配置更新源

删除原来的企业源
mv /etc/apt/sources.list.d/pve-enterprise.list{,.bak}
添加国内源
echo 'deb http://mirrors.ustc.edu.cn/proxmox/debian/pve buster pve-no-subscription' > /etc/apt/sources.list.d/pve-no-subscription.list
添加Debian阿里源
echo "deb http://mirrors.163.com/debian/ bullseye main non-free contrib
deb http://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb http://mirrors.163.com/debian/ bullseye-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye-backports main non-free contrib
# deb http://mirrors.163.com/debian-security/ bullseye/updates main non-free contrib
# deb-src http://mirrors.163.com/debian-security/ bullseye/updates main non-free contrib" > /etc/apt/sources.list
更新
apt-get autoclean
apt-get update
apt-get dist-upgrade -y

系统优化

安装必备工具
apt-get -y install vim net-tools screen
关闭 vim 默认的 visual 模式
sed -i.bak 's/  set mouse.*/  set mouse=/g' /usr/share/vim/vim8*/defaults.vim
禁用.viminfo
echo "
# use None viminfo instead of .viminfo
alias vi='vi -i NONE'
alias vim='vim -i NONE'
" >> ~/.bashrc
关闭订阅提醒

大致在456行后

sed -i.bak "s/data.status !== 'Active'/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
修改默认语言为简体中文
sed -i.bak -e 's/\[% lang %\]/zh_CN/' -e '15,19d' -e "14a\\    <script type='text/javascript' src='/pve2/locale/pve-lang-zh_CN.js?ver=\[% version %\]'></script>" /usr/share/pve-manager/index.html.tpl
配置NTP时间服务
echo "[Time]
NTP=ntp.ntsc.ac.cn ntp1.aliyun.com ntp2.aliyun.com time1.cloud.tencent.com time2.cloud.tencent.com 
" > /etc/systemd/timesyncd.conf  

systemctl restart systemd-timesyncd
journalctl --since -1h -u systemd-timesyncd
CT支持docker
echo "aufs
overlay" >> /etc/modules

重启PVE后检查模块:

lsmod | grep -E 'overlay|aufs'

在 LXC 容器中更改 docker 配置文件:

#vi /etc/docker/daemon.json
{
  "storage-driver": "overlay2"
}

重启LXC容器后确认:

docker info
#Storage Driver: overlay2
硬盘直通
sed -i 's/^GRUB_CMDLINE_LINUX_DEFAULT.*/GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"/' /etc/default/grub
echo "vfio
vfio_iommu_type1
vfio_pcioptions
vfio_virqfd" >> /etc/modules

update-grub
reboot

添加物理磁盘之前,需要先 ls /dev/disk/by-id/ 获取磁盘ID
设置需要直通的硬盘:

qm set 100 --sata1 /dev/disk/by-id/ata-HGST_HUS728T8TALE6L4_VDHMZKYK
update VM 100: -sata1 /dev/disk/by-id/ata-HGST_HUS728T8TALE6L4_VDHMZKYK
qm set 100 --sata2 /dev/disk/by-id/ata-HGST_HUS728T8TALE6L4_VDHP58DK
update VM 100: -sata2 /dev/disk/by-id/ata-HGST_HUS728T8TALE6L4_VDHP58DK
qm set 100 --sata5 /dev/disk/by-id/ata-SanDisk_SSD_i100_8GB_130313402402
update VM 100: -sata5 /dev/disk/by-id/ata-SanDisk_SSD_i100_8GB_130313402402
root@pve:~#

修改访问端口

添加端口转发
iptables -t nat -I PREROUTING -d <IP> -p tcp --dport 443 -j DNAT --to-destination <IP>:8006

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006
禁止外部访问8006端口
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 8006 -j ACCEPT
iptables -A INPUT -p TCP --dport 8006 -j REJECT

iptables -A INPUT -i ! lo -p tcp --dport 8006 -j DROP
保存iptables
iptables-save > /etc/iptables.up.rules
echo -e '#!/bin/sh\n/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