Mr.Nine 的技术笔记

Appearance

Debian 服务器初始化指南

适用场景:拿到一台全新的 Debian 服务器,需要快速搭建一套常用的运维与开发环境,包括基础工具、Node.js、Python/uv、Nginx、Docker、防火墙、fail2ban,以及 Docker 镜像加速。

执行身份说明

  • 默认按 root 用户执行命令。
  • 若使用普通用户,请在 aptsystemctlufw 等命令前自行追加 sudo

阅读建议

1. 更新系统

bash
apt update && apt upgrade -y

2. 安装基础工具

bash
apt install -y \
  curl wget git vim nano \
  unzip zip tar \
  htop tree ncdu lsof \
  net-tools iproute2 dnsutils \
  ca-certificates gnupg \
  cron logrotate \
  ufw fail2ban \
  nginx \
  python3 python3-pip python3-venv

包含工具一览:

工具用途
curl / wget下载文件、测试接口
git拉取代码
vim / nano编辑文件
unzip / zip / tar压缩与解压
htop查看 CPU、内存、进程
tree查看目录结构
ncdu查看磁盘占用
lsof查看端口和文件占用
net-tools / iproute2网络工具
dnsutilsdig / nslookup
cron定时任务
logrotate日志轮转
ufw防火墙
fail2ban防 SSH 暴力破解
nginxWeb 服务与反向代理
python3 / pip / venvPython 基础环境

3. 安装 nvm 与 Node.js LTS

安装 nvm:

bash
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash

让当前 shell 立即生效:

bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"

安装 Node.js LTS:

bash
nvm install --lts
nvm use --lts
nvm alias default 'lts/*'

检查版本:

bash
node -v
npm -v

指定 Node.js 版本

若项目要求 Node.js 22,可显式安装并设为默认:

bash
nvm install 22
nvm use 22
nvm alias default 22

4. 安装 uv

uv 是 Astral 出品的高性能 Python 包/项目管理器,推荐替代 pip + venv。

安装 uv:

bash
curl -LsSf https://astral.sh/uv/install.sh | sh

让当前 shell 生效:

bash
export PATH="$HOME/.local/bin:$PATH"

检查版本:

bash
uv --version

5. 安装 Docker CE

5.1 清理可能失败的旧 Docker 源

仅在历史配置失败时执行

若之前配置过 Docker 源且失败留下了残留,先清理再继续,避免 apt update 报错。

bash
rm -f /etc/apt/sources.list.d/docker.list
rm -f /etc/apt/sources.list.d/docker.sources
rm -f /etc/apt/keyrings/docker.asc
apt update

5.2 使用腾讯云 Docker CE 镜像源(推荐)

腾讯云服务器优先使用腾讯云内网镜像源,速度最快:

bash
apt install -y ca-certificates curl gnupg

install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://mirrors.cloud.tencent.com/docker-ce/linux/debian/gpg \
  -o /etc/apt/keyrings/docker.asc

chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.cloud.tencent.com/docker-ce/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
  > /etc/apt/sources.list.d/docker.list

apt update

apt install -y docker-ce docker-ce-cli containerd.io \
  docker-buildx-plugin docker-compose-plugin

5.3 备选:清华源

适用场景

非腾讯云机器,或腾讯云源不可用时。

bash
rm -f /etc/apt/sources.list.d/docker.list
rm -f /etc/apt/keyrings/docker.asc

install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian/gpg \
  -o /etc/apt/keyrings/docker.asc

chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
  > /etc/apt/sources.list.d/docker.list

apt update

apt install -y docker-ce docker-ce-cli containerd.io \
  docker-buildx-plugin docker-compose-plugin

5.4 启动 Docker

bash
systemctl enable docker
systemctl start docker

验证安装:

bash
docker version
docker compose version
docker run hello-world

6. 启动 Nginx 与 fail2ban

bash
systemctl enable nginx
systemctl start nginx

systemctl enable fail2ban
systemctl start fail2ban

检查运行状态:

bash
systemctl status nginx
systemctl status fail2ban

7. 配置 UFW 防火墙

放行 SSH、HTTP、HTTPS:

bash
ufw allow OpenSSH
ufw allow 80/tcp
ufw allow 443/tcp

启用防火墙:

bash
ufw enable

SSH 连接会断吗?

执行后会出现以下提示:

text
Command may disrupt existing ssh connections. Proceed with operation (y|n)?

