joywaygamess/server-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加rustdesk

Browse Source
This commit is contained in:
Joywayer
2026-04-24 11:13:49 +08:00
parent 18949f31ba
commit 3c5246afb5
17 changed files with 1780 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@@ -10,6 +10,7 @@
| [gitea/](gitea/) | Git 代码托管Gitea + MySQL 8.4 | 443, 2222 | | [gitea/](gitea/) | Git 代码托管Gitea + MySQL 8.4 | 443, 2222 |
| [certd/](certd/) | SSL 证书自动化管理Certd | 443 | | [certd/](certd/) | SSL 证书自动化管理Certd | 443 |
| [vaultwarden/](vaultwarden/) | 密码管理器Vaultwarden / Bitwarden 兼容) | 443 | | [vaultwarden/](vaultwarden/) | 密码管理器Vaultwarden / Bitwarden 兼容) | 443 |
| [joplin/](joplin/) | 笔记同步服务器Joplin Server + PostgreSQL | 443 |
| [siyuan/](siyuan/) | 知识管理笔记(思源笔记 SiYuan | 443 | | [siyuan/](siyuan/) | 知识管理笔记(思源笔记 SiYuan | 443 |
| [portainer/](portainer/) | Docker 可视化管理Portainer CE | 443 | | [portainer/](portainer/) | Docker 可视化管理Portainer CE | 443 |
@@ -21,14 +22,14 @@
│ (系统包) │ ← Let's Encrypt 证书 │ (系统包) │ ← Let's Encrypt 证书
└──────┬──────┘ └──────┬──────┘
┌──────────────┬───────┼───────┬──────────────┐ ┌──────────┬──────────┬───────┼───────┬──────────┬──────────┐
│ │ │ │ │ │ │
┌──────▼──────┐ ┌────▼────┐ ┌▼─────┐ ┌▼────────┐ ┌▼────────┐ ┌──▼───────┐ ┌▼───────┐ ┌▼────┐ ┌▼─────┐ ┌▼────────┐ ┌▼────────┐
Gitea │ │ Certd │ │SiYuan│ │Vaultwarden│ │Portainer │ Gitea │ │ Certd Joplin│ │SiYuan│ │Vaultwar.│ │Portainer│
:3000(内部) │ │ :7001 │ │:6806 │ │ :8080 │ │ :9000 │:3000(内) │ │ :7001 :22300│ │:6806 │ │ :8080 │ │ :9000 │
+ MySQL 8.4 │ │ │ │ │ │ │ │ +MySQL 8.4│ │ +PgSQL│ │ │ │ │ │ │
└─────────────┘ └─────────┘ └──────┘ └───────────┘ └───────── └──────────┘ └────────┘ └──────┘ └──────┘ └─────────┘ └─────────┘
Docker Docker Docker Docker Docker Docker Docker Docker Docker Docker Docker
``` ```
所有服务通过 Nginx 反向代理提供 HTTPS 访问,容器端口仅监听 `127.0.0.1` 所有服务通过 Nginx 反向代理提供 HTTPS 访问,容器端口仅监听 `127.0.0.1`
@@ -56,6 +57,12 @@ docker/
│ ├── backup.sh │ ├── backup.sh
│ ├── nginx/certd.conf │ ├── nginx/certd.conf
│ └── README.md │ └── README.md
├── joplin/ # Joplin Server 笔记同步
│ ├── docker-compose.yml # Joplin Server + PostgreSQL 容器编排
│ ├── deploy.sh # 部署脚本(依赖 base/
│ ├── backup.sh
│ ├── nginx/joplin.conf
│ └── README.md
├── vaultwarden/ # Vaultwarden 密码管理 ├── vaultwarden/ # Vaultwarden 密码管理
│ ├── docker-compose.yml │ ├── docker-compose.yml
│ ├── deploy.sh # 部署脚本(依赖 base/ │ ├── deploy.sh # 部署脚本(依赖 base/
@@ -82,7 +89,7 @@ docker/
```bash ```bash
# 1. 上传所有文件到服务器 # 1. 上传所有文件到服务器
scp -r base/ gitea/ certd/ vaultwarden/ siyuan/ portainer/ root@<IP>:/opt/ scp -r base/ gitea/ certd/ joplin/ vaultwarden/ siyuan/ portainer/ root@<IP>:/opt/
# 2. 安装基础环境 # 2. 安装基础环境
ssh root@<IP> ssh root@<IP>
@@ -102,19 +109,25 @@ bash deploy.sh
vi .env vi .env
bash deploy.sh bash deploy.sh
# 5. 部署 Vaultwarden # 5. 部署 Joplin Server
cd /opt/joplin
bash deploy.sh
vi .env
bash deploy.sh
# 6. 部署 Vaultwarden
cd /opt/vaultwarden cd /opt/vaultwarden
bash deploy.sh bash deploy.sh
vi .env vi .env
bash deploy.sh bash deploy.sh
# 6. 部署 SiYuan # 7. 部署 SiYuan
cd /opt/siyuan cd /opt/siyuan
bash deploy.sh bash deploy.sh
vi .env vi .env
bash deploy.sh bash deploy.sh
# 7. 部署 PortainerDocker 可视化管理) # 8. 部署 PortainerDocker 可视化管理)
cd /opt/portainer cd /opt/portainer
bash deploy.sh bash deploy.sh
vi .env vi .env
@@ -160,6 +173,7 @@ bash deploy.sh
|------|------|----------| |------|------|----------|
| Gitea | `git.example.com` | A → 服务器 IP | | Gitea | `git.example.com` | A → 服务器 IP |
| Certd | `cert.example.com` | A → 服务器 IP | | Certd | `cert.example.com` | A → 服务器 IP |
| Joplin | `joplin.example.com` | A → 服务器 IP |
| Vaultwarden | `vault.example.com` | A → 服务器 IP | | Vaultwarden | `vault.example.com` | A → 服务器 IP |
| SiYuan | `note.example.com` | A → 服务器 IP | | SiYuan | `note.example.com` | A → 服务器 IP |
@@ -174,6 +188,9 @@ cd /opt/gitea && docker compose ps
# Certd # Certd
cd /opt/certd && docker compose ps cd /opt/certd && docker compose ps
# Joplin
cd /opt/joplin && docker compose ps
# Vaultwarden # Vaultwarden
cd /opt/vaultwarden && docker compose ps cd /opt/vaultwarden && docker compose ps
@@ -186,6 +203,7 @@ cd /opt/siyuan && docker compose ps
```bash ```bash
cd /opt/gitea && bash backup.sh cd /opt/gitea && bash backup.sh
cd /opt/certd && bash backup.sh cd /opt/certd && bash backup.sh
cd /opt/joplin && bash backup.sh
cd /opt/vaultwarden && bash backup.sh cd /opt/vaultwarden && bash backup.sh
cd /opt/siyuan && bash backup.sh cd /opt/siyuan && bash backup.sh
``` ```
@@ -204,7 +222,7 @@ certbot renew --dry-run
## 注意事项 ## 注意事项
- **Gitea 的 deploy.sh 是自包含的**,不依赖 base/历史兼容。Certd、Vaultwarden 和 SiYuan 依赖 base/。 - **Gitea 的 deploy.sh 是自包含的**,不依赖 base/历史兼容。Certd、Joplin、Vaultwarden 和 SiYuan 依赖 base/。
- 所有容器端口仅监听 `127.0.0.1`,通过 Nginx 反向代理对外提供 HTTPS 服务。 - 所有容器端口仅监听 `127.0.0.1`,通过 Nginx 反向代理对外提供 HTTPS 服务。
- `.env` 文件包含敏感信息,不要提交到公开仓库。 - `.env` 文件包含敏感信息,不要提交到公开仓库。
- 首次部署每个服务时需要运行两次 `deploy.sh`:第一次生成 `.env`,修改配置后第二次正式部署。 - 首次部署每个服务时需要运行两次 `deploy.sh`:第一次生成 `.env`,修改配置后第二次正式部署。

