3 月 042020
3 月 032020
MariaDB [(none)]> SHOW GLOBAL STATUS LIKE 'wsrep_%'; +-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ | wsrep_local_state_uuid | ddb380d8-5d53-11ea-a9d6-7262c0f8b25a | | wsrep_protocol_version | 10 | | wsrep_last_committed | 694 | | wsrep_replicated | 0 | | wsrep_replicated_bytes | 0 | | wsrep_repl_keys | 0 | | wsrep_repl_keys_bytes | 0 | | wsrep_repl_data_bytes | 0 | | wsrep_repl_other_bytes | 0 | | wsrep_received | 308 | | wsrep_received_bytes | 48488 | | wsrep_local_commits | 0 | | wsrep_local_cert_failures | 0 | | wsrep_local_replays | 0 | | wsrep_local_send_queue | 0 | | wsrep_local_send_queue_max | 1 | | wsrep_local_send_queue_min | 0 | | wsrep_local_send_queue_avg | 0 | | wsrep_local_recv_queue | 0 | | wsrep_local_recv_queue_max | 2 | | wsrep_local_recv_queue_min | 0 | | wsrep_local_recv_queue_avg | 0.00324675 | | wsrep_local_cached_downto | 394 | | wsrep_flow_control_paused_ns | 0 | | wsrep_flow_control_paused | 0 | | wsrep_flow_control_sent | 0 | | wsrep_flow_control_recv | 0 | | wsrep_cert_deps_distance | 0 | | wsrep_apply_oooe | 0 | | wsrep_apply_oool | 0 | | wsrep_apply_window | 0 | | wsrep_commit_oooe | 0 | | wsrep_commit_oool | 0 | | wsrep_commit_window | 0 | | wsrep_local_state | 4 | | wsrep_local_state_comment | Synced | | wsrep_cert_index_size | 0 | | wsrep_causal_reads | 0 | | wsrep_cert_interval | 0 | | wsrep_open_transactions | 0 | | wsrep_open_connections | 0 | | wsrep_incoming_addresses | AUTO,AUTO,AUTO | | wsrep_cluster_weight | 3 | | wsrep_desync_count | 0 | | wsrep_evs_delayed | | | wsrep_evs_evict_list | | | wsrep_evs_repl_latency | 0/0/0/0/0 | | wsrep_evs_state | OPERATIONAL | | wsrep_gcomm_uuid | 6391e90b-5d56-11ea-a595-eeca4bd54b8e | | wsrep_applier_thread_count | 1 | | wsrep_cluster_capabilities | | | wsrep_cluster_conf_id | 18446744073709551615 | | wsrep_cluster_size | 3 | | wsrep_cluster_state_uuid | ddb380d8-5d53-11ea-a9d6-7262c0f8b25a | | wsrep_cluster_status | Primary | | wsrep_connected | ON | | wsrep_local_bf_aborts | 0 | | wsrep_local_index | 1 | | wsrep_provider_capabilities | :MULTI_MASTER:CERTIFICATION:PARALLEL_APPLYING:TRX_REPLAY:ISOLATION:PAUSE:CAUSAL_READS:INCREMENTAL_WRITESET:UNORDERED:PREORDERED:STREAMING:NBO: | | wsrep_provider_name | Galera | | wsrep_provider_vendor | Codership Oy <info@codership.com> | | wsrep_provider_version | 26.4.3(r4535) | | wsrep_ready | ON | | wsrep_rollbacker_thread_count | 1 | | wsrep_thread_count | 2 | +-------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------+ 65 rows in set (0.001 sec) MariaDB [(none)]>
变量信息
MariaDB [(none)]> SHOW VARIABLES like 'wsrep_%'\G; *************************** 1. row *************************** Variable_name: wsrep_osu_method Value: TOI *************************** 2. row *************************** Variable_name: wsrep_sr_store Value: table *************************** 3. row *************************** Variable_name: wsrep_auto_increment_control Value: ON *************************** 4. row *************************** Variable_name: wsrep_causal_reads Value: OFF *************************** 5. row *************************** Variable_name: wsrep_certification_rules Value: strict *************************** 6. row *************************** Variable_name: wsrep_certify_nonpk Value: ON *************************** 7. row *************************** Variable_name: wsrep_cluster_address Value: gcomm://172.31.35.26,172.31.35.23,172.31.43.57 *************************** 8. row *************************** Variable_name: wsrep_cluster_name Value: test_cluster *************************** 9. row *************************** Variable_name: