1507 字
8 分钟
VPS服务器部署与运维完全指南
2025-09-17
运维部署
VPS
/
服务器
/
部署
/
运维
/
Linux
/
Nginx

VPS服务器部署与运维完全指南#

作为一名开发者,掌握VPS服务器的部署和运维是必备技能。本文将从选购VPS开始,全面介绍服务器的部署、配置、优化和维护技巧。

1. VPS选购指南#

主流VPS服务商对比#

服务商优势缺点适用场景
DigitalOcean简单易用,文档丰富价格较高新手学习,小型项目
Vultr性能稳定,全球节点多支持不够完善生产环境,全球部署
Linode性能优秀,稳定性好价格偏高企业级应用
阿里云国内访问快,服务完善配置复杂国内业务
腾讯云价格优惠,生态丰富性能一般初学者,个人项目

配置选择建议#

Terminal window
# 入门配置(个人博客、小型网站)
CPU: 1核
RAM: 1GB
存储: 25GB SSD
流量: 1TB/月


# 进阶配置(中型应用)
CPU: 2核
RAM: 4GB
存储: 80GB SSD
流量: 4TB/月


# 高级配置(生产环境)
CPU: 4核
RAM: 8GB
存储: 160GB SSD
流量: 5TB/月

2. 服务器初始化配置#

系统更新和基础软件安装#

Terminal window
# Ubuntu/Debian 系统
sudo apt update && sudo apt upgrade -y
sudo apt install -y curl wget git vim htop unzip


# CentOS/RHEL 系统
sudo yum update -y
sudo yum install -y curl wget git vim htop unzip epel-release

创建新用户和配置 SSH#

Terminal window
# 创建新用户
sudo useradd -m -s /bin/bash username
sudo usermod -aG sudo username
sudo passwd username


# 配置 SSH 密钥登录
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"


# 将公钥复制到服务器
mkdir -p ~/.ssh
echo "your_public_key" >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

SSH 安全配置#

Terminal window
# 编辑 SSH 配置文件
sudo vim /etc/ssh/sshd_config


# 修改以下配置
Port 2222                    # 修改默认端口
PermitRootLogin no           # 禁止 root 登录
PasswordAuthentication no    # 禁用密码登录
PubkeyAuthentication yes     # 启用密钥登录
MaxAuthTries 3              # 限制登录尝试次数


# 重启 SSH 服务
sudo systemctl restart sshd

防火墙配置#

Terminal window
# 使用 UFW (Ubuntu)
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp    # SSH 端口
sudo ufw allow 80/tcp      # HTTP
sudo ufw allow 443/tcp     # HTTPS


# 使用 firewalld (CentOS)
sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

3. Web 服务器部署#

Nginx 安装和配置#

Terminal window
# 安装 Nginx
sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx


# 创建网站配置
sudo vim /etc/nginx/sites-available/example.com

Nginx 配置示例:

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com;
    index index.html index.php;


    # 日志配置
    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;


    # Gzip 压缩
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


    # 静态文件缓存
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }


    # PHP 支持
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }


    # 禁止访问隐藏文件
    location ~ /\. {
        deny all;
    }
}

SSL 证书配置(Let’s Encrypt)#

Terminal window
# 安装 Certbot
sudo apt install certbot python3-certbot-nginx -y


# 获取证书
sudo certbot --nginx -d example.com -d www.example.com


# 设置自动续签
sudo crontab -e
# 添加以下内容
0 12 * * * /usr/bin/certbot renew --quiet

Docker 安装和使用#

Terminal window
# 安装 Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER


# 安装 Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Docker Compose 示例:

docker-compose.yml
version: '3.8'
services:
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./html:/usr/share/nginx/html
      - ./ssl:/etc/nginx/ssl
    restart: unless-stopped


  app:
    build: .
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
    volumes:
      - ./app:/usr/src/app
    restart: unless-stopped


  database:
    image: postgres:13
    environment:
      POSTGRES_DB: myapp
      POSTGRES_USER: user
      POSTGRES_PASSWORD: password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped


volumes:
  postgres_data:

4. 数据库部署#

MySQL/MariaDB 安装和配置#

Terminal window
# 安装 MySQL
sudo apt install mysql-server -y
sudo mysql_secure_installation


# 创建数据库和用户
sudo mysql -u root -p


CREATE DATABASE myapp;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON myapp.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Redis 安装和配置#

