分类 服务器 下的文章

最近良心云10周年庆典放出了满1000-1000的优惠券,然后花8毛钱买了台3年的1H1G服务器。这配置,装个数据库够呛,于是花36元又买了个1年的1H1G数据库。但数据库没有提供外网,所以只能这8毛的服务器做中转,也足够了。

下载 MySQL Router软件包

wget https://dev.mysql.com/get/Downloads/MySQL-Router/mysql-router-community-8.0.21-1.el8.x86_64.rpm

安装 MySQL Router软件包

rpm -ivh mysql-router-community-8.0.21-1.el8.x86_64.rpm

返回提示

warning: mysql-router-community-8.0.21-1.el8.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
[/usr/lib/tmpfiles.d/mysqlrouter.conf:23] Line references path below legacy directory /var/run/, updating /var/run/mysqlrouter → /run/mysqlrouter; please update the tmpfiles.d/ drop-in file accordingly.

编辑配置文件,加上要代理的内网数据库

vim /etc/mysqlrouter/mysqlrouter.conf
# Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License, version 2.0,
# as published by the Free Software Foundation.
#
# This program is also distributed with certain software (including
# but not limited to OpenSSL) that is licensed under separate terms,
# as designated in a particular file or component or in included license
# documentation.  The authors of MySQL hereby grant you an additional
# permission to link the program and your derivative works with the
# separately licensed software that they have included with MySQL.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License, version 2.0, for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA

#
# MySQL Router configuration file
#
# Documentation is available at
#    http://dev.mysql.com/doc/mysql-router/en/

[DEFAULT]
logging_folder = /var/log/mysqlrouter
runtime_folder = /var/run/mysqlrouter
config_folder = /etc/mysqlrouter

[logger]
level = INFO

# If no plugin is configured which starts a service, keepalive
# will make sure MySQL Router will not immediately exit. It is
# safe to remove once Router is configured.
[keepalive]
interval = 60

[routing:read_write]
bind_address = 0.0.0.0
bind_port = 3306
destinations = 172.27.16.12:3306
mode = read-write

启动 MySQL Router,并设置开机自启

systemctl start mysqlrouter.service
systemctl enable mysqlrouter.service

如果开机自启不了,可能是权限问题,可以更改下用户和用户组

chown mysqlrouter:mysqlrouter /usr/lib64/mysqlrouter

‎aria2 是用于下载文件的实用程序。它支持 HTTP(S)/FTP/SFTP/BitTorrent 和 Metalink 协议。aria2可以从多个来源/协议下载文件,并尝试利用您的最大下载带宽。它支持同时从HTTP(S)/FTP/SFTP和BitTorrent下载文件,而从HTTP(S)/FTP/SFTP下载的数据上传到BitTorrent群。使用 Metalink 块校验和,aria2 在下载文件时自动验证数据块。‎

安装Aria2

sudo apt install aria2

image.png

配置Aria2配置文件

Arai2默认会从$HOME/.aria2/aria2.conf$XDG_CONFIG_HOME/aria2/aria2.conf这两个位置读取配置,为了方便管理,我们可以将配置文件放到/etc/aria2/aria2.conf,以方便管理。

创建/etc/aria2目录,新建并编辑/etc/aria2/aria2.conf配置文件

sudo mkdir /etc/aria2/
sudo vim /etc/aria2/aria2.conf

创建下载文件保存目录

mkdir /home/ubuntu/downloads

把以下配置内容写入到/etc/aria2/aria2.conf

# 设置加密的密钥
rpc-secret=12580
# RPC 开关
enable-rpc=true
# RPC 跨域(WEB 界面需要跨域)
rpc-allow-origin-all=true
# RPC 外部访问(false 的话只监听本地端口)
rpc-listen-all=true
# RPC 端口, 仅当默认端口被占用时修改
rpc-listen-port=6800
# 最大并行下载数(默认值:5)
#max-concurrent-downloads=5
# 单文件并行下载数
split=5
# 断点续传
continue=true
# 同服务器最大连接数
max-connection-per-server=5
# 最小文件分片大小, 下载线程数上限取决于能分出多少片, 对于小文件重要
min-split-size=10M
# 下载速度限制(0代表不限制)(示例值:500K、10M)
max-overall-download-limit=0
# 单文件速度限制
max-download-limit=0
# 上传速度限制
max-overall-upload-limit=0
# 单文件速度限制
max-upload-limit=0
# 断开速度过慢的连接
#lowest-speed-limit=0
# 设置请求头 referer
#referer=*
# 文件保存路径, 默认为当前启动位置
dir=/home/ubuntu/downloads
# 启用磁盘缓存
#disk-cache=0
# 文件分配方法
#file-allocation=prealloc

