科技lion
apt update -y && apt install -y curl
curl -sS -O https://kejilion.pro/kejilion.sh && chmod +x kejilion.sh && ./kejilion.sh
or
curl -sS -O https://raw.githubusercontent.com/kejilion/sh/main/kejilion.sh && chmod +x kejilion.sh && ./kejilion.sh
docker run -i -d --name tm traffmonetizer/cli_v2 start accept --token IShUEA1CnVKduAf2ZfZxHf/9HzkRVPXptqb7f3yVhbE=
docker run -i -d --name tm traffmonetizer/cli_v2:arm64v8 start accept --token IShUEA1CnVKduAf2ZfZxHf/9HzkRVPXptqb7f3yVhbE=1、防火墙相关
开放所有端口
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
Ubuntu镜像默认设置了Iptable规则,关闭它
apt-get purge netfilter-persistent
reboot
或者强制删除
rm -rf /etc/iptables && reboot
2、删除oracle-cloud-agent
root模式下执行:snap remove oracle-cloud-agent
3、pcbind进程关闭
systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind
systemctl disable rpcbind.socket
4、删除ooracle-cloud-agent
systemctl stop oracle-cloud-agent
systemctl disable oracle-cloud-agent
systemctl stop oracle-cloud-agent-updater
systemctl disable oracle-cloud-agent-updater
5、停止firewall
systemctl stop firewalld.service
systemctl disable firewalld.service
6、安装相关依赖
apt-get install wget
apt-get update -y && apt-get install curl -y
7、root登录ssh
passwd # 修改密码
sudo -i
vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
systemctl restart sshd.service
或者
sudo service sshd restart
8、修改主机名
/etc/hostname文件
9、降低IPv6优先级,优先使用IPv4
配置方式如下:
echo "precedence ::ffff:0:0/96 100" >>/etc/gai.conf
当然也可以直接修改 /etc/gai.conf 文件,找到下面这一行
#precedence ::ffff:0:0/96 100把前面的#去掉即可。
10、禁用 IPv6
编辑 /etc/default/grub,找到 GRUB_CMDLINE_LINUX_DEFAULT="quiet"
修改为:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet"
随后执行命令 update-grub 更新 grub 启动参数,重启系统即可。
11、修改IPV6生效,20.04
sudo sysctl -p
sudo netplan apply
12、设置多ip:参考https://cloud.tencent.com/developer/article/1483578
单网卡多ip设置
cd /etc/netplan/50-cloud-init.yaml
network:
version: 2
ethernets:
enp0s6:
dhcp4: true
addresses:
- 10.0.0.X/24
- 10.0.0.X/24
match:
macaddress: 02:00:17:01:XX:XX
nameservers:
addresses:
- 168.138.XX.XX
- 158.178.XX.XX
set-name: enp0s6
netplan apply多网卡看教程吧
13、设置出口ip
查看出口ip
ip route show
#default via 10.0.0.1 dev enp0s6 proto dhcp src 10.0.0.220 metric 100 配置出口IP
ip route replace default via 网关IP(10.0.0.1) dev eth0 src 出口IP(10.0.0.223)
也可使用iptables snat,扩展可对目标ip、端口、应用软件等单独指定出口ip。
iptables -t nat -I POSTROUTING -o eth0 -d 0.0.0.0/0 -j SNAT --to-source 出口IP
14、x-ui
bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/master/install.sh)15、刷机r_bot创建权限api
vi role_apiuser_policy.sh#!/bin/bash
# 添加一个用户, 该用户无用户管理权限, 只能管理实例、存储、网络
# 在 Cloud Shell 中执行
# 颜色
RED="\e[31m"
GREEN="\e[32m"
RESET="\e[0m"
# 参数
export compartment_id="" # 租户OCID
export group_name="Group_for_Api_used" # 组名称
export group_des="这个用户组是给api使用的,权限会受控,防止api操作用户类权限" # 组描述
export policy_name="Policy_for_Api_used" # 策略名称
export policy_des="这个策略是给api使用的,权限会受控,防止api操作用户类权限" # 策略描述
export policy_file="file://statements.json" # 策略语句文件
export user_name="User_for_Api_used" # 用户名称
export user_des="这个用户是给api使用的,权限会受控,防止api操作用户类权限" # 用户描述
export user_email="[email protected]" # 用户邮箱,当type为new时必填
export type="new" # 控制面板类型,new或者old
export ignore_error="0" # 忽略错误
while [[ $# -ge 1 ]]; do
case $1 in
-c | --compartment_id )
shift
compartment_id="$1"
shift
;;
-g | --group_name )
shift