wsrep_convert_lock_to_trx Value: OFF *************************** 10. row *************************** Variable_name: wsrep_data_home_dir Value: /var/lib/mysql/ *************************** 11. row *************************** Variable_name: wsrep_dbug_option Value: *************************** 12. row *************************** Variable_name: wsrep_debug Value: NONE *************************** 13. row *************************** Variable_name: wsrep_desync Value: OFF *************************** 14. row *************************** Variable_name: wsrep_dirty_reads Value: OFF *************************** 15. row *************************** Variable_name: wsrep_drupal_282555_workaround Value: OFF *************************** 16. row *************************** Variable_name: wsrep_forced_binlog_format Value: NONE *************************** 17. row *************************** Variable_name: wsrep_gtid_domain_id Value: 0 *************************** 18. row *************************** Variable_name: wsrep_gtid_mode Value: OFF *************************** 19. row *************************** Variable_name: wsrep_ignore_apply_errors Value: 7 *************************** 20. row *************************** Variable_name: wsrep_load_data_splitting Value: OFF *************************** 21. row *************************** Variable_name: wsrep_log_conflicts Value: OFF *************************** 22. row *************************** Variable_name: wsrep_max_ws_rows Value: 0 *************************** 23. row *************************** Variable_name: wsrep_max_ws_size Value: 2147483647 *************************** 24. row *************************** Variable_name: wsrep_mysql_replication_bundle Value: 0 *************************** 25. row *************************** Variable_name: wsrep_node_address Value: 172.31.35.26 *************************** 26. row *************************** Variable_name: wsrep_node_incoming_address Value: AUTO *************************** 27. row *************************** Variable_name: wsrep_node_name Value: server1 *************************** 28. row *************************** Variable_name: wsrep_notify_cmd Value: *************************** 29. row *************************** Variable_name: wsrep_on Value: ON *************************** 30. row *************************** Variable_name: wsrep_patch_version Value: wsrep_26.22 *************************** 31. row *************************** Variable_name: wsrep_provider Value: /usr/lib64/galera-4/libgalera_smm.so *************************** 32. row *************************** Variable_name: wsrep_provider_options Value: base_dir = /var/lib/mysql/; base_host = 172.31.35.26; base_port = 4567; cert.log_conflicts = no; cert.optimistic_pa = yes; debug = no; evs.auto_evict = 0; evs.causal_keepalive_period = PT1S; evs.debug_log_mask = 0x1; evs.delay_margin = PT1S; evs.delayed_keep_period = PT30S; evs.inactive_check_period = PT0.5S; evs.inactive_timeout = PT15S; evs.info_log_mask = 0; evs.install_timeout = PT7.5S; evs.join_retrans_period = PT1S; evs.keepalive_period = PT1S; evs.max_install_timeouts = 3; evs.send_window = 4; evs.stats_report_period = PT1M; evs.suspect_timeout = PT5S; evs.use_aggregate = true; evs.user_send_window = 2; evs.version = 1; evs.view_forget_timeout = P1D; gcache.dir = /var/lib/mysql/; gcache.keep_pages_size = 0; gcache.mem_size = 0; gcache.name = galera.cache; gcache.page_size = 128M; gcache.recover = yes; gcache.size = 128M; gcomm.thread_prio = ; gcs.fc_debug = 0; gcs.fc_factor = 1.0; gcs.fc_limit = 16; gcs.fc_master_slave = no; gcs.max_packet_size = 64500; gcs.max_throttle = 