62
joplin/.env.example Normal file
View File

@@ -0,0 +1,62 @@
# ===== Joplin Server 基础配置 =====
# Joplin 访问域名(必须修改)
JOPLIN_DOMAIN=joplin.example.com
# Let's Encrypt 邮箱(必须修改)
CERTBOT_EMAIL=admin@example.com
# ===== 数据库配置 =====
# PostgreSQL 密码(必须修改为强密码)
POSTGRES_PASSWORD=changeme
# PostgreSQL 数据库名
POSTGRES_DATABASE=joplin
# PostgreSQL 用户名
POSTGRES_USER=joplin
# ===== 镜像配置 =====
# Joplin Server 镜像
JOPLIN_IMAGE=joplin/server:latest
# 使用固定版本号(推荐生产环境):
# JOPLIN_IMAGE=joplin/server:3.2.1
# PostgreSQL 镜像
POSTGRES_IMAGE=postgres:16-alpine
# ===== 目录配置 =====
# PostgreSQL 数据目录
JOPLIN_DB_DIR=/data/joplin/db
# 备份目录
BACKUP_DIR=/var/backups/joplin
# ===== 邮件配置(可选,用于密码重置等)=====
# 是否启用邮件0=禁用1=启用)
MAILER_ENABLED=0
# SMTP 服务器
MAILER_HOST=smtp.example.com
# SMTP 端口
MAILER_PORT=465
# SMTP 加密tls 或 starttls
MAILER_SECURITY=tls
# SMTP 用户名
MAILER_AUTH_USER=
# SMTP 密码
MAILER_AUTH_PASSWORD=
# 发件人名称
MAILER_NOREPLY_NAME=Joplin
# 发件人邮箱
MAILER_NOREPLY_EMAIL=noreply@example.com

365
joplin/README.md Normal file
View File

@@ -0,0 +1,365 @@
# Joplin Server 部署指南
开源笔记同步服务器,支持端到端加密,配合 Joplin 客户端实现多端同步。
## 功能特性
- 多端同步Windows / macOS / Linux / Android / iOS
- 端到端加密E2EE
- Markdown 编辑,完整笔记本管理
- Web Clipper 浏览器剪藏
- REST API 扩展
- 丰富的插件生态
## 技术栈
| 组件 | 版本 | 说明 |
|------|------|------|
| Joplin Server | latest | 笔记同步服务器 |
| PostgreSQL | 16-alpine | 关系型数据库 |
| Nginx | 系统包 | 反向代理 + HTTPS 接入 |
| Docker | 最新版 | 容器运行环境 |
## 前置条件
1. 一台 Linux 服务器Ubuntu 22.04/24.04 推荐)
2. 一个已解析到服务器的域名(如 `joplin.example.com`
3. 服务器 80/443 端口可从外网访问
4. 至少 512MB 可用内存PostgreSQL + Joplin Server
## 目录结构
```
joplin/
├── docker-compose.yml # 容器编排Joplin Server + PostgreSQL
├── .env.example # 配置模板
├── deploy.sh # 一键部署脚本
├── backup.sh # 备份脚本
├── uninstall.sh # 完全卸载脚本
├── nginx/
│ └── joplin.conf # Nginx 反向代理配置
└── README.md # 本文件
```
服务器上的数据目录:
```
/data/joplin/db/ # PostgreSQL 数据
/var/backups/joplin/ # 备份文件
```
## 快速部署
### 第一步:上传文件到服务器
```bash
# 在本地执行,上传 joplin 目录
scp -r joplin/ root@<服务器IP>:/opt/joplin
# 如果服务器上还没有部署过 base首台服务或全新服务器还需上传 base
scp -r base/ root@<服务器IP>:/opt/base
```
### 第二步:登录服务器执行部署
```bash
ssh root@<服务器IP>
# 如果是全新服务器,先安装基础环境
cd /opt/base
cp .env.example .env
# 可选:编辑 .env 配置 Docker 镜像加速
bash setup.sh
# 部署 Joplin Server
cd /opt/joplin
bash deploy.sh
# 首次运行会生成 .env按提示修改配置后重新运行
vi .env
bash deploy.sh
```
### 第三步:配置域名解析
在域名服务商(如阿里云 DNS添加 A 记录:
| 记录类型 | 主机记录 | 记录值 |
|----------|----------|--------|
| A | joplin | `<服务器公网IP>` |
### 第四步:登录管理后台
1. 浏览器访问 `https://joplin.yourdomain.com`
2. 默认账号: `admin@localhost`
3. 默认密码: `admin`
> **⚠️ 安全提醒:请立即登录并修改默认密码!**
## 配置说明
### .env 配置项
| 变量 | 说明 | 默认值 |
|------|------|--------|
| `JOPLIN_DOMAIN` | 访问域名 | 必填 |
| `CERTBOT_EMAIL` | Let's Encrypt 邮箱 | 必填 |
| `POSTGRES_PASSWORD` | 数据库密码 | 必填 |
| `POSTGRES_DATABASE` | 数据库名 | `joplin` |
| `POSTGRES_USER` | 数据库用户 | `joplin` |
| `JOPLIN_IMAGE` | Joplin Server 镜像 | `joplin/server:latest` |
| `POSTGRES_IMAGE` | PostgreSQL 镜像 | `postgres:16-alpine` |
| `JOPLIN_DB_DIR` | 数据库数据目录 | `/data/joplin/db` |
| `BACKUP_DIR` | 备份目录 | `/var/backups/joplin` |
| `MAILER_ENABLED` | 启用邮件 | `0` |
## 客户端配置
### 桌面端Windows / macOS / Linux
1. 下载 Joplin 桌面客户端https://joplinapp.org/help/install
2. 打开设置 → 同步
3. 同步目标选择 **Joplin Server**
4. 填写:
- **服务器 URL**: `https://joplin.yourdomain.com`
- **邮箱**: `admin@localhost`(或你修改后的邮箱)
- **密码**: 你的登录密码
5. 点击「检查同步配置」确认连接成功
### Android
从以下渠道下载 Joplin Android 客户端:
- **GitHub Releases**: https://github.com/laurent22/joplin-android/releases (下载 `.apk`
- **F-Droid**: 搜索 "Joplin"
- **Google Play**: 搜索 "Joplin"
同步配置与桌面端相同。
### iOS
从 App Store 搜索 "Joplin" 下载,同步配置与桌面端相同。
### 启用端到端加密(推荐)
1. 在任意一个客户端中:设置 → 加密 → 启用端到端加密
2. 设置加密密码(**务必牢记,丢失无法恢复数据**
3. 其他客户端同步后会提示输入加密密码
> **注意**:启用 E2EE 后Web 界面将无法查看笔记内容(因为服务器无法解密),仅客户端可用。
## 日常运维
### 查看日志
```bash
cd /opt/joplin
docker compose logs -f
docker compose logs -f joplin # 仅 Joplin Server
docker compose logs -f joplin-db # 仅 PostgreSQL
docker compose logs --tail 100
```
### 备份
```bash
cd /opt/joplin
bash backup.sh
```
备份内容包括:
- PostgreSQL 数据库(使用 `pg_dump`,格式为 custom
- 部署配置(`docker-compose.yml` + `.env` + `nginx/`
备份文件保存在 `/var/backups/joplin/`,自动清理 30 天前的旧备份。
### 恢复备份
```bash
# 查看可用备份
ls /var/backups/joplin/
# 确保容器运行中
cd /opt/joplin && docker compose up -d
# 恢复数据库
docker compose exec -T joplin-db pg_restore \
-U joplin -d joplin --clean \
< /var/backups/joplin/<日期>/joplin-db.dump
# 重启服务
docker compose restart
```
### 升级
```bash
cd /opt/joplin
# 1. 备份当前数据
bash backup.sh
# 2. 拉取新镜像
docker compose pull
# 3. 停止旧容器并启动新容器
docker compose down
docker compose up -d
# 4. 检查运行状态
docker compose ps
docker compose logs --tail 20
```
### 停止 / 启动
```bash
cd /opt/joplin
docker compose down # 停止
docker compose up -d # 启动
docker compose restart # 重启
```
## 用户管理
### 创建新用户
1. 以管理员登录 Web 界面
2. 进入「Admin」→「Users」→「Add user」
3. 填写邮箱和密码
### 修改管理员密码
1.`admin@localhost` 登录 Web 界面
2. 点击右上角用户图标 → Profile
3. 修改密码
## 完全卸载
如果需要从服务器上完全移除 Joplin Server使用卸载脚本
```bash
cd /opt/joplin
bash uninstall.sh
```
脚本会**交互式确认**每个危险操作,按顺序执行:
| 步骤 | 操作 | 确认方式 |
|------|------|----------|
| 0 | 卸载前备份(可选) | y/N |
| 1 | 停止并删除 Joplin + PostgreSQL 容器 | 输入 YES |
| 2 | 删除 Docker 镜像 | 自动 |
| 3 | 删除 Nginx 站点配置并重载 | 自动 |
| 4 | 删除 Let's Encrypt SSL 证书 | 自动 |
| 5 | 清理 Certbot 定时任务(仅当无其他证书时) | 自动 |
| 6 | 删除数据目录 | 输入 DELETE |
| 7 | 删除部署目录 `/opt/joplin` | y/N |
**备份目录 `/var/backups/joplin/` 始终保留**,不会被删除。
<details>
<summary>手动卸载步骤(不使用脚本)</summary>
```bash
cd /opt/joplin
# 1. 建议先备份
bash backup.sh
# 2. 停止并删除容器
docker compose down -v
# 3. 删除 Docker 镜像(可选)
docker image rm joplin/server:latest postgres:16-alpine
# 4. 删除 Nginx 配置
rm -f /etc/nginx/sites-enabled/joplin /etc/nginx/sites-available/joplin
nginx -t && systemctl reload nginx
# 5. 删除 SSL 证书
certbot delete --cert-name 你的域名
# 6. 删除数据目录(⚠ 不可恢复)
rm -rf /data/joplin
# 7. 删除部署目录(可选)
rm -rf /opt/joplin
# 备份目录保留在 /var/backups/joplin/
```
</details>
## 故障排查
### 容器无法启动
```bash
# 查看容器状态
docker compose ps
# 查看详细日志
docker compose logs --tail 50
# 常见原因PostgreSQL 密码不一致
# 解决:删除数据库目录并重建
docker compose down -v
rm -rf /data/joplin/db
docker compose up -d
```
### SSL 证书申请失败
```bash
# 检查域名解析是否正确
dig joplin.yourdomain.com
# 检查 80 端口是否可访问
curl -I http://joplin.yourdomain.com
# 查看 Certbot 日志
cat /var/log/letsencrypt/letsencrypt.log
```
### 访问返回 502
```bash
# 检查容器是否运行
docker compose ps
# 检查 22300 端口
curl -I http://127.0.0.1:22300/api/ping
# 检查 Nginx 配置
nginx -t
```
### 客户端同步失败
```bash
# 检查服务器是否正常响应
curl https://joplin.yourdomain.com/api/ping
# 应返回类似:{"status":"ok","message":"Joplin Server is running"}
# 检查服务器日志
cd /opt/joplin && docker compose logs --tail 50 joplin
```
### 上传大文件失败
Nginx 默认配置已设置 `client_max_body_size 200m`。如需调整:
```bash
# 修改 /etc/nginx/sites-available/joplin 中的 client_max_body_size
vi /etc/nginx/sites-available/joplin
nginx -t && systemctl reload nginx
```
## 端口说明
| 端口 | 协议 | 说明 |
|------|------|------|
| 80 | TCP | HTTP → HTTPS 重定向 |
| 443 | TCP | HTTPSNginx 反向代理) |
| 22300 | TCP | Joplin Server HTTP仅监听 127.0.0.1 |

