document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-21 02:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #25051 from hwlife/master

Browse Source 
译文提交
This commit is contained in:
Xingyu.Wang 2022-03-28 06:41:12 +08:00 committed by GitHub
commit 1cb2bf547b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 327 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

256
sources/tech/20210118 Set up a minimal server on a Raspberry Pi.md
View File

@ -1,256 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (hwlife )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Set up a minimal server on a Raspberry Pi)
[#]: via: (https://opensource.com/article/21/1/minimal-server-raspberry-pi)
[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss)
Set up a minimal server on a Raspberry Pi
======
Don't decommission that old Raspberry Pi just yet! This step-by-step
guide shows how I set up my Raspberry Pi with the most minimal
configuration to conserve precious system resources.
![Raspberry Pi board Model B][1]
Recently, the microSD (secure digital) card in my [Raspberry Pi][2] stopped working. It had been in constant use as a server for almost two years, and this provided a good opportunity to start fresh and correct a few problems. After its initial installation, it began experiencing disk problems and the official Raspberry Pi operating system (OS) received a significant update (and was renamed from Raspbian to Raspberry Pi OS). So I acquired a new microSD card and preceded to rebuild.
Although this Raspberry Pi 3 Model B isn't the latest hardware, it is still adequate for running a minimal server for various services. I think my original installation used the full operating system image that includes the graphical user interface and a lot of other software packages unnecessary for my needs.
This step-by-step guide shows how I set up my Raspberry Pi with the most minimal configuration to conserve precious system resources.
### Get started
To begin, create a new operating system drive for the Pi. This requires two things: an OS image file and a microSD card.
#### Download the Raspberry Pi OS image file
While several operating systems are available, I chose to stick to the officially supported OS.
The first step is to download the newest OS image file from the official [Raspberry Pi OS][3] site to a computer you can use to write to a microSD card. Three different images are offered, and I chose the Raspberry Pi OS Lite. It is the smallest OS and includes only the essential files required for a base OS, so it will consume the least amount of disk space and system RAM. (When I downloaded the OS, the release date was August 20, 2020, but it has been updated since then. I do not expect any major differences, but as always, I recommend reading the release notes.)
#### Write the OS to the microSD Card
The second step is to write the downloaded OS image file to the microSD card. My card was used previously, and when I inserted it into my Linux desktop, it automatically mounted its two existing partitions. I couldn't write the image until I unmounted these partitions. To do so, I had to determine their path with the `lsblk` command, which identified the device as `/dev/mmcblk0`:
```
`# lsblk -p`
```
I then unmounted the partitions with the `umount` command:
```
# umount /dev/mmcblk0p2
# umount /dev/mmcblk0p1
```
Once the partitions are unmounted, write the image file to the microSD card. Although there are many graphical image-writing tools available, I used the venerable `dd` command:
```
`# dd bs=4M if=/home/alan/Downloads/raspios/2020-08-20-raspios-buster-armhf-lite.img of=/dev/mmcblk0 status=progress conv=fsync`
```
#### Boot the Pi
You just need a monitor, keyboard, and power adapter to access the Raspberry Pi. I also have an Ethernet cable for network connectivity, which I prefer over wireless—especially for a dedicated server.
Insert the microSD card and power on the Pi. Once it boots, log in with the default credentials: user `pi` and password `raspberry`.
### Configure the OS
Take the following steps to minimize your installation, disk space, and memory usage as much as possible. I recommend spending time to research each configuration to be as correct as possible. There are often several ways to apply a configuration, and configuration files and directives can be deprecated. Always review a product's documentation to ensure you're not applying an outdated configuration.
#### Run raspi-config
The main configuration program in Raspberry Pi OS is called raspi-config. Run it immediately after logging in:
```
`# raspi-config`
```
![Raspberry Pi config main window][4]
It presents an option to expand the root filesystem to use all of the available space on the microSD card. After taking this option, reboot and log in again.