0.25; gcs.recv_q_hard_limit = 9223372036854775807; gcs.recv_q_soft_limit = 0.25; gcs.sync_donor = no; gmcast.listen_addr = tcp://0.0.0.0:4567; gmcast.mcast_addr = ; gmcast.mcast_ttl = 1; gmcast.peer_timeout = PT3S; gmcast.segment = 0; gmcast.time_wait = PT5S; gmcast.version = 0; ist.recv_addr = 172.31.35.26; pc.announce_timeout = PT3S; pc.checksum = false; pc.ignore_quorum = false; pc.ignore_sb = false; pc.linger = PT20S; pc.npvo = false; pc.recovery = true; pc.version = 0; pc.wait_prim = true; pc.wait_prim_timeout = PT30S; pc.weight = 1; protonet.backend = asio; protonet.version = 0; repl.causal_read_timeout = PT30S; repl.commit_order = 3; repl.key_format = FLAT8; repl.max_ws_size = 2147483647; repl.proto_max = 10; socket.checksum = 2; socket.recv_buf_size = 212992; *************************** 33. row *************************** Variable_name: wsrep_recover Value: OFF *************************** 34. row *************************** Variable_name: wsrep_reject_queries Value: NONE *************************** 35. row *************************** Variable_name: wsrep_replicate_myisam Value: OFF *************************** 36. row *************************** Variable_name: wsrep_restart_slave Value: OFF *************************** 37. row *************************** Variable_name: wsrep_retry_autocommit Value: 1 *************************** 38. row *************************** Variable_name: wsrep_slave_fk_checks Value: ON *************************** 39. row *************************** Variable_name: wsrep_slave_uk_checks Value: OFF *************************** 40. row *************************** Variable_name: wsrep_slave_threads Value: 1 *************************** 41. row *************************** Variable_name: wsrep_sst_auth Value: *************************** 42. row *************************** Variable_name: wsrep_sst_donor Value: *************************** 43. row *************************** Variable_name: wsrep_sst_donor_rejects_queries Value: OFF *************************** 44. row *************************** Variable_name: wsrep_sst_method Value: rsync *************************** 45. row *************************** Variable_name: wsrep_sst_receive_address Value: AUTO *************************** 46. row *************************** Variable_name: wsrep_start_position Value: ddb380d8-5d53-11ea-a9d6-7262c0f8b25a:393 *************************** 47. row *************************** Variable_name: wsrep_sync_wait Value: 0 *************************** 48. row *************************** Variable_name: wsrep_trx_fragment_size Value: 0 *************************** 49. row *************************** Variable_name: wsrep_trx_fragment_unit Value: bytes 49 rows in set (0.001 sec) ERROR: No query specified MariaDB [(none)]>
3 月 032020
3 月 032020
3 月 012020
3 月 012020
查看系统环境
[root@ip-172-31-39-22 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@ip-172-31-39-22 ~]# rpm -qa |wc -l 304 [root@ip-172-31-39-22 ~]#
安装Erlang运行环境
https://www.erlang-solutions.com/resources/download.html
安装YUM源配置文件并导入签名
[root@ip-172-31-39-22 ~]# yum -y install https://packages.erlang-solutions.com/erlang-solutions-2.0-1.noarch.rpm [root@ip-172-31-39-22 ~]# rpm --import https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
查看已安装的YUM源配置文件
[root@ip-172-31-39-22 ~]# cat /etc/yum.repos.d/erlang_solutions.repo [erlang-solutions] name=Centos $releasever - $basearch - Erlang Solutions baseurl=http://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg//erlang_solutions.asc enabled=1 [root@ip-172-31-39-22 ~]#
查看Erlang版本信息(当前最新版本)
