:16-alpine + +# 4. 删除 Nginx 配置 +rm -f /etc/nginx/sites-enabled/joplin /etc/nginx/sites-available/joplin +nginx -t && systemctl reload nginx + +# 5. 删除 SSL 证书 +certbot delete --cert-name 你的域名 + +# 6. 删除数据目录(⚠ 不可恢复) +rm -rf /data/joplin + +# 7. 删除部署目录(可选) +rm -rf /opt/joplin + +# 备份目录保留在 /var/backups/joplin/ +``` + +
+ +## 故障排查 + +### 容器无法启动 + +```bash +# 查看容器状态 +docker compose ps + +# 查看详细日志 +docker compose logs --tail 50 + +# 常见原因:PostgreSQL 密码不一致 +# 解决:删除数据库目录并重建 +docker compose down -v +rm -rf /data/joplin/db +docker compose up -d +``` + +### SSL 证书申请失败 + +```bash +# 检查域名解析是否正确 +dig joplin.yourdomain.com + +# 检查 80 端口是否可访问 +curl -I http://joplin.yourdomain.com + +# 查看 Certbot 日志 +cat /var/log/letsencrypt/letsencrypt.log +``` + +### 访问返回 502 + +```bash +# 检查容器是否运行 +docker compose ps + +# 检查 22300 端口 +curl -I http://127.0.0.1:22300/api/ping + +# 检查 Nginx 配置 +nginx -t +``` + +### 客户端同步失败 + +```bash +# 检查服务器是否正常响应 +curl https://joplin.yourdomain.com/api/ping + +# 应返回类似:{"status":"ok","message":"Joplin Server is running"} + +# 检查服务器日志 +cd /opt/joplin && docker compose logs --tail 50 joplin +``` + +### 上传大文件失败 + +Nginx 默认配置已设置 `client_max_body_size 200m`。如需调整: + +```bash +# 修改 /etc/nginx/sites-available/joplin 中的 client_max_body_size +vi /etc/nginx/sites-available/joplin +nginx -t && systemctl reload nginx +``` + +## 端口说明 + +| 端口 | 协议 | 说明 | +|------|------|------| +| 80 | TCP | HTTP → HTTPS 重定向 | +| 443 | TCP | HTTPS(Nginx 反向代理) | +| 22300 | TCP | Joplin Server HTTP(仅监听 127.0.0.1) | diff --git a/joplin/backup.sh b/joplin/backup.sh new file mode 100644 index 0000000..524687f --- /dev/null +++ b/joplin/backup.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# Joplin Server 备份脚本 +# 备份 PostgreSQL 数据库 + 配置文件 +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# 加载配置 +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a; source .env; set +a +else + echo "[ERROR] .env 文件不存在,请先运行 deploy.sh" >&2 + exit 1 +fi + +# ===== 配置 ===== +JOPLIN_DB_DIR="${JOPLIN_DB_DIR:-/data/joplin/db}" +BACKUP_BASE="${BACKUP_DIR:-/var/backups/joplin}" +TIMESTAMP=$(date +%Y%m%d_%H%M%S) +BACKUP_DIR_FULL="${BACKUP_BASE}/${TIMESTAMP}" +RETENTION_DAYS=30 + +echo "========== Joplin Server 备份 ==========" +echo "时间: $(date '+%Y-%m-%d %H:%M:%S')" +echo "数据库目录: $JOPLIN_DB_DIR" +echo "备份目录: $BACKUP_DIR_FULL" +echo "" + +mkdir -p "$BACKUP_DIR_FULL" + +# ===== 备份 PostgreSQL 数据库(使用 pg_dump)===== +echo "[1/3] 备份 PostgreSQL 数据库..." +if docker compose ps --quiet joplin-db 2>/dev/null | grep -q .; then + docker compose exec -T joplin-db pg_dump \ + -U "${POSTGRES_USER:-joplin}" \ + -d "${POSTGRES_DATABASE:-joplin}" \ + --format=custom \ + > "$BACKUP_DIR_FULL/joplin-db.dump" + echo " ✓ 数据库已备份(pg_dump)" +else + echo " ⚠ PostgreSQL 容器未运行,尝试直接备份数据目录..." + if [ -d "$JOPLIN_DB_DIR" ]; then + tar czf "$BACKUP_DIR_FULL/joplin-db-files.tar.gz" -C "$(dirname "$JOPLIN_DB_DIR")" "$(basename "$JOPLIN_DB_DIR")" + echo " ✓ 数据库目录已备份" + else + echo " ⚠ 数据库目录不存在: $JOPLIN_DB_DIR" + fi +fi + +# ===== 备份 docker-compose 和配置 ===== +echo "[2/3] 备份部署配置..." +tar czf "$BACKUP_DIR_FULL/joplin-config.tar.gz" \ + -C "$SCRIPT_DIR" \ + docker-compose.yml .env nginx/ 2>/dev/null || true +echo " ✓ 配置已备份" + +# ===== 清理旧备份 ===== +echo "[3/3] 清理 ${RETENTION_DAYS} 天前的旧备份..." +find "$BACKUP_BASE" -maxdepth 1 -type d -mtime +${RETENTION_DAYS} -exec rm -rf {} \; 2>/dev/null || true +echo " ✓ 旧备份已清理" + +# ===== 汇总 ===== +echo "" +echo "========== 备份完成 ==========" +TOTAL_SIZE=$(du -sh "$BACKUP_DIR_FULL" | cut -f1) +echo "备份位置: $BACKUP_DIR_FULL" +echo "备份大小: $TOTAL_SIZE" +echo "" +echo "备份内容:" +ls -lh "$BACKUP_DIR_FULL/" +echo "" +echo "恢复方法(数据库):" +echo " docker compose exec -T joplin-db pg_restore -U ${POSTGRES_USER:-joplin} -d ${POSTGRES_DATABASE:-joplin} --clean < $BACKUP_DIR_FULL/joplin-db.dump" +echo " cd $SCRIPT_DIR && docker compose restart" diff --git a/joplin/deploy.sh b/joplin/deploy.sh new file mode 100644 index 0000000..e4a1bb9 --- /dev/null +++ b/joplin/deploy.sh @@ -0,0 +1,191 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# Joplin Server 一键部署脚本 +# 自动安装 Docker + Nginx + SSL + Joplin Server + PostgreSQL +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# ===== 加载公共基础函数 ===== +BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true +if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then + echo "[ERROR] base/setup.sh 未找到" >&2 + echo "请确保目录结构如下:" >&2 + echo " /opt/base/setup.sh" >&2 + echo " /opt/joplin/deploy.sh (当前脚本)" >&2 + exit 1 +fi +source "$BASE_DIR/setup.sh" + +# ============================================================= +# Joplin Server 专用函数 +# ============================================================= + +init_env() { + step "初始化 Joplin Server 配置" + + if [ ! -f .env ]; then + if [ ! -f .env.example ]; then + error "缺少 .env.example 模板文件" + exit 1 + fi + cp .env.example .env + log "已生成 .env 文件" + echo "" + warn "┌─────────────────────────────────────────────────┐" + warn "│ 请编辑 .env 文件,至少修改以下配置: │" + warn "│ │" + warn "│ JOPLIN_DOMAIN=joplin.yourdomain.com │" + warn "│ CERTBOT_EMAIL=you@yourdomain.com │" + warn "│ POSTGRES_PASSWORD=你的强密码 │" + warn "│ │" + warn "│ 编辑命令: vi $SCRIPT_DIR/.env │" + warn "│ 编辑完成后重新运行: bash deploy.sh │" + warn "└─────────────────────────────────────────────────┘" + exit 0 + fi + + fix_crlf .env + set -a; source .env; set +a + + local has_error=0 + if [[ -z "${JOPLIN_DOMAIN:-}" ]] || [[ "${JOPLIN_DOMAIN}" == "joplin.example.com" ]]; then + error "请在 .env 中将 JOPLIN_DOMAIN 修改为你的实际域名" + has_error=1 + fi + if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then + error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱" + has_error=1 + fi + if [[ -z "${POSTGRES_PASSWORD:-}" ]] || [[ "${POSTGRES_PASSWORD}" == "changeme" ]]; then + error "请在 .env 中将 POSTGRES_PASSWORD 修改为一个强密码" + has_error=1 + fi + [ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; } + + log "配置检查通过" + log " 域名: ${JOPLIN_DOMAIN}" + log " 邮箱: ${CERTBOT_EMAIL}" +} + +create_dirs() { + step "创建数据目录" + local db_dir="${JOPLIN_DB_DIR:-/data/joplin/db}" + local backup_dir="${BACKUP_DIR:-/var/backups/joplin}" + + mkdir -p "$db_dir" "$backup_dir" + log "数据库目录: $db_dir" + log "备份目录: $backup_dir" +} + +start_services() { + step "启动 Joplin Server 服务" + + log "正在拉取镜像..." + docker compose pull + + log "正在启动容器..." + docker compose up -d + + log "等待 Joplin Server 就绪..." + local max_wait=60 + for i in $(seq 1 "$max_wait"); do + if curl -sf http://127.0.0.1:22300/api/ping &> /dev/null; then + log "Joplin Server 启动成功!" + return + fi + sleep 2 + done + warn "Joplin Server 可能仍在启动中(数据库初始化可能需要更长时间),请稍后检查: docker compose logs -f" +} + +show_info() { + set -a; source .env; set +a + + echo "" + echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}" + echo -e "${GREEN}║ Joplin Server 部署完成! ║${NC}" + echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} Web 访问: ${CYAN}https://${JOPLIN_DOMAIN}${NC}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} 默认账号: ${CYAN}admin@localhost${NC}" + echo -e "${GREEN}║${NC} 默认密码: ${CYAN}admin${NC}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} 数据库目录: ${JOPLIN_DB_DIR:-/data/joplin/db}" + echo -e "${GREEN}║${NC} 备份目录: ${BACKUP_DIR:-/var/backups/joplin}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} ${RED}⚠ 请立即登录并修改默认密码!${NC}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}" + echo "" + echo "客户端同步配置:" + echo " 同步目标: Joplin Server" + echo " 服务器 URL: https://${JOPLIN_DOMAIN}" + echo " 邮箱: admin@localhost(或你修改后的邮箱)" + echo " 密码: 你登录时使用的密码" + echo "" + echo "常用命令:" + echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f" + echo " 重启服务: cd $SCRIPT_DIR && docker compose restart" + echo " 停止服务: cd $SCRIPT_DIR && docker compose down" + echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh" + echo "" +} + +# ============================================================= +# 主流程 +# ============================================================= +main() { + echo -e "${CYAN}" + echo " _ _ _ ____" + echo " | | ___ _ __ | (_)_ __ / ___| ___ _ ____ _____ _ __" + echo " _ | |/ _ \\| '_ \\| | | '_ \\ \\___ \\ / _ \\ '__\\ \\ / / _ \\ '__|" + echo " | |_| | (_) | |_) | | | | | | ___) | __/ | \\ V / __/ |" + echo " \\___/ \\___/| .__/|_|_|_| |_||____/ \\___|_| \\_/ \\___|_|" + echo " |_| Deploy Script" + echo -e "${NC}" + echo "" + + check_root + load_base_env "$BASE_DIR" + + # Step 1: 系统初始化 + init_system + + # Step 2: 安装 Docker + install_docker + + # Step 3: 安装 Nginx + install_nginx + + # Step 4: 初始化配置 + init_env + + # Step 5: 配置 Docker 镜像加速 + configure_docker_mirrors + + # Step 6: 创建数据目录 + create_dirs + + # Step 7: 配置防火墙 + setup_firewall_base + + # Step 8: 配置 SSL 证书 + setup_ssl_cert "${JOPLIN_DOMAIN}" "${CERTBOT_EMAIL}" "joplin" + + # Step 9: 部署 Nginx 反向代理 + deploy_nginx_conf "$SCRIPT_DIR/nginx/joplin.conf" "${JOPLIN_DOMAIN}" "joplin" + + # Step 10: 启动服务 + start_services + + # 显示部署信息 + show_info + log "===== Joplin Server 部署完成 =====" +} + +main "$@" diff --git a/joplin/docker-compose.yml b/joplin/docker-compose.yml new file mode 100644 index 0000000..9b48b29 --- /dev/null +++ b/joplin/docker-compose.yml @@ -0,0 +1,66 @@ +services: + joplin: + image: ${JOPLIN_IMAGE:-joplin/server:latest} + container_name: joplin + restart: unless-stopped + depends_on: + joplin-db: + condition: service_healthy + environment: + - TZ=Asia/Shanghai + - APP_PORT=22300 + - APP_BASE_URL=https://${JOPLIN_DOMAIN:?