Verify that the card's full capacity is being used with the `df` command:
```
`# df -h`
```
If you need to configure other options, run `raspi-config` again. Some of these will vary according to your requirements or preferences. Go through all of them just to be sure you don't miss anything. I recommend the following changes for best performance. (I will skip the sections where I did not make any changes.)
* **System options:** You can set the hostname, preferably using a fully qualified domain name (FQDN). You can also change your password here, which is always highly recommended.
* **Interface options:** Enable SSH.
* **Performance options:** Reduce GPU memory to the lowest setting (16MB).
* **Localization options:** Choose your time zone, location, and keyboard type.
* **Advanced options:** This section contains the Expand Filesystem option to expand the root filesystem. If you didn't do this above, be sure to do it here so that you have access to all storage available on the microSD card.
* **Update:** Entering the Update section immediately checks for an update to the raspi-config tool. If an update is available, it will be downloaded and applied. Otherwise, raspi-config will re-launch after a few seconds.
Once you complete these configurations in raspi-config, select **Finish** to exit the tool.
#### Manual configurations
There are several other changes that I recommend. They are all manual changes that require editing certain configuration files.
##### Configure static IP
Generally, it is best to configure a server with a static IP address. To configure the IP and your default gateway (router) and domain name service (DNS) addresses, begin by identifying the network interface device with the `ip` command:
```
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether b8:27:eb:48:3f:46 brd ff:ff:ff:ff:ff:ff
```
You also need to know the IP address of your default gateway and one or more DNS servers. Add this information to the file `/etc/dhcpcd.conf` (_I strongly suggest making a backup of this file before making changes)_:
```
# cd /etc
# cp -a dhcpcd.conf dhcpcd.conf.original
```
Edit the file as shown:
```
# vi dhcpcd.conf
# static IP configuration:
interface eth0
static ip_address=192.168.1.5/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.3 192.168.1.4
```
##### Disable IPv6
Unless you specifically need to use IPv6, you might prefer to disable it. Do this by creating two new files that include a one-line directive instructing the Linux kernel not to use IPv6.
First, create the file `/etc/sysctl.d/disable-ipv6.conf` with the line
`net.ipv6.conf.all.disable_ipv6 = 1`:
```
# cd /etc/sysctl.d
# echo "net.ipv6.conf.all.disable_ipv6 = 1" > disable-ipv6.conf
```
Then create the file `/etc/modprobe.d/blacklist-ipv6.conf` with the line `blacklist ipv6`:
```
# cd /etc/modprobe.d
# echo "blacklist ipv6" > blacklist-ipv6.conf
```
##### Disable WiFi, Bluetooth, and audio
My server's specific purpose will not need Bluetooth or audio. Also, since it's connected with Ethernet, it will not use wireless (WiFi). Unless you plan to use them, disable them with the following steps.
Make the following changes to the file `/boot/config.txt` _(again, I suggest making a backup of this file)_:
```
# cd /boot
# cp -a config.txt config.txt.original
```
Add the following two directives to the bottom of the file to disable Bluetooth and WiFi:
* `dtoverlay=disable-bt`
* `dtoverlay=disable-wifi`
These echo commands will do the trick:
```
# cd /boot
# echo "dtoverlay=disable-bt" >> config.txt
# echo "dtoverlay=disable-wifi" >> config.txt
```
To disable audio, change the parameter `dtparam=audio` to `off`. You can do this with a short `sed` command:
```
`# sed -i '/dtparam=audio/c dtparam=audio=off' config.txt`
```
The last step is to disable the WiFi service. Use the `systemctl mask` command:
```
`systemctl mask wpa_supplicant.service`
```
You can disable a couple of other services if you won't need them:
* **Disable modem service:** [code]`systemctl disable hciuart`
```
* **Disable Avahi-daemon:** [code]`systemctl disable avahi-daemon.service`
```
### Final steps
* **Check your memory usage:** [code]`# free -h`[/code] I was astonished: My OS only uses 30MB of RAM.
