说明

自建内网穿透工作ZeroTier服务端。需要从原服务器迁移到新的主机上，进行以下操作。我使用ubuntu 22，其他debian类服务器应该也可以。原服务器上直接安装服务程序，不使用docker。

旧服务器

1. 停止服务

• SSH 登录
• 停止ztncui，zerotier-one服务

sudo systemctl stop ztncui
sudo systemctl stop zerotier-one

2. 拷贝数据目录

• 在旧服务器上备份以下两个服务的配置与数据目录

sudo cp -a /opt/key-networks/ztncui/etc /path/to/backup_location

sudo cp -a /var/lib/zerotier-one /path/to/backup_location

新服务器

1. 安装ZeroTier-One Controller和ztncui

A 安装zerotier

https://www.zerotier.com/download/#linux

curl -s https://install.zerotier.com | sudo bash

curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/main/doc/contact%40zerotier.com.gpg' | gpg --import &&
if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi

B 安装ztncui。服务器的web控制面板
https://key-networks.com/ztncui/

2. 停止服务

sudo systemctl stop ztncui
sudo systemctl stop zerotier-one

3. 拷贝数据

• 使用SCP，rsync，WinSCP等工具拷贝

rsync -rva user@old_host:/path/to/backup_location/etc /opt/key-networks/ztncui/

rsync -rva user@old_host:/path/to/backup_location/zerotier-one /var/lib/

4. 设置用户所有权

• 查看

ls -l /opt/key-networks/ztncui/etc

• 用户和群组应该是：ztncui

-rw------- 1 ztncui ztncui 148 Jul 26 09:48 default.passw
-rw------- 1 ztncui ztncui 435 Jul 26 09:48 passwd
drwxr-xr-x 2 ztncui ztncui 4096 Jul 26 09:48 storage
drwxr-x--- 2 ztncui ztncui 4096 Jul 26 09:48 tlsd

• 查看

ls -l /var/lib/zerotier-one

• 用户和群组应该是：zerotier-one

-rw------- 1 zerotier-one zerotier-one       24 Jul 26 09:54 authtoken.secre
drwx------ 4 zerotier-one zerotier-one     4096 Jul 26 09:54 controller.d
-rw-r--r-- 1 zerotier-one zerotier-one      141 Jul 26 09:54 identity.public
-rw------- 1 zerotier-one zerotier-one      270 Jul 26 09:54 identity.secret
drwxr-xr-x 2 zerotier-one zerotier-one     4096 Jul 26 09:54 networks.d
drwxr-xr-x 2 zerotier-one zerotier-one     4096 Jul 27 12:22 peers.d
-rw-r--r-- 1 zerotier-one zerotier-one      570 Jul 26 09:54 planet
-rwxr-xr-x 1 zerotier-one zerotier-one 10892304 Jul 26 09:54 zerotier-cli
-rwxr-xr-x 1 zerotier-one zerotier-one 10892304 Jul 26 09:54 zerotier-idtool
-rwxr-xr-x 1 zerotier-one zerotier-one 10892304 Jul 26 09:54 zerotier-one
-rw-r--r-- 1 zerotier-one zerotier-one        4 Jul 26 09:58 zerotier-one.pid
-rw-r--r-- 1 zerotier-one zerotier-one        4 Jul 26 09:58 zerotier-one.port
-rw-r--r-- 1 zerotier-one zerotier-one      276 Jul 26 09:54 zerotier-one.te

• 如果不是的话，执行以下命令设置

sudo chown -R ztncui:ztncui /opt/key-networks/ztncui/etc
sudo chown -R zerotier-one:zerotier-one /var/lib/zerotier-one

5. 设置配置文件，密钥等

• After ztncui upgrade, migration, or system kernel upgrade (effective after reboot), you need to generate a new secret for the controller and set correct access privileges.
• 运行以下命令，设置配置文件

sudo sh -c "echo ZT_TOKEN=$(sudo cat /var/lib/zerotier-one/authtoken.secret) > /opt/key-networks/ztncui/.env"
sudo sh -c "echo HTTPS_PORT=3443 >> /opt/key-networks/ztncui/.env"
sudo sh -c "echo NODE_ENV=production >> /opt/key-networks/ztncui/.env"
sudo chmod 400 /opt/key-networks/ztncui/.env
sudo chown ztncui:ztncui /opt/key-networks/ztncui/.env

6. 配置ztncui

• 打开环境变量

sudo vim /opt/key-networks/ztncui/.env

• 设置IP地址： HTTPS_HOST=<IP>
  注：我写入IP造成ztncui无法启动，可以不要这一行
• 保存退出

7. 重启ztncui和zerotier-one

sudo systemctl start ztncui
sudo systemctl start zerotier-one

8. 验证迁移

• 查看运行状态

sudo systemctl status ztncui
sudo systemctl status zerotier-one

• 查看运行日志

sudo journalctl -u ztncui -u zerotier-one -f

• 注意web端运行在3443，调整防火墙

后续收尾

1. 验证zerotier运行正常

2. 旧服务器停用服务

避免两台服务器同时运行，旧服务器上停用服务

sudo systemctl stop ztncui
sudo systemctl stop zerotier-one
sudo systemctl disable ztncui
sudo systemctl disable zerotier-one

3. 旧服务器清除数据

sudo rm -rf /var/lib/zerotier-one

• 清除数据之后，重新启动服务会生成一个新的服务ID

sudo systemctl enable –now zerotier-one

本文引自https://medium.com/@KarolDanisz/full-guide-migrating-zerotier-controller-ztncui-and-data-to-a-new-host-34abcd30d8fb
授权：Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0).