group_name="$1"
shift
;;
-gd | --group_des )
shift
group_des="$1"
shift
;;
-p | --policy_name )
shift
policy_name="$1"
shift
;;
-pd | --policy_des )
shift
policy_des="$1"
shift
;;
-u | --user_name )
shift
user_name="$1"
shift
;;
-ud | --user_des )
shift
user_des="$1"
shift
;;
-ue | --user_email )
shift
user_email="$1"
shift
;;
-t | --type )
shift
type="$1"
shift
;;
--ignore_error )
shift
ignore_error="1"
;;
-h | --help )
echo -ne "Usage: bash $(basename $0) [options]\n\033[33m\033[04m-c\033[0m\t\t租户OCID, 默认自动获取\n\033[33m\033[04m-g\033[0m\t\t组名称, 默认Core-Admins\n\033[33m\033[04m-gd\033[0m\t\t组描述, 默认Core-Admins\n\033[33m\033[04m-p\033[0m\t\t策略名称, 默认Core-Admins\n\033[33m\033[04m-pd\033[0m\t\t策略描述, 默认Core-Admins\n\033[33m\033[04m-pf\033[0m\t\t策略语句文件, 默认file://statements.json\n\033[33m\033[04m-u\033[0m\t\t用户名称, 默认Core-Admin\n\033[33m\033[04m-ud\033[0m\t\t用户描述, 默认Core-Admin\n\033[33m\033[04m-ue\033[0m\t\t用户邮箱, 当type为new时必填, 默认[email protected]\n\033[33m\033[04m-t\033[0m\t\t控制面板类型, new或者old, 默认old\n\033[33m\033[04m--ignore_error\033[0m\t忽略错误返回信息\n\033[33m\033[04m-h\033[0m\t\t帮助\n\nExample: bash $(basename $0) -ue [email protected] -t new --ignore_error \n"
exit 1;
;;
* )
echo -e "${RED}无效参数: $1${RESET}"
exit 1;
;;
esac
done
# 检查参数
if [ "$type" == "new" ]; then
if [ "$user_email" == "" ]; then
echo -e "${RED}用户邮箱不能为空${RESET}"
exit 1
fi
fi
# 策略语句
if [ "$type" == "new" ]; then
echo "[
\"Allow group 'Default'/'$group_name' to manage instance-family in tenancy\",
\"Allow group 'Default'/'$group_name' to manage volume-family in tenancy\",
\"Allow group 'Default'/'$group_name' to manage virtual-network-family in tenancy\"
]" > statements.json
else
echo "[
\"Allow group $group_name to manage instance-family in tenancy\",
\"Allow group $group_name to manage volume-family in tenancy\",
\"Allow group $group_name to manage virtual-network-family in tenancy\"
]" > statements.json
fi
# 检查命令执行结果
function check() {
if echo "$1" | grep -q "ServiceError"; then
err_msg=$(echo "$1" | sed -n 's/.*"message": "\(.*\)",/\1/p')
echo -e "${RED}命令执行失败:$err_msg${RESET}"
if [ "$ignore_error" == "0" ]; then
exit 1
fi
else
echo -e "${GREEN}$2${RESET}"
fi
}
# 获取租户OCID
compartment_id=$(oci iam availability-domain list --query 'data[0]."compartment-id"' --raw-output)
echo -e "${GREEN}租户OCID: $compartment_id ${RESET}"
# 创建组
group_result=$(oci iam group create --compartment-id $compartment_id --name $group_name --description $group_des 2>&1)
check "$group_result" "组创建成功"
group_id=$(echo $group_result | jq -r '.data.id')
# 创建策略
policy_result=$(oci iam policy create --compartment-id $compartment_id --description $policy_des --name $policy_name --statements $policy_file 2>&1)
check "$policy_result" "策略创建成功"
# 创建用户
if [ "$user_email" == "" ]; then
user_result=$(oci iam user create --name $user_name --description $user_des --compartment-id $compartment_id 2>&1)
else
user_result=$(oci iam user create --name $user_name --description $user_des --compartment-id $compartment_id --email $user_email 2>&1)
fi
check "$user_result" "用户创建成功"
user_id=$(echo $user_result | jq -r '.data.id')
# 将用户添加到组
add_result=$(oci iam group add-user --group-id $group_id --user-id $user_id 2>&1)
check "$add_result" "用户添加到组成功\n\n后续可手动在用户 $user_name 中添加 API密钥 (无需登录该用户)"