* **Create personal accounts:** It is advisable to create user accounts for any individuals who will log into this server. You can assign them to the sudo group to allow them to issue administrative commands. For example, to give a user named George an account: [code] # adduser george
# usermod -a -G adm,sudo,users george
```
* **Get updates:** This is an important step. Apply updates to get the latest fixes to the Raspberry Pi OS: [code] # apt update
# apt full-upgrade
```
* **Reboot:** It's a good idea to reboot your new server: [code]`# systemctl reboot`
```
* **Install Cockpit:** You can install [Cockpit][5], also known as the Linux Web Console, on Raspberry Pi OS. It provides an HTML-based interface for managing and monitoring your server remotely. I recently wrote about [getting started with Cockpit][6]. Install it with: [code]`# apt install cockpit`
```
Now my Raspberry Pi is ready to host a server. I could use it for a [web server][7], a [VPN server][8], a game server such as [Minetest][9], or (as I did) an [ad blocker based on Pi-Hole][10].
### Keep old hardware alive
Regardless of what hardware you have available, carefully minimizing and controlling your operating system and packages can keep your resource usage low so that you can get the most out of it. This also improves security by reducing the number of services and packages available to would-be mal-actors trying to exploit a vulnerability.
So, before you decommission older hardware, consider all the possibilities for how it can continue to be used.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/minimal-server-raspberry-pi
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/RaspberryPi.SUNY_.jpg?itok=uS_-VUcb (Raspberry Pi board Model B)
[2]: https://opensource.com/resources/raspberry-pi
[3]: https://www.raspberrypi.org/software/operating-systems
[4]: https://opensource.com/sites/default/files/uploads/raspi-config-main.png (Raspberry Pi config main window)
[5]: https://cockpit-project.org/
[6]: https://opensource.com/article/20/11/cockpit-server-management
[7]: https://opensource.com/article/17/3/building-personal-web-server-raspberry-pi-3
[8]: https://opensource.com/article/19/6/raspberry-pi-vpn-server
[9]: https://github.com/minetest
[10]: https://opensource.com/article/18/2/block-ads-raspberry-pi

327
translated/tech/20210118 Set up a minimal server on a Raspberry Pi.md Normal file
View File

@ -0,0 +1,327 @@
[#]: collector: (lujun9972)
[#]: translator: (hwlife )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Set up a minimal server on a Raspberry Pi)
[#]: via: (https://opensource.com/article/21/1/minimal-server-raspberry-pi)
[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss)
