今天服务器被入侵了,真是防不胜防啊。也不知道是什么时候蟹肉的秘钥,尽然成了别人的肉鸡。乍一看后台,吓了我一跳,也就一个星期没注意,流量竟然快耗光了,还被安装挖矿软件,ssh攻击被人的服务器,邮件都发了好几封,差点没被运营商干掉。
看着那巨额的流量数字,那真是表情绝了,哈哈。显然这台服务器已然无法安心使用了,然后赶紧重装系统。
面对一大堆数据要处理,有心也是无力感。刚好需要重新安装系统,所以顺带也研究了一下本地离线部署安装aapanel,好处自然不用多说。很久之前写过一篇关于如何安装aapanel旧版本的文章,但是在今天看来显然是有点鸡肋了,哈哈
教程开始:
项目地址:https://github.com/aaPanel/aaPanel/releases/tag/6.8.37
现在官方最老的版本是6.8.37,这个版本也行。如果有需要,我之前文章有一个aapanel-6.8.19.zip,这个版本就非常纯净好用
开始之前需要下载好这些文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
http://download.bt.cn/install/public.sh
http://download.bt.cn/install/yumRepo_select.sh
http://download.bt.cn/install/pyenv/activate.panel
https://github.com/xoyoxoyo/relayApi/blob/main/libressl-3.3.6.tar.gz
http://download.bt.cn/install/pyenv/pip.txt
http://download.bt.cn/install/pyenv/pip-3.7.8.txt
http://download.bt.cn/install/pyenv/pyenv-debian10-x64.tar.gz
http://download.bt.cn/install/pyenv/pyenv-el7-x64.tar.gz
http://download.bt.cn/install/pyenv/pyenv-el8-x64.tar.gz
http://download.bt.cn/install/pyenv/pyenv-ubuntu18-x64.tar.gz
http://download.bt.cn/install/pyenv/pyenv-ubuntu20-x64.tar.gz
http://download.bt.cn/install/src/bt6_en.init
http://download.bt.cn/install/src/panel6_en.zip
http://download.bt.cn/rpm/
http://download.bt.cn/src/openssl-1.0.2r.tar.gz
http://download.bt.cn/src/Python-3.7.8.tar.xz
|
下载后,新建aapanel目录,把文件全部放进去。全部目录如下所示,如有不懂可以参考文末:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
aapanel\
aapanel\install\
│ └── public.sh
│ └── yumRepo_select.sh
aapanel\install\pyenv\
│ └── activate.panel
│ └── libressl-3.3.6.tar.gz
│ └── pip-3.7.8.txt
│ └── pip.txt
│ └── pyenv-debian10-x64.tar.gz
│ └── pyenv-el7-x64.tar.gz
│ └── pyenv-el8-x64.tar.gz
│ └── pyenv-ubuntu18-x64.tar.gz
│ └── pyenv-ubuntu20-x64.tar.gz
aapanel\install\src\
│ └── bt6_en.init
│ └── panel6_en.zip
aapanel\rpm\
aapanel\src\
│ └── openssl-1.0.2r.tar.gz
│ └── Python-3.7.8.tar.xz
|
一.下载aaPanel-6.8.37.zip到本地,解压缩,根目录有个install.sh,我们打开它,需要修改内容如下:
a.在cd ~后面添加一段代码:
1
2
3
4
|
download_Url="http://192.168.1.11:8080/aapanel"
LOCAL_PATH="/home/aapanel"
|
大概解释一下这段代码,意思就是相当于把aapanel压缩后上传到服务器home目录,之后便可访问aapanel目录下的所有文件
b.修改get_node_url函数:
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
get_node_url(){
if [ ! -f /bin/curl ];then
if [ "${PM}" = "yum" ]; then
yum install curl -y
elif [ "${PM}" = "apt-get" ]; then
apt-get install curl -y
fi
fi
echo '---------------------------------------------';
echo "Selected download node...";
nodes=(http://node.aapanel.com http://128.1.164.196 http://45.76.53.20 http://103.224.251.67 http://dg2.bt.cn http://dg1.bt.cn http://123.129.198.197 http://125.88.182.172:5880 http://119.188.210.21:5880 http://120.206.184.160 http://113.107.111.78);
tmp_file1=/dev/shm/net_test1.pl
tmp_file2=/dev/shm/net_test2.pl
[ -f "${tmp_file1}" ] && rm -f ${tmp_file1}
[ -f "${tmp_file2}" ] && rm -f ${tmp_file2}
