晚上打开博客发现挂掉了,SSH 也连不上,简单排查发现是内部就连不上外网,CloudCone 这个老服务器实例又双叒叕翻车了。我用了上午做的完整备份,直接在另外一个服务器部署了上去,Caddy 配置就是简单,似乎一点问题都没有。
rclone copy -P remote:文件夹 本地路径
tar -xzf filename.tar.gz另外去给机器升级了下软件包和内核,升级过程中再次遇到 SSHD 的问题,提示:
Configuring openssh-server
--------------------------
A new version (/tmp/tmp.WU6Ix38YKw) of configuration file /etc/ssh/sshd_config is available, but the version installed currently
has been locally modified.
1. install the package maintainer's version 5. show a 3-way difference between available versions
2. keep the local version currently installed 6. do a 3-way merge between available versions
3. show the differences between the versions 7. start a new shell to examine the situation
4. show a side-by-side difference between the versions
What do you want to do about modified configuration file sshd_config?我选择 1 覆盖到最新版本,之后重启系统,用了服务商的后台重新修改配置,再次重启解决。
之后是 pm2 的状态丢失问题,重启之后都会丢失。平时修改维护需要 pm2 save 保存进程,执行 pm2 startup 生成开机脚本,它会自动创建过去,重启系统后它将会自动以服务形式启动。如果依旧想手动启动,则是执行 pm2 resurrect 命令读取上面 pm2 save 保存的状态。
最后是升级内核,提示报错,问了下 ChatGPT 说是我的 APT 软件源签名密钥过期了。
Get: 1 https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version InRelease [14.8kB]
Err https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version InRelease
The following signatures were invalid: EXPKEYSIG ABA1F9B8875A6661 Caddy Web Server <[email protected]›解决办法:
# 删除旧的 Key
sudo rm -f /usr/share/keyrings/caddy-stable-archive-keyring.gpg
sudo rm -f /etc/apt/sources.list.d/caddy-stable.list
# 获取新的 Key(来自官方脚本)
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
sudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list
# 更新 APT 源
sudo apt update
# 更新 Caddy
sudo apt upgrade此时应该就修复这个错误了,继续执行 do-release-upgrade 命令,出现报错:
Not enough free disk space
The upgrade has aborted. The upgrade needs a total of 257 M free
space on disk '/boot'. Please free at least an additional 100 M of
disk space on '/boot'. You can remove old kernels using 'sudo apt
autoremove' and you could also set COMPRESS=xZ in
/etc/initramfs-tools/initramfs.conf to reduce the size of your
initramfs.执行 sudo apt autoremove 之后确实删除了一些旧的内核文件。重试继续后出现警告说明,大概原因是升级内核的时候会临时禁用第三方源。
Checking for installed snaps
Calculating snap size requirements
Updating repository information
Third party sources disabled
Some third party entries in your sources.list were disabled. You can
re-enable them after the upgrade with the
'software-properties' tool
or your package manager.
To continue please press [ENTER]升级完成后 vim /etc/sysctl.conf 手动进入修改,对比后仅保留最后面的配置项
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
###################################################################
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
-#net.ipv6.conf.all.accept_redirects = 0
+#net.ipv4.conf.default.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
-# Do not accept IP source route packets (we are not a router)
-#net.ipv4.conf.all.accept_source_route = 0
-#net.ipv6.conf.all.accept_source_route = 0
-#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
-net.ipv4.neigh.default.base_reachable_time_ms = 600000
-net.ipv4.neigh.eth1.delay_first_probe_time = 1
-net.ipv4.neigh.default.mcast_solicit = 20
-net.ipv4.neigh.default.retrans_time_ms = 250
-net.ipv4.conf.all.rp_filter=0
-net.ipv4.conf.eth0.rp_filter=0
-net.ipv4.conf.eth1.rp_filter=0
-net.core.default_qdisc=fq
-net.ipv4.tcp_congestion_control=bbr
-net.ipv4.tcp_fastopen=3