请在 .env 中设置 JOPLIN_DOMAIN} + - DB_CLIENT=pg + - POSTGRES_HOST=joplin-db + - POSTGRES_PORT=5432 + - POSTGRES_DATABASE=${POSTGRES_DATABASE:-joplin} + - POSTGRES_USER=${POSTGRES_USER:-joplin} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?请在 .env 中设置 POSTGRES_PASSWORD} + - MAILER_ENABLED=${MAILER_ENABLED:-0} + - MAILER_HOST=${MAILER_HOST:-} + - MAILER_PORT=${MAILER_PORT:-465} + - MAILER_SECURITY=${MAILER_SECURITY:-tls} + - MAILER_AUTH_USER=${MAILER_AUTH_USER:-} + - MAILER_AUTH_PASSWORD=${MAILER_AUTH_PASSWORD:-} + - MAILER_NOREPLY_NAME=${MAILER_NOREPLY_NAME:-Joplin} + - MAILER_NOREPLY_EMAIL=${MAILER_NOREPLY_EMAIL:-} + - MAX_TIME_DRIFT=0 + volumes: + - /etc/localtime:/etc/localtime:ro + ports: + - "127.0.0.1:22300:22300" + healthcheck: + test: ["CMD", "node", "-e", "const http=require('http');const r=http.get('http://127.0.0.1:22300/api/ping',res=>{process.exit(res.statusCode===200?0:1)});r.on('error',()=>process.exit(1));r.setTimeout(4000,()=>{r.destroy();process.exit(1)})"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 20s + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" + + joplin-db: + image: ${POSTGRES_IMAGE:-postgres:16-alpine} + container_name: joplin-db + restart: unless-stopped + environment: + - TZ=Asia/Shanghai + - POSTGRES_DB=${POSTGRES_DATABASE:-joplin} + - POSTGRES_USER=${POSTGRES_USER:-joplin} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?请在 .env 中设置 POSTGRES_PASSWORD} + volumes: + - ${JOPLIN_DB_DIR:-/data/joplin/db}:/var/lib/postgresql/data + - /etc/localtime:/etc/localtime:ro + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-joplin}"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 10s + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" diff --git a/joplin/nginx/joplin.conf b/joplin/nginx/joplin.conf new file mode 100644 index 0000000..3341c32 --- /dev/null +++ b/joplin/nginx/joplin.conf @@ -0,0 +1,58 @@ +server { + listen 80; + listen [::]:80; + server_name __DOMAIN__; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + server_name __DOMAIN__; + + # SSL 证书 + ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem; + + # SSL 参数 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + # 安全头 + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; + add_header Referrer-Policy strict-origin-when-cross-origin always; + + # 上传大小限制(笔记附件可能较大) + client_max_body_size 200m; + + # 反向代理到 Joplin Server + location / { + proxy_pass http://127.0.0.1:22300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket 支持 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # 超时设置 + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } +} diff --git a/joplin/uninstall.sh b/joplin/uninstall.sh new file mode 100644 index 0000000..88cf485 --- /dev/null +++ b/joplin/uninstall.sh @@ -0,0 +1,158 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# Joplin Server 卸载脚本 +# 停止容器 → 备份数据 → 清理容器/镜像/配置/数据 +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +NC='\033[0m' + +log() { echo -e "${GREEN}[INFO]${NC} $*"; } +warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } + +# ===== 检查 root ===== +if [ "$(id -u)" -ne 0 ]; then + error "请使用 root 用户运行: sudo bash uninstall.sh" + exit 1 +fi + +# ===== 加载配置 ===== +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a + source .env + set +a +fi + +JOPLIN_DB_DIR="${JOPLIN_DB_DIR:-/data/joplin/db}" +BACKUP_DIR="${BACKUP_DIR:-/var/backups/joplin}" +JOPLIN_DOMAIN="${JOPLIN_DOMAIN:-}" + +# ===== 确认操作 ===== +echo "" +echo -e "${RED}╔══════════════════════════════════════════════════╗${NC}" +echo -e "${RED}║ ⚠ 即将卸载 Joplin Server 及所有数据 ⚠ ║${NC}" +echo -e "${RED}╚══════════════════════════════════════════════════╝${NC}" +echo "" +echo "将执行以下操作:" +echo " 1. 停止并删除 Joplin Server + PostgreSQL 容器" +echo " 2. 删除 Docker 镜像" +echo " 3. 删除 Nginx 站点配置" +echo " 4. 删除 SSL 证书" +echo " 5. 