Terminal window
# 安装 Redis
sudo apt install redis-server -y


# 配置 Redis
sudo vim /etc/redis/redis.conf


# 修改以下配置
requirepass your_strong_password
maxmemory 256mb
maxmemory-policy allkeys-lru


# 重启 Redis
sudo systemctl restart redis-server

5. 监控和日志管理#

系统监控脚本#

#!/bin/bash
# monitor.sh - 系统监控脚本


LOGFILE="/var/log/system-monitor.log"
DATE=$(date '+%Y-%m-%d %H:%M:%S')


# CPU 使用率
CPU_USAGE=$(top -bn1 | grep "Cpu(s)" | awk '{print $2}' | cut -d'%' -f1)


# 内存使用率
MEM_USAGE=$(free | grep Mem | awk '{printf("%.2f", $3/$2 * 100.0)}')


# 磁盘使用率
DISK_USAGE=$(df -h / | awk 'NR==2 {print $5}' | cut -d'%' -f1)


# 记录日志
echo "$DATE - CPU: ${CPU_USAGE}%, Memory: ${MEM_USAGE}%, Disk: ${DISK_USAGE}%" >> $LOGFILE


# 报警检查
if (( $(echo "$CPU_USAGE > 80" | bc -l) )); then
    echo "$DATE - WARNING: High CPU usage: ${CPU_USAGE}%" >> $LOGFILE
fi


if (( $(echo "$MEM_USAGE > 80" | bc -l) )); then
    echo "$DATE - WARNING: High Memory usage: ${MEM_USAGE}%" >> $LOGFILE
fi


if [ $DISK_USAGE -gt 80 ]; then
    echo "$DATE - WARNING: High Disk usage: ${DISK_USAGE}%" >> $LOGFILE
fi

日志轮转配置#

/etc/logrotate.d/custom-logs
/var/log/system-monitor.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 644 root root
}

使用 Grafana + Prometheus 监控#

monitoring/docker-compose.yml
version: '3.8'
services:
  prometheus:
    image: prom/prometheus
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'


  grafana:
    image: grafana/grafana
    ports:
      - "3000:3000"
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin123
    volumes:
      - grafana_data:/var/lib/grafana


  node_exporter:
    image: prom/node-exporter
    ports:
      - "9100:9100"
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($$|/)'


volumes:
  prometheus_data:
  grafana_data:

6. 安全加固#

Fail2ban 配置#

Terminal window
# 安装 Fail2ban
sudo apt install fail2ban -y


# 配置 Fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vim /etc/fail2ban/jail.local


# 修改配置
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3


[sshd]
enabled = true
port = 2222


[nginx-http-auth]
enabled = true


# 启动服务
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

定期安全更新#

auto-update.sh
# 创建自动更新脚本
#!/bin/bash
echo "Starting system update at $(date)"


# 更新系统
apt update && apt upgrade -y


# 清理旧包
apt autoremove -y
apt autoclean


# 检查是否需要重启
if [ -f /var/run/reboot-required ]; then
    echo "Reboot required, scheduling reboot in 2 minutes"
    shutdown -r +2
fi


echo "System update completed at $(date)"

7. 性能优化#

系统参数优化#

Terminal window
# /etc/sysctl.conf 优化
vm.swappiness=10
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 65536 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_congestion_control=bbr


# 应用配置
sudo sysctl -p

Nginx 性能优化#

/etc/nginx/nginx.conf
worker_processes auto;
worker_connections 1024;


http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;


    # 缓存配置
    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;


    # Gzip 压缩
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/javascript
        application/xml+rss
        application/json;
}

总结#

VPS 服务器运维的关键点:

  1. 安全第一:定期更新、强密码、防火墙配置
  2. 监控重要:实时监控系统状态和性能指标
  3. 备份必须:定期备份数据和配置文件
  4. 优化持续:根据实际使用情况调优参数
  5. 文档完善:记录所有配置和操作步骤

掌握这些技能,能够帮助您构建稳定、安全、高效的服务器环境。

VPS服务器部署与运维完全指南
https://fuwari.vercel.app/posts/vps服务器部署与运维完全指南/
作者
MuHan
发布于
2025-09-17
许可协议
CC BY-NC-SA 4.0
Python后端开发最佳实践与常用框架对比
Go语言并发编程实战指南
© 2025 MuHan. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari