基于SSL的mysql主从复制

php中文网

发布时间：2016-06-07 16:34:35

1143人浏览过

来源于php中文网

原创

基于SSL的mysql主从复制【背景】MySQL的协议是明文的，当复制一些重要数据时。有时需要用到SSL功能，以保证数据的安全性。【准备】准备前期准备一.主从时间一致

[root@node3 support-files]# crontab -e ####主节点 */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null [root@node1 CA ]# crontab -e ####从节 */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null

三.

百家CMS微商城

百家CMS微商城从诞生开始，就坚持着简单实用的原则，基于目前最流行的WEB2.0的架构（php+mysql），拥有成熟、稳定的微电商技术解决方案。基于完整的会员等级制度，完善的微商城购物流程，订单管理、优惠券、搜索、购物车等功能。采用跨平台机制，可同时对接微信公众号平台和支付宝服务窗，兼容微博、手机QQ等平台；丰富的支付方式、支持微信支付、支付宝支付、货到付款、余额支付、网银支付等。并且拥有完整的

下载

[root@node1 CA ]#(umask 077;openssl genrsa -out private/cakey.pem 1024) Generating RSA private key, 1024 bit long modulus ...................++++++ ................++++++ e is 65537 (0x10001)[root@node1 CA ]#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg,your name or your server's hostname) []:cacert Email Address []:admin.stu11.com [root@node1 CA ]# touch index.txt [root@node1 CA ]# echo 01 > serial[root@node1 CA ]# cd /etc/mysql/ssl/ [root@node1 ssl ]# (umask 077;openssl genrsa -out master.key 1024) Generating RSA private key, 1024 bit long modulus ...................................++++++ .............................++++++ e is 65537 (0x10001)[root@node1ssl ]# openssl req -new -key master.key -out master.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg, your name or your server's hostname) []:master.crt Email Address[]:admin@stu11.com Please enter thefollowing 'extra' attributes to be sent with your certificate request A challenge password[]: An optional company name []:[root@node1 ssl ]#openssl ca -in master.csr -out master.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Jan 25 07:12:12 2015 GMT Not After : Jan 25 07:12:12 2016 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = magedu organizationalUnitName = 14qi commonName = master.crt emailAddress = admin@stu11.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 93:50:74:97:39:91:86:5A:1F:C6:2F:6A:87:FB:77:04:7B:70:33:5C X509v3 Authority Key Identifier: keyid:C0:69:22:4E:9A:E5:BD:13:2B:BD:93:7B:0F:99:E6:0F:3A:FA:40:7E Certificate is to be certified until Jan 25 07:12:12 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node1 ssl ]# ls master.crt master.csr master.key [root@node1 ssl ]# chown -R mysql:mysql * [root@node1 ssl ]#ll total 16 -rw-r--r-- 1 mysql mysql 1013 Jan 25 15:12 cacert.pem -rw-r--r-- 1 mysql mysql 3161 Jan 25 15:12 master.crt -rw-r--r-- 1 mysql mysql 680 Jan 25 15:11 master.csr -rw------- 1 mysql mysql 887 Jan 25 15:09 master.key[root@node3 ssl]# (umask 077;openssl genrsa -out slave.key 1024) Generating RSA private key, 1024 bit long modulus ..........................++++++ .........................++++++ e is 65537 (0x10001)[root@node3 ssl]# openssl req -new -key slave.key -out slave.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg, your name or your server's hostname) []:slave.cert Email Address []:admin@stu11.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:[root@node3 ssl]# scp slave.csr 172.16.249.141:/etc/pki/CA/ [root@node1 CA ]# openssl ca -in slave.csr -out slave.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Jan 25 07:21:11 2015 GMT Not After : Jan 25 07:21:11 2016 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = magedu organizationalUnitName = 14qi commonName = slave.cert emailAddress = admin@stu11.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F8:06:AD:F0:1D:8A:78:62:ED:A7:FF:BB:7A:F6:79:14:D4:FB:26:39 X509v3 Authority Key Identifier: keyid:C0:69:22:4E:9A:E5:BD:13:2B:BD:93:7B:0F:99:E6:0F:3A:FA:40:7E Certificate is to be certified until Jan 25 07:21:11 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node1 CA ]# scp slave.crt 172.16.11.3:/etc/mysql/ssl/ [root@node1 CA ]# scp cacert.pem 172.16.11.3:/etc/mysql/ssl/ [root@node3 ssl]# chown -R mysql:mysql * [root@node3 ssl]# ll total 16 -rw-r--r-- 1 mysql mysql 1013 Jan 25 15:22 cacert.pem -rw-r--r-- 1 mysql mysql 3161 Jan 25 15:21 slave.crt -rw-r--r-- 1 mysql mysql 680 Jan 25 15:19 slave.csr -rw------- 1 mysql mysql 887 Jan 25 15:14 slave.key

mysql启动失败怎么办_mysql启动日志排查

mysql如何进行字符串拼接_mysql concat函数使用

如何用mysql设计一个简易的投票系统_mysql用户投票系统

MySQL数据库基本概念详解：参数传递、流程控制与业务逻辑封装

mysql如何实施最小权限原则_mysql权限控制实践

相关专题

Golang 测试体系与代码质量保障：工程级可靠性建设

Go语言测试体系与代码质量保障聚焦于构建工程级可靠性系统。本专题深入解析Go的测试工具链（如go test）、单元测试、集成测试及端到端测试实践，结合代码覆盖率分析、静态代码扫描（如go vet）和动态分析工具，建立全链路质量监控机制。通过自动化测试框架、持续集成（CI）流水线配置及代码审查规范，实现测试用例管理、缺陷追踪与质量门禁控制，确保代码健壮性与可维护性，为高可靠性工程系统提供质量保障。

2026.02.28

Golang 工程化架构设计：可维护与可演进系统构建

Go语言工程化架构设计专注于构建高可维护性、可演进的企业级系统。本专题深入探讨Go项目的目录结构设计、模块划分、依赖管理等核心架构原则，涵盖微服务架构、领域驱动设计(DDD)在Go中的实践应用。通过实战案例解析接口抽象、错误处理、配置管理、日志监控等关键工程化技术，帮助开发者掌握构建稳定、可扩展Go应用的最佳实践方法。

2026.02.28

Golang 性能分析与运行时机制：构建高性能程序

Go语言以其高效的并发模型和优异的性能表现广泛应用于高并发、高性能场景。其运行时机制包括 Goroutine 调度、内存管理、垃圾回收等方面，深入理解这些机制有助于编写更高效稳定的程序。本专题将系统讲解 Golang 的性能分析工具使用、常见性能瓶颈定位及优化策略，并结合实际案例剖析 Go 程序的运行时行为，帮助开发者掌握构建高性能应用的关键技能。

2026.02.28