[root@ip-172-31-39-22 ~]# yum info erlang Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: d36uatko69830t.cloudfront.net * extras: d36uatko69830t.cloudfront.net * updates: d36uatko69830t.cloudfront.net Available Packages Name : erlang Arch : x86_64 Version : 22.2.7 Release : 1.el7 Size : 21 k Repo : erlang-solutions/7/x86_64 Summary : General-purpose programming language and runtime environment URL : http://www.erlang.org License : ERPL Description : Erlang is a general-purpose programming language and runtime : environment. Erlang has built-in support for concurrency, distribution : and fault tolerance. Erlang is used in several large telecommunication : systems from Ericsson. [root@ip-172-31-39-22 ~]#
安装EPEL源
[root@ip-172-31-39-22 ~]# yum -y install epel-release
登录Erlang控制台以确认可用性
[root@ip-172-31-39-22 ~]# erl Erlang/OTP 22 [erts-10.6.4] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe] Eshell V10.6.4 (abort with ^G) 1> halt(). [root@ip-172-31-39-22 ~]#
安装RabbitMQ服务
https://www.rabbitmq.com/install-rpm.html
使用RMP包安装YUM源
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | sudo bash
查看YUM源配置文件
[root@ip-172-31-39-22 ~]# cat /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo [rabbitmq_rabbitmq-server] name=rabbitmq_rabbitmq-server baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/$basearch repo_gpgcheck=1 gpgcheck=0 enabled=1 gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 [rabbitmq_rabbitmq-server-source] name=rabbitmq_rabbitmq-server-source baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/SRPMS repo_gpgcheck=1 gpgcheck=0 enabled=1 gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 [root@ip-172-31-39-22 ~]#
查看当前RabbitMQ版本信息
[root@ip-172-31-39-22 ~]# yum info rabbitmq-server Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: d36uatko69830t.cloudfront.net * extras: d36uatko69830t.cloudfront.net * updates: d36uatko69830t.cloudfront.net Available Packages Name : rabbitmq-server Arch : noarch Version : 3.8.2 Release : 1.el7 Size : 12 M Repo : rabbitmq_rabbitmq-server/x86_64 Summary : The RabbitMQ server URL : https://www.rabbitmq.com/ License : MPLv1.1 and MIT and ASL 2.0 and BSD Description : RabbitMQ is an open source multi-protocol messaging broker. [root@ip-172-31-39-22 ~]#
安装RabbitMQ服务
[root@ip-172-31-39-22 ~]# yum -y install rabbitmq-server
注册并启动服务
[root@ip-172-31-39-22 ~]# rpm -lq rabbitmq-server|less [root@ip-172-31-39-22 ~]# systemctl enable rabbitmq-server Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. [root@ip-172-31-39-22 ~]# systemctl start rabbitmq-server [root@ip-172-31-39-22 ~]#
查看端口监听
[root@ip-172-31-39-22 ~]# netstat -lnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::5672 :::* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::4369 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN [root@ip-172-31-39-22 ~]#
启动管理插件
[root@ip-172-31-39-22 ~]# rabbitmq-plugins enable rabbitmq_management Enabling plugins on node rabbit@ip-172-31-39-22: rabbitmq_management The following plugins have been configured: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch Applying plugin configuration to rabbit@ip-172-31-39-22... The following plugins have been enabled: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch started 3 plugins. [root@ip-172-31-39-22 ~]#
查看端口监听
[root@ip-172-31-39-22 ~]# netstat -lnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::5672 :::* LISTEN tcp6 0 0 :::111 :::* LISTEN tcp6 0 0 :::4369 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN [root@ip-172-31-39-22 ~]#
使用浏览器访问Web控制台
默认账户信息(仅支持从本机登录)
Username:guest Password:guest
使用命令行添加具有最高权限的管理用户
