0x0 CT模板换源
cp /usr/share/perl5/PVE/APLInfo.pm /usr/share/perl5/PVE/APLInfo.pm_backsed -i 's|http://download.proxmox.com|https://mirrors.tuna.tsinghua.edu.cn/proxmox|g' /usr/share/perl5/PVE/APLInfo.pm# 重启服务systemctl restart pvedaemon.service
0x1 下载模板、创建特权LXC
取消勾选无特权的容器
0x2 为容器加入渲染器硬件,并关闭AppArmor(部分显卡可能需要更新内核才能找到渲染器)
加入硬件参数:(可先用ls -l /dev/dri查询)
tee -a /etc/pve/lxc/[CT_ID].conf <<-'EOF'lxc.cgroup2.devices.allow: c 226:0 rwmlxc.cgroup2.devices.allow: c 226:128 rwmlxc.cgroup2.devices.allow: c 29:0 rwmlxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dirlxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=filelxc.apparmor.profile: unconfinedEOF
0x3 换Debian源
mv /etc/apt/sources.list /etc/apt/sources.list.bktee /etc/apt/sources.list <<-'EOF'deb https://mirrors.ustc.edu.cn/debian/ bullseye main non-free contribdeb-src https://mirrors.ustc.edu.cn/debian/ bullseye main non-free contribdeb https://mirrors.ustc.edu.cn/debian-security/ bullseye-security maindeb-src https://mirrors.ustc.edu.cn/debian-security/ bullseye-security maindeb https://mirrors.ustc.edu.cn/debian/ bullseye-updates main non-free contribdeb-src https://mirrors.ustc.edu.cn/debian/ bullseye-updates main non-free contribdeb https://mirrors.ustc.edu.cn/debian/ bullseye-backports main non-free contribdeb-src https://mirrors.ustc.edu.cn/debian/ bullseye-backports main non-free contribEOF# 更新apt update && apt upgrade -y
0x4 挂载远程smb
安装SMB组件并创建共享目录(nas_share可自定义)
apt install cifs-utils -ymkdir /mnt/nas_share
创建密码文件(注意保护文件,此处为明文密码):
nano ~/.smbcredentials
设置SMB登录密码,自行替换:
username=smb_sharepassword=share_password
修改自动挂载文件
nano /etc/fstab
加入挂载位置,自行替换
//$smb_server/share /mnt/nas_share cifs credentials=/root/.smbcredentials,iocharset=utf8 0 0
0x5 安装docker
# 一键安装Dockerapt install curl vim -y && curl -sSL https://get.daocloud.io/docker | sh# 安装Docker-composecurl -L https://get.daocloud.io/docker/compose/releases/download/v2.5.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-composedocker-compose --version# 配置Dockertee /etc/docker/daemon.json <<-'EOF'{"registry-mirrors": ["https://hub-mirror.c.163.com","https://mirror.baidubce.com"]}EOFsystemctl daemon-reloadsystemctl restart dockerdocker infomkdir -p /opt/docker/Datachmod 777 /opt/docker/Datadocker network create net
0x6 portainer
mkdir /opt/docker/portainercd /opt/docker/portainertee /opt/docker/portainer/docker-compose.yml <<-'EOF'version: '3.7'services:portainer:container_name: portainerimage: 6053537/portainer-cerestart: unless-stoppednetwork_mode: netvolumes:- /var/run/docker.sock:/var/run/docker.sock- /opt/docker/portainer/data:/dataEOFdocker-compose up -d
0x7 caddy
openssl x509 -inform pem -in nat.glan.site_bundle.pem -outform der -out nat.glan.site_bundle.cermkdir -p /opt/docker/caddy/data/tls/cd /opt/docker/caddy/# 上传证书到/opt/docker/caddy/data/tls/
tee /opt/docker/caddy/Caddyfile <<-'EOF'(LOG) {log {output file "{args.0}"}}(TLS) {protocols tls1.3}(HSTS) {header {Permissions-Policy interest-cohort=()Strict-Transport-Security max-age=31536000;X-Content-Type-Options nosniffX-Frame-Options DENYReferrer-Policy no-referrer-when-downgrade}header -server}(COMMON_CONFIG) {encode zstd gziptls /data/nat.glan.site.pem /data/nat.glan.site.keytls {import TLS}import HSTS}{servers :443 {protocol {experimental_http3}}log {output file /var/log/caddy/caddy.log}}import /config/*.caddyEOF
mkdir /opt/docker/caddy/configtee /opt/docker/caddy/config/portainer.nat.glan.site.caddy <<-'EOF'portainer.nat.glan.site {reverse_proxy portainer:9000import LOG "/var/log/caddy/portainer.nat.glan.site.log"import COMMON_CONFIG}EOF
tee /opt/docker/caddy/docker-compose.yml <<-'EOF'version: "3.7"services:caddy:container_name: caddyimage: caddyrestart: unless-stoppednetwork_mode: netports:- 80:80- 443:443- 443:443/udpvolumes:- /opt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile- /opt/docker/caddy/config:/etc/config- /opt/docker/caddy/www:/var/www- /opt/docker/caddy/log:/var/log/caddy/- /opt/docker/caddy/data:/dataEOFdocker-compose up -d
0x8 jellyfin
mkdir /opt/docker/jellyfin
cd /opt/docker/jellyfin
tee /opt/docker/jellyfin/docker-compose.yml <<-'EOF'
version: '3.7'
services:
jellyfin:
container_name: jellyfin
image: nyanmisaka/jellyfin
restart: unless-stopped
network_mode: net
volumes:
- /opt/docker/jellyfin/config:/config
- /opt/docker/Data:/media
devices:
- /dev/dri:/dev/dri
EOF
docker-compose up -d
docker ps
tee /opt/docker/caddy/config/jellyfin.nat.glan.site.caddy <<-'EOF'
jellyfin.nat.glan.site {
reverse_proxy jellyfin:8096
import LOG "/var/log/caddy/jellyfin.nat.glan.site.log"
import COMMON_CONFIG
}
EOF
docker restart caddy
jellyfin.nat.glan.site
# jellyfin设置
服务器-播放-硬件加速-VAAPI
服务器-播放-启用的硬件解码-全选
0x9 PVE
tee /opt/docker/caddy/config/pve.nat.glan.site.caddy <<-'EOF'
pve.nat.glan.site {
reverse_proxy {
to https://192.168.1.200:8006
transport http {
tls
tls_insecure_skip_verify
read_buffer 8192
}
}
import LOG "/var/log/caddy/pve.nat.glan.site.log"
import COMMON_CONFIG
}
EOF
docker restart caddy
0xA Clash
mkdir /opt/docker/clash
cd /opt/docker/clash
wget https://api.ikuuu.science/link/dfci1PChNv5EQp6e?clash=3 -O config.yaml
tee /opt/docker/clash/docker-compose.yml <<-'EOF'
version: '3.7'
services:
clash:
container_name: clash
image: 'dreamacro/clash'
#image: 'dreamacro/clash:v1.8.0'
restart: unless-stopped
network_mode: net
ports:
- '7890:7890'
- '7891:7891'
- '9090:9090'
volumes:
- '/opt/docker/clash/config.yaml:/root/.config/clash/config.yaml'
# yacd:
# container_name: yacd
# image: haishanh/yacd
# restart: unless-stopped
# network_mode: net
EOF
docker-compose up -d
tee /opt/docker/caddy/config/clash.nat.glan.site.caddy <<-'EOF'
clash.nat.glan.site {
redir https://yacd.haishan.me/
import LOG "/var/log/caddy/clash.nat.glan.site.log"
import COMMON_CONFIG
}
EOF
docker restart caddy
https://clash.nat.glan.site/
http://clash.nat.glan.site:9090
export https_proxy=http://192.168.1.100:7890 http_proxy=http://192.168.1.100:7890 all_proxy=socks5://192.168.1.100:7890
若有收获,就点个赞吧
0 人点赞
