ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-sync: 2026-04-27 00:02

Browse Source
This commit is contained in:
weishen
2026-04-27 00:02:56 +08:00
parent 997e25aae6
commit 23bef113dd
30 changed files with 1454 additions and 1037 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wiki/overview.md
View File

@@ -380,7 +380,9 @@ Key concepts: [[Process]], [[Value]], [[Value-Stream]], [[Value-Adding]], [[Wast
**[[ubuntu-24-04-enable-ssh]]**[[Ubuntu-24.04-启动SSH服务]]Ubuntu 24.04 SSH 快速启用指南——安装 OpenSSH Server 后通过 `systemctl start/enable ssh` 启用服务。核心变化Ubuntu 24.04 默认使用 **ssh.socket 激活机制**(仅在连接请求进入时才启动 sshd 守护进程,与旧版本持续运行后台进程不同)。进阶配置:可通过 `systemctl edit ssh.socket` 修改监听端口;如需切换回传统模式:先 `systemctl disable --now ssh.socket`,再 `systemctl enable --now ssh.service`。SSH 是 [[Ubuntu Server]] 远程管理的必备基础,也是 FRP 内网穿透的关键——通过 frpc 将本地 SSH 端口22映射到 VPS remote_port 60022 实现远程访问。与 [[Ubuntu服务器通过rsync实现日常增量备份]] 互补SSH 是执行 rsync 备份命令的通道)。
**[[通过vps-内网反向代理实现域名访问内网穿透]]**:通过 VPSfrps + Caddy+ frp 反向隧道,实现内网服务公网域名 HTTPS 访问的完整操作指南。覆盖:①阿里云 DNS A 记录配置(`nas.ishenwei.online`/`n8n.ishenwei.online` → VPS IP②VPS 安装 frps v0.65.0systemd 管理,端口 7000+ Caddy自动 HTTPS③NAS192.168.3.17)和 Ubuntu192.168.3.47)安装 frpc各服务端口映射NAS: 5000/4533/8083/5005 → VPS 15000/14533/18083/60055Ubuntu: 5678/9091/3000/22 → 15678/19091/13000/60022④Caddy 反向代理配置(`*.ishenwei.online` → frp 映射端口⑤SSH 穿透TCP 映射不走 Caddy⑥7 步系统化故障排查(frps 端口监听/进程配置/token 一致性/防火墙规则/telnet 诊断/日志分析/强制重启)。与 [[ubuntu-安装-frp-0-65-0-x86-64-操作笔记]] 互补(后者侧重 FRP 工具本身安装,前者是完整实践指南)。
**[[通过vps-内网反向代理实现域名访问内网穿透]]**:通过 VPSfrps + Caddy+ frp 反向隧道,实现内网服务公网域名 HTTPS 访问的完整操作指南。覆盖:①阿里云 DNS A 记录配置(`nas.ishenwei.online`/`n8n.ishenwei.online` → VPS IP②VPS 安装 frps v0.65.0systemd 管理,端口 7000+ Caddy自动 HTTPS③NAS192.168.3.17)和 Ubuntu192.168.3.47)安装 frpc各服务端口映射NAS: 5000/4533/8083/5005 → VPS 15000/14533/18083/60055Ubuntu: 5678/9091/3000/22 → 15678/19091/13000/60022④Caddy 反向代理配置(`*.ishenwei.online` → frp 映射端口⑤SSH 穿透(remote_port TCP 映射不走 Caddy⑥7 步系统化故障排查(端口监听检查、token 验证、防火墙规则telnet 诊断)。与 [[ubuntu-安装-frp-0-65-0-x86-64-操作笔记]] 互补(后者侧重 FRP 工具本身安装,前者是完整实践指南)。
**[[如何在ubuntu-server安装-docker-docker-compose]]**[[Docker Engine]] 安装指南Ubuntu Server 上通过 Docker 官方 APT 仓库安装 Docker Engine + Docker Compose V2 的完整操作指南——①卸载旧版 docker.io 等冲突包;②添加 Docker 官方 GPG 密钥(`/etc/apt/keyrings/docker.asc`);③配置 APT 仓库(`/etc/apt/sources.list.d/docker.list`);④安装 5 个组件包docker-ce、docker-ce-cli、containerd.io、docker-buildx-plugin、docker-compose-plugin⑤运行 `sudo docker run hello-world` 验证;⑥通过 `usermod -aG docker $USER` 配置非 root 用户免 sudo 权限。是所有 Home Server Automation Docker 部署笔记Portainer/Jellyfin/Navidrome/it-tools/Superset 等的前置依赖Home Server Automation 节中所有容器化服务均依赖本文档搭建的环境。属 [[Home Server Automation]] 的基础设施层,与 [[用docker安装portainer]] 等应用部署笔记共同构成完整"安装 Docker → 部署服务"的链路。
