#!/bin/bash
PYENVDIR=~/.pyenv/
cd $PYENVDIR/plugins/python-build/share/python-build
parse1() {
for i in *;do [ -d "$i" ]&&continue
cat $i|grep install_package
done|xargs -n 1 |grep -e http:// -e https:// |sort
}
for i in $(parse1);do t=${i%\#*};t=${t#src=};echo $t;done
編輯 /etc/systemd/network/10-eth1.link
[Match]
MACAddress=00:11:22:33:44:55
[Link]
Name=eth1
方法二 UDEV設定方式
編輯 /etc/udev/rules.d/10-rename-it.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:11:22:33:44:55", NAME="eth1"
Debian 網路命名規則通常在開機 initramfs 階段就決定,須更新 initramfs
update-initramfs -u
apt -y install scim scim-tables-zh scim-chewing
docker 安裝
# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl status docker
sudo systemctl start docker
sudo systemctl enable --now docker
安裝 Ollama
apt install -y zstd
curl -fsSL https://ollama.com/install.sh | bash
ollama --version
mv /usr/share/ollama /usr/share/ollama.bak
ln -s /home/ollama/ /usr/share/ollama
編輯 /etc/systemd/system/ollama.service 加入
[Service]
Environment="OLLAMA_HOST=0.0.0.0"
docker Open WebUI 設定
編輯 nginx.conf
server {
listen 80;
location /admin { return 403; }
location /api/v1/admin { return 403; }
location /api/v1/auth/update { return 403 "Action Denied: Profile updates are disabled."; }
location /api/v1/users { return 403 "Action Denied."; }
if ($request_method = DELETE) {
return 403 "Delete operations are strictly prohibited on this server.";
}
location /api/models {
if ($request_method = DELETE) { return 403; }
proxy_pass http://open-webui:8080;
}
location / {
proxy_pass http://open-webui:8080;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
編輯docker-compose.yml
services:
nginx-proxy:
image: nginx:alpine
container_name: nginx-proxy
ports:
- "3000:80"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- open-webui
open-webui:
image: ghcr.io/open-webui/open-webui:main
container_name: open-webui
environment:
- "WEBUI_AUTH=False"
- "OLLAMA_BASE_URL=http://host.docker.internal:11434"
- "DEFAULT_USER_ROLE=user"
- "ENABLE_ADMIN_EXPORT=False"
- "SHOW_ADMIN_DETAILS=False"
- "ENABLE_MODEL_CHANGES=False"
- "ENABLE_PERSISTENT_CONFIG=False"
- "ENABLE_COMMUNITY_SHARING=False"
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- open-webui-data:/app/backend/data
restart: always
volumes:
open-webui-data:
docker compose up -d
相關指令
docker stop open-webui
docker rm open-webui
docker volume rm open-webui
docker volume rm docker_open-webui-data
docker volume rm open-webui-data
docker stop nginx-proxy;docker rm nginx-proxy
fw eth2:192.168.119.253/24
ap eth2:192.168.119.231/24:3142
編輯 /etc/shorewall/interfaces
增加 內網介面 routeback 選項( Shorewall 會丟棄在同一個介面「進又出」的封包)
loc eth2 dhcp,routeback
編輯 /etc/shorewall/snat (偽裝來源,讓伺服器以為是「防火牆」在找它)
SNAT(192.168.119.253) 192.168.119.0/24 eth2 tcp 3142 -
編輯/etc/shoreall/rule (定義轉發:當內網存取fw ,目標轉向伺服器)
DNAT:NFLOG(4) loc loc:192.168.119.231 tcp 3142 - -
# !/bin/sh
# /root/stoplog.sh
f=stoplog$(date +%Y%m%d-%H%M%S).tar.gz
mount /dev/vda /mnt
tar czvf /mnt/archive/$f /var/log
umount /mnt
設定方式
編輯 /etc/default/local.stop
## Commands that will be executed at the beginning of shutdown
#
/root/archivelog.sh
/root/stoplog.sh
[ -f /proc/net/nf_conntrack ]&& cat /proc/net/nf_conntrack
[ -f /proc/net/ip_conntrack ]&& cat /proc/net/ip_conntrack
相關模組
nf_conntrack
ip_conntrack (2.6.24 核心之前)
查詢目前連線數:
cat /proc/sys/net/netfilter/nf_conntrack_count
查看連線數上限:
sysctl net.netfilter.nf_conntrack_max