touch $tmp_file1
touch $tmp_file2
for node in ${nodes[@]};
do
NODE_CHECK=$(curl --connect-timeout 3 -m 3 2>/dev/null -w "%{http_code} %{time_total}" ${node}/net_test|xargs)
RES=$(echo ${NODE_CHECK}|awk '{print $1}')
NODE_STATUS=$(echo ${NODE_CHECK}|awk '{print $2}')
TIME_TOTAL=$(echo ${NODE_CHECK}|awk '{print $3 * 1000 - 500 }'|cut -d '.' -f 1)
if [ "${NODE_STATUS}" == "200" ];then
if [ $TIME_TOTAL -lt 100 ];then
if [ $RES -ge 1500 ];then
echo "$RES $node" >> $tmp_file1
fi
else
if [ $RES -ge 1500 ];then
echo "$TIME_TOTAL $node" >> $tmp_file2
fi
fi
i=$(($i+1))
if [ $TIME_TOTAL -lt 100 ];then
if [ $RES -ge 3000 ];then
break;
fi
fi
fi
done
NODE_URL=$(cat $tmp_file1|sort -r -g -t " " -k 1|head -n 1|awk '{print $2}')
if [ -z "$NODE_URL" ];then
NODE_URL=$(cat $tmp_file2|sort -g -t " " -k 1|head -n 1|awk '{print $2}')
if [ -z "$NODE_URL" ];then
NODE_URL='http://download.bt.cn';
fi
fi
rm -f $tmp_file1
rm -f $tmp_file2
download_Url=$NODE_URL
echo "Download node: $download_Url";
echo '---------------------------------------------';
}
Remove_Package(){
local PackageNmae=$1
if [ "${PM}" == "yum" ];then
isPackage=$(rpm -q ${PackageNmae}|grep "not installed")
if [ -z "${isPackage}" ];then
yum remove ${PackageNmae} -y
fi
elif [ "${PM}" == "apt-get" ];then
isPackage=$(dpkg -l|grep ${PackageNmae})
if [ "${PackageNmae}" ];then
apt-get remove ${PackageNmae} -y
fi
fi
}
|
修改成下面的:
1
2
3
4
5
6
|
get_node_url(){
download_Url="http://192.168.1.11:8080/aapanel"
echo "Offline mode: $download_Url"
}
|
c.修改Install_RPM_Pack函数
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Install_RPM_Pack(){
yumPath=/etc/yum.conf
Centos8Check=$(cat /etc/redhat-release | grep ' 8.' | grep -iE 'centos|Red Hat')
isExc=$(cat $yumPath|grep httpd)
if [ "$isExc" = "" ];then
echo "exclude=httpd nginx php mysql mairadb python-psutil python2-psutil" >> $yumPath
fi
yumBaseUrl=$(cat /etc/yum.repos.d/CentOS-Base.repo|grep baseurl=http|cut -d '=' -f 2|cut -d '$' -f 1|head -n 1)
[ "${yumBaseUrl}" ] && checkYumRepo=$(curl --connect-timeout 5 --head -s -o /dev/null -w %{http_code} ${yumBaseUrl})
if [ "${checkYumRepo}" != "200" ];then
curl -Ss --connect-timeout 3 -m 60 http://download.bt.cn/install/yumRepo_select.sh|bash
fi
# 尝试同步时间(从bt.cn)
echo 'Synchronizing system time...'
getBtTime=$(curl -sS --connect-timeout 3 -m 60 http://www.bt.cn/api/index/get_time)
if [ "${getBtTime}" ];then
date -s "$(date -d @$getBtTime +"%Y-%m-%d %H:%M:%S")"
fi
|
修改成:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Install_RPM_Pack(){
yumPath=/etc/yum.conf
Centos8Check=$(cat /etc/redhat-release | grep ' 8.' | grep -iE 'centos|Red Hat')
isExc=$(cat $yumPath|grep httpd)
if [ "$isExc" = "" ];then
echo "exclude=httpd nginx php mysql mairadb python-psutil python2-psutil" >> $yumPath
fi
# 尝试同步时间(从bt.cn)
echo 'Synchronizing system time...'
