文章摘要
作者分享了自己搭建VPS的完整指南,包括选择性价比高的Hetzner作为服务商,提供从前期准备到安全设置的全套步骤,并对比了DigitalOcean、AWS等其他选项,旨在帮助读者实现可重复部署的自托管方案。
文章总结
VPS搭建与安全配置完整指南
本文作者详细记录了自建VPS的全过程,形成了一套可复用的部署流程。指南既可作为个人备忘清单,也为对自托管感兴趣的读者提供参考。
核心内容架构
1. 前期准备 - 推荐选择Hetzner云服务(性价比优于DigitalOcean/AWS) - 基础配置要求:至少1GB内存+20GB存储 - 本地需准备SSH客户端和密码生成器
2. 服务器初始化
- 系统更新:apt update && apt upgrade -y
- 创建二级用户并配置sudo权限
- SSH密钥认证设置(推荐Ed25519算法)
- 禁用密码登录和root账户远程访问
3. 安全加固
- 配置UFW防火墙:
bash
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
- 可选高级设置:限制SSH访问IP、修改默认端口
- 启用自动安全更新与邮件通知
4. 生产环境部署
- Node.js环境搭建:
bash
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt-get install -y nodejs
- 使用PM2进程管理:
bash
pm2 start app.js --name "your-app"
pm2 startup
- Nginx反向代理配置示例包含WebSocket支持
5. 运维监控
- 基础工具:htop/iotop资源监控
- 日志检查:tail -f /var/log/auth.log
- 备份方案:定时压缩+数据库备份
- SSL证书通过Certbot自动续期
6. 问题排查 - SSH连接问题:检查UFW规则/服务状态 - 权限错误:验证用户组和sudo配置 - 高负载排查:结合netstat和日志分析
关键优势
- 成本控制:Hetzner价格仅为主流云服务的1/3
- 安全闭环:从防火墙到自动更新的完整防护
- 可扩展性:支持集群部署和负载测试(附Apache Bench命令)
作者强调:自托管的价值不仅在于节省成本,更在于获得对基础设施的完全掌控权。通过这套标准化流程,即使是初学者也能建立专业的运维能力。
(注:原文中所有命令行操作均保留核心指令,删减了部分解释性文字;产品对比部分精简为要点说明;可视化元素仅保留文字描述)
评论总结
以下是评论内容的总结:
对Hetzner的评价
正面评价: - 被认为是非常可靠的托管服务提供商,适合作为核心服务使用(评论7、9) - "Hetzner has been a very reliable provider for our hosting" (评论9) - "Hetzner is great...you can front KEDA scaled services with Cloudflare containers and you're pretty much bulletproof" (评论7)
负面评价: - 有用户反映其客户服务差,账户容易被无故封锁(评论17) - "Hetzner is one terrible company to do business with...demand I hand over ID copies for identity verification" (评论17) - "they do this very frequently to many people for all kinds of convoluted reasons" (评论17)
替代服务建议
- 多个用户推荐了更便宜或同样可靠的替代服务(评论4、8)
- "Is much cheaper than hetzner and still in Europe" (评论4)
- "OVH is just as reliable as Hetzner, and right now they have a much cheaper offer" (评论8)
技术建议
- 多个用户提出了技术改进建议(评论2、6、16、18)
- "Turning these two css settings off improved the UI/UX of the blog a thousand times" (评论2)
- "The production app setup section should probably be replaced by Docker" (评论6)
- "I would recommend caddy instead of nginx for beginners" (评论16)
- "I disagree on the firewall settings, specially using Hetzner" (评论18)
对Coolify的讨论
- 有用户指出文章标题提到Coolify但内容很少涉及(评论3、12、15)
- "Kinda weird - Coolify doesn't come up except in the first and last paragraphs" (评论3)
- "the author didn't mentioned Coolify in the article while being stated in the title" (评论12)
- "I clicked the article because I wanted to hear about Coolify, but its not mentioned at all" (评论15)
文档质量评价
- 有用户高度评价文档质量(评论1、5、12)
- "Super useful. Makes the Hetzner choice a strong one for me" (评论1)
- "This is the best example of documentation I've seen posted here in a very long time" (评论5)
- "Great summary for beginners like me! Definitely bookmarking it" (评论12)
其他建议
- 有用户提出了关于安全性和隐私的疑问(评论19、21)
- "When using one of these cost-focused providers do people typically just assume the provider has root in the VM?" (评论19)
- "That's dangerous, because what if your IP changes? You'll be locked out?" (评论21)
部署工具推荐
- 有用户推荐了其他部署工具(评论14)
- "I recommend Kamal or Cloud66" (评论14)