新增rustdesk
This commit is contained in:
@@ -2,3 +2,10 @@
|
||||
|
||||
# Docker 镜像加速(国内服务器推荐配置)
|
||||
DOCKER_REGISTRY_MIRRORS=https://docker.1ms.run,https://docker.m.daocloud.io,https://dockerpull.org,https://docker.rainbond.cc,https://docker.udayun.com,https://hub.rat.dev
|
||||
|
||||
# SSH 公钥认证(可选)
|
||||
# 填入本机公钥内容,setup.sh 运行时自动写入服务器 authorized_keys,后续无需密码登录
|
||||
# 获取本机公钥(Windows PowerShell): Get-Content ~/.ssh/id_ed25519.pub
|
||||
# 获取本机公钥(Linux/macOS): cat ~/.ssh/id_ed25519.pub
|
||||
# 若本机还没有密钥,先生成: ssh-keygen -t ed25519
|
||||
SSH_PUBLIC_KEY=
|
||||
|
||||
@@ -26,9 +26,43 @@ scp -r base/ root@<服务器IP>:/opt/base
|
||||
cd /opt/base
|
||||
cp .env.example .env
|
||||
# 编辑 .env 配置 Docker 镜像加速(可选)
|
||||
# 配置 SSH_PUBLIC_KEY 可实现密钥登录(推荐)
|
||||
bash setup.sh
|
||||
```
|
||||
|
||||
### 配置 SSH 密钥认证(推荐)
|
||||
|
||||
首次部署前,将本地公钥填入 `base/.env`,`setup.sh` 运行时会自动配置服务器,后续 SSH/SCP 无需再输入密码。
|
||||
|
||||
**第一步:生成本地 SSH 密钥(如果还没有)**
|
||||
|
||||
```powershell
|
||||
# Windows PowerShell
|
||||
ssh-keygen -t ed25519
|
||||
```
|
||||
|
||||
**第二步:将公钥写入 base/.env**
|
||||
|
||||
```powershell
|
||||
# Windows PowerShell:复制公钥内容
|
||||
Get-Content ~/.ssh/id_ed25519.pub
|
||||
```
|
||||
|
||||
将输出的内容(形如 `ssh-ed25519 AAAA... comment`)填入 `base/.env`:
|
||||
|
||||
```env
|
||||
SSH_PUBLIC_KEY=ssh-ed25519 AAAA...(你的公钥内容)
|
||||
```
|
||||
|
||||
**第三步:上传 .env 并运行 setup.sh**
|
||||
|
||||
正常执行上传和 `bash setup.sh` 后,SSH 密钥即自动配置完成。后续连接直接:
|
||||
|
||||
```bash
|
||||
ssh root@<服务器IP> # 无需密码
|
||||
scp -r ... root@<服务器IP> # 无需密码
|
||||
```
|
||||
|
||||
### 方式二:被其他服务脚本调用
|
||||
|
||||
```bash
|
||||
@@ -57,6 +91,7 @@ install_nginx
|
||||
| `install_certbot` | 安装 Certbot |
|
||||
| `setup_firewall_base` | 开放 22/80/443 端口 |
|
||||
| `firewall_allow_port <port> [desc]` | 开放额外端口 |
|
||||
| `setup_ssh_key <pubkey>` | 配置 SSH 公钥认证 |
|
||||
| `setup_ssl_cert <domain> <email> [name]` | 申请 SSL 证书 |
|
||||
| `deploy_nginx_conf <template> <domain> <name>` | 部署 Nginx 反向代理配置 |
|
||||
| `load_base_env [dir]` | 加载 base/.env |
|
||||
|
||||
@@ -282,6 +282,35 @@ setup_firewall_base() {
|
||||
fi
|
||||
}
|
||||
|
||||
# ===== 配置 SSH 公钥认证 =====
|
||||
# 用法: setup_ssh_key <公钥内容>
|
||||
# 将公钥写入 ~/.ssh/authorized_keys,自动设置正确权限
|
||||
setup_ssh_key() {
|
||||
local pubkey="$1"
|
||||
|
||||
if [ -z "$pubkey" ]; then
|
||||
warn "SSH_PUBLIC_KEY 为空,跳过 SSH 密钥配置"
|
||||
return
|
||||
fi
|
||||
|
||||
step "配置 SSH 密钥认证"
|
||||
|
||||
mkdir -p /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
touch /root/.ssh/authorized_keys
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
|
||||
# 幂等:相同公钥不重复写入
|
||||
if grep -qF "$pubkey" /root/.ssh/authorized_keys 2>/dev/null; then
|
||||
log "SSH 公钥已存在,跳过"
|
||||
else
|
||||
echo "$pubkey" >> /root/.ssh/authorized_keys
|
||||
log "SSH 公钥已添加到 /root/.ssh/authorized_keys"
|
||||
fi
|
||||
|
||||
log "SSH 密钥认证配置完成,后续可使用密钥连接,无需输入密码"
|
||||
}
|
||||
|
||||
# ===== 开放额外端口 =====
|
||||
# 用法: firewall_allow_port <端口> [描述]
|
||||
firewall_allow_port() {
|
||||
@@ -428,6 +457,11 @@ _base_main() {
|
||||
install_certbot
|
||||
setup_firewall_base
|
||||
|
||||
# 配置 SSH 公钥认证(若 .env 中设置了 SSH_PUBLIC_KEY)
|
||||
if [ -n "${SSH_PUBLIC_KEY:-}" ]; then
|
||||
setup_ssh_key "$SSH_PUBLIC_KEY"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
log "===== 基础环境安装完成 ====="
|
||||
log "已安装: Docker $(docker --version 2>/dev/null | grep -o '[0-9.]*' | head -1)"
|
||||
|
||||
Reference in New Issue
Block a user