🖥️
Server Management
Administration och övervakning av Linux-servrar för produktion
Vad du hittar här
Omfattande guide för serveradministration, från SSH-hantering till Docker deployment. Inkluderar säkerhet, övervakning, backup och prestandaoptimering.
Innehåll
4
Server Configs
3
Monitoring Tools
4
Security Tips
4
Perf Tools
Server Configuration
🔑
SSH Key Management
Hantera SSH-nycklar för säker serveråtkomst.
# Generera ny SSH-nyckel
ssh-keygen -t ed25519 -C "your_email@example.com"
# Lägg till SSH-nyckel till ssh-agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
# Kopiera publik nyckel till server
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server.com
# SSH config för enklare anslutning
# ~/.ssh/config
Host myserver
HostName server.example.com
User myuser
Port 22
IdentityFile ~/.ssh/id_ed25519
ServerAliveInterval 60
ServerAliveCountMax 3
# Anslut med alias
ssh myserver
# SSH tunnel för databas
ssh -L 5432:localhost:5432 myserver
# SOCKS proxy via SSH
ssh -D 8080 -C -q -N myserver💡 Förklaring: Ed25519 är säkrare och snabbare än RSA för SSH-nycklar
🌐
Nginx Configuration
Konfigurera Nginx som reverse proxy och webbserver.
# /etc/nginx/sites-available/app.conf
server {
listen 80;
server_name app.example.com;
# Redirect HTTP to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name app.example.com;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000" always;
# Proxy Settings
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Static files with caching
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}
# Load balancing
upstream backend {
least_conn;
server backend1.example.com:3000 weight=3;
server backend2.example.com:3000 weight=2;
server backend3.example.com:3000 backup;
}💡 Förklaring: Nginx hanterar HTTPS, säkerhetshuvuden och lastbalansering effektivt
⚙️
Systemd Service Management
Skapa och hantera systemd-tjänster för applikationer.
# /etc/systemd/system/myapp.service
[Unit]
Description=My Node.js Application
Documentation=https://github.com/myuser/myapp
After=network.target
[Service]
Type=simple
User=nodeapp
Group=nodeapp
WorkingDirectory=/var/www/myapp
ExecStart=/usr/bin/node /var/www/myapp/server.js
Restart=always
RestartSec=10
# Environment variables
Environment=NODE_ENV=production
Environment=PORT=3000
EnvironmentFile=/etc/myapp/myapp.env
# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/www/myapp/logs
# Resource limits
LimitNOFILE=65536
MemoryLimit=1G
CPUQuota=80%
# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=myapp
[Install]
WantedBy=multi-user.target
# Kommandon för att hantera tjänsten
sudo systemctl daemon-reload
sudo systemctl enable myapp.service
sudo systemctl start myapp.service
sudo systemctl status myapp.service
sudo systemctl restart myapp.service
sudo journalctl -u myapp.service -f💡 Förklaring: Systemd ger robust processhantering med automatisk omstart och resurshantering
🐳
Docker Deployment
Deploy applikationer med Docker och Docker Compose.
# docker-compose.yml
version: '3.8'
services:
app:
build:
context: .
dockerfile: Dockerfile
image: myapp:latest
container_name: myapp
restart: unless-stopped
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- DATABASE_URL=postgresql://user:pass@db:5432/mydb
- REDIS_URL=redis://redis:6379
depends_on:
- db
- redis
networks:
- app-network
volumes:
- ./uploads:/app/uploads
- logs:/app/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
db:
image: postgres:14-alpine
container_name: myapp-db
restart: unless-stopped
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pass
- POSTGRES_DB=mydb
volumes:
- postgres-data:/var/lib/postgresql/data
- ./init.sql:/docker-entrypoint-initdb.d/init.sql
networks:
- app-network
ports:
- "5432:5432"
redis:
image: redis:7-alpine
container_name: myapp-redis
restart: unless-stopped
command: redis-server --requirepass redispass
volumes:
- redis-data:/data
networks:
- app-network
nginx:
image: nginx:alpine
container_name: myapp-nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/nginx/ssl
- ./static:/usr/share/nginx/html
depends_on:
- app
networks:
- app-network
networks:
app-network:
driver: bridge
volumes:
postgres-data:
redis-data:
logs:
# Deployment script
#!/bin/bash
docker-compose pull
docker-compose down
docker-compose up -d
docker-compose logs -f💡 Förklaring: Docker Compose orkestrerar multi-container applikationer med nätverk och volymer
Monitoring & Maintenance
System Monitoring Script
Bash-script för att övervaka systemresurser.