79
joplin/backup.sh Normal file
View File

@@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# Joplin Server 备份脚本
# 备份 PostgreSQL 数据库 + 配置文件
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# 加载配置
if [ -f .env ]; then
sed -i 's/\r$//' .env
set -a; source .env; set +a
else
echo "[ERROR] .env 文件不存在,请先运行 deploy.sh" >&2
exit 1
fi
# ===== 配置 =====
JOPLIN_DB_DIR="${JOPLIN_DB_DIR:-/data/joplin/db}"
BACKUP_BASE="${BACKUP_DIR:-/var/backups/joplin}"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR_FULL="${BACKUP_BASE}/${TIMESTAMP}"
RETENTION_DAYS=30
echo "========== Joplin Server 备份 =========="
echo "时间: $(date '+%Y-%m-%d %H:%M:%S')"
echo "数据库目录: $JOPLIN_DB_DIR"
echo "备份目录: $BACKUP_DIR_FULL"
echo ""
mkdir -p "$BACKUP_DIR_FULL"
# ===== 备份 PostgreSQL 数据库(使用 pg_dump=====
echo "[1/3] 备份 PostgreSQL 数据库..."
if docker compose ps --quiet joplin-db 2>/dev/null | grep -q .; then
docker compose exec -T joplin-db pg_dump \
-U "${POSTGRES_USER:-joplin}" \
-d "${POSTGRES_DATABASE:-joplin}" \
--format=custom \
> "$BACKUP_DIR_FULL/joplin-db.dump"
echo " ✓ 数据库已备份pg_dump"
else
echo " ⚠ PostgreSQL 容器未运行,尝试直接备份数据目录..."
if [ -d "$JOPLIN_DB_DIR" ]; then
tar czf "$BACKUP_DIR_FULL/joplin-db-files.tar.gz" -C "$(dirname "$JOPLIN_DB_DIR")" "$(basename "$JOPLIN_DB_DIR")"
echo " ✓ 数据库目录已备份"
else
echo " ⚠ 数据库目录不存在: $JOPLIN_DB_DIR"
fi
fi
# ===== 备份 docker-compose 和配置 =====
echo "[2/3] 备份部署配置..."
tar czf "$BACKUP_DIR_FULL/joplin-config.tar.gz" \
-C "$SCRIPT_DIR" \
docker-compose.yml .env nginx/ 2>/dev/null || true
echo " ✓ 配置已备份"
# ===== 清理旧备份 =====
echo "[3/3] 清理 ${RETENTION_DAYS} 天前的旧备份..."
find "$BACKUP_BASE" -maxdepth 1 -type d -mtime +${RETENTION_DAYS} -exec rm -rf {} \; 2>/dev/null || true
echo " ✓ 旧备份已清理"
# ===== 汇总 =====
echo ""
echo "========== 备份完成 =========="
TOTAL_SIZE=$(du -sh "$BACKUP_DIR_FULL" | cut -f1)
echo "备份位置: $BACKUP_DIR_FULL"
echo "备份大小: $TOTAL_SIZE"
echo ""
echo "备份内容:"
ls -lh "$BACKUP_DIR_FULL/"
echo ""
echo "恢复方法(数据库):"
echo " docker compose exec -T joplin-db pg_restore -U ${POSTGRES_USER:-joplin} -d ${POSTGRES_DATABASE:-joplin} --clean < $BACKUP_DIR_FULL/joplin-db.dump"
echo " cd $SCRIPT_DIR && docker compose restart"