[root@ip-172-31-39-22 ~]# rabbitmqctl add_user admin 123465 Adding user "admin" ... [root@ip-172-31-39-22 ~]# rabbitmqctl set_user_tags admin administrator Setting tags for user "admin" to [administrator] ... [root@ip-172-31-39-22 ~]#
登录Web控制台
2 月 282020
安装必要的工具包
[root@ip-172-31-40-204 ~]# yum -y install unzip wget git
安装JAVA环境
https://www.oracle.com/java/technologies/javase-downloads.html [root@ip-172-31-40-204 ~]# yum -y install jdk-8u241-linux-x64.rpm [root@ip-172-31-40-204 ~]# java -version java version "1.8.0_241" Java(TM) SE Runtime Environment (build 1.8.0_241-b07) Java HotSpot(TM) 64-Bit Server VM (build 25.241-b07, mixed mode) [root@ip-172-31-40-204 ~]#
下载安装Gradle构建工具并设置环境变量
https://gradle.org/install/ https://services.gradle.org/distributions/gradle-6.2.1-all.zip [root@ip-172-31-40-204 ~]# wget https://services.gradle.org/distributions/gradle-6.2.1-all.zip [root@ip-172-31-40-204 ~]# [root@ip-172-31-40-204 ~]# mkdir -p /opt/gradle [root@ip-172-31-40-204 ~]# unzip -d /opt/gradle gradle-6.2.1-all.zip [root@ip-172-31-40-204 ~]# ls /opt/gradle/gradle-6.2.1/ bin docs init.d lib LICENSE NOTICE README src [root@ip-172-31-40-204 ~]# [root@ip-172-31-40-204 ~]# vi /etc/profile export PATH=$PATH:/opt/gradle/gradle-6.2.1/bin
查看gradle版本信息
[root@ip-172-31-40-204 ~]# gradle -v Welcome to Gradle 6.2.1! Here are the highlights of this release: - Dependency checksum and signature verification - Shareable read-only dependency cache - Documentation links in deprecation messages For more details see https://docs.gradle.org/6.2.1/release-notes.html ------------------------------------------------------------ Gradle 6.2.1 ------------------------------------------------------------ Build time: 2020-02-24 20:24:10 UTC Revision: aacbcb7e587faa6a8e7851751a76183b6187b164 Kotlin: 1.3.61 Groovy: 2.5.8 Ant: Apache Ant(TM) version 1.10.7 compiled on September 1 2019 JVM: 1.8.0_241 (Oracle Corporation 25.241-b07) OS: Linux 3.10.0-957.1.3.el7.x86_64 amd64 [root@ip-172-31-40-204 ~]#
由Github拉取Eureka项目代码并进行构建
https://github.com/Netflix/eureka/wiki/Building-Eureka-Client-and-Server [root@ip-172-31-40-204 ~]# git clone https://github.com/Netflix/eureka.git Cloning into 'eureka'... remote: Enumerating objects: 31, done. remote: Counting objects: 100% (31/31), done. remote: Compressing objects: 100% (21/21), done. remote: Total 53260 (delta 2), reused 22 (delta 0), pack-reused 53229 Receiving objects: 100% (53260/53260), 11.53 MiB | 4.40 MiB/s, done. Resolving deltas: 100% (20906/20906), done. [root@ip-172-31-40-204 ~]# [root@ip-172-31-40-204 ~]# cd eureka/ [root@ip-172-31-40-204 eureka]# ./gradlew clean build
查看构建完成生成的服务端和客户端文件
[root@ip-172-31-40-204 eureka]# ls ./eureka-server/build/libs/ eureka-server-1.9.19-SNAPSHOT.war [root@ip-172-31-40-204 eureka]# ls ./eureka-client/build/libs/ eureka-client-1.9.19-SNAPSHOT.jar [root@ip-172-31-40-204 eureka]#
安装Apache Tomcat服务
[root@ip-172-31-40-204 ~]# wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.51/bin/apache-tomcat-8.5.51.tar.gz [root@ip-172-31-40-204 ~]# [root@ip-172-31-40-204 ~]# tar xzf apache-tomcat-8.5.51.tar.gz [root@ip-172-31-40-204 ~]# mv apache-tomcat-8.5.51 /usr/local/ [root@ip-172-31-40-204 ~]# cp eureka/eureka-server/build/libs/eureka-server-1.9.19-SNAPSHOT.war /usr/local/apache-tomcat-8.5.51/webapps/ [root@ip-172-31-40-204 ~]#
启动tomcat服务
[root@ip-172-31-40-204 ~]# cd /usr/local/apache-tomcat-8.5.51/bin/ [root@ip-172-31-40-204 bin]# ./startup.sh Using CATALINA_BASE: /usr/local/apache-tomcat-8.5.51 Using CATALINA_HOME: /usr/local/apache-tomcat-8.5.51 Using CATALINA_TMPDIR: /usr/local/apache-tomcat-8.5.51/temp Using JRE_HOME: / Using CLASSPATH: /usr/local/apache-tomcat-8.5.51/bin/bootstrap.jar:/usr/local/apache-tomcat-8.5.51/bin/tomcat-juli.jar Tomcat started. [root@ip-172-31-40-204 bin]#