在树莓派上创建一个最小化的服务器
======
不要舍弃旧配置的树莓派,这个详细步骤的指南展示了我怎样用最小化设置来充分利用我珍贵的树莓派系统资源。
![Raspberry Pi board Model B][1]
最近,在我的 [树莓派][2]上的储存卡不工作了。它已经作为服务器持续使用将近两年了这为我提供了一个开始探索和修正问题的好机会。在初始化安装完成以后它开始表现出一些磁盘方面的问题并且官方树莓派操作系统发布了一个有重大意义的更新Raspbian更名为Raspberr Pi OS。所以我买了一个新的储存卡并开始重装。
尽管树莓派3B不是最新的硬件但它对运行最小化的服务器提供多样化服务还是足够的。我认为我之前的安装用了完整安装镜像包括图形用户界面和许多其他的软件包是没有必要的。
这个详细步骤的指南展示了我怎样用最小化设置来充分利用我珍贵的树莓派系统资源。
### 开始
开始,要为树莓派创建一个新的系统分区。这要求两件事:系统镜像文件和储存卡。
#### 下载树莓派系统镜像文件
当有好几种操作系统可用的时候,我选择坚持树莓派官方支持的系统。
第一步是从[Raspberry Pi OS][3]官方网站上下载最新的系统镜像文件到计算机让后写入储存卡。有三个不同的镜像被提供我选择树莓派精简版。它是最小化的操作系统只包含必要的文件为基本系统所以它将占用最少的磁盘空间和系统内存。当我下载系统的时候发布日期是2020年8月20日但是它已经被更新到最新。我不期望有什么巨大不同但是我建议读一下发行说明。
#### 写树莓派系统镜像到储存卡
第二步是写下载的系统镜像到储存卡。我的卡之前用过当我把它插入我的Linux桌面之后它自动加载了两个存在的分区。我不能写入镜像直到我卸载了这两个分区。
我不得不用`lsblk`命令来证实`/dev/mmcblk0`设备文件的路径:
```
`# lsblk -p`
```
我用`umount`命令卸载了这两个分区:
```
# umount /dev/mmcblk0p2
# umount /dev/mmcblk0p1
```
一旦分区被卸载,就可以将镜像文件写入到储存卡了。尽管有许多图形化工具,我还是习惯是用 `dd`命令:
```
`# dd bs=4M if=/home/alan/Downloads/raspios/2020-08-20-raspios-buster-armhf-lite.img of=/dev/mmcblk0 status=progress conv=fsync`
```
#### 启动树莓派
你只需要一个显示器,键盘,电源适配器来使用树莓派。我也有一个以太网口用网络连接,不过我更喜欢通过无线网络来搭建一个专用的服务器。
插入储存卡并打开电源。一旦成功启用,用默认的缺省密码来进行登录:用户名 `pi` and 密码`raspberry`。
### 系统设置
按照以下步骤尽可能最小化设置磁盘空间,内存使用等。我建议花时间尽可能正确的研究每个配置。通常有几种应用配置的方法,有些配置文件和目录可能会被丢弃,所以要查看产品文档确保你没有应用过时的配置。
#### 运行 raspi-config
在树莓派系统上这个主设置程序叫做raspi-config。登录以后立即运行它
```
`# raspi-config`
```
![Raspberry Pi config main window][4]
它出现一个选项来扩展根文件系统用来利用储存卡上所有可利用的空间。选择这个选项之后,重启并重新登录。
`df`命令来验证储存卡的总容量是否被完全使用:
```
`# df -h`
```
如果你需要设置其他选项,请再次运行`raspi-config`。它们中的一些选项可以根据你的偏好和配置进行变化。通过设置整个选项确定没有丢失之后,我建议按照以下变化调整最优性能。(我忽略了一些我们有做任何变化的选项。)
* **System options:** 你能设置主机名,最好使用完全限定的域名(FQDN)是强烈建议的。你也能在这里更改你的密码。
* **Interface options:** 开启SSH服务。
* **Performance options:** 减少GPU内存到最低设 (16MB
* **Localization options:** 选择你的时区,位置,键盘类型。
* **Advanced options:** 这个选项包括扩展根文件系统的扩展文件系统选项。如果你还没有扩展,去确定将所有可用空间扩展到储存卡上。
* **Update:** 立即进入更新选项来更新raspi-config工具。如果更新可用它将被下载并应用否则raspi-config将会在几秒钟重启。
一旦你在raspi-config中完成这些配置选择**完成**退出工具.
#### 手动配置
我建议有几个其他的更改。他们全都是要求编辑某种配置文件来手动更改设置的。
##### 设置静态ip地址
一般来说用静态ip地址设置服务器是最好不过的了。通过 `ip`命令来验证网络接口并设置ip地址和你的缺省网关路由和域名服务DNS地址
```
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether b8:27:eb:48:3f:46 brd ff:ff:ff:ff:ff:ff
```
你也有必要知道你的缺省网关和更多的DNS服务器地址。加入这些信息到`/etc/dhcpcd.conf`这个配置文件中(我强烈建议更改之前对这个文件做一个备份):
```
# cd /etc
# cp -a dhcpcd.conf dhcpcd.conf.original
```
按照以下来编辑文件:
```
# vi dhcpcd.conf
# static IP configuration:
interface eth0
static ip_address=192.168.1.5/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.3 192.168.1.4
```
##### 关闭IPV6协议
除非你有特别需要使用IPV6你可能更会选择来禁用它。做这个只需要创建包含一行直接指令给Linux内核不让它开启IPV6的两个文件。