191
joplin/deploy.sh Normal file
View File

@@ -0,0 +1,191 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# Joplin Server 一键部署脚本
# 自动安装 Docker + Nginx + SSL + Joplin Server + PostgreSQL
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# ===== 加载公共基础函数 =====
BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true
if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then
echo "[ERROR] base/setup.sh 未找到" >&2
echo "请确保目录结构如下:" >&2
echo " /opt/base/setup.sh" >&2
echo " /opt/joplin/deploy.sh (当前脚本)" >&2
exit 1
fi
source "$BASE_DIR/setup.sh"
# =============================================================
# Joplin Server 专用函数
# =============================================================
init_env() {
step "初始化 Joplin Server 配置"
if [ ! -f .env ]; then
if [ ! -f .env.example ]; then
error "缺少 .env.example 模板文件"
exit 1
fi
cp .env.example .env
log "已生成 .env 文件"
echo ""
warn "┌─────────────────────────────────────────────────┐"
warn "│ 请编辑 .env 文件,至少修改以下配置: │"
warn "│ │"
warn "│ JOPLIN_DOMAIN=joplin.yourdomain.com │"
warn "│ CERTBOT_EMAIL=you@yourdomain.com │"
warn "│ POSTGRES_PASSWORD=你的强密码 │"
warn "│ │"
warn "│ 编辑命令: vi $SCRIPT_DIR/.env │"
warn "│ 编辑完成后重新运行: bash deploy.sh │"
warn "└─────────────────────────────────────────────────┘"
exit 0
fi
fix_crlf .env
set -a; source .env; set +a
local has_error=0
if [[ -z "${JOPLIN_DOMAIN:-}" ]] || [[ "${JOPLIN_DOMAIN}" == "joplin.example.com" ]]; then
error "请在 .env 中将 JOPLIN_DOMAIN 修改为你的实际域名"
has_error=1
fi
if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then
error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱"
has_error=1
fi
if [[ -z "${POSTGRES_PASSWORD:-}" ]] || [[ "${POSTGRES_PASSWORD}" == "changeme" ]]; then
error "请在 .env 中将 POSTGRES_PASSWORD 修改为一个强密码"
has_error=1
fi
[ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; }
log "配置检查通过"
log " 域名: ${JOPLIN_DOMAIN}"
log " 邮箱: ${CERTBOT_EMAIL}"
}
create_dirs() {
step "创建数据目录"
local db_dir="${JOPLIN_DB_DIR:-/data/joplin/db}"
local backup_dir="${BACKUP_DIR:-/var/backups/joplin}"
mkdir -p "$db_dir" "$backup_dir"
log "数据库目录: $db_dir"
log "备份目录: $backup_dir"
}
start_services() {
step "启动 Joplin Server 服务"
log "正在拉取镜像..."
docker compose pull
log "正在启动容器..."
docker compose up -d
log "等待 Joplin Server 就绪..."
local max_wait=60
for i in $(seq 1 "$max_wait"); do
if curl -sf http://127.0.0.1:22300/api/ping &> /dev/null; then
log "Joplin Server 启动成功!"
return
fi
sleep 2
done
warn "Joplin Server 可能仍在启动中(数据库初始化可能需要更长时间),请稍后检查: docker compose logs -f"
}
show_info() {
set -a; source .env; set +a
echo ""
echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║ Joplin Server 部署完成! ║${NC}"
echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} Web 访问: ${CYAN}https://${JOPLIN_DOMAIN}${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 默认账号: ${CYAN}admin@localhost${NC}"
echo -e "${GREEN}${NC} 默认密码: ${CYAN}admin${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 数据库目录: ${JOPLIN_DB_DIR:-/data/joplin/db}"
echo -e "${GREEN}${NC} 备份目录: ${BACKUP_DIR:-/var/backups/joplin}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} ${RED}⚠ 请立即登录并修改默认密码!${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}"
echo ""
echo "客户端同步配置:"
echo " 同步目标: Joplin Server"
echo " 服务器 URL: https://${JOPLIN_DOMAIN}"
echo " 邮箱: admin@localhost或你修改后的邮箱"
echo " 密码: 你登录时使用的密码"
echo ""
echo "常用命令:"
echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f"
echo " 重启服务: cd $SCRIPT_DIR && docker compose restart"
echo " 停止服务: cd $SCRIPT_DIR && docker compose down"
echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh"
echo ""
}
# =============================================================
# 主流程
# =============================================================
main() {
echo -e "${CYAN}"
echo " _ _ _ ____"
echo " | | ___ _ __ | (_)_ __ / ___| ___ _ ____ _____ _ __"
echo " _ | |/ _ \\| '_ \\| | | '_ \\ \\___ \\ / _ \\ '__\\ \\ / / _ \\ '__|"
echo " | |_| | (_) | |_) | | | | | | ___) | __/ | \\ V / __/ |"
echo " \\___/ \\___/| .__/|_|_|_| |_||____/ \\___|_| \\_/ \\___|_|"
echo " |_| Deploy Script"
echo -e "${NC}"
echo ""
check_root
load_base_env "$BASE_DIR"
# Step 1: 系统初始化
init_system
# Step 2: 安装 Docker
install_docker
# Step 3: 安装 Nginx
install_nginx
# Step 4: 初始化配置
init_env
# Step 5: 配置 Docker 镜像加速
configure_docker_mirrors
# Step 6: 创建数据目录
create_dirs
# Step 7: 配置防火墙
setup_firewall_base
# Step 8: 配置 SSL 证书
setup_ssl_cert "${JOPLIN_DOMAIN}" "${CERTBOT_EMAIL}" "joplin"
# Step 9: 部署 Nginx 反向代理
deploy_nginx_conf "$SCRIPT_DIR/nginx/joplin.conf" "${JOPLIN_DOMAIN}" "joplin"
# Step 10: 启动服务
start_services
# 显示部署信息
show_info
log "===== Joplin Server 部署完成 ====="
}
main "$@"

66
joplin/docker-compose.yml Normal file
View File

@@ -0,0 +1,66 @@
services:
joplin:
image: ${JOPLIN_IMAGE:-joplin/server:latest}
container_name: joplin
restart: unless-stopped
depends_on:
joplin-db:
condition: service_healthy
environment:
- TZ=Asia/Shanghai
- APP_PORT=22300
- APP_BASE_URL=https://${JOPLIN_DOMAIN:?请在 .env 中设置 JOPLIN_DOMAIN}
- DB_CLIENT=pg
- POSTGRES_HOST=joplin-db
- POSTGRES_PORT=5432
- POSTGRES_DATABASE=${POSTGRES_DATABASE:-joplin}
- POSTGRES_USER=${POSTGRES_USER:-joplin}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?请在 .env 中设置 POSTGRES_PASSWORD}
- MAILER_ENABLED=${MAILER_ENABLED:-0}
- MAILER_HOST=${MAILER_HOST:-}
- MAILER_PORT=${MAILER_PORT:-465}
- MAILER_SECURITY=${MAILER_SECURITY:-tls}
- MAILER_AUTH_USER=${MAILER_AUTH_USER:-}
- MAILER_AUTH_PASSWORD=${MAILER_AUTH_PASSWORD:-}
- MAILER_NOREPLY_NAME=${MAILER_NOREPLY_NAME:-Joplin}
- MAILER_NOREPLY_EMAIL=${MAILER_NOREPLY_EMAIL:-}
- MAX_TIME_DRIFT=0
volumes:
- /etc/localtime:/etc/localtime:ro
ports:
- "127.0.0.1:22300:22300"
healthcheck:
test: ["CMD", "node", "-e", "const http=require('http');const r=http.get('http://127.0.0.1:22300/api/ping',res=>{process.exit(res.statusCode===200?0:1)});r.on('error',()=>process.exit(1));r.setTimeout(4000,()=>{r.destroy();process.exit(1)})"]
interval: 30s
timeout: 5s
retries: 3
start_period: 20s
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
joplin-db:
image: ${POSTGRES_IMAGE:-postgres:16-alpine}
container_name: joplin-db
restart: unless-stopped
environment:
- TZ=Asia/Shanghai
- POSTGRES_DB=${POSTGRES_DATABASE:-joplin}
- POSTGRES_USER=${POSTGRES_USER:-joplin}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?请在 .env 中设置 POSTGRES_PASSWORD}
volumes:
- ${JOPLIN_DB_DIR:-/data/joplin/db}:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-joplin}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"