### Home Server Automation
Home office setup guides cover a complete multi-node home network infrastructure across 5 nodes: **RackNerd VPS** (public gateway), **Mac Mini M4** (control node), **Synology NAS DS718** (media & storage), and **2 Ubuntu Servers** (monitoring & services). The architecture uses **FRP** (frps/frpc v0.65.0) for reverse tunnel-based intranet penetration, **Caddy** for automatic HTTPS with Let's Encrypt, and **Cloudflare** for DNS托管. **内网穿透方案VPS + frp + Caddy**提供完整公网域名访问Cloudflare DNS A 记录指向 VPS 公网 IP → VPS 运行 frps 和 Caddy → 内网主机运行 frpc 将本地端口映射到 VPSTCP 隧道)→ Caddy 反向代理到 frp 映射端口,自动申请 Let's Encrypt 证书提供 HTTPS 访问。支持 SSH 穿透remote_port TCP 映射)不走 Caddy包含 7 步系统化故障排查端口监听检查、token 验证、防火墙规则、telnet 诊断等)。 Services deployed include Docker monitoring stack (**Prometheus** + **Grafana** + node_exporter + cAdvisor + blackbox_exporter + Alertmanager), media servers (**Jellyfin**, **Navidrome**, **Transmission**), personal dashboards (**Homarr**, **Apache Superset**), password management (**vaultwarden**), workflow automation (**n8n**), self-hosted Git (**Gitea**), diagram editing (**Draw.io**), developer utilities (**it-tools**), image hosting (**Zipline** + **MinIO**), cloud drive mounting (**CloudDrive2**), AI assistant (**OpenClaw**), e-book management (**Calibre**), proxy client (**v2rayA**), and Docker management (**Portainer**). All services are containerized via Docker Compose. The media workflow follows: Transmission (download) → organize → Jellyfin/Navidrome (play). Key configurations include read-only music mounts, transcode caching (200MB limit), FRP TCP tunnel port mappings (remotePort 60022-60026 for SSH, 13000 for Grafana, 14533 for Navidrome, etc.), Caddy domain mapping table (20+ subdomains under *.ishenwei.online), and SOCKS5 proxy (127.0.0.1:10808) status tracking across all nodes (Mac mini, Ubuntu1, Ubuntu2 working; NAS local-only). **CloudDrive2** enables direct NAS access to cloud storage via virtual filesystem mount (Aliyun Drive resource directory only, scan QR code with App authorization). Backup automation is implemented via rsync incremental sync to NAS, using **Synology DSM NFS** (Squash=admin, sys security, _netdev fstab params) and **nfs-common** client on Ubuntu Server. SSH server setup on Ubuntu 24.04 introduces **ssh.socket activation** (on-demand startup) as the default; administrators can switch to persistent ssh.service mode. Cross-border AI service registration guides cover using **fingerprint browsers** (**AdsPower**), **high-purity US proxies**, **SMS verification platforms** (**PingMe**), and **virtual credit cards** (**WildCard**) to safely subscribe to **Claude Pro**. The architecture provides unified HTTPS public access to all internal services without requiring static IPs, achieving privacy for internal services while maintaining low bandwidth costs.