1、在阿里云服务器搭建openv-p-n(有条件的同学再做)
1.购买两台阿里云服务器主机,分两次买,一次选择带公网ip的主机,一次买同于区域的不分配公网的主机,必须在同一区域,在同于局域网内,两台虚拟主机之间才能互通。
2.开机配置vpn服务
#1.安装vpn包openvpn和证书管理工具easy-rsa
yum -y install openvpn easy-rsa
#2.生成服务器配置文件
cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/
#3.准备证书签发相关文件和变量配置文件
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-server
cp /usr/share/doc/easy-rsa/vars.example /etc/openvpn/easy-rsa-server/3/vars
#4.修改给CA和OpenVPN服务器颁发证书的有效期
vim /etc/openvpn/easy-rsa-server/3/vars
set_var EASYRSA_CA_EXPIRE 36500
set_var EASYRSA_CERT_EXPIRE 3650
#5.初始化PKI生成PKI相关目录和文件
cd /etc/openvpn/easy-rsa-server/3
./easyrsa init-pki
#6.创建CA机构
./easyrsa build-ca nopass
#7.创建服务端证书申请
./easyrsa gen-req server nopass
#8.颁发服务端证书
./easyrsa sign server server
#9.创建Diffie-Hellman密钥
./easyrsa gen-dh
#10.准备客户端证书环境
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-client
cp /usr/share/doc/easy-rsa/vars.example /etc/openvpn/easy-rsa-client/3/vars
cd /etc/openvpn/easy-rsa-client/3
#11.生成证书申请所需目录PKI和文件
./easyrsa init-pki
#12.创建客户端证书申请
./easyrsa init-pki
#13.签发客户端证书
cd /etc/openvpn/easy-rsa-server/3
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/liuxiaofu.req xxxname
#14.修改给客户端颁发的证书有效期,修改为90天
cd /etc/openvpn/easy-rsa-server/3
vim vars
set_var EASYRSA_CERT_EXPIRE 90
#15.颁发客户端证书
./easyrsa sign client xxxname
#16.将CA和服务器证书相关文件复制到服务器相应的目录
mkdir /etc/openvpn/certs
cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt /etc/openvpn/certs/
cp /etc/openvpn/easy-rsa-server/3/pki/issued/server.crt /etc/openvpn/certs/
cp /etc/openvpn/easy-rsa-server/3/pki/private/server.key /etc/openvpn/certs/
cp /etc/openvpn/easy-rsa-server/3/pki/dh.pem /etc/openvpn/certs/
#17.将客户端私钥与证书相关文件复制到服务器相关的目录
mkdir /etc/openvpn/client/xxxname
cp /etc/openvpn/easy-rsa-client/3/pki/private/xxxname.key /etc/openvpn/client/xxxname/
cp /etc/openvpn/easy-rsa-server/3/pki/issued/xxxname.crt /etc/openvpn/client/xxxname/
cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt /etc/openvpn/client/xxxname/
#18.修改服务端配置文件
vim /etc/openvpn/server.conf
port 1194
proto tcp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh.pem
server 10.8.0.0 255.255.255.0
push "route 172.30.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
max-clients 2048
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
#19.准备日志相关目录
mkdir /var/log/openvpn
chown openvpn.openvpn /var/log/openvpn
#20.修改内核参数并配置iptables
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p
echo 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE' >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
/etc/rc.d/rc.local
#21.启动 OpenVPN 服务
vim /usr/lib/systemd/system/openvpn@.service
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target
[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable --now openvpn@server
systemctl status openvpn@server.service #查看状态
#22.生成openvpn客户端配置文件
grep '^[[:alpha:]].*' /usr/share/doc/openvpn/sample/sampleconfig-files/client.conf > /etc/openvpn/client/xxxname/client.ovpn
client
dev tun
proto tcp
remote 10.0.0.8 1194 #生产中为OpenVPN公网IP
resolv-retry infinite
nobind
#persist-key
#persist-tun
ca ca.crt
cert wangxiaochun.crt
key wangxiaochun.key
remote-cert-tls server
#tls-auth ta.key 1
cipher AES-256-CBC
verb 3 #此值不能随意指定,否则无法通信
compress lz4-v2 #此项在OpenVPN2.4.X版本使用,需要和服务器端保持一致,如不
指定,默认使用comp-lz压缩
3.配置web
#1.安装httpd
yum -y install httpd
systemctl enable --now httpd
#2.设置网页访问提示语
echo hostname > /var/www/html/index.html
4.Windows 安装 OpenVPN 客户端
1.访问官网下载免费版https://openvpn.net/community-downloads/
2.安装程序并启动,
3.右击程序图标---->属性---->打开文件所在位置---->单机父目录---->找到config文件夹---->进入,放入文件配置文件(服务端配置好的客户端文件发给windows主机)。
4.关掉重启即可连接,并进行测验,win+R进入运行界面---->输入cmd----> 输入curl 172.80.0.100进行测试。
2、通过编译、二进制安装MySQL5.7
二进制安装mysql5.7
#1.安装相关包
yum -y install libaio numactl-libs
#2.创建账户和组
[root@centos7:~]#
groupadd -r -g 306 mysql;useradd -r -g 306 -u 306 -d /data/mysql mysql
[root@centos7:~]#
#3.创建相关文件夹
mkdir -p /data/mysql;chown -R mysql:mysql /data/mysql
[root@centos7:~]#
#4.准备程序相关文件
wget http://mirrors.163.com/mysql/Downloads/MySQL-5.7/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
[root@centos7:~]#
tar xf mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local
[root@centos7:~]#
cd /usr/local/
[root@centos7:/usr/local]#
ln -s mysql-5.7.35-linux-glibc2.12-x86_64/ mysql
[root@centos7:/usr/local]#
chown -R root.root /usr/local/mysql/
#5.准备环境变量
[root@centos7:/usr/local]#
echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos7:/usr/local]#
. /etc/profile.d/mysql.sh
#6.准备配置文件
[root@centos7:/usr/local]#
cp /etc/my.cnf{,.bak}
[root@centos7:/usr/local]#
vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
#7.初始化数据库文件并提取root密码
[root@centos7:/usr/local]#
mysqld --initialize-insecure --user=mysql --datadir=/data/mysql
2022-04-21 14:04:14 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-04-21 14:04:14 0 [Note] --secure-file-priv is set to NULL. Operations related to importing and exporting data are disabled
2022-04-21 14:04:14 0 [Note] mysqld (mysqld 5.6.51) starting as process 1478 ...