getBtTime=""
if [ "${getBtTime}" ];then
date -s "$(date -d @$getBtTime +"%Y-%m-%d %H:%M:%S")"
fi
|
d.修改Get_Ip_Address函数:
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
Get_Ip_Address(){
getIpAddress=""
# getIpAddress=$(curl -sS --connect-timeout 10 -m 60 https://brandnew.aapanel.com/api/common/getClientIP)
getIpAddress=$(curl -sS --connect-timeout 10 -m 60 https://www.bt.cn/Api/getIpAddress)
if [ -z "${getIpAddress}" ] || [ "${getIpAddress}" = "0.0.0.0" ]; then
isHosts=$(cat /etc/hosts|grep 'www.bt.cn')
if [ -z "${isHosts}" ];then
echo "" >> /etc/hosts
echo "103.224.251.67 www.bt.cn" >> /etc/hosts
#getIpAddress=$(curl -sS --connect-timeout 10 -m 60 https://brandnew.aapanel.com/api/common/getClientIP)
getIpAddress=$(curl -sS --connect-timeout 10 -m 60 https://www.bt.cn/Api/getIpAddress)
if [ -z "${getIpAddress}" ];then
sed -i "/bt.cn/d" /etc/hosts
fi
fi
fi
ipv4Check=$($python_bin -c "import re; print(re.match('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$','${getIpAddress}'))")
if [ "${ipv4Check}" == "None" ];then
ipv6Address=$(echo ${getIpAddress}|tr -d "[]")
ipv6Check=$($python_bin -c "import re; print(re.match('^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$','${ipv6Address}'))")
if [ "${ipv6Check}" == "None" ]; then
getIpAddress="SERVER_IP"
else
echo "True" > ${setup_path}/server/panel/data/ipv6.pl
sleep 1
/etc/init.d/bt restart
fi
fi
if [ "${getIpAddress}" != "SERVER_IP" ];then
echo "${getIpAddress}" > ${setup_path}/server/panel/data/iplist.txt
fi
}
Setup_Count(){
curl -sS --connect-timeout 10 -m 60 https://brandnew.aapanel.com/api/setupCount/setupPanel?type=Linux > /dev/null 2>&1
#curl -sS --connect-timeout 10 -m 60 https://www.aapanel.com/Api/SetupCount?type=Linux > /dev/null 2>&1
curl -sS --connect-timeout 10 -m 60 https://console.aapanel.com/Api/SetupCount?type=Linux > /dev/null 2>&1
#if [ "$1" != "" ];then
echo "66959f96" > /www/server/panel/data/o.pl
cd /www/server/panel
$python_bin tools.py o
#fi
echo /www > /var/bt_setupPath.conf
}
Install_Main(){
setenforce 0
startTime=`date +%s`
Lock_Clear
System_Check
#Set_Ssl
Get_Pack_Manager
get_node_url
MEM_TOTAL=$(free -g|grep Mem|awk '{print $2}')
if [ "${MEM_TOTAL}" -le "1" ];then
Auto_Swap
fi
if [ "${PM}" = "yum" ]; then
Install_RPM_Pack
elif [ "${PM}" = "apt-get" ]; then
Install_Deb_Pack
fi
Install_Python_Lib
Install_Bt
Set_Bt_Panel
Service_Add
Set_Firewall
Get_Ip_Address
Setup_Count ${IDC_CODE}
}
|
修改成:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Get_Ip_Address(){
echo "Offline mode: skip IP detect"
getIpAddress="127.0.0.1"
}
Install_Main(){
startTime=`date +%s`
get_node_url
System_Check
Get_Pack_Manager
Auto_Swap
if [ "${PM}" == "yum" ]; then
Install_RPM_Pack
else
Install_Deb_Pack
fi
Install_Bt
Install_Python_Lib
Set_Bt_Panel
Set_Firewall
Get_Ip_Address
}
|
e.我会把完整修改的版本放到文末,到时可以自己对比一下
二. 修改开头下载的aapanel\install\src\bt6_en.init
a.只需修改address地址即可
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
port=$(cat $panel_path/data/port.pl)
password=$(cat $panel_path/default.pl)
if [ -f $panel_path/data/domain.conf ];then
address=$(cat $panel_path/data/domain.conf)
fi
auth_path=/login
if [ -f $panel_path/data/admin_path.pl ];then
auth_path=$(cat $panel_path/data/admin_path.pl)
fi
if [ "$address" = "" ];then
address=$(curl -sS --connect-timeout 10 -m 20 https://www.aapanel.com/api/common/getClientIP)