使用浏览器访问Eureka服务web控制台
1 月 212020
http://ocserv.gitlab.io/www/manual.html
生成CA证书
$ certtool --generate-privkey --outfile ca-key.pem $ cat << _EOF_ >ca.tmpl cn = "VPN CA" organization = "Big Corp" serial = 1 expiration_days = -1 ca signing_key cert_signing_key crl_signing_key _EOF_ $ certtool --generate-self-signed --load-privkey ca-key.pem \ --template ca.tmpl --outfile ca-cert.pem
生成服务器证书
$ certtool --generate-privkey --outfile server-key.pem $ cat << _EOF_ >server.tmpl cn = "VPN server" dns_name = "www.example.com" dns_name = "vpn1.example.com" #ip_address = "1.2.3.4" organization = "MyCompany" expiration_days = -1 signing_key encryption_key #only if the generated key is an RSA one tls_www_server _EOF_ $ certtool --generate-certificate --load-privkey server-key.pem \ --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \ --template server.tmpl --outfile server-cert.pem
生成客户端证书
$ certtool --generate-privkey --outfile user-key.pem $ cat << _EOF_ >user.tmpl cn = "user" unit = "admins" expiration_days = 365 signing_key tls_www_client _EOF_ $ certtool --generate-certificate --load-privkey user-key.pem \ --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \ --template user.tmpl --outfile user-cert.pem $ certtool --to-p12 --load-privkey user-key.pem \ --pkcs-cipher 3des-pkcs12 \ --load-certificate user-cert.pem \ --outfile user.p12 --outder
吊销客户端证书
$ cat << _EOF_ >crl.tmpl crl_next_update = 365 crl_number = 1 _EOF_ $ cat user-cert.pem >>revoked.pem $ certtool --generate-crl --load-ca-privkey ca-key.pem \ --load-ca-certificate ca-cert.pem --load-certificate revoked.pem \ --template crl.tmpl --outfile crl.pem
生成空吊销列表文件
$ certtool --generate-crl --load-ca-privkey ca-key.pem \ --load-ca-certificate ca-cert.pem \ --template crl.tmpl --outfile crl.pem
1 月 012020
使用命令行手动申请通配符证书,并使用DNS验证方式,手动添加TXT记录
[root@certbot ~]# certbot certonly -d *.bcoc.site --manual --preferred-challenges dns Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: dns-01 challenge for bcoc.site - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.bcoc.site with the following value: hQolCyWZvWXBRcO3X8ZlNys4_dHJuGBx_bly9WGguvk Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Resetting dropped connection: acme-v02.api.letsencrypt.org Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/bcoc.site/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/bcoc.site/privkey.pem Your cert will expire on 2020-03-31. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [root@certbot ~]#
在Windows中查看证书信息
12 月 272019
修改初始密码
[root@localhost ~]# passwd Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@localhost ~]#
修改时区
[root@localhost ~]# cp /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime cp: overwrite ‘/etc/localtime’? y [root@localhost ~]# date Wed Dec 18 08:10:18 HKT 2019 [root@localhost ~]#
禁用防火墙
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@localhost ~]#
更新YUM缓存
[root@localhost ~]# yum makecache [root@localhost ~]#
安装EPEL源
[root@localhost ~]# yum -y install epel-release.noarch
检查依赖并安装工具包
[root@localhost ~]# yum install gcc net-tools
解压并执行编译安装
