加入收藏 | 设为首页 | 会员中心 | 我要投稿 晋中站长网 (https://www.0354zz.com/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 站长学院 > MySql教程 > 正文

MySQL配置SSL主从复制

发布时间:2022-03-14 23:32:38 所属栏目:MySql教程 来源:互联网
导读:MySQL5.6 创建SSL文件方法 Create clean environment mkdir /home/mysql/mysqlcerts cd /home/mysql/mysqlcerts Create CA certificate openssl genrsa 2048 ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem Create serve
      MySQL5.6 创建SSL文件方法
  
     Create clean environment
 
     mkdir /home/mysql/mysqlcerts && cd /home/mysql/mysqlcerts
     Create CA certificate
 
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem
Create server certificate, remove passphrase, and sign it
 
server-cert.pem = public key, server-key.pem = private key
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
Create client certificate, remove passphrase, and sign it
client-cert.pem = public key, client-key.pem = private key
openssl req -newkey rsa:2048 -days 3600  -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
server-cert.pem: OK
client-cert.pem: OK
 
MySQL5.7 创建SSL文件方法
官方文档:https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html
 
mkdir -p  /home/mysql/mysqlcerts
/usr/local/mysql-5.7.21-linux-glibc2.12-x86_64/bin/mysql_ssl_rsa_setup  --datadir=/home/mysql/mysqlcerts/
主库创建SSL后进行配置
 
从库 192.168.1.222
 
mkdir -p  /home/mysql/mysqlcerts
主库
 
chown -R mysql.mysql  /home/mysql/mysqlcerts/
scp ca.pem client-cert.pem client-key.pem root@192.168.1.222:/home/mysql/mysqlcerts/
主库授权
 
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.1.222' identified by '' require ssl;
主库 my.cnf
#SSL
ssl-ca=/home/mysql/mysqlcerts/ca.pem
ssl-cert=/home/mysql/mysqlcerts/server-cert.pem
ssl-key=/home/mysql/mysqlcerts/server-key.pem
 
restart mysql
 
从库
 
chown -R mysql.mysql  /home/mysql/mysqlcerts/
my.cnf
 
ssl-ca=/home/mysql/mysqlcerts/ca.pem
ssl-cert= /home/mysql/mysqlcerts/client-cert.pem
ssl-key= /home/mysql/mysqlcerts/client-key.pem
 
创建复制:
 
change master to master_host='',master_user='',master_password='',master_log_file='mysql-bin.000001',master_log_pos=154,   master_ssl=1, master_ssl_ca='/home/mysql/mysqlcerts/ca.pem', master_ssl_cert='/home/mysql/mysqlcerts/client-cert.pem',  master_ssl_key='/home/mysql/mysqlcerts/client-key.pem' ,MASTER_CONNECT_RETRY=10;
验证:
主库配置SSL认证后,客户端默认以SSL方式登录
 
mysql -utest -h292.168.1.223 -ptest -P3307  
(该账号不论是否配置require ssl 均能登录)
不以SSL方式登录命令为:
 
mysql -utest -h292.168.1.223 -ptest -P3307 --ssl-mode=DISABLED   

(编辑:晋中站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
      站长推荐
      热点阅读

        【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

        建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

        Copygight © 2008-2022 https://www.0354zz.com/ All Rights Reserved. 晋中站长网