|
修改成:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
port=$(cat $panel_path/data/port.pl)
password=$(cat $panel_path/default.pl)
if [ -f $panel_path/data/domain.conf ];then
address=$(cat $panel_path/data/domain.conf)
fi
auth_path=/login
if [ -f $panel_path/data/admin_path.pl ];then
auth_path=$(cat $panel_path/data/admin_path.pl)
fi
if [ "$address" = "" ];then
# 改成(和 install.sh 里一样的逻辑)
address=$(ip addr | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -E -v "^127\.|^255\.|^0\." | head -n 1)
|
三. 修改aapanel\install\public.sh
a.修改get_node_url函数
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
get_node_url(){
nodes=(https://dg2.bt.cn https://download.bt.cn https://ctcc1-node.bt.cn https://cmcc1-node.bt.cn https://ctcc2-node.bt.cn https://hk1-node.bt.cn https://na1-node.bt.cn https://jp1-node.bt.cn https://cf1-node.aapanel.com);
if [ -f "/www/server/panel/data/domestic_ip.pl" ];then
nodes=(https://dg2.bt.cn https://download.bt.cn https://ctcc1-node.bt.cn https://cmcc1-node.bt.cn https://ctcc2-node.bt.cn https://hk1-node.bt.cn);
fi
if [ -f "/www/server/panel/data/foreign_ip.pl" ];then
nodes=(https://cf1-node.aapanel.com https://dg2.bt.cn https://na1-node.bt.cn https://jp1-node.bt.cn https://download.bt.cn https://ctcc1-node.bt.cn https://ctcc2-node.bt.cn https://hk1-node.bt.cn);
fi
if [ "$1" ];then
nodes=($(echo ${nodes[*]}|sed "s#${1}##"))
fi
tmp_file1=/dev/shm/net_test1.pl
tmp_file2=/dev/shm/net_test2.pl
[ -f "${tmp_file1}" ] && rm -f ${tmp_file1}
[ -f "${tmp_file2}" ] && rm -f ${tmp_file2}
touch $tmp_file1
touch $tmp_file2
for node in ${nodes[@]};
do
if [ "${node}" == "https://cf1-node.aapanel.com" ];then
NODE_CHECK=$(curl --connect-timeout 3 -m 3 2>/dev/null -w "%{http_code} %{time_total}" ${node}/1net_test|xargs)
else
NODE_CHECK=$(curl --connect-timeout 3 -m 3 2>/dev/null -w "%{http_code} %{time_total}" ${node}/net_test|xargs)
fi
RES=$(echo ${NODE_CHECK}|awk '{print $1}')
NODE_STATUS=$(echo ${NODE_CHECK}|awk '{print $2}')
TIME_TOTAL=$(echo ${NODE_CHECK}|awk '{print $3 * 1000 - 500 }'|cut -d '.' -f 1)
if [ "${NODE_STATUS}" == "200" ];then
if [ $TIME_TOTAL -lt 300 ];then
if [ $RES -ge 1500 ];then
echo "$RES $node" >> $tmp_file1
fi
else
if [ $RES -ge 1500 ];then
echo "$TIME_TOTAL $node" >> $tmp_file2
fi
fi
i=$(($i+1))
if [ $TIME_TOTAL -lt 300 ];then
if [ $RES -ge 2390 ];then
break;
fi
fi
fi
done
NODE_URL=$(cat $tmp_file1|sort -r -g -t " " -k 1|head -n 1|awk '{print $2}')
if [ -z "$NODE_URL" ];then
NODE_URL=$(cat $tmp_file2|sort -g -t " " -k 1|head -n 1|awk '{print $2}')
if [ -z "$NODE_URL" ];then
NODE_URL='https://download.bt.cn';
fi
fi
rm -f $tmp_file1
rm -f $tmp_file2
}
|
修改成:
1
2
3
4
5
6
|
get_node_url(){
NODE_URL="http://192.168.1.11:8080/aapanel"
echo "Using local offline node: $NODE_URL"
}
|
b.修改bt_check和send_check函数
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
bt_check(){
p_path=/www/server/panel/class/panelPlugin.py
if [ -f $p_path ];then
is_ext=$(cat $p_path|grep btwaf)
if [ "$is_ext" != "" ];then
send_check
fi
fi
p_path=/www/server/panel/BTPanel/templates/default/index.html
if [ -f $p_path ];then
is_ext=$(cat $p_path|grep fbi)
if [ "$is_ext" != "" ];then
send_check
fi
fi
}
send_check(){
chattr -i /etc/init.d/bt
chmod +x /etc/init.d/bt
p_path2=/www/server/panel/class/common.py
p_version=$(cat $p_path2|grep "version = "|awk '{print $3}'|tr -cd [0-9.])
