cd /tmp

wget https://github.com/loong64/docker-ce-packaging/raw/refs/heads/main/docker.service
wget https://github.com/loong64/docker-ce-packaging/releases/download/v27.4.1/docker-27.4.1.tgz
wget -O docker-buildx https://github.com/loong64/buildx/releases/download/v0.19.3/buildx-v0.19.3-linux-loongarch64
wget -O docker-compose https://github.com/loong64/compose/releases/download/v2.32.1/docker-compose-linux-loongarch64

mkdir -p /usr/local/libexec/docker/cli-plugins

tar -xf docker-27.4.1.tgz
sudo chown root:root docker/* docker-buildx docker-compose
sudo chmod 755 docker/* docker-buildx docker-compose
sudo mv docker.service /etc/systemd/system
sudo mv docker/* /usr/local/bin/
sudo mv docker-buildx /usr/local/libexec/docker/cli-plugins/
sudo mv docker-compose /usr/local/libexec/docker/cli-plugins/

sudo systemctl enable docker --now

sudo docker version
sudo docker buildx version
sudo docker compose version

删除docker

sudo systemctl stop docker docker.socket

sudo rm -rf /usr/local/libexec/docker/cli-plugins
sudo rm -f /usr/local/bin/docker*
sudo rm -f /usr/local/bin/container*
sudo rm -f /usr/local/bin/ctr
sudo rm -f /usr/local/bin/runc
sudo rm -f /etc/systemd/system/docker.service

1 模型常驻显存

curl http://localhost:11434/api/generate -d '{"model": "gemma3:27b", "keep_alive": -1}' 

示例输出：

{"model":"gemma3:27b","created_at":"2025-11-26T00:50:25.894745547Z","response":"","done":true,"done_reason":"load"}%  

2 从魔搭加载GGUF文件

ollama run modelscope.cn/Qwen/Qwen2.5-3B-Instruct-GGUF
ollama run modelscope.cn/Qwen/Qwen2.5-3B-Instruct-GGUF:Q3_K_M
ollama run modelscope.cn/Qwen/Qwen2.5-3B-Instruct-GGUF:qwen2.5-3b-instruct-q3_k_m.gguf

3 删除本地模型

1 背景

实验室服务器经常有人提交大量任务，导致内存占满后系统卡死，不得不重启。通过使用earlyoom在内存耗尽前查杀大内存进程，避免系统崩溃。

2 做法

1、安装earlyoom

sudo apt install earlyoom

2、编辑配置文件

sudo vim /etc/default/earlyoom

将其中Available minimum memory部分修改为EARLYOOM_ARGS="-m 6,5 -s 100,100"，表示内存余量低于5%就查杀大内存进程，同时忽略swap的占用情况。

# Default settings for earlyoom. This file is sourced by /bin/sh from
# /etc/init.d/earlyoom or by systemd from earlyoom.service.

# Options to pass to earlyoom
EARLYOOM_ARGS="-r 3600"

# Examples:

# Print memory report every second instead of every minute
# EARLYOOM_ARGS="-r 1"

# Available minimum memory 5%
# EARLYOOM_ARGS="-m 5"
EARLYOOM_ARGS="-m 6,5 -s 100,100"
# Available minimum memory 15% and free minimum swap 5%
# EARLYOOM_ARGS="-m 15 -s 5"

# Avoid killing processes whose name matches this regexp
# EARLYOOM_ARGS="--avoid '(^|/)(init|X|sshd|firefox)$'"

# See more at `earlyoom -h'
3、重启服务

sudo systemctl restart earlyoom

## 注意

1 背景

服务器经常遇到恶意爆破。使用fail2ban自动封禁多次密码输入错误的IP，降低服务器被攻破的风险。

2 做法

1、安装fail2ban。

sudo apt update
sudo apt install fail2ban

2、配置fail2ban

sudo vim /etc/fail2ban/jail.local

然后输入以下内容：

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 10  # findtime时间内最大尝试次数
bantime = 86400  # 超过最大尝试次数后封禁时间，以秒为单位
findtime = 600  # 设置监测时间，以秒为单位。600表示统计连续10分钟内密码输入错误的次数

3、重启fail2ban

sudo systemctl restart fail2ban

4、查看状态

sudo fail2ban-client status sshd

注意

如果不正正常运行，执行以下命令

sudo apt-get update && sudo apt-get install -y rsyslog  # Debian/Ubuntu
sudo systemctl enable --now rsyslog
# 等 1~2 分钟让日志开始写入，再继续

然后再次重启fail2ban即可恢复正常。

1 背景

ssh服务默认端口为22，经常被攻击。通过修改端口，一定程度上减轻对服务器被攻破的风险。

2 做法

1、运行以下命令备份sshd服务配置文件。

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak

2、修改sshd服务的端口号。
运行以下命令编辑sshd_config配置文件。

sudo vim /etc/ssh/sshd_config

将其中的Port 22注释掉，改为Port 1234
3、重启ssh服务。

sudo systemctl restart sshd

如果是Ubuntu24：

sudo systemctl restart ssh
sudo systemctl daemon-reload
sudo systemctl restart ssh.socket

3 注意

为了防止意外，务必在确认能够使用新端口连接后，再关闭当前的远程连接，以免造成无法远程连接的意外。

修改记录

20251126 修复Ubuntu24不生效的情况