[root@localhost ~]# tar xzf softether-vpnserver-v4.31-9727-beta-2019.11.18-linux-x64-64bit.tar.gz [root@localhost ~]# cd vpnserver/ [root@localhost vpnserver]# make -------------------------------------------------------------------- SoftEther VPN Server (Ver 4.31, Build 9727, Intel x64 / AMD64) for Linux Install Utility Copyright (c) SoftEther Project at University of Tsukuba, Japan. All Rights Reserved. -------------------------------------------------------------------- Do you want to read the License Agreement for this software ? 1. Yes 2. No Please choose one of above number: 1 Did you read and understand the License Agreement ? (If you couldn't read above text, Please read 'ReadMeFirst_License.txt' file with any text editor.) 1. Yes 2. No Please choose one of above number: 1 Did you agree the License Agreement ? 1. Agree 2. Do Not Agree Please choose one of above number: 1 make[1]: Entering directory `/root/vpnserver' Preparing SoftEther VPN Server... ranlib lib/libcharset.a ranlib lib/libcrypto.a ranlib lib/libedit.a ranlib lib/libiconv.a ranlib lib/libintelaes.a ranlib lib/libncurses.a ranlib lib/libssl.a ranlib lib/libz.a ranlib code/vpnserver.a gcc code/vpnserver.a -fPIE -O2 -fsigned-char -pthread -m64 -lm -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -ldl -o vpnserver ranlib code/vpncmd.a gcc code/vpncmd.a -fPIE -O2 -fsigned-char -pthread -m64 -lm -lrt -lpthread -L./ lib/libssl.a lib/libcrypto.a lib/libiconv.a lib/libcharset.a lib/libedit.a lib/libncurses.a lib/libz.a lib/libintelaes.a -ldl -o vpncmd ./vpncmd /tool /cmd:Check vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.31 Build 9727 (English) Compiled 2019/11/18 11:14:51 by buildsan at crosswin Copyright (c) SoftEther VPN Project. All Rights Reserved. VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used. VPN Tools>Check Check command - Check whether SoftEther VPN Operation is Possible --------------------------------------------------- SoftEther VPN Operation Environment Check Tool Copyright (c) SoftEther VPN Project. All Rights Reserved. If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... Checking 'Kernel System'... Pass Checking 'Memory Operation System'... Pass Checking 'ANSI / Unicode string processing system'... Pass Checking 'File system'... Pass Checking 'Thread processing system'... Pass Checking 'Network system'... Pass All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully. -------------------------------------------------------------------- The preparation of SoftEther VPN Server is completed ! *** How to switch the display language of the SoftEther VPN Server Service *** SoftEther VPN Server supports the following languages: - Japanese - English - Simplified Chinese You can choose your prefered language of SoftEther VPN Server at any time. To switch the current language, open and edit the 'lang.config' file. Note: the administrative password is not set on the VPN Server. Please set your own administrative password as soon as possible by vpncmd or the GUI manager. *** How to start the SoftEther VPN Server Service *** Please execute './vpnserver start' to run the SoftEther VPN Server Background Service. And please execute './vpncmd' to run the SoftEther VPN Command-Line Utility to configure SoftEther VPN Server. Of course, you can use the VPN Server Manager GUI Application for Windows / Mac OS X on the other Windows / Mac OS X computers in order to configure the SoftEther VPN Server remotely. *** For Windows users *** You can download the SoftEther VPN Server Manager for Windows from the http://www.softether-download.com/ web site. This manager application helps you to completely and easily manage the VPN server services running in remote hosts. *** For Mac OS X users *** In April 2016 we released the SoftEther VPN Server Manager for Mac OS X. You can download it from the http://www.softether-download.com/ web site. VPN Server Manager for Mac OS X works perfectly as same as the traditional Windows versions. It helps you to completely and easily manage the VPN server services running in remote hosts. *** PacketiX VPN Server HTML5 Web Administration Console (NEW) *** This VPN Server / Bridge has the built-in HTML5 Web Administration Console. After you start the server daemon, you can open the HTML5 Web Administration Console is available at https://127.0.0.1:5555/ or https://ip_address_of_the_vpn_server:5555/ This HTML5 page is obviously under construction, and your HTML5 development contribution is very appreciated. -------------------------------------------------------------------- make[1]: Leaving directory `/root/vpnserver' [root@localhost vpnserver]#