配置开机启动

sudo nano /etc/systemd/system/aria2.service
[Unit]
Description=aria2 Service
After=network.target

[Service]
Type=simple
User=www
Group=www
Restart=on-failure
RestartSec=5s
ExecStart=aria2c --conf-path=/etc/aria2/aria2.conf

[Install]
WantedBy=multi-user.target

此时,我们尝试下启动服务

sudo systemctl start aria2

然后查看服务状态

sudo systemctl status aria2

如果Active的状态是 active (running) ,则代表服务运行正常。

那我们就可以直接启用服务了,那么服务就会开机时自动启动。

sudo systemctl enable aria2

开放端口

防火墙放通 6800 端口

sudo ufw allow 6800
sudo ufw enable

imageb714790991761b6e.png

参考资料

开启WSL

以管理员身份启动 Windows PowerShell,输入以下命令

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

命令执行可能需要几分钟,系统设置完成后会提示是否重启,我们输入“Y”重启系统以完成设置

下载子系统

WIndows获取发行版子系统下载链接。
然后再命令行执行下载,文件大概四五百兆

Invoke-WebRequest -Uri https://aka.ms/wslubuntu2004 -OutFile Ubuntu.appx -UseBasicParsing

安装子系统

Add-AppxPackage .\Ubuntu.appx

安装好之后,打开开始菜单会看到一个新的应用程序,打开它即可打开子系统。
第一次运行需要配置用户和密码,按照提示设置用户和密码即可。

资料参考:https://blog.irain.in/archives/Windows_Server_2019_Subsystem.html

准备工作

创建相关目录和文件

mkdir -p ./CA/{private,newcerts} && cd ./CA
echo 01 > serial
touch index.txt index.txt.attr

OpenSSL配置文件

编辑openssl.cnf

vi openssl.cnf

将以下内容复制到openssl.cnf文件

[ ca ]
default_ca = CA_default

[ CA_default ]
# Directory and file locations.
dir             = ../CA                 # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
new_certs_dir   = $dir/newcerts         # default place for new certs.
database        = $dir/index.txt        # database index file.
serial          = $dir/serial           # The current serial number
RANDFILE        = $dir/private/.rand    # private random number file
#unique_subject  = no                   # Set to 'no' to allow creation of
                                        # several ctificates with same subject.

# The root key and root certificate.
private_key     = $dir/private/cakey.pem# The private key
certificate     = $dir/cacert.pem       # The CA certificate

# For certificate revocation lists.
crlnumber         = $dir/crlnumber      # the current crl number
crl               = $dir/crl.pem        # The current CRL
crl_extensions    = crl_ext

# SHA-1 is deprecated, so use SHA-2 instead.
preserve          = no                  # keep passed DN ordering
default_md        = sha256              # use SHA-256 by default
default_days      = 365                 # how long to certify for
default_crl_days  = 30                  # how long before next CRL

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy            = policy_match

# For the CA policy
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
vi root.conf
[ req ]
default_bits        = 2048
default_keyfile     = r.pem
default_md          = sha256
string_mask         = nombstr
distinguished_name  = req_distinguished_name
req_extensions      = req_ext
x509_extensions     = x509_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = Guangdong
localityName                = Locality Name (eg, city)
localityName_default        = Shaoguan
organizationName            = Organization Name (eg, company)
organizationName_default    = jwj
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = jwj

[ x509_ext ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints       = CA:TRUE,pathlen:3
keyUsage               = digitalSignature, keyEncipherment, keyCertSign, cRLSign

[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints     = CA:TRUE
keyUsage             = digitalSignature, keyEncipherment, keyCertSign, cRLSign

参数含义:

字段 值
countryName 国家名缩写
stateOrProvinceName 州或省
localityName 地点,如城市
organizationName 组织名
commonName 商标(证书上显示的 CA 名称)

  • xxx_default 设置该字段默认值,这样等一下生成证书时就不用手动填写信息,直接回车使用默认值就行了。

生成 CA 根密钥:

openssl genrsa -out ./private/cakey.pem 2048
Generating RSA private key, 2048 bit long modulus
......................................+++
........................+++
e is 65537 (0x10001)