curl -sS --connect-timeout 3 -m 60 https://www.bt.cn/api/panel/notpro?version=$p_version
NODE_URL=""
exit 0;
}
|
修改成:
1
2
3
4
5
|
# bt_check() 和 send_check() 整个注释掉或改成空函数
bt_check(){ :; }
send_check(){ :; }
|
c.删除注释GetPackManager下面代码
原来的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
GetPackManager
if [ -d "/www/server/phpmyadmin/pma" ];then
rm -rf /www/server/phpmyadmin/pma
EN_CHECK=$(cat /www/server/panel/config/config.json |grep English)
if [ "${EN_CHECK}" ];then
curl https://download.bt.cn/install/update6_en.sh|bash
else
curl https://download.bt.cn/install/update6.sh|bash
fi
echo > /www/server/panel/data/restart.pl
fi
if [ ! $NODE_URL ];then
EN_CHECK=$(cat /www/server/panel/config/config.json |grep English)
if [ -z "${EN_CHECK}" ];then
echo '正在选择下载节点...';
else
echo "selecting download node...";
fi
get_node_url
bt_check
fi
|
修改成:
四. 将最开始下载aapanel目录,包括刚才修改的bt6_en.init和public.sh一并进行zip压缩打包,然后使用winscp上传到自己服务器,比如home目录下面
五. 使用下面命令进行解压缩
1
2
3
4
5
|
cd /home
unzip aapanel
|
六. 使用python自带简单的HTTP服务器,直接把某个目录暴露成网页文件夹,做成外链
1.确认VPS上安装了Python
2.上传文件到一个目录,例如 /home/,在该目录下启动 HTTP 服务
1
2
3
4
5
|
cd /home
python3 -m http.server 8080
|
8080 是端口号,可以改成你喜欢的端口
3.然后你可以通过浏览器访问:
1
2
3
|
http://你的VPS_IP:8080/文件名
|
4.这个方法临时有效,Python 进程停止后,访问就不可用了
1
2
3
4
5
|
注意:默认绑定所有 IPv4,需要加 --bind 0.0.0.0:
python3 -m http.server 8080 --bind 0.0.0.0
|
七. install.sh修改路径,修改过的,可以不用修改
1
2
3
4
5
6
7
8
9
10
11
|
download_Url="http://192.168.1.11:8080/aapanel"
LOCAL_PATH="/home/aapanel"
get_node_url(){
download_Url="http://192.168.1.11:8080/aapanel"
echo "Offline mode: $download_Url"
}
|
八.public.sh修改路径,修改过的,可以不用修改
1
2
3
4
5
6
|
get_node_url(){
NODE_URL="http://192.168.1.11:8080/aapanel"
echo "Using local offline node: $NODE_URL"
}
|
九.将修改过的install.sh上传到home目录,到该目录下执行安装命令,安装即可
1
2
3
4
5
|
cd /home
./install.sh
|
十.最后等它跑完就可以了,大概2-3分钟就可以了
结束语录:
此方法几乎等同于离线部署了,几乎去除了官方通道,只是有的需要外部源来参与部署环境,所以是不能断网部署的
如果你有更好的版本,可以替换aapanel\install\src下的panel6_en.zip文件
最后,后期如果有遇到其它问题,我会再进行补充的
本文只做研究使用,请勿用于非法用途
补充:
因为用的是老版本,可能重启系统后面板无法开机自启,请按以下步骤操作:
1.检查宝塔服务状态
sudo systemctl status bt
如果显示 Loaded: not-found 或者 inactive,说明服务没有注册到 systemd。
如果显示 active (running),说明服务能启动,只是开机自启没有开启。
2.手动启动宝塔服务
先测试是否能启动:
sudo service bt start
然后检查状态:
sudo service bt status
如果能正常启动(面板可以访问),就继续下一步设置开机自启。
3.设置开机自启
对于 systemd 系统(使用 init.d 脚本生成的服务):
sudo systemctl enable bt
系统会把 /etc/init.d/bt 脚本注册为开机自启。
或者直接使用 update-rc.d(适用于 Debian/Ubuntu 系统):
sudo update-rc.d bt defaults
4.重启测试
sudo systemctl daemon-reload
sudo reboot
5.重启后检查:
sudo systemctl status bt
或者访问面板网页确认能自动启动。
下载地址:https://www.123865.com/s/i3A7Vv-0OQy3?pwd=TASi#
提取码:TASi