主頁(yè) > 知識(shí)庫(kù) > MySQL配置SSL主從復(fù)制

MySQL配置SSL主從復(fù)制

熱門標(biāo)簽:南昌高頻外呼系統(tǒng)哪家公司做的好 電銷機(jī)器人 行業(yè) 俄國(guó)地圖標(biāo)注app 淄博400電話申請(qǐng) 溫州瑞安400電話怎么申請(qǐng) 電銷機(jī)器人各個(gè)細(xì)節(jié)介紹 百度地圖標(biāo)注后不顯示 電話機(jī)器人市場(chǎng)趨勢(shì) 昆明電信400電話辦理

MySQL5.6 創(chuàng)建SSL文件方法

官方文檔:https://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line

Create clean environment

mkdir /home/mysql/mysqlcerts cd /home/mysql/mysqlcerts

Create CA certificate

openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem

Create server certificate, remove passphrase, and sign it

server-cert.pem = public key, server-key.pem = private key
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

Create client certificate, remove passphrase, and sign it

client-cert.pem = public key, client-key.pem = private key
openssl req -newkey rsa:2048 -days 3600  -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
server-cert.pem: OK
client-cert.pem: OK

MySQL5.7 創(chuàng)建SSL文件方法

官方文檔:https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html

mkdir -p  /home/mysql/mysqlcerts
/usr/local/mysql-5.7.21-linux-glibc2.12-x86_64/bin/mysql_ssl_rsa_setup  --datadir=/home/mysql/mysqlcerts/

主庫(kù)創(chuàng)建SSL后進(jìn)行配置

從庫(kù) 192.168.1.222

mkdir -p  /home/mysql/mysqlcerts

主庫(kù)

chown -R mysql.mysql  /home/mysql/mysqlcerts/
scp ca.pem client-cert.pem client-key.pem root@192.168.1.222:/home/mysql/mysqlcerts/

主庫(kù)授權(quán)

GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.1.222' identified by '' require ssl;

主庫(kù) my.cnf

#SSL
ssl-ca=/home/mysql/mysqlcerts/ca.pem
ssl-cert=/home/mysql/mysqlcerts/server-cert.pem
ssl-key=/home/mysql/mysqlcerts/server-key.pem

restart mysql

從庫(kù)

chown -R mysql.mysql  /home/mysql/mysqlcerts/

my.cnf

ssl-ca=/home/mysql/mysqlcerts/ca.pem
ssl-cert= /home/mysql/mysqlcerts/client-cert.pem
ssl-key= /home/mysql/mysqlcerts/client-key.pem

創(chuàng)建復(fù)制:

change master to master_host='',master_user='',master_password='',master_log_file='mysql-bin.000001',master_log_pos=154,   master_ssl=1, master_ssl_ca='/home/mysql/mysqlcerts/ca.pem', master_ssl_cert='/home/mysql/mysqlcerts/client-cert.pem',  master_ssl_key='/home/mysql/mysqlcerts/client-key.pem' ,MASTER_CONNECT_RETRY=10;

驗(yàn)證:
主庫(kù)配置SSL認(rèn)證后,客戶端默認(rèn)以SSL方式登錄

mysql -utest -h192.168.1.223 -ptest -P3307  

(該賬號(hào)不論是否配置require ssl 均能登錄)

不以SSL方式登錄命令為:

mysql -utest -h192.168.1.223 -ptest -P3307 --ssl-mode=DISABLED   

(如該賬號(hào)配置了require ssl 則無(wú)法登錄)

您可能感興趣的文章:
  • 全面解讀MySQL主從復(fù)制,從原理到安裝配置
  • Windows下MySQL主從復(fù)制的配置方法
  • mysql主從復(fù)制讀寫分離的配置方法詳解
  • Mysql 5.7從節(jié)點(diǎn)配置多線程主從復(fù)制的方法詳解
  • mysql(master/slave)主從復(fù)制原理及配置圖文詳解
  • mysql5.6 主從復(fù)制同步詳細(xì)配置(圖文)
  • 深入解析半同步與異步的MySQL主從復(fù)制配置
  • MySQL主從復(fù)制配置心跳功能介紹
  • MySQL主從復(fù)制的原理及配置方法(比較詳細(xì))
  • mysql主從復(fù)制配置過(guò)程

標(biāo)簽:嘉峪關(guān) 吐魯番 洛陽(yáng) 甘南 拉薩 安徽 葫蘆島

巨人網(wǎng)絡(luò)通訊聲明:本文標(biāo)題《MySQL配置SSL主從復(fù)制》,本文關(guān)鍵詞  MySQL,配置,SSL,主從,復(fù)制,;如發(fā)現(xiàn)本文內(nèi)容存在版權(quán)問(wèn)題,煩請(qǐng)?zhí)峁┫嚓P(guān)信息告之我們,我們將及時(shí)溝通與處理。本站內(nèi)容系統(tǒng)采集于網(wǎng)絡(luò),涉及言論、版權(quán)與本站無(wú)關(guān)。
  • 相關(guān)文章
  • 下面列出與本文章《MySQL配置SSL主從復(fù)制》相關(guān)的同類信息!
  • 本頁(yè)收集關(guān)于MySQL配置SSL主從復(fù)制的相關(guān)信息資訊供網(wǎng)民參考!
  • 推薦文章