清理 Certbot 自动续期定时任务" +echo "" +echo "涉及的数据目录:" +echo " 数据库数据: ${JOPLIN_DB_DIR}" +echo " 备份目录: ${BACKUP_DIR}" +echo " 部署目录: ${SCRIPT_DIR}" +echo "" +echo -e "${YELLOW}备份目录将保留,不会被删除。${NC}" +echo "" +read -r -p "确定要继续卸载吗?输入 YES 确认: " confirm +if [ "$confirm" != "YES" ]; then + log "已取消卸载" + exit 0 +fi + +# ===== 卸载前备份 ===== +echo "" +read -r -p "是否在卸载前执行一次备份?(y/N): " do_backup +if [[ "$do_backup" =~ ^[Yy]$ ]]; then + if [ -f backup.sh ]; then + log "正在执行备份..." + bash backup.sh + log "备份完成" + else + warn "backup.sh 不存在,跳过备份" + fi +fi + +# ===== 1. 停止并删除容器 ===== +echo "" +log "正在停止并删除容器..." +if docker compose ps --quiet 2>/dev/null | grep -q .; then + docker compose down -v + log "容器已停止并删除" +else + log "没有运行中的容器" +fi + +# ===== 2. 删除 Docker 镜像 ===== +log "正在删除 Docker 镜像..." +JOPLIN_IMAGE="${JOPLIN_IMAGE:-joplin/server:latest}" +POSTGRES_IMAGE="${POSTGRES_IMAGE:-postgres:16-alpine}" +docker image rm "$JOPLIN_IMAGE" 2>/dev/null && log "已删除镜像: $JOPLIN_IMAGE" || true +docker image rm "$POSTGRES_IMAGE" 2>/dev/null && log "已删除镜像: $POSTGRES_IMAGE" || true + +# ===== 3. 删除 Nginx 配置 ===== +log "正在清理 Nginx 配置..." +rm -f /etc/nginx/sites-enabled/joplin +rm -f /etc/nginx/sites-available/joplin +if command -v nginx &>/dev/null && nginx -t 2>/dev/null; then + systemctl reload nginx 2>/dev/null || true + log "Nginx 已重载" +fi + +# ===== 4. 删除 SSL 证书 ===== +if [ -n "$JOPLIN_DOMAIN" ] && [ -d "/etc/letsencrypt/live/${JOPLIN_DOMAIN}" ]; then + log "正在删除 SSL 证书: ${JOPLIN_DOMAIN}..." + certbot delete --cert-name "${JOPLIN_DOMAIN}" --non-interactive 2>/dev/null || true + log "SSL 证书已删除" +fi + +# ===== 5. 清理 Certbot 定时任务 ===== +remaining_certs=$(certbot certificates 2>/dev/null | grep -c "Certificate Name" || true) +if [ "$remaining_certs" -eq 0 ]; then + crontab -l 2>/dev/null | grep -v "certbot renew" | crontab - 2>/dev/null || true + log "已移除 Certbot 自动续期定时任务(无剩余证书)" +else + log "保留 Certbot 定时任务(还有 ${remaining_certs} 个其他证书)" +fi + +# ===== 6. 删除数据目录 ===== +echo "" +echo -e "${RED}以下目录将被永久删除:${NC}" +echo " ${JOPLIN_DB_DIR}" +echo "" +echo -e "${YELLOW}备份目录 ${BACKUP_DIR} 不会被删除。${NC}" +echo "" +read -r -p "确认删除数据目录?输入 DELETE 确认: " confirm_delete +if [ "$confirm_delete" = "DELETE" ]; then + rm -rf "$JOPLIN_DB_DIR" + # 清理父目录(如果为空) + rmdir "$(dirname "$JOPLIN_DB_DIR")" 2>/dev/null || true + log "已删除: ${JOPLIN_DB_DIR}" +else + warn "跳过数据目录删除" +fi + +# ===== 7. 删除部署目录 ===== +echo "" +read -r -p "是否删除部署目录 ${SCRIPT_DIR}?(y/N): " del_deploy +if [[ "$del_deploy" =~ ^[Yy]$ ]]; then + cd /opt + rm -rf "$SCRIPT_DIR" + log "已删除部署目录" +else + warn "保留部署目录: ${SCRIPT_DIR}" +fi + +# ===== 完成 ===== +echo "" +log "Joplin Server 卸载完成" +echo "" +echo "保留的内容:" +echo " 备份目录: ${BACKUP_DIR}" +[ "$confirm_delete" != "DELETE" ] && echo " 数据目录: ${JOPLIN_DB_DIR}" +[[ ! "$del_deploy" =~ ^[Yy]$ ]] && echo " 部署目录: ${SCRIPT_DIR}" +echo "" +echo "如需恢复,请参考 README.md 中的「恢复备份」章节。" diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml index 8be02e9..d383870 100644 --- a/portainer/docker-compose.yml +++ b/portainer/docker-compose.yml @@ -12,11 +12,7 @@ services: ports: - "127.0.0.1:9000:9000" healthcheck: - test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:9000/api/system/status"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 15s + disable: true logging: driver: json-file options: diff --git a/rustdesk/.env.example b/rustdesk/.env.example new file mode 100644 index 0000000..df6c765 --- /dev/null +++ b/rustdesk/.env.example @@ -0,0 +1,28 @@ +# =========================================== +# RustDesk Server 配置文件 +# =========================================== + +# ----- 域名与证书 ----- +# 访问域名(必填,如 rustdesk.example.com) +RUSTDESK_DOMAIN=rustdesk.example.com + +# Let's Encrypt 证书邮箱(必填) +CERTBOT_EMAIL=admin@example.com + +# ----- Docker 镜像 ----- +# RustDesk Server 镜像 +RUSTDESK_IMAGE=rustdesk/rustdesk-server:latest + +# ----- 网络 ----- +# 绑定 IP(默认 0.0.0.0 监听所有接口) +RUSTDESK_BIND_IP=0.0.0.0 + +# 仅允许加密连接(1=是,0=否) +ENCRYPTED_ONLY=1 + +# ----- 数据目录 ----- +# RustDesk 数据目录(密钥对 + 数据库) +RUSTDESK_DATA_DIR=/var/lib/rustdesk + +# 备份目录 +BACKUP_DIR=/var/backups/rustdesk diff --git a/rustdesk/README.md b/rustdesk/README.md new file mode 100644 index 0000000..4acce54 --- /dev/null +++ b/rustdesk/README.md @@ -0,0 +1,150 @@ +# RustDesk Server 部署指南 + +开源远程桌面服务器,支持自托管,数据完全自主可控。包含信号服务器(hbbs)和中继服务器(hbbr),客户端支持 Windows、macOS、Linux、iOS、Android。 + +## 功能特性 + +- 自建信号服务器(hbbs)+ 中继服务器(hbbr) +- 端到端加密,数据不经过第三方 +- 支持 TCP 打洞和中继转发 +- 自动生成 Ed25519 密钥对 +- 支持仅加密连接模式 +- 跨平台客户端支持 +- WebSocket 支持(可通过 Nginx 代理) + +## 技术栈 + +| 组件 | 版本 | 说明 | +|------|------|------| +| RustDesk Server | latest | 信号服务器 + 中继服务器 | +| Nginx | 系统包 | 反向代理 + HTTPS(WebSocket) | +| Docker | 最新版 | 容器运行环境 | + +## 端口说明 + +| 端口 | 协议 | 服务 | 说明 | +|------|------|------|------| +| 21115 | TCP | hbbs | NAT 类型测试 | +| 21116 | TCP | hbbs | TCP 打洞 / 连接请求 | +| 21116 | UDP | hbbs | ID 注册 / 心跳 | +| 21117 | TCP | hbbr | 中继流量转发 | +| 21118 | WS | hbbs | WebSocket(仅本地监听) | +| 21119 | WS | hbbr | WebSocket(仅本地监听) | + +> **21115、21116、21117 需要从外网可访问**,21118/21119 仅本地通过 Nginx 代理。 + +## 前置条件 + +1. 一台 Linux 服务器(Ubuntu 22.04/24.04 推荐) +2. 一个已解析到服务器的域名(如 `rustdesk.example.com`) +3. 服务器 80/443 端口可从外网访问 +4. 服务器 21115-21117 端口可从外网访问 + +## 目录结构 + +``` +rustdesk/ +├── docker-compose.yml # 容器编排(hbbs + hbbr) +├── .env.example # 配置模板 +├── deploy.sh # 一键部署脚本 +├── backup.sh # 备份脚本 +├── uninstall.sh # 完全卸载脚本 +├── nginx/ +│ └── rustdesk.conf # Nginx 反向代理配置 +└── README.md # 本文件 +``` + +服务器上的数据目录: + +``` +/var/lib/rustdesk/ # RustDesk 数据(密钥对 + 数据库) +/var/backups/rustdesk/ # 备份文件 +``` + +## 快速部署 + +### 第一步:上传文件到服务器 + +```bash +# 在本地执行,上传 rustdesk 目录 +scp -r rustdesk/ root@<服务器IP>:/opt/rustdesk + +# 如果服务器上还没有部署过 base(首台服务或全新服务器),还需上传 base +scp -r base/ root@<服务器IP>:/opt/base +``` + +### 第二步:登录服务器执行部署 + +```bash +ssh root@<服务器IP> + +# 如果是全新服务器,先安装基础环境 +cd /opt/base +cp .env.example .env +bash setup.sh + +# 部署 RustDesk +cd /opt/rustdesk +bash deploy.sh +# 首次运行会生成 .env,按提示修改配置后重新运行 +vi .env +bash deploy.sh +``` + +### 第三步:配置域名解析 + +在域名服务商(如阿里云 DNS)添加 A 记录: + +| 记录类型 | 主机记录 | 记录值 | +|----------|----------|--------| +| A | rustdesk | `<服务器公网IP>` | + +### 第四步:配置 RustDesk 客户端 + +1. 下载并安装 [RustDesk 客户端](https://rustdesk.com/zh/) +2. 打开客户端,进入 **设置 → 网络 → ID/中继服务器** +3. 填入以下信息: + +| 配置项 | 值 | +|--------|-----| +| ID 服务器 | `rustdesk.yourdomain.com` | +| 中继服务器 | `rustdesk.yourdomain.com` | +| Key | 部署完成时显示的公钥 | + +> **公钥获取方法:** 部署脚本完成时会自动显示公钥,也可手动查看: +> +> ```bash +> cat /var/lib/rustdesk/id_ed25519.pub +> ``` + +## 常用操作 + +```bash +# 查看服务状态 +cd /opt/rustdesk && docker compose ps + +# 查看日志 +cd /opt/rustdesk && docker compose logs -f + +# 重启服务 +cd /opt/rustdesk && docker compose restart + +# 停止服务 +cd /opt/rustdesk && docker compose down + +# 备份数据 +cd /opt/rustdesk && bash backup.sh + +# 查看公钥 +cat /var/lib/rustdesk/id_ed25519.pub + +# 更新镜像 +cd /opt/rustdesk && docker compose pull && docker compose up -d +``` + +## 安全建议 + +- 默认开启 `ENCRYPTED_ONLY=1`,仅允许加密连接 +- 密钥对文件(`id_ed25519` / `id_ed25519.pub`)是最重要的数据,务必备份 +- 如需更换密钥对,删除数据目录中的密钥文件后重启服务即可重新生成 +- 建议定期执行 `bash backup.sh` 并将备份异地存储 diff --git a/rustdesk/backup.sh b/rustdesk/backup.sh new file mode 100644 index 0000000..a94e28c --- /dev/null +++ b/rustdesk/backup.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# RustDesk 备份脚本 +# 备份数据目录(密钥对 + 数据库)+ 配置文件 +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# 加载配置 +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a; source .env; set +a +else + echo "[ERROR] .env 文件不存在,请先运行 deploy.sh" >&2 + exit 1 +fi + +# ===== 配置 ===== +DATA_DIR="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}" +BACKUP_BASE="${BACKUP_DIR:-/var/backups/rustdesk}" +TIMESTAMP=$(date +%Y%m%d_%H%M%S) +BACKUP_DIR_FULL="${BACKUP_BASE}/${TIMESTAMP}" +RETENTION_DAYS=30 + +echo "========== RustDesk 备份 ==========" +echo "时间: $(date '+%Y-%m-%d %H:%M:%S')" +echo "数据目录: $DATA_DIR" +echo "备份目录: $BACKUP_DIR_FULL" +echo "" + +mkdir -p "$BACKUP_DIR_FULL" + +# ===== 备份数据目录(密钥对 + db)===== +echo "[1/3] 备份 RustDesk 数据..." +if [ -d "$DATA_DIR" ]; then + tar czf "$BACKUP_DIR_FULL/rustdesk-data.tar.gz" -C "$(dirname "$DATA_DIR")" "$(basename "$DATA_DIR")" + echo " ✓ 数据目录已备份(含密钥对和数据库)" +else + echo " ⚠ 数据目录不存在: $DATA_DIR" +fi + +# ===== 备份 docker-compose 和配置 ===== +echo "[2/3] 备份部署配置..." +tar czf "$BACKUP_DIR_FULL/rustdesk-config.tar.gz" \ + -C "$SCRIPT_DIR" \ + docker-compose.yml .env nginx/ 2>/dev/null || true +echo " ✓ 配置已备份" + +# ===== 清理旧备份 ===== +echo "[3/3] 清理 ${RETENTION_DAYS} 天前的旧备份..." +find "$BACKUP_BASE" -maxdepth 1 -type d -mtime +${RETENTION_DAYS} -exec rm -rf {} \; 2>/dev/null || true +echo " ✓ 旧备份已清理" + +# ===== 汇总 ===== +echo "" +echo "========== 备份完成 ==========" +TOTAL_SIZE=$(du -sh "$BACKUP_DIR_FULL" | cut -f1) +echo "备份位置: $BACKUP_DIR_FULL" +echo "备份大小: $TOTAL_SIZE" +echo "" +echo "备份内容:" +ls -lh "$BACKUP_DIR_FULL/" +echo "" +echo "恢复方法:" +echo " tar xzf $BACKUP_DIR_FULL/rustdesk-data.tar.gz -C $(dirname "$DATA_DIR")" +echo " cd $SCRIPT_DIR && docker compose restart" diff --git a/rustdesk/deploy.sh b/rustdesk/deploy.sh new file mode 100644 index 0000000..d09436c --- /dev/null +++ b/rustdesk/deploy.sh @@ -0,0 +1,233 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# RustDesk Server 一键部署脚本 +# 自动安装 Docker + Nginx + SSL + RustDesk +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# ===== 加载公共基础函数 ===== +BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true +if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then + echo "[ERROR] base/setup.sh 未找到" >&2 + echo "请确保目录结构如下:" >&2 + echo " /opt/base/setup.sh" >&2 + echo " /opt/rustdesk/deploy.sh (当前脚本)" >&2 + exit 1 +fi +source "$BASE_DIR/setup.sh" + +# ============================================================= +# RustDesk 专用函数 +# ============================================================= + +init_env() { + step "初始化 RustDesk 配置" + + if [ ! -f .env ]; then + if [ ! -f .env.example ]; then + error "缺少 .env.example 模板文件" + exit 1 + fi + cp .env.example .env + log "已生成 .env 文件" + echo "" + warn "┌─────────────────────────────────────────────────┐" + warn "│ 请编辑 .env 文件,至少修改以下配置: │" + warn "│ │" + warn "│ RUSTDESK_DOMAIN=rustdesk.yourdomain.com │" + warn "│ CERTBOT_EMAIL=you@yourdomain.com │" + warn "│ │" + warn "│ 编辑命令: vi $SCRIPT_DIR/.env │" + warn "│ 编辑完成后重新运行: bash deploy.sh │" + warn "└─────────────────────────────────────────────────┘" + exit 0 + fi + + fix_crlf .env + set -a; source .env; set +a + + local has_error=0 + if [[ -z "${RUSTDESK_DOMAIN:-}" ]] || [[ "${RUSTDESK_DOMAIN}" == "rustdesk.example.com" ]]; then + error "请在 .env 中将 RUSTDESK_DOMAIN 修改为你的实际域名" + has_error=1 + fi + if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then + error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱" + has_error=1 + fi + [ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; } + + log "配置检查通过" + log " 域名: ${RUSTDESK_DOMAIN}" + log " 邮箱: ${CERTBOT_EMAIL}" +} + +create_dirs() { + step "创建数据目录" + local data_dir="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}" + local backup_dir="${BACKUP_DIR:-/var/backups/rustdesk}" + + mkdir -p "$data_dir" "$backup_dir" + log "数据目录: $data_dir" + log "备份目录: $backup_dir" +} + +setup_firewall_rustdesk() { + step "配置 RustDesk 防火墙规则" + + if command -v ufw &>/dev/null; then + ufw allow 21115/tcp comment "RustDesk NAT type test" + ufw allow 21116/tcp comment "RustDesk TCP hole punching" + ufw allow 21116/udp comment "RustDesk ID registration/heartbeat" + ufw allow 21117/tcp comment "RustDesk Relay" + log "已添加 UFW 规则 (21115-21117)" + elif command -v firewall-cmd &>/dev/null; then + firewall-cmd --permanent --add-port=21115/tcp + firewall-cmd --permanent --add-port=21116/tcp + firewall-cmd --permanent --add-port=21116/udp + firewall-cmd --permanent --add-port=21117/tcp + firewall-cmd --reload + log "已添加 firewalld 规则 (21115-21117)" + else + warn "未检测到防火墙管理工具,请手动放行端口 21115-21117" + fi +} + +start_services() { + step "启动 RustDesk 服务" + + log "正在拉取镜像..." + docker compose pull + + log "正在启动容器..." + docker compose up -d + + log "等待 RustDesk 就绪..." + sleep 5 + + # 检查容器是否正常运行 + if docker compose ps | grep -q "running"; then + log "RustDesk 服务启动成功!" + else + warn "RustDesk 可能仍在启动中,请稍后检查: docker compose logs -f" + fi +} + +show_public_key() { + step "获取公钥信息" + local data_dir="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}" + local key_file="$data_dir/id_ed25519.pub" + + if [ -f "$key_file" ]; then + local pub_key + pub_key=$(cat "$key_file") + echo "" + echo -e "${CYAN}══════════════════════════════════════════════════════════${NC}" + echo -e "${CYAN} RustDesk 公钥(客户端配置时需要):${NC}" + echo -e "${CYAN}══════════════════════════════════════════════════════════${NC}" + echo "" + echo -e " ${GREEN}${pub_key}${NC}" + echo "" + echo -e "${CYAN}══════════════════════════════════════════════════════════${NC}" + echo "" + else + warn "公钥文件尚未生成,服务启动后会自动创建" + warn "稍后可查看: cat $key_file" + fi +} + +show_info() { + set -a; source .env; set +a + local server_ip + server_ip=$(curl -sf https://api.ipify.org 2>/dev/null || curl -sf https://ifconfig.me 2>/dev/null || echo "<服务器IP>") + + echo "" + echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}" + echo -e "${GREEN}║ RustDesk Server 部署完成! ║${NC}" + echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} 服务器 IP: ${CYAN}${server_ip}${NC}" + echo -e "${GREEN}║${NC} 域名: ${CYAN}${RUSTDESK_DOMAIN}${NC}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} hbbs 端口: 21115/tcp, 21116/tcp+udp" + echo -e "${GREEN}║${NC} hbbr 端口: 21117/tcp" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}║${NC} 数据目录: ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}" + echo -e "${GREEN}║${NC} 备份目录: ${BACKUP_DIR:-/var/backups/rustdesk}" + echo -e "${GREEN}║${NC}" + echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}" + echo "" + + show_public_key + + echo "客户端配置:" + echo " ID 服务器: ${RUSTDESK_DOMAIN}" + echo " 中继服务器: ${RUSTDESK_DOMAIN}" + echo " Key: (上方公钥)" + echo "" + echo "常用命令:" + echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f" + echo " 重启服务: cd $SCRIPT_DIR && docker compose restart" + echo " 停止服务: cd $SCRIPT_DIR && docker compose down" + echo " 查看公钥: cat ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}/id_ed25519.pub" + echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh" + echo "" +} + +# ============================================================= +# 主流程 +# ============================================================= +main() { + echo -e "${CYAN}" + echo " ____ _ ____ _ " + echo " | _ \\ _ _ ___| |_| _ \\ ___ ___| | __" + echo " | |_) | | | / __| __| | | |/ _ \\/ __| |/ /" + echo " | _ <| |_| \\__ \\ |_| |_| | __/\\__ \\ < " + echo " |_| \\_\\\\__,_|___/\\__|____/ \\___||___/_|\\_\\ Deploy Script" + echo -e "${NC}" + echo "" + + check_root + load_base_env "$BASE_DIR" + + # Step 1: 系统初始化 + init_system + + # Step 2: 安装 Docker + install_docker + + # Step 3: 安装 Nginx + install_nginx + + # Step 4: 初始化配置 + init_env + + # Step 5: 配置 Docker 镜像加速 + configure_docker_mirrors + + # Step 6: 创建数据目录 + create_dirs + + # Step 7: 配置防火墙(基础 + RustDesk 端口) + setup_firewall_base + setup_firewall_rustdesk + + # Step 8: 配置 SSL 证书 + setup_ssl_cert "${RUSTDESK_DOMAIN}" "${CERTBOT_EMAIL}" "rustdesk" + + # Step 9: 部署 Nginx 反向代理 + deploy_nginx_conf "$SCRIPT_DIR/nginx/rustdesk.conf" "${RUSTDESK_DOMAIN}" "rustdesk" + + # Step 10: 启动服务 + start_services + + # 显示部署信息 + show_info + log "===== RustDesk Server 部署完成 =====" +} + +main "$@" diff --git a/rustdesk/docker-compose.yml b/rustdesk/docker-compose.yml new file mode 100644 index 0000000..b5eb6c1 --- /dev/null +++ b/rustdesk/docker-compose.yml @@ -0,0 +1,44 @@ +services: + rustdesk-hbbs: + image: ${RUSTDESK_IMAGE:-rustdesk/rustdesk-server:latest} + container_name: rustdesk-hbbs + restart: unless-stopped + command: hbbs + environment: + - TZ=Asia/Shanghai + - ENCRYPTED_ONLY=${ENCRYPTED_ONLY:-1} + volumes: + - ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}:/root + - /etc/localtime:/etc/localtime:ro + ports: + - "${RUSTDESK_BIND_IP:-0.0.0.0}:21115:21115" + - "${RUSTDESK_BIND_IP:-0.0.0.0}:21116:21116" + - "${RUSTDESK_BIND_IP:-0.0.0.0}:21116:21116/udp" + - "127.0.0.1:21118:21118" + depends_on: + rustdesk-hbbr: + condition: service_started + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" + + rustdesk-hbbr: + image: ${RUSTDESK_IMAGE:-rustdesk/rustdesk-server:latest} + container_name: rustdesk-hbbr + restart: unless-stopped + command: hbbr + environment: + - TZ=Asia/Shanghai + volumes: + - ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}:/root + - /etc/localtime:/etc/localtime:ro + ports: + - "${RUSTDESK_BIND_IP:-0.0.0.0}:21117:21117" + - "127.0.0.1:21119:21119" + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" diff --git a/rustdesk/nginx/rustdesk.conf b/rustdesk/nginx/rustdesk.conf new file mode 100644 index 0000000..f5baf00 --- /dev/null +++ b/rustdesk/nginx/rustdesk.conf @@ -0,0 +1,76 @@ +server { + listen 80; + listen [::]:80; + server_name __DOMAIN__; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + server_name __DOMAIN__; + + # SSL 证书 + ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem; + + # SSL 参数 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + # 安全头 + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; + add_header Referrer-Policy strict-origin-when-cross-origin always; + + # hbbs WebSocket (21118) + location /ws { + proxy_pass http://127.0.0.1:21118; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + } + + # hbbr WebSocket (21119) + location /relay { + proxy_pass http://127.0.0.1:21119; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + } + + # 默认页面 + location / { + default_type text/html; + return 200 '

RustDesk Server

Server is running.

