下载qBittorrent-nox-static
mkdir -p /app/qbittorrent
wget -qO /app/qbittorrent/qbittorrent-nox https://github.com/userdocs/qbittorrent-nox-static/releases/download/release-5.0.5_v2.0.11/x86_64-qbittorrent-nox
chmod 700 /app/qbittorrent/qbittorrent-nox
chown -R openlist:openlist /app/qbittorrent
#chown -R openlist:openlist /home/openlist/.local/share/qBittorrent/运行qBittorrent-nox
运行qBittorrent-nox获取初始密码
runuser -u openlist -- /app/qbittorrent/qbittorrent-nox修改用户名和密码,在qb中“选项”-“web 用户界面”-“验证”中取消“启用跨站点请求伪造(CSRF)保护”否则会出现页面显示错误
开机启动
nano /etc/systemd/system/qbittorrent-nox.service[Unit]
Description=qBittorrent
After=network.target
[Service]
User=openlist
Type=forking
RemainAfterExit=yes
ExecStart=/app/qbittorrent/qbittorrent-nox -d
[Install]
WantedBy=multi-user.targetsystemctl daemon-reload
systemctl enable qbittorrent-nox
systemctl start qbittorrent-nox
systemctl status qbittorrent-noxnginx反代
申请证书
#nginx -s stop
systemctl stop nginx
apt-get install socat curl cron
curl https://get.acme.sh | sh
#普通证书申请
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
#~/.acme.sh/acme.sh --issue -d www.kkiikk.top --standalone -k ec-256 --force --test
#rm -rf ~/.acme.sh/www.kkiikk.top_ecc
#以上是测试
~/.acme.sh/acme.sh --issue -d 网址.com --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -k ec-256
mkdir /etc/nginx/ssl/
~/.acme.sh/acme.sh --installcert -d 网址.com --fullchainpath /etc/nginx/ssl/网址.com.crt --keypath /etc/nginx/ssl/网址.com.key --ecc --force --reloadcmd "systemctl reload nginx"配置nginx
nginx.conf配置
nano /etc/nginx/nginx.conf编辑nginx.conf
user root;
worker_processes auto;
error_log /etc/nginx/error.log warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types; #注意路径,必须写,否则可能造成css无法加载
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /etc/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}www.conf配置
nano /etc/nginx/conf.d/www.conf编辑www.conf
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/www.kkiikk.top.crt;
ssl_certificate_key /etc/nginx/ssl/www.kkiikk.top.key;
ssl_protocols TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
server_name www.kkiikk.top;
index index.html index.htm index.php;
root /html/typecho-1.2.1;
# error_page 400 = /400.html;
location / {
proxy_pass http://127.0.0.1:8080/; #端口按照实际配置修改
proxy_hide_header Content-Security-Policy;
proxy_http_version 1.1;
add_header Front-End-Https on;
proxy_set_header X-Forwarded-Host $server_name:$server_port;
proxy_hide_header Referer;
proxy_hide_header Origin;
}
# Config for 0-RTT in TLSv1.3
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;
proxy_set_header Early-Data $ssl_early_data;
add_header Strict-Transport-Security "max-age=31536000";
}
server {
listen 80;
listen [::]:80; #没有ipv6的话要注释掉这行
server_name www.kkiikk.top;
return 301 https://www.kkiikk.top$request_uri;
}
server {
listen 80;
listen [::]:80; #没有ipv6的话要注释掉这行
server_name kkiikk.top;
return 301 https://www.kkiikk.top$request_uri;
}重启nginx服务
systemctl restart nginx