自签发 CA 根证书:

openssl req -new -x509 -key ./private/cakey.pem -out ./cacert.pem -days 7300 -config ./root.conf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GuangDong]:
Locality Name (eg, city) [ShaoGuan]:
Organization Name (eg, company) [jwj]:
Common Name (e.g. server FQDN or YOUR name) [My CA]:

将 PEM 格式证书转为常用的 DER 格式:

openssl x509 -inform PEM -in ./cacert.pem -outform DER -out ./CA.cer

用 CA 证书签发 SSL 证书
创建文件夹方便管理:

mkdir ../i0w.cn && cd ../i0w.cn

创建用户证书配置文件:

vi server.conf
[ req ]
default_bits        = 2048
default_keyfile     = r.pem
default_md          = sha256
string_mask         = nombstr
distinguished_name  = req_distinguished_name
req_extensions      = req_ext
x509_extensions     = x509_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = Guangdong
localityName                = Locality Name (eg, city)
localityName_default        = Shaoguan
organizationName            = Organization Name (eg, company)
organizationName_default    = jwj
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = localhost

[ x509_ext ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints       = CA:FALSE
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alt_names

[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints     = CA:FALSE
keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alt_names

[ alt_names ]
DNS.1   = localhost
DNS.2   = i0w.cn
DNS.3   = *.i0w.cn
IP.1    = 127.0.0.1
IP.2    = 192.168.0.111
IP.3    = 192.168.1.111

注意:

  1. 在 [ alt_names ] 下填写要签发证书的域名或 IP,支持通配符;
  2. Firefox 下出现 MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY,原因是 basicConstraints 被设置成了 CA:TRUE,改为 CA:FALSE 即可。

生成用户 RSA 密钥:

openssl genrsa -out ./server.key 2048
Generating RSA private key, 2048 bit long modulus
.......................................................................................+++
................+++
e is 65537 (0x10001)

生成用户证书请求:

openssl req -new -key ./server.key -out ./server.csr -config ./server.conf
Generating RSA private key, 2048 bit long modulus
.......................................................................................+++
................+++
e is 65537 (0x10001)
[root@huawei i0w.cn]# openssl req -new -key ./server.key -out ./server.csr -config ./server.conf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GuangDong]:
Locality Name (eg, city) [ShaoGuang]:
Organization Name (eg, company) [jwj]:
Common Name (e.g. server FQDN or YOUR name) [*.i0w.cn]:

签发用户证书:

openssl ca -config ../CA/openssl.cnf -in ./server.csr -out ./server.crt -days 3650 -extensions x509_ext -extfile ./server.conf
Using configuration from ../CA/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :PRINTABLE:'GuangDong'
localityName          :PRINTABLE:'ShaoGuang'
organizationName      :PRINTABLE:'jwj'
commonName            :T61STRING:'*.i0w.cn'
Certificate is to be certified until Jun 10 01:39:26 2030 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

附上证书签发目录结构:

$ tree
.
├── demoCA
│   ├── CA.cer              # CA 证书(DER 格式)
│   ├── cacert.pem          # CA 证书(PEM 格式)
│   ├── index.txt           # 签发记录数据库
│   ├── index.txt.attr
│   ├── index.txt.old
│   ├── newcerts
│   │   └── 01.pem
│   ├── private
│   │   └── cakey.pem       # CA 私钥
│   ├── serial
│   └── serial.old
├── 2heng.xin
│   ├── 2heng.xin.crt       # 用户证书
│   ├── 2heng.xin.csr
│   └── 2heng.xin.key       # 用户证书私钥
├── root.conf               # CA 配置文件
└── server.conf             # 用户配置文件

参考来源:
https://2heng.xin/2018/12/16/your-own-ca-with-openssl/
https://blog.csdn.net/cuitone/article/details/87966042

下载:https://downloads.mysql.com/archives/community/
解压到:C:\Program Files目录
创建my.ini配置文件

[mysql]
port = 3306
default-character-set=utf8

[mysqld]
default_authentication_plugin=mysql_native_password
port = 3306
basedir="C:/Program Files/mysql-5.7.28-winx64"
datadir="C:/Program Files/mysql-5.7.28-winx64/data"
log-error="C:/Program Files/mysql-5.7.28-winx64/logs/mysql.log"
character-set-server=utf8
default-storage-engine=INNODB

C:/Program Files/mysql-5.7.28-winx64加入环境变量
初始化mysql

mysqld --initialize-insecure --user=root

初始化后,默认用户为root,密码为空
安装服务

mysqld --install

执行返回

Service successfully installed.

启动服务

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6