'; + } +} diff --git a/rustdesk/uninstall.sh b/rustdesk/uninstall.sh new file mode 100644 index 0000000..4a657d4 --- /dev/null +++ b/rustdesk/uninstall.sh @@ -0,0 +1,168 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# RustDesk 卸载脚本 +# 停止容器 → 备份数据 → 清理容器/镜像/配置/数据 +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +NC='\033[0m' + +log() { echo -e "${GREEN}[INFO]${NC} $*"; } +warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } + +# ===== 检查 root ===== +if [ "$(id -u)" -ne 0 ]; then + error "请使用 root 用户运行: sudo bash uninstall.sh" + exit 1 +fi + +# ===== 加载配置 ===== +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a + source .env + set +a +fi + +RUSTDESK_DATA_DIR="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}" +BACKUP_DIR="${BACKUP_DIR:-/var/backups/rustdesk}" +RUSTDESK_DOMAIN="${RUSTDESK_DOMAIN:-}" + +# ===== 确认操作 ===== +echo "" +echo -e "${RED}╔══════════════════════════════════════════════════════╗${NC}" +echo -e "${RED}║ ⚠ 即将卸载 RustDesk 及所有数据 ⚠ ║${NC}" +echo -e "${RED}╚══════════════════════════════════════════════════════╝${NC}" +echo "" +echo "将执行以下操作:" +echo " 1. 停止并删除 RustDesk 容器(hbbs + hbbr)" +echo " 2. 删除 Docker 镜像" +echo " 3. 删除 Nginx 站点配置" +echo " 4. 删除 SSL 证书" +echo " 5. 删除 Certbot 自动续期定时任务" +echo " 6. 关闭防火墙端口 (21115-21117)" +echo "" +echo "涉及的数据目录:" +echo " RustDesk 数据: ${RUSTDESK_DATA_DIR}" +echo " 备份目录: ${BACKUP_DIR}" +echo " 部署目录: ${SCRIPT_DIR}" +echo "" +echo -e "${YELLOW}备份目录将保留,不会被删除。${NC}" +echo "" +read -r -p "确定要继续卸载吗?输入 YES 确认: " confirm +if [ "$confirm" != "YES" ]; then + log "已取消卸载" + exit 0 +fi + +# ===== 卸载前备份 ===== +echo "" +read -r -p "是否在卸载前执行一次备份?(y/N): " do_backup +if [[ "$do_backup" =~ ^[Yy]$ ]]; then + if [ -f backup.sh ]; then + log "正在执行备份..." + bash backup.sh + log "备份完成" + else + warn "backup.sh 不存在,跳过备份" + fi +fi + +# ===== 1. 停止并删除容器 ===== +echo "" +log "正在停止并删除容器..." +if docker compose ps --quiet 2>/dev/null | grep -q .; then + docker compose down -v + log "容器已停止并删除" +else + log "没有运行中的容器" +fi + +# ===== 2. 删除 Docker 镜像 ===== +log "正在删除 Docker 镜像..." +RUSTDESK_IMAGE="${RUSTDESK_IMAGE:-rustdesk/rustdesk-server:latest}" +docker image rm "$RUSTDESK_IMAGE" 2>/dev/null && log "已删除镜像: $RUSTDESK_IMAGE" || true + +# ===== 3. 删除 Nginx 配置 ===== +log "正在清理 Nginx 配置..." +rm -f /etc/nginx/sites-enabled/rustdesk +rm -f /etc/nginx/sites-available/rustdesk +if command -v nginx &>/dev/null && nginx -t 2>/dev/null; then + systemctl reload nginx 2>/dev/null || true + log "Nginx 已重载" +fi + +# ===== 4. 删除 SSL 证书 ===== +if [ -n "$RUSTDESK_DOMAIN" ] && [ -d "/etc/letsencrypt/live/${RUSTDESK_DOMAIN}" ]; then + log "正在删除 SSL 证书: ${RUSTDESK_DOMAIN}..." + certbot delete --cert-name "${RUSTDESK_DOMAIN}" --non-interactive 2>/dev/null || true + log "SSL 证书已删除" +fi + +# ===== 5. 清理 Certbot 定时任务 ===== +remaining_certs=$(certbot certificates 2>/dev/null | grep -c "Certificate Name" || true) +if [ "$remaining_certs" -eq 0 ]; then + crontab -l 2>/dev/null | grep -v "certbot renew" | crontab - 2>/dev/null || true + log "已移除 Certbot 自动续期定时任务(无剩余证书)" +else + log "保留 Certbot 定时任务(还有 ${remaining_certs} 个其他证书)" +fi + +# ===== 6. 关闭防火墙端口 ===== +log "正在清理防火墙规则..." +if command -v ufw &>/dev/null; then + ufw delete allow 21115/tcp 2>/dev/null || true + ufw delete allow 21116/tcp 2>/dev/null || true + ufw delete allow 21116/udp 2>/dev/null || true + ufw delete allow 21117/tcp 2>/dev/null || true + log "已移除 UFW 规则" +elif command -v firewall-cmd &>/dev/null; then + firewall-cmd --permanent --remove-port=21115/tcp 2>/dev/null || true + firewall-cmd --permanent --remove-port=21116/tcp 2>/dev/null || true + firewall-cmd --permanent --remove-port=21116/udp 2>/dev/null || true + firewall-cmd --permanent --remove-port=21117/tcp 2>/dev/null || true + firewall-cmd --reload 2>/dev/null || true + log "已移除 firewalld 规则" +fi + +# ===== 7. 删除数据目录 ===== +echo "" +echo -e "${RED}以下目录将被永久删除:${NC}" +echo " ${RUSTDESK_DATA_DIR}" +echo "" +echo -e "${YELLOW}备份目录 ${BACKUP_DIR} 不会被删除。${NC}" +echo "" +read -r -p "确认删除数据目录?输入 DELETE 确认: " confirm_delete +if [ "$confirm_delete" = "DELETE" ]; then + rm -rf "$RUSTDESK_DATA_DIR" + log "已删除: ${RUSTDESK_DATA_DIR}" +else + warn "跳过数据目录删除" +fi + +# ===== 8. 删除部署目录 ===== +echo "" +read -r -p "是否删除部署目录 ${SCRIPT_DIR}?(y/N): " del_deploy +if [[ "$del_deploy" =~ ^[Yy]$ ]]; then + cd /opt + rm -rf "$SCRIPT_DIR" + log "已删除部署目录" +else + warn "保留部署目录: ${SCRIPT_DIR}" +fi + +# ===== 完成 ===== +echo "" +log "RustDesk 卸载完成" +echo "" +echo "保留的内容:" +echo " 备份目录: ${BACKUP_DIR}" diff --git a/siyuan/docker-compose.yml b/siyuan/docker-compose.yml index ccdb96a..22eb7a2 100644 --- a/siyuan/docker-compose.yml +++ b/siyuan/docker-compose.yml @@ -16,7 +16,7 @@ services: ports: - "127.0.0.1:6806:6806" healthcheck: - test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:6806"] + test: ["CMD", "wget", "-qO", "/dev/null", "http://127.0.0.1:6806"] interval: 30s timeout: 5s retries: 3