debian11配置优化

1)更新升级系统
apt update
apt upgrade

2)设置apt源为国内地址，将配置文件vim /etc/apt/sources.list替换为下面的内容
deb https://mirrors.163.com/debian/ bullseye main non-free contrib
deb-src https://mirrors.163.com/debian/ bullseye main non-free contrib
deb https://mirrors.163.com/debian-security/ bullseye-security main
deb-src https://mirrors.163.com/debian-security/ bullseye-security main
deb https://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb-src https://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb https://mirrors.163.com/debian/ bullseye-backports main non-free contrib
deb-src https://mirrors.163.com/debian/ bullseye-backports main non-free contrib

修改之后再运行更新索引
apt update

3)安装软件
apt-get install lrzsz chrony sysstat lsof wget tree vim zip unzip iftop net-tools htop dos2unix -y

#启动并开机启动chrony
systemctl enable chronyd.service
systemctl restart chronyd.service
systemctl status chronyd.service

4)增加8Gswap
fallocate -l 8G /opt/swapfile

chmod 600 /opt/swapfile
mkswap /opt/swapfile
swapon /opt/swapfile
echo "/opt/swapfile swap swap defaults 0 0" | tee -a /etc/fstab

5)设置时区
timedatectl set-timezone Asia/Shanghai


6)允许root使用ssh登陆

Port 22
PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords no

7)设置国内DNS
cat >>/etc/resolv.conf<<EOF
nameserver 114.114.114.114
nameserver 8.8.8.8
EOF

8)网卡的配置文件
root@10-10-20-200:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens192
iface ens192 inet static
        address 10.10.20.200/24
        gateway 10.10.20.1
        dns-nameservers 114.114.114.114 8.8.8.8


9)优化系统资源限制
echo 'fs.file-max = 65535' | tee -a /etc/sysctl.conf
sysctl -p

tee -a /etc/security/limits.conf << EOF
*               hard    nofile          65535
*               soft    nofile          65535
root            hard    nofile          65535
root            soft    nofile          65535
*               soft    nproc           65535
*               hard    nproc           65535
root            soft    nproc           65535
root            hard    nproc           65535
*               soft    core            unlimited
*               hard    core            unlimited
root            soft    core            unlimited
root            hard    core            unlimited
EOF

cd /etc/systemd/
#grep -rn -F "DefaultLimitNOFILE"
sed -i '/DefaultLimitNOFILE/c DefaultLimitNOFILE=65535' /etc/systemd/*.conf
systemctl daemon-reexec

10)优化内核
cat >/etc/sysctl.conf <> /etc/sudoers


12)安装docker
1、卸载原有docker
apt-get remove docker docker-engine docker.io containerd
rm -rf /var/lib/docker
rm -rf /var/lib/containerd

2、安装依赖包
apt-get install apt-transport-https ca-certificates curl gnupg lsb-release

3、添加软件源的GPG密钥
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

4、添加阿里源(optional)
echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian \
  $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

5、安装docker
apt-get update
apt-get -y install docker-ce docker-ce-cli containerd.io
apt-get -y install docker-ce=5:20.10.17~3-0~debian-bullseye docker-ce-cli=5:20.10.17~3-0~debian-bullseye containerd.io

6、启动服务
systemctl enable docker
sudo systemctl start docker

7、优化docker配置
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://yeuphhaz.mirror.aliyuncs.com"],
"log-driver": "json-file",
"log-opts": {
    "max-size": "50m",
    "max-file": "3"
    }
}

8、重启服务
systemctl daemon-reload
systemctl restart docker


13)配置rc.local
echo "#!/bin/bash" >>/etc/rc.local
chmod u+x /etc/rc.local

vim /etc/systemd/system/rc-local.service
[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

#重启rc.local
systemctl daemon-reload
systemctl start rc-local
systemctl status rc-local

14)mysql客户端
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29

vim /etc/apt/sources.list.d/mysqlclient.list
deb http://repo.mysql.com/apt/debian/ bullseye mysql-apt-config
deb http://repo.mysql.com/apt/debian/ bullseye mysql-8.0
deb http://repo.mysql.com/apt/debian/ bullseye mysql-tools 

apt-get update

15)切换dash为bash
rm /bin/sh
ln -s  /bin/bash /bin/sh

16)新增Python3软连接
ln -s /usr/bin/python3 /usr/bin/python


17)显示时间为24小时制,修改这一行内容
vim /usr/share/i18n/locales/en_US
   date_fmt "%a %d %b %Y %H:%M:%S %Z"

#执行
locale-gen