58
joplin/nginx/joplin.conf Normal file
View File

@@ -0,0 +1,58 @@
server {
listen 80;
listen [::]:80;
server_name __DOMAIN__;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name __DOMAIN__;
# SSL 证书
ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem;
# SSL 参数
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
# 上传大小限制(笔记附件可能较大)
client_max_body_size 200m;
# 反向代理到 Joplin Server
location / {
proxy_pass http://127.0.0.1:22300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}

158
joplin/uninstall.sh Normal file
View File

@@ -0,0 +1,158 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# Joplin Server 卸载脚本
# 停止容器 → 备份数据 → 清理容器/镜像/配置/数据
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m'
log() { echo -e "${GREEN}[INFO]${NC} $*"; }
warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
# ===== 检查 root =====
if [ "$(id -u)" -ne 0 ]; then
error "请使用 root 用户运行: sudo bash uninstall.sh"
exit 1
fi
# ===== 加载配置 =====
if [ -f .env ]; then
sed -i 's/\r$//' .env
set -a
source .env
set +a
fi
JOPLIN_DB_DIR="${JOPLIN_DB_DIR:-/data/joplin/db}"
BACKUP_DIR="${BACKUP_DIR:-/var/backups/joplin}"
JOPLIN_DOMAIN="${JOPLIN_DOMAIN:-}"
# ===== 确认操作 =====
echo ""
echo -e "${RED}╔══════════════════════════════════════════════════╗${NC}"
echo -e "${RED}║ ⚠ 即将卸载 Joplin Server 及所有数据 ⚠ ║${NC}"
echo -e "${RED}╚══════════════════════════════════════════════════╝${NC}"
echo ""
echo "将执行以下操作:"
echo " 1. 停止并删除 Joplin Server + PostgreSQL 容器"
echo " 2. 删除 Docker 镜像"
echo " 3. 删除 Nginx 站点配置"
echo " 4. 删除 SSL 证书"
echo " 5. 清理 Certbot 自动续期定时任务"
echo ""
echo "涉及的数据目录:"
echo " 数据库数据: ${JOPLIN_DB_DIR}"
echo " 备份目录: ${BACKUP_DIR}"
echo " 部署目录: ${SCRIPT_DIR}"
echo ""
echo -e "${YELLOW}备份目录将保留,不会被删除。${NC}"
echo ""
read -r -p "确定要继续卸载吗?输入 YES 确认: " confirm
if [ "$confirm" != "YES" ]; then
log "已取消卸载"
exit 0
fi
# ===== 卸载前备份 =====
echo ""
read -r -p "是否在卸载前执行一次备份?(y/N): " do_backup
if [[ "$do_backup" =~ ^[Yy]$ ]]; then
if [ -f backup.sh ]; then
log "正在执行备份..."
bash backup.sh
log "备份完成"
else
warn "backup.sh 不存在,跳过备份"
fi
fi
# ===== 1. 停止并删除容器 =====
echo ""
log "正在停止并删除容器..."
if docker compose ps --quiet 2>/dev/null | grep -q .; then
docker compose down -v
log "容器已停止并删除"
else
log "没有运行中的容器"
fi
# ===== 2. 删除 Docker 镜像 =====
log "正在删除 Docker 镜像..."
JOPLIN_IMAGE="${JOPLIN_IMAGE:-joplin/server:latest}"
POSTGRES_IMAGE="${POSTGRES_IMAGE:-postgres:16-alpine}"
docker image rm "$JOPLIN_IMAGE" 2>/dev/null && log "已删除镜像: $JOPLIN_IMAGE" || true
docker image rm "$POSTGRES_IMAGE" 2>/dev/null && log "已删除镜像: $POSTGRES_IMAGE" || true
# ===== 3. 删除 Nginx 配置 =====
log "正在清理 Nginx 配置..."
rm -f /etc/nginx/sites-enabled/joplin
rm -f /etc/nginx/sites-available/joplin
if command -v nginx &>/dev/null && nginx -t 2>/dev/null; then
systemctl reload nginx 2>/dev/null || true
log "Nginx 已重载"
fi
# ===== 4. 删除 SSL 证书 =====
if [ -n "$JOPLIN_DOMAIN" ] && [ -d "/etc/letsencrypt/live/${JOPLIN_DOMAIN}" ]; then
log "正在删除 SSL 证书: ${JOPLIN_DOMAIN}..."
certbot delete --cert-name "${JOPLIN_DOMAIN}" --non-interactive 2>/dev/null || true
log "SSL 证书已删除"
fi
# ===== 5. 清理 Certbot 定时任务 =====
remaining_certs=$(certbot certificates 2>/dev/null | grep -c "Certificate Name" || true)
if [ "$remaining_certs" -eq 0 ]; then
crontab -l 2>/dev/null | grep -v "certbot renew" | crontab - 2>/dev/null || true
log "已移除 Certbot 自动续期定时任务(无剩余证书)"
else
log "保留 Certbot 定时任务(还有 ${remaining_certs} 个其他证书)"
fi
# ===== 6. 删除数据目录 =====
echo ""
echo -e "${RED}以下目录将被永久删除:${NC}"
echo " ${JOPLIN_DB_DIR}"
echo ""
echo -e "${YELLOW}备份目录 ${BACKUP_DIR} 不会被删除。${NC}"
echo ""
read -r -p "确认删除数据目录?输入 DELETE 确认: " confirm_delete
if [ "$confirm_delete" = "DELETE" ]; then
rm -rf "$JOPLIN_DB_DIR"
# 清理父目录(如果为空)
rmdir "$(dirname "$JOPLIN_DB_DIR")" 2>/dev/null || true
log "已删除: ${JOPLIN_DB_DIR}"
else
warn "跳过数据目录删除"
fi
# ===== 7. 删除部署目录 =====
echo ""
read -r -p "是否删除部署目录 ${SCRIPT_DIR}(y/N): " del_deploy
if [[ "$del_deploy" =~ ^[Yy]$ ]]; then
cd /opt
rm -rf "$SCRIPT_DIR"
log "已删除部署目录"
else
warn "保留部署目录: ${SCRIPT_DIR}"
fi
# ===== 完成 =====
echo ""
log "Joplin Server 卸载完成"
echo ""
echo "保留的内容:"
echo " 备份目录: ${BACKUP_DIR}"
[ "$confirm_delete" != "DELETE" ] && echo " 数据目录: ${JOPLIN_DB_DIR}"
[[ ! "$del_deploy" =~ ^[Yy]$ ]] && echo " 部署目录: ${SCRIPT_DIR}"
echo ""
echo "如需恢复,请参考 README.md 中的「恢复备份」章节。"

6
portainer/docker-compose.yml
View File

@@ -12,11 +12,7 @@ services:
ports: ports:
- "127.0.0.1:9000:9000" - "127.0.0.1:9000:9000"
healthcheck: healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:9000/api/system/status"] disable: true
interval: 30s
timeout: 5s
retries: 3
start_period: 15s
logging: logging:
driver: json-file driver: json-file
options: options:

28
rustdesk/.env.example Normal file
View File

@@ -0,0 +1,28 @@
# ===========================================
# RustDesk Server 配置文件
# ===========================================
# ----- 域名与证书 -----
# 访问域名(必填,如 rustdesk.example.com
RUSTDESK_DOMAIN=rustdesk.example.com
# Let's Encrypt 证书邮箱(必填)
CERTBOT_EMAIL=admin@example.com
# ----- Docker 镜像 -----
# RustDesk Server 镜像
RUSTDESK_IMAGE=rustdesk/rustdesk-server:latest
# ----- 网络 -----
# 绑定 IP默认 0.0.0.0 监听所有接口)
RUSTDESK_BIND_IP=0.0.0.0
# 仅允许加密连接1=是0=否)
ENCRYPTED_ONLY=1
# ----- 数据目录 -----
# RustDesk 数据目录(密钥对 + 数据库)
RUSTDESK_DATA_DIR=/var/lib/rustdesk
# 备份目录
BACKUP_DIR=/var/backups/rustdesk

150
rustdesk/README.md Normal file
View File

@@ -0,0 +1,150 @@
# RustDesk Server 部署指南
开源远程桌面服务器支持自托管数据完全自主可控。包含信号服务器hbbs和中继服务器hbbr客户端支持 Windows、macOS、Linux、iOS、Android。
## 功能特性
- 自建信号服务器hbbs+ 中继服务器hbbr
- 端到端加密,数据不经过第三方
- 支持 TCP 打洞和中继转发
- 自动生成 Ed25519 密钥对
- 支持仅加密连接模式
- 跨平台客户端支持
- WebSocket 支持(可通过 Nginx 代理)
## 技术栈
| 组件 | 版本 | 说明 |
|------|------|------|
| RustDesk Server | latest | 信号服务器 + 中继服务器 |
| Nginx | 系统包 | 反向代理 + HTTPSWebSocket |
| Docker | 最新版 | 容器运行环境 |
## 端口说明
| 端口 | 协议 | 服务 | 说明 |
|------|------|------|------|
| 21115 | TCP | hbbs | NAT 类型测试 |
| 21116 | TCP | hbbs | TCP 打洞 / 连接请求 |
| 21116 | UDP | hbbs | ID 注册 / 心跳 |
| 21117 | TCP | hbbr | 中继流量转发 |
| 21118 | WS | hbbs | WebSocket仅本地监听 |
| 21119 | WS | hbbr | WebSocket仅本地监听 |
> **21115、21116、21117 需要从外网可访问**21118/21119 仅本地通过 Nginx 代理。
## 前置条件
1. 一台 Linux 服务器Ubuntu 22.04/24.04 推荐)
2. 一个已解析到服务器的域名(如 `rustdesk.example.com`
3. 服务器 80/443 端口可从外网访问
4. 服务器 21115-21117 端口可从外网访问
## 目录结构
```
rustdesk/
├── docker-compose.yml # 容器编排hbbs + hbbr
├── .env.example # 配置模板
├── deploy.sh # 一键部署脚本
├── backup.sh # 备份脚本
├── uninstall.sh # 完全卸载脚本
├── nginx/
│ └── rustdesk.conf # Nginx 反向代理配置
└── README.md # 本文件
```
服务器上的数据目录:
```
/var/lib/rustdesk/ # RustDesk 数据(密钥对 + 数据库)
/var/backups/rustdesk/ # 备份文件
```
## 快速部署
### 第一步:上传文件到服务器
```bash
# 在本地执行,上传 rustdesk 目录
scp -r rustdesk/ root@<服务器IP>:/opt/rustdesk
# 如果服务器上还没有部署过 base首台服务或全新服务器还需上传 base
scp -r base/ root@<服务器IP>:/opt/base
```
### 第二步:登录服务器执行部署
```bash
ssh root@<服务器IP>
# 如果是全新服务器,先安装基础环境
cd /opt/base
cp .env.example .env
bash setup.sh
# 部署 RustDesk
cd /opt/rustdesk
bash deploy.sh
# 首次运行会生成 .env按提示修改配置后重新运行
vi .env
bash deploy.sh
```
### 第三步:配置域名解析
在域名服务商(如阿里云 DNS添加 A 记录:
| 记录类型 | 主机记录 | 记录值 |
|----------|----------|--------|
| A | rustdesk | `<服务器公网IP>` |
### 第四步:配置 RustDesk 客户端
1. 下载并安装 [RustDesk 客户端](https://rustdesk.com/zh/)
2. 打开客户端,进入 **设置 → 网络 → ID/中继服务器**
3. 填入以下信息:
| 配置项 | 值 |
|--------|-----|
| ID 服务器 | `rustdesk.yourdomain.com` |
| 中继服务器 | `rustdesk.yourdomain.com` |
| Key | 部署完成时显示的公钥 |
> **公钥获取方法:** 部署脚本完成时会自动显示公钥,也可手动查看:
>
> ```bash
> cat /var/lib/rustdesk/id_ed25519.pub
> ```
## 常用操作
```bash
# 查看服务状态
cd /opt/rustdesk && docker compose ps
# 查看日志
cd /opt/rustdesk && docker compose logs -f
# 重启服务
cd /opt/rustdesk && docker compose restart
# 停止服务
cd /opt/rustdesk && docker compose down
# 备份数据
cd /opt/rustdesk && bash backup.sh
# 查看公钥
cat /var/lib/rustdesk/id_ed25519.pub
# 更新镜像
cd /opt/rustdesk && docker compose pull && docker compose up -d
```
## 安全建议
- 默认开启 `ENCRYPTED_ONLY=1`,仅允许加密连接
- 密钥对文件(`id_ed25519` / `id_ed25519.pub`)是最重要的数据,务必备份
- 如需更换密钥对,删除数据目录中的密钥文件后重启服务即可重新生成
- 建议定期执行 `bash backup.sh` 并将备份异地存储

69
rustdesk/backup.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# RustDesk 备份脚本
# 备份数据目录(密钥对 + 数据库)+ 配置文件
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# 加载配置
if [ -f .env ]; then
sed -i 's/\r$//' .env
set -a; source .env; set +a
else
echo "[ERROR] .env 文件不存在,请先运行 deploy.sh" >&2
exit 1
fi
# ===== 配置 =====
DATA_DIR="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}"
BACKUP_BASE="${BACKUP_DIR:-/var/backups/rustdesk}"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR_FULL="${BACKUP_BASE}/${TIMESTAMP}"
RETENTION_DAYS=30
echo "========== RustDesk 备份 =========="
echo "时间: $(date '+%Y-%m-%d %H:%M:%S')"
echo "数据目录: $DATA_DIR"
echo "备份目录: $BACKUP_DIR_FULL"
echo ""
mkdir -p "$BACKUP_DIR_FULL"
# ===== 备份数据目录(密钥对 + db=====
echo "[1/3] 备份 RustDesk 数据..."
if [ -d "$DATA_DIR" ]; then
tar czf "$BACKUP_DIR_FULL/rustdesk-data.tar.gz" -C "$(dirname "$DATA_DIR")" "$(basename "$DATA_DIR")"
echo " ✓ 数据目录已备份(含密钥对和数据库)"
else
echo " ⚠ 数据目录不存在: $DATA_DIR"
fi
# ===== 备份 docker-compose 和配置 =====
echo "[2/3] 备份部署配置..."
tar czf "$BACKUP_DIR_FULL/rustdesk-config.tar.gz" \
-C "$SCRIPT_DIR" \
docker-compose.yml .env nginx/ 2>/dev/null || true
echo " ✓ 配置已备份"
# ===== 清理旧备份 =====
echo "[3/3] 清理 ${RETENTION_DAYS} 天前的旧备份..."
find "$BACKUP_BASE" -maxdepth 1 -type d -mtime +${RETENTION_DAYS} -exec rm -rf {} \; 2>/dev/null || true
echo " ✓ 旧备份已清理"
# ===== 汇总 =====
echo ""
echo "========== 备份完成 =========="
TOTAL_SIZE=$(du -sh "$BACKUP_DIR_FULL" | cut -f1)
echo "备份位置: $BACKUP_DIR_FULL"
echo "备份大小: $TOTAL_SIZE"
echo ""
echo "备份内容:"
ls -lh "$BACKUP_DIR_FULL/"
echo ""
echo "恢复方法:"
echo " tar xzf $BACKUP_DIR_FULL/rustdesk-data.tar.gz -C $(dirname "$DATA_DIR")"
echo " cd $SCRIPT_DIR && docker compose restart"