首先,创建 `/etc/sysctl.d/disable-ipv6.conf`文件并添加行`net.ipv6.conf.all.disable_ipv6 = 1`
```
# cd /etc/sysctl.d
# echo "net.ipv6.conf.all.disable_ipv6 = 1" > disable-ipv6.conf
```
然后创建`/etc/modprobe.d/blacklist-ipv6.conf`文件并添加行 `blacklist ipv6`
```
# cd /etc/modprobe.d
# echo "blacklist ipv6" > blacklist-ipv6.conf
```
##### 关闭WiFi,蓝牙和音频
我的服务器用于特定目的并不需要蓝牙和音频,同时,它用以太网连接,并不使用无线(WiFi)。除非你计划用它们,按照以下步骤来关闭它们。
对`/boot/config.txt`这个文件做一下更改 _(再说一遍, 我建议为这个文件做个备份)_:
```
# cd /boot
# cp -a config.txt config.txt.original
```
加入以下两个指令到文件底部来禁用蓝牙和WIFI
* `dtoverlay=disable-bt`
* `dtoverlay=disable-wifi`
这些echo命令就可以完成
```
# cd /boot
# echo "dtoverlay=disable-bt" >> config.txt
# echo "dtoverlay=disable-wifi" >> config.txt
```
要关闭音频,更改 `dtparam=audio`的参数为 `off`。你可以用一个简短的命令 `sed`来完成:
```
`# sed -i '/dtparam=audio/c dtparam=audio=off' config.txt`
```
最后一步是禁用WIFI服务用`systemctl mask` 命令来操作:
```
`systemctl mask wpa_supplicant.service`
```
如果你不需要其他服务的话,也可以禁用它们:
* **禁用调制解调器服务** [code]`systemctl disable hciuart`
```
* **Disable Avahi-daemon:** [code]`systemctl disable avahi-daemon.service`
```
### 最后一步
* **检查你的内存使用量** [code]`# free -h`[/code] 我震惊了我的系统只用了30MB的内存
* **创建个人账户:** 建议为登录这台服务器的个人创建用户账户。你能分配他们到sudo组允许他们发布管理命令。举个例子创建一个用户名为George的一个账户: [code] # adduser george
# usermod -a -G adm,sudo,users george
```
* **得到更新:** 这是一个重要的步骤。应用更新到最新来修复树莓派操作系统: [code] # apt update
# apt full-upgrade
```
* **重启:** 重启你的新服务器是一个好主意: [code]`# systemctl reboot`
```
* **安装Cockpit:** 你可以在树莓派系统上安装 [Cockpit][5], 以Linux网络控制台而著名. 它提供了一个基于HTML界面来远程管理和监控的程序。我最近写了一个关于 从Cockpit开始][6]. 用这个命令来安装: [code]`# apt install cockpit`
```
现在我的树莓派服务器已经准备好了,我能用它来做[网页服务器][7] [VPN务器][8] [Minetest][9]等游戏服务器,或者就像我做的基于 [Pi-Hole的d blocker服务器][10] 。
### 保持旧硬件的活力
不论你有什么样可用的硬件,认真的最小化并控制你的操作系统和软件包可以保证你的系统资源使用量最低以至于你能从中获得最大收益。这还可以通过减少试图利用漏洞进行攻击的潜在恶意行为者可用的服务和软件包数量,提高了安全性。
因此,在你舍弃你的旧硬件之前,考虑它怎么能够继续使用的所有可能性
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/minimal-server-raspberry-pi
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[hwlife](https://github.com/hwlife)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/RaspberryPi.SUNY_.jpg?itok=uS_-VUcb (Raspberry Pi board Model B)
[2]: https://opensource.com/resources/raspberry-pi
[3]: https://www.raspberrypi.org/software/operating-systems
[4]: https://opensource.com/sites/default/files/uploads/raspi-config-main.png (Raspberry Pi config main window)
[5]: https://cockpit-project.org/
[6]: https://opensource.com/article/20/11/cockpit-server-management
[7]: https://opensource.com/article/17/3/building-personal-web-server-raspberry-pi-3
[8]: https://opensource.com/article/19/6/raspberry-pi-vpn-server
[9]: https://github.com/minetest
[10]: https://opensource.com/article/18/2/block-ads-raspberry-pi