• 企业400电话
  • 微网小程序
  • AI电话机器人
  • 电商代运营
  • 全 部 栏 目

    企业400电话 网络优化推广 AI电话机器人 呼叫中心 网站建设 商标✡知产 微网小程序 电商运营 彩铃•短信 增值拓展业务
    MySQL配置SSL主从复制

    MySQL5.6 创建SSL文件方法

    官方文档:https://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line

    Create clean environment

    mkdir /home/mysql/mysqlcerts cd /home/mysql/mysqlcerts

    Create CA certificate

    openssl genrsa 2048 > ca-key.pem
    openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem

    Create server certificate, remove passphrase, and sign it

    server-cert.pem = public key, server-key.pem = private key
    openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
    openssl rsa -in server-key.pem -out server-key.pem
    openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

    Create client certificate, remove passphrase, and sign it

    client-cert.pem = public key, client-key.pem = private key
    openssl req -newkey rsa:2048 -days 3600  -nodes -keyout client-key.pem -out client-req.pem
    openssl rsa -in client-key.pem -out client-key.pem
    openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
    openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
    server-cert.pem: OK
    client-cert.pem: OK

    MySQL5.7 创建SSL文件方法

    官方文档:https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html

    mkdir -p  /home/mysql/mysqlcerts
    /usr/local/mysql-5.7.21-linux-glibc2.12-x86_64/bin/mysql_ssl_rsa_setup  --datadir=/home/mysql/mysqlcerts/

    主库创建SSL后进行配置

    从库 192.168.1.222

    mkdir -p  /home/mysql/mysqlcerts

    主库

    chown -R mysql.mysql  /home/mysql/mysqlcerts/
    scp ca.pem client-cert.pem client-key.pem root@192.168.1.222:/home/mysql/mysqlcerts/

    主库授权

    GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.1.222' identified by '' require ssl;

    主库 my.cnf

    #SSL
    ssl-ca=/home/mysql/mysqlcerts/ca.pem
    ssl-cert=/home/mysql/mysqlcerts/server-cert.pem
    ssl-key=/home/mysql/mysqlcerts/server-key.pem

    restart mysql

    从库

    chown -R mysql.mysql  /home/mysql/mysqlcerts/

    my.cnf

    ssl-ca=/home/mysql/mysqlcerts/ca.pem
    ssl-cert= /home/mysql/mysqlcerts/client-cert.pem
    ssl-key= /home/mysql/mysqlcerts/client-key.pem

    创建复制:

    change master to master_host='',master_user='',master_password='',master_log_file='mysql-bin.000001',master_log_pos=154,   master_ssl=1, master_ssl_ca='/home/mysql/mysqlcerts/ca.pem', master_ssl_cert='/home/mysql/mysqlcerts/client-cert.pem',  master_ssl_key='/home/mysql/mysqlcerts/client-key.pem' ,MASTER_CONNECT_RETRY=10;

    验证:
    主库配置SSL认证后,客户端默认以SSL方式登录

    mysql -utest -h192.168.1.223 -ptest -P3307  

    (该账号不论是否配置require ssl 均能登录)

    不以SSL方式登录命令为:

    mysql -utest -h192.168.1.223 -ptest -P3307 --ssl-mode=DISABLED   

    (如该账号配置了require ssl 则无法登录)

    您可能感兴趣的文章:
    • 全面解读MySQL主从复制,从原理到安装配置
    • Windows下MySQL主从复制的配置方法
    • mysql主从复制读写分离的配置方法详解
    • Mysql 5.7从节点配置多线程主从复制的方法详解
    • mysql(master/slave)主从复制原理及配置图文详解
    • mysql5.6 主从复制同步详细配置(图文)
    • 深入解析半同步与异步的MySQL主从复制配置
    • MySQL主从复制配置心跳功能介绍
    • MySQL主从复制的原理及配置方法(比较详细)
    • mysql主从复制配置过程
    上一篇:mysql使用from与join两表查询的区别总结
    下一篇:MySQL DeadLock故障排查全过程记录
  • 相关文章
  • 

    © 2016-2020 巨人网络通讯 版权所有

    《增值电信业务经营许可证》 苏ICP备15040257号-8

    MySQL配置SSL主从复制 MySQL,配置,SSL,主从,复制,