233
rustdesk/deploy.sh Normal file
View File

@@ -0,0 +1,233 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# RustDesk Server 一键部署脚本
# 自动安装 Docker + Nginx + SSL + RustDesk
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# ===== 加载公共基础函数 =====
BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true
if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then
echo "[ERROR] base/setup.sh 未找到" >&2
echo "请确保目录结构如下:" >&2
echo " /opt/base/setup.sh" >&2
echo " /opt/rustdesk/deploy.sh (当前脚本)" >&2
exit 1
fi
source "$BASE_DIR/setup.sh"
# =============================================================
# RustDesk 专用函数
# =============================================================
init_env() {
step "初始化 RustDesk 配置"
if [ ! -f .env ]; then
if [ ! -f .env.example ]; then
error "缺少 .env.example 模板文件"
exit 1
fi
cp .env.example .env
log "已生成 .env 文件"
echo ""
warn "┌─────────────────────────────────────────────────┐"
warn "│ 请编辑 .env 文件,至少修改以下配置: │"
warn "│ │"
warn "│ RUSTDESK_DOMAIN=rustdesk.yourdomain.com │"
warn "│ CERTBOT_EMAIL=you@yourdomain.com │"
warn "│ │"
warn "│ 编辑命令: vi $SCRIPT_DIR/.env │"
warn "│ 编辑完成后重新运行: bash deploy.sh │"
warn "└─────────────────────────────────────────────────┘"
exit 0
fi
fix_crlf .env
set -a; source .env; set +a
local has_error=0
if [[ -z "${RUSTDESK_DOMAIN:-}" ]] || [[ "${RUSTDESK_DOMAIN}" == "rustdesk.example.com" ]]; then
error "请在 .env 中将 RUSTDESK_DOMAIN 修改为你的实际域名"
has_error=1
fi
if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then
error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱"
has_error=1
fi
[ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; }
log "配置检查通过"
log " 域名: ${RUSTDESK_DOMAIN}"
log " 邮箱: ${CERTBOT_EMAIL}"
}
create_dirs() {
step "创建数据目录"
local data_dir="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}"
local backup_dir="${BACKUP_DIR:-/var/backups/rustdesk}"
mkdir -p "$data_dir" "$backup_dir"
log "数据目录: $data_dir"
log "备份目录: $backup_dir"
}
setup_firewall_rustdesk() {
step "配置 RustDesk 防火墙规则"
if command -v ufw &>/dev/null; then
ufw allow 21115/tcp comment "RustDesk NAT type test"
ufw allow 21116/tcp comment "RustDesk TCP hole punching"
ufw allow 21116/udp comment "RustDesk ID registration/heartbeat"
ufw allow 21117/tcp comment "RustDesk Relay"
log "已添加 UFW 规则 (21115-21117)"
elif command -v firewall-cmd &>/dev/null; then
firewall-cmd --permanent --add-port=21115/tcp
firewall-cmd --permanent --add-port=21116/tcp
firewall-cmd --permanent --add-port=21116/udp
firewall-cmd --permanent --add-port=21117/tcp
firewall-cmd --reload
log "已添加 firewalld 规则 (21115-21117)"
else
warn "未检测到防火墙管理工具,请手动放行端口 21115-21117"
fi
}
start_services() {
step "启动 RustDesk 服务"
log "正在拉取镜像..."
docker compose pull
log "正在启动容器..."
docker compose up -d
log "等待 RustDesk 就绪..."
sleep 5
# 检查容器是否正常运行
if docker compose ps | grep -q "running"; then
log "RustDesk 服务启动成功!"
else
warn "RustDesk 可能仍在启动中,请稍后检查: docker compose logs -f"
fi
}
show_public_key() {
step "获取公钥信息"
local data_dir="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}"
local key_file="$data_dir/id_ed25519.pub"
if [ -f "$key_file" ]; then
local pub_key
pub_key=$(cat "$key_file")
echo ""
echo -e "${CYAN}══════════════════════════════════════════════════════════${NC}"
echo -e "${CYAN} RustDesk 公钥(客户端配置时需要):${NC}"
echo -e "${CYAN}══════════════════════════════════════════════════════════${NC}"
echo ""
echo -e " ${GREEN}${pub_key}${NC}"
echo ""
echo -e "${CYAN}══════════════════════════════════════════════════════════${NC}"
echo ""
else
warn "公钥文件尚未生成,服务启动后会自动创建"
warn "稍后可查看: cat $key_file"
fi
}
show_info() {
set -a; source .env; set +a
local server_ip
server_ip=$(curl -sf https://api.ipify.org 2>/dev/null || curl -sf https://ifconfig.me 2>/dev/null || echo "<服务器IP>")
echo ""
echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║ RustDesk Server 部署完成! ║${NC}"
echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 服务器 IP: ${CYAN}${server_ip}${NC}"
echo -e "${GREEN}${NC} 域名: ${CYAN}${RUSTDESK_DOMAIN}${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} hbbs 端口: 21115/tcp, 21116/tcp+udp"
echo -e "${GREEN}${NC} hbbr 端口: 21117/tcp"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 数据目录: ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}"
echo -e "${GREEN}${NC} 备份目录: ${BACKUP_DIR:-/var/backups/rustdesk}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}"
echo ""
show_public_key
echo "客户端配置:"
echo " ID 服务器: ${RUSTDESK_DOMAIN}"
echo " 中继服务器: ${RUSTDESK_DOMAIN}"
echo " Key: (上方公钥)"
echo ""
echo "常用命令:"
echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f"
echo " 重启服务: cd $SCRIPT_DIR && docker compose restart"
echo " 停止服务: cd $SCRIPT_DIR && docker compose down"
echo " 查看公钥: cat ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}/id_ed25519.pub"
echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh"
echo ""
}
# =============================================================
# 主流程
# =============================================================
main() {
echo -e "${CYAN}"
echo " ____ _ ____ _ "
echo " | _ \\ _ _ ___| |_| _ \\ ___ ___| | __"
echo " | |_) | | | / __| __| | | |/ _ \\/ __| |/ /"
echo " | _ <| |_| \\__ \\ |_| |_| | __/\\__ \\ < "
echo " |_| \\_\\\\__,_|___/\\__|____/ \\___||___/_|\\_\\ Deploy Script"
echo -e "${NC}"
echo ""
check_root
load_base_env "$BASE_DIR"
# Step 1: 系统初始化
init_system
# Step 2: 安装 Docker
install_docker
# Step 3: 安装 Nginx
install_nginx
# Step 4: 初始化配置
init_env
# Step 5: 配置 Docker 镜像加速
configure_docker_mirrors
# Step 6: 创建数据目录
create_dirs
# Step 7: 配置防火墙(基础 + RustDesk 端口)
setup_firewall_base
setup_firewall_rustdesk
# Step 8: 配置 SSL 证书
setup_ssl_cert "${RUSTDESK_DOMAIN}" "${CERTBOT_EMAIL}" "rustdesk"
# Step 9: 部署 Nginx 反向代理
deploy_nginx_conf "$SCRIPT_DIR/nginx/rustdesk.conf" "${RUSTDESK_DOMAIN}" "rustdesk"
# Step 10: 启动服务
start_services
# 显示部署信息
show_info
log "===== RustDesk Server 部署完成 ====="
}
main "$@"

44
rustdesk/docker-compose.yml Normal file
View File

@@ -0,0 +1,44 @@
services:
rustdesk-hbbs:
image: ${RUSTDESK_IMAGE:-rustdesk/rustdesk-server:latest}
container_name: rustdesk-hbbs
restart: unless-stopped
command: hbbs
environment:
- TZ=Asia/Shanghai
- ENCRYPTED_ONLY=${ENCRYPTED_ONLY:-1}
volumes:
- ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}:/root
- /etc/localtime:/etc/localtime:ro
ports:
- "${RUSTDESK_BIND_IP:-0.0.0.0}:21115:21115"
- "${RUSTDESK_BIND_IP:-0.0.0.0}:21116:21116"
- "${RUSTDESK_BIND_IP:-0.0.0.0}:21116:21116/udp"
- "127.0.0.1:21118:21118"
depends_on:
rustdesk-hbbr:
condition: service_started
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
rustdesk-hbbr:
image: ${RUSTDESK_IMAGE:-rustdesk/rustdesk-server:latest}
container_name: rustdesk-hbbr
restart: unless-stopped
command: hbbr
environment:
- TZ=Asia/Shanghai
volumes:
- ${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}:/root
- /etc/localtime:/etc/localtime:ro
ports:
- "${RUSTDESK_BIND_IP:-0.0.0.0}:21117:21117"
- "127.0.0.1:21119:21119"
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"