设置程序目录及权限
[root@localhost vpnserver]# cd [root@localhost ~]# mv vpnserver/ /usr/local/ [root@localhost ~]# cd /usr/local/vpnserver/ [root@localhost vpnserver]# chmod 600 * [root@localhost vpnserver]# chmod 700 vpncmd [root@localhost vpnserver]# chmod 700 vpnserver [root@localhost vpnserver]#
设置环境变量
[root@localhost ~]# vi /etc/profile ulimit -SHn 65535 export PATH=/usr/local/vpnserver:$PATH [root@localhost ~]# source /etc/profile [root@localhost ~]# ulimit unlimited [root@localhost ~]# ulimit -n 65535 [root@localhost ~]#
使用命令行接口检测
[root@localhost vpnserver]# ./vpncmd vpncmd command - SoftEther VPN Command Line Management Utility SoftEther VPN Command Line Management Utility (vpncmd command) Version 4.31 Build 9727 (English) Compiled 2019/11/18 11:14:51 by buildsan at crosswin Copyright (c) SoftEther VPN Project. All Rights Reserved. By using vpncmd program, the following can be achieved. 1. Management of VPN Server or VPN Bridge 2. Management of VPN Client 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) Select 1, 2 or 3: 3 VPN Tools has been launched. By inputting HELP, you can view a list of the commands that can be used. VPN Tools>check Check command - Check whether SoftEther VPN Operation is Possible --------------------------------------------------- SoftEther VPN Operation Environment Check Tool Copyright (c) SoftEther VPN Project. All Rights Reserved. If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait... Checking 'Kernel System'... Pass Checking 'Memory Operation System'... Pass Checking 'ANSI / Unicode string processing system'... Pass Checking 'File system'... Pass Checking 'Thread processing system'... Pass Checking 'Network system'... Pass All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system. The command completed successfully. VPN Tools>exit [root@localhost vpnserver]#
添加服务脚本
[root@localhost ~]# vi /etc/init.d/vpnserver #!/bin/sh # chkconfig: 2345 99 01 # description: SoftEther VPN Server DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/subsys/vpnserver test -x $DAEMON || exit 0 case "$1" in start) $DAEMON start touch $LOCK ;; stop) $DAEMON stop rm $LOCK ;; restart) $DAEMON stop sleep 3 $DAEMON start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0
注册服务并确认运行级别
[root@localhost ~]# vi /etc/init.d/vpnserver [root@localhost ~]# chmod 755 /etc/init.d/vpnserver [root@localhost ~]# chkconfig --add vpnserver [root@localhost ~]# chkconfig --list vpnserver Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files'. To see services enabled on particular target use 'systemctl list-dependencies [target]'. vpnserver 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@localhost ~]#
启动服务
[root@localhost ~]# service vpnserver start The SoftEther VPN Server service has been started. Let's get started by accessing to the following URL from your PC: https://14.17.100.1:5555/ or https://14.17.100.1/ Note: IP address may vary. Specify your server's IP address. A TLS certificate warning will appear because the server uses self signed certificate by default. That is natural. Continue with ignoring the TLS warning. [root@localhost ~]#