只要前面已经 ufw allow OpenSSH 或自定义端口,输入 y 即可,SSH 不会被切断。

查看状态:

bash
ufw status

正常输出应类似:

text
OpenSSH                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

自定义 SSH 端口必读

若 SSH 端口不是默认 22(例如 2222),必须先放行新端口再启用 UFW,否则会被锁在外面:

bash
ufw allow 2222/tcp

8. 配置 Docker 镜像加速

创建配置目录:

bash
mkdir -p /etc/docker

腾讯云内网加速(推荐):

bash
cat > /etc/docker/daemon.json <<'EOF'
{
  "registry-mirrors": [
    "https://mirror.ccs.tencentyun.com"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
  }
}
EOF

重启 Docker 使配置生效:

bash
systemctl daemon-reload
systemctl restart docker

验证镜像加速是否生效:

bash
docker info | grep -A 20 "Registry Mirrors"

拉取测试:

bash
docker pull nginx
docker pull hello-world
docker run hello-world

备用镜像源组合

若腾讯云镜像不可用,可改用以下组合:

bash
cat > /etc/docker/daemon.json <<'EOF'
{
  "registry-mirrors": [
    "https://mirror.ccs.tencentyun.com",
    "https://docker.m.daocloud.io"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
  }
}
EOF

systemctl daemon-reload
systemctl restart docker

9. 最终检查命令

逐项查看版本与服务:

bash
node -v
npm -v
python3 --version
uv --version
nginx -v
docker version
docker compose version
ufw status
systemctl status nginx
systemctl status docker
systemctl status fail2ban

简洁检查开机自启与运行状态:

bash
systemctl is-enabled nginx docker fail2ban
systemctl is-active  nginx docker fail2ban

正常输出应类似:

text
enabled
enabled
enabled
active
active
active

10. 一键整合脚本

执行前确认

  • 仅适用于 全新 Debian 服务器,会改写 Docker 源、UFW 规则、Docker daemon 配置。
  • 默认使用 腾讯云镜像源,非腾讯云机器请改用 §5.3 清华源 部分。
  • 自定义 SSH 端口请先在脚本中追加 ufw allow <port>/tcp 再启用 UFW。
bash
# === 1. 更新系统 + 基础工具 ===
apt update && apt upgrade -y

apt install -y \
  curl wget git vim nano \
  unzip zip tar \
  htop tree ncdu lsof \
  net-tools iproute2 dnsutils \
  ca-certificates gnupg \
  cron logrotate \
  ufw fail2ban \
  nginx \
  python3 python3-pip python3-venv

# === 2. nvm + Node.js LTS ===
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash

export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"

nvm install --lts
nvm use --lts
nvm alias default 'lts/*'

# === 3. uv ===
curl -LsSf https://astral.sh/uv/install.sh | sh
export PATH="$HOME/.local/bin:$PATH"

# === 4. Docker CE(腾讯云源)===
rm -f /etc/apt/sources.list.d/docker.list
rm -f /etc/apt/sources.list.d/docker.sources
rm -f /etc/apt/keyrings/docker.asc

install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://mirrors.cloud.tencent.com/docker-ce/linux/debian/gpg \
  -o /etc/apt/keyrings/docker.asc

chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.cloud.tencent.com/docker-ce/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
  > /etc/apt/sources.list.d/docker.list

apt update

apt install -y docker-ce docker-ce-cli containerd.io \
  docker-buildx-plugin docker-compose-plugin

# === 5. 启动核心服务 ===
systemctl enable nginx docker fail2ban
systemctl start  nginx docker fail2ban

# === 6. UFW 防火墙 ===
ufw allow OpenSSH
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

# === 7. Docker 镜像加速 ===
mkdir -p /etc/docker

cat > /etc/docker/daemon.json <<'EOF'
{
  "registry-mirrors": [
    "https://mirror.ccs.tencentyun.com"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
  }
}
EOF

systemctl daemon-reload
systemctl restart docker

# === 8. 最终检查 ===
node -v
npm -v
python3 --version
uv --version
nginx -v
docker version
docker compose version
ufw status
systemctl is-enabled nginx docker fail2ban
systemctl is-active  nginx docker fail2ban

11. 参考环境示例

某次成功部署后的实际版本,可作为对照基线:

组件版本
Node.jsv24.15.0
npm11.12.1
Python3.11.2
uv0.11.9
Nginx1.22.1
Docker Engine29.4.1
Docker Composev5.1.3
UFWactive
Nginx 服务active & enabled
Docker 服务active & enabled