76
rustdesk/nginx/rustdesk.conf Normal file
View File

@@ -0,0 +1,76 @@
server {
listen 80;
listen [::]:80;
server_name __DOMAIN__;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name __DOMAIN__;
# SSL 证书
ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem;
# SSL 参数
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
# hbbs WebSocket (21118)
location /ws {
proxy_pass http://127.0.0.1:21118;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# hbbr WebSocket (21119)
location /relay {
proxy_pass http://127.0.0.1:21119;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# 默认页面
location / {
default_type text/html;
return 200 '<html><body><h1>RustDesk Server</h1><p>Server is running.</p></body></html>';
}
}

168
rustdesk/uninstall.sh Normal file
View File

@@ -0,0 +1,168 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# RustDesk 卸载脚本
# 停止容器 → 备份数据 → 清理容器/镜像/配置/数据
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m'
log() { echo -e "${GREEN}[INFO]${NC} $*"; }
warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
# ===== 检查 root =====
if [ "$(id -u)" -ne 0 ]; then
error "请使用 root 用户运行: sudo bash uninstall.sh"
exit 1
fi
# ===== 加载配置 =====
if [ -f .env ]; then
sed -i 's/\r$//' .env
set -a
source .env
set +a
fi
RUSTDESK_DATA_DIR="${RUSTDESK_DATA_DIR:-/var/lib/rustdesk}"
BACKUP_DIR="${BACKUP_DIR:-/var/backups/rustdesk}"
RUSTDESK_DOMAIN="${RUSTDESK_DOMAIN:-}"
# ===== 确认操作 =====
echo ""
echo -e "${RED}╔══════════════════════════════════════════════════════╗${NC}"
echo -e "${RED}║ ⚠ 即将卸载 RustDesk 及所有数据 ⚠ ║${NC}"
echo -e "${RED}╚══════════════════════════════════════════════════════╝${NC}"
echo ""
echo "将执行以下操作:"
echo " 1. 停止并删除 RustDesk 容器hbbs + hbbr"
echo " 2. 删除 Docker 镜像"
echo " 3. 删除 Nginx 站点配置"
echo " 4. 删除 SSL 证书"
echo " 5. 删除 Certbot 自动续期定时任务"
echo " 6. 关闭防火墙端口 (21115-21117)"
echo ""
echo "涉及的数据目录:"
echo " RustDesk 数据: ${RUSTDESK_DATA_DIR}"
echo " 备份目录: ${BACKUP_DIR}"
echo " 部署目录: ${SCRIPT_DIR}"
echo ""
echo -e "${YELLOW}备份目录将保留,不会被删除。${NC}"
echo ""
read -r -p "确定要继续卸载吗?输入 YES 确认: " confirm
if [ "$confirm" != "YES" ]; then
log "已取消卸载"
exit 0
fi
# ===== 卸载前备份 =====
echo ""
read -r -p "是否在卸载前执行一次备份?(y/N): " do_backup
if [[ "$do_backup" =~ ^[Yy]$ ]]; then
if [ -f backup.sh ]; then
log "正在执行备份..."
bash backup.sh
log "备份完成"
else
warn "backup.sh 不存在,跳过备份"
fi
fi
# ===== 1. 停止并删除容器 =====
echo ""
log "正在停止并删除容器..."
if docker compose ps --quiet 2>/dev/null | grep -q .; then
docker compose down -v
log "容器已停止并删除"
else
log "没有运行中的容器"
fi
# ===== 2. 删除 Docker 镜像 =====
log "正在删除 Docker 镜像..."
RUSTDESK_IMAGE="${RUSTDESK_IMAGE:-rustdesk/rustdesk-server:latest}"
docker image rm "$RUSTDESK_IMAGE" 2>/dev/null && log "已删除镜像: $RUSTDESK_IMAGE" || true
# ===== 3. 删除 Nginx 配置 =====
log "正在清理 Nginx 配置..."
rm -f /etc/nginx/sites-enabled/rustdesk
rm -f /etc/nginx/sites-available/rustdesk
if command -v nginx &>/dev/null && nginx -t 2>/dev/null; then
systemctl reload nginx 2>/dev/null || true
log "Nginx 已重载"
fi
# ===== 4. 删除 SSL 证书 =====
if [ -n "$RUSTDESK_DOMAIN" ] && [ -d "/etc/letsencrypt/live/${RUSTDESK_DOMAIN}" ]; then
log "正在删除 SSL 证书: ${RUSTDESK_DOMAIN}..."
certbot delete --cert-name "${RUSTDESK_DOMAIN}" --non-interactive 2>/dev/null || true
log "SSL 证书已删除"
fi
# ===== 5. 清理 Certbot 定时任务 =====
remaining_certs=$(certbot certificates 2>/dev/null | grep -c "Certificate Name" || true)
if [ "$remaining_certs" -eq 0 ]; then
crontab -l 2>/dev/null | grep -v "certbot renew" | crontab - 2>/dev/null || true
log "已移除 Certbot 自动续期定时任务(无剩余证书)"
else
log "保留 Certbot 定时任务(还有 ${remaining_certs} 个其他证书)"
fi
# ===== 6. 关闭防火墙端口 =====
log "正在清理防火墙规则..."
if command -v ufw &>/dev/null; then
ufw delete allow 21115/tcp 2>/dev/null || true
ufw delete allow 21116/tcp 2>/dev/null || true
ufw delete allow 21116/udp 2>/dev/null || true
ufw delete allow 21117/tcp 2>/dev/null || true
log "已移除 UFW 规则"
elif command -v firewall-cmd &>/dev/null; then
firewall-cmd --permanent --remove-port=21115/tcp 2>/dev/null || true
firewall-cmd --permanent --remove-port=21116/tcp 2>/dev/null || true
firewall-cmd --permanent --remove-port=21116/udp 2>/dev/null || true
firewall-cmd --permanent --remove-port=21117/tcp 2>/dev/null || true
firewall-cmd --reload 2>/dev/null || true
log "已移除 firewalld 规则"
fi
# ===== 7. 删除数据目录 =====
echo ""
echo -e "${RED}以下目录将被永久删除:${NC}"
echo " ${RUSTDESK_DATA_DIR}"
echo ""
echo -e "${YELLOW}备份目录 ${BACKUP_DIR} 不会被删除。${NC}"
echo ""
read -r -p "确认删除数据目录?输入 DELETE 确认: " confirm_delete
if [ "$confirm_delete" = "DELETE" ]; then
rm -rf "$RUSTDESK_DATA_DIR"
log "已删除: ${RUSTDESK_DATA_DIR}"
else
warn "跳过数据目录删除"
fi
# ===== 8. 删除部署目录 =====
echo ""
read -r -p "是否删除部署目录 ${SCRIPT_DIR}(y/N): " del_deploy
if [[ "$del_deploy" =~ ^[Yy]$ ]]; then
cd /opt
rm -rf "$SCRIPT_DIR"
log "已删除部署目录"
else
warn "保留部署目录: ${SCRIPT_DIR}"
fi
# ===== 完成 =====
echo ""
log "RustDesk 卸载完成"
echo ""
echo "保留的内容:"
echo " 备份目录: ${BACKUP_DIR}"

2
siyuan/docker-compose.yml
View File

@@ -16,7 +16,7 @@ services:
ports: ports:
- "127.0.0.1:6806:6806" - "127.0.0.1:6806:6806"
healthcheck: healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:6806"] test: ["CMD", "wget", "-qO", "/dev/null", "http://127.0.0.1:6806"]
interval: 30s interval: 30s
timeout: 5s timeout: 5s
retries: 3 retries: 3