Mysql配置
查看有没有安装MySQL:
dpkg -l | grep mysql
安装MySQL:
apt install mysql-server
netstat -tap | grep mysql
从debian.cnf中找到安装时生成的用户名和密码
sudo cat /etc/mysql/debian.cnf
修改root密码
update mysql.user set authentication_string=password('123456') where user='root' and Host = 'localhost';
update mysql.user set plugin='mysql_native_password' where user='root' and Host = 'localhost';
flush privileges ;
登录mysql数据库可以通过如下命令:
mysql -u root -p
接下来,为了确保数据库的安全性和正常运转,对数据库进行初始化操作。这个初始化操作涉及下面5个步骤。
(1)安装验证密码插件。 (2)设置root管理员在数据库中的专有密码。
(3)随后删除匿名账户,并使用root管理员从远程登录数据库,以确保数据库上运行的业务的安全性。
(4)删除默认的测试数据库,取消测试数据库的一系列访问权限。
(5)刷新授权列表,让初始化的设定立即生效。
root@ubuntu-virtual-machine:~# mysql_secure_installation
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin? # 要安装验证密码插件吗?
Press y|Y for Yes, any other key for No: N # 这里我选择N
Please set the password for root here.
New password: # 输入要为root管理员设置的数据库密码
Re-enter new password: # 再次输入密码
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y # 删除匿名账户
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : N # 禁止root管理员从远程登录,这里我没有禁止
... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y # 删除test数据库并取消对它的访问权限
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y # 刷新授权表,让初始化后的设定立即生效
Success.
All done!
检查mysql服务状态:
systemctl status mysql
现在配置mysql允许远程访问
首先编辑 /etc/mysql/mysql.conf.d/mysqld.cnf 配置文件: vim /etc/mysql/mysql.conf.d/mysqld.cnf 注释掉bind-address = 127.0.0.1
保存退出,然后进入mysql数据库,执行授权命令:
mysql -u root -p
1、授权root用户可以从10.10.1.35登录MySQL数据库,如下所示:
GRANT ALL PRIVILEGES ON . TO 'root'@'10.10.1.35' IDENTIFIED BY 'youpassword' WITH GRANT OPTION;
2、授权root用户可以从任意电脑登录MySQL数据库。如下所示:
GRANT ALL PRIVILEGES ON . TO 'root'@'%' IDENTIFIED BY 'youpassword' WITH GRANT OPTION;
mysql> flush privileges; # 刷新权限
mysql> exit
然后执行exit命令退出mysql服务,再执行如下命令重启mysql:
systemctl restart mysql
Nginx配置
安装
登陆安装
sudo apt-get install nginx // 安装nginx
配置
SSL证书
nginx的安装目录为:/etc/nginx/。进入目录,增加cert/文件夹,把刚刚下载的两个文件上传到cert/文件夹中。
配置nginx
在/etc/nginx/sites-enabled/下,增加XXX.com文件。内容如下:
server {
listen 443;
server_name XXX.com; // 你的域名
ssl on;
root /var/www/XXX.com; // 前台文件存放文件夹,可改成别的
index index.html index.htm;// 上面配置的文件夹里面的index.html
ssl_certificate cert/XXX.pem;// 改成你的证书的名字
ssl_certificate_key cert/XXX.key;// 你的证书的名字
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
server {
listen 80;
server_name XXX.com;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
说明:下面的配置是对443端口和80端口进行监听,443端口要启用ssl。监听443端口的server配置可以仿照上面ca认证页面的nginx配置示例进行配置。
创建了一个建了一个XXX.com的文件夹,专门存放来自这个域名的请求以示区分。 件夹下增加一个index.html文件,里面仅仅写了一行
<h1>welcome</h1>
配置完成后,检查一下nginx配置文件是否可用,有successful表示可用.
nginx -t // 检查nginx配置文件
配置正确后,重新加载配置文件使配置生效:
nginx -s reload // 使配置生效
至此,nginx的https访问就完成了,并且通过rewrite方式把所有http请求也转成了https请求,更加安全。
如需重启nginx,用以下命令:
service nginx stop // 停止
service nginx start // 启动
service nginx restart // 重启