#!/bin/bash
# monitor.sh - System monitoring script
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color
# System info
echo -e "${GREEN}=== System Information ===${NC}"
echo "Hostname: $(hostname)"
echo "OS: $(lsb_release -d | cut -f2)"
echo "Kernel: $(uname -r)"
echo "Uptime: $(uptime -p)"
# CPU Usage
echo -e "\n${GREEN}=== CPU Usage ===${NC}"
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1}')
echo "CPU Usage: ${cpu_usage}%"
# Memory Usage
echo -e "\n${GREEN}=== Memory Usage ===${NC}"
free -h | grep -E '^(Mem|Swap):'
# Disk Usage
echo -e "\n${GREEN}=== Disk Usage ===${NC}"
df -h | grep -E '^/dev/'
# Top Processes
echo -e "\n${GREEN}=== Top 5 Processes by CPU ===${NC}"
ps aux --sort=-%cpu | head -n 6
# Service Status
echo -e "\n${GREEN}=== Service Status ===${NC}"
services=("nginx" "mysql" "redis" "docker")
for service in "${services[@]}"; do
if systemctl is-active --quiet $service; then
echo -e "${service}: ${GREEN}running${NC}"
else
echo -e "${service}: ${RED}stopped${NC}"
fi
done
# Network Connections
echo -e "\n${GREEN}=== Active Connections ===${NC}"
ss -tulpn | grep LISTEN
# Disk I/O
echo -e "\n${GREEN}=== Disk I/O ===${NC}"
iostat -x 1 1 | grep -E '^(Device|sd|nvme)'Log Rotation Configuration
Konfigurera logrotate för att hantera loggfiler.
# /etc/logrotate.d/myapp
/var/log/myapp/*.log {
daily
rotate 14
compress
delaycompress
missingok
notifempty
create 0640 www-data www-data
sharedscripts
postrotate
# Notify app to reopen log files
kill -USR1 $(cat /var/run/myapp.pid) 2>/dev/null || true
endscript
}
# Nginx logs
/var/log/nginx/*.log {
daily
rotate 52
compress
delaycompress
missingok
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}Backup Script
Automatiserat backup-script med rsync.
#!/bin/bash
# backup.sh - Automated backup script
# Configuration
BACKUP_DIR="/backup"
SOURCE_DIRS="/var/www /etc /home"
DB_NAME="myapp"
DB_USER="postgres"
RETENTION_DAYS=7
REMOTE_HOST="backup.server.com"
REMOTE_DIR="/backups/$(hostname)"
# Create backup directory with timestamp
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_PATH="$BACKUP_DIR/$TIMESTAMP"
mkdir -p "$BACKUP_PATH"
# Log function
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$BACKUP_DIR/backup.log"
}
log "Starting backup..."
# Backup files
for dir in $SOURCE_DIRS; do
if [ -d "$dir" ]; then
log "Backing up $dir..."
rsync -avz --delete "$dir" "$BACKUP_PATH/"
fi
done
# Backup database
log "Backing up PostgreSQL database..."
pg_dump -U $DB_USER $DB_NAME | gzip > "$BACKUP_PATH/database.sql.gz"
# Create tarball
log "Creating archive..."
cd "$BACKUP_DIR"
tar -czf "$TIMESTAMP.tar.gz" "$TIMESTAMP/"
rm -rf "$BACKUP_PATH"
# Sync to remote server
log "Syncing to remote server..."
rsync -avz --delete "$BACKUP_DIR/" "$REMOTE_HOST:$REMOTE_DIR/"
# Clean old backups
log "Cleaning old backups..."
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +$RETENTION_DAYS -delete
log "Backup completed successfully!"
# Send notification
echo "Backup completed at $(date)" | mail -s "Backup Success" admin@example.comSecurity Best Practices
🔒 Firewall Configuration
Konfigurera UFW (Uncomplicated Firewall) för säkerhet
ufw allow 22/tcp && ufw allow 80/tcp && ufw allow 443/tcp && ufw enable🔒 Fail2ban Setup
Skydda mot brute-force attacker
apt install fail2ban && systemctl enable fail2ban🔒 Automatic Updates
Aktivera automatiska säkerhetsuppdateringar
apt install unattended-upgrades && dpkg-reconfigure -plow unattended-upgrades🔒 SSH Hardening
Säkra SSH-konfiguration
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_configPerformance Monitoring Tools
📊 htop
Interaktiv processövervakning
💡 Användning: Visuell översikt av CPU, minne och processer i realtid
📊 netdata
Realtidsövervakning via webb
💡 Användning: Detaljerad systemövervakning med historik och alerts
📊 glances
Cross-platform monitoring tool
💡 Användning: Övervakning av CPU, minne, disk, nätverk i ett interface
📊 nmon
Performance monitoring
💡 Användning: Detaljerad prestandaanalys och rapportering
⚡Server Management Pro Tips
Automatisera allt som går
Använd Ansible, Terraform eller liknande för att undvika manuella fel.
Övervaka proaktivt
Sätt upp alerts för CPU, minne, disk och nätverksproblem innan de blir kritiska.
Dokumentera din infrastruktur
Håll en uppdaterad wiki med nätverksdiagram, lösenordshantering och runbooks.
Testa din disaster recovery
Regelbundet testa backup-återställning och failover-procedurer.