#8.准备服务脚本和启动
[root@centos7:/usr/local]#
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@centos7:/data/mysql]#
service mysqld start
Starting MySQL. [ OK ]
#9.登录修改口令 #登录MySQL之后
[root@centos7:/data/mysql]#
mysqladmin -uroot password 123456
Warning: Using a password on the command line interface can be insecure.
#10.测试登录
[root@centos7:/data/mysql]#
mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@centos7:/data/mysql]#
mysql -uroot -p123456
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.6.51 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
源码编译安装mysql5.6
#1.提前准备
说明:本操作过程适用于以下版本
mysql-5.6.51.tar.gz
#2.安装相关依赖包
[root@centos7:~]#
yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel perl-Data-Dumper
#3.做准备用户和数据目录(提前建好账号)
[root@centos7:~]#
useradd -r -s /sbin/nologin -d /data/mysql mysql
#4.准备数据库目录
[root@centos7:~]#
mkdir /data/mysql
[root@centos7:~]#
chown -R mysql.mysql /data/mysql
#5.下载并解压源码压缩包
[root@centos7:~]#
tar xvf mysql-5.6.51.tar.gz -C /usr/local/src
#6.源码编译安装MySQL
[root@centos7:~]#
cd /usr/local/src/mysql-5.6.51
[root@centos7:~]#
cmake . -DCMAKE_INSTALL_PREFIX=/apps/mysql -DMYSQL_DATADIR=/data/mysql/ -DSYSCONFDIR=/etc/ -DMYSQL_USER=mysql -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITHOUT_MROONGA_STORAGE_ENGINE=1 -DWITH_DEBUG=0 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DENABLED_LOCAL_INFILE=1 -DMYSQL_UNIX_ADDR=/data/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci
[root@centos7:/usr/local/src/mysql-5.6.51]#
make -j 16 && make install
#7.准备环境变量
[root@centos7:/apps/mysql]#
echo 'PATH=/apps/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos7:/apps/mysql]#
. /etc/profile.d/mysql.sh
#8.生成数据库文件
[root@centos7:/apps/mysql]#
cd /apps/mysql
[root@centos7:/apps/mysql]
scripts/mysql_install_db --datadir=/data/mysql/ --user=mysql
#9.准备配置文件
[root@centos7:/apps/mysql]
cp -b /apps/mysql/support-files/my-default.cnf /etc/my.cnf
#10.准备启动脚本,并启动服务
[root@centos7:/apps/mysql]
cp /apps/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@centos7:/apps/mysql]
chkconfig --add mysqld
[root@centos7:/apps/mysql]
service mysqld start
#11.登录使用
[root@centos7:/apps/mysql]#
mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.6.51 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
3、二进制安装mariadb10.4
#1.安装相关包
[root@centos7:~]#
yum -y install libaio numactl-libs
#2.准备账户
[root@centos7:~]#
groupadd mysql
[root@centos7:~]#
useradd -r -g mysql -s /bin/false mysql
#3.准备程序文件
准备程序文件
wget https://mirrors.aliyun.com/mariadb/mariadb-10.4.24/bintar-linux-glibc_214-x86_64/mariadb-10.4.24-linux-glibc_214-x86_64.tar.gz
[root@centos7:~]#
tar xf mariadb-10.4.24-linux-glibc_214-x86_64.tar.gz -C /usr/local
[root@centos7:~]#
cd /usr/local/
[root@centos7:/usr/local]#
ln -sv mariadb-10.4.24-linux-glibc_214-x86_64/ mysql
‘mysql’ -> ‘mariadb-10.4.24-linux-glibc_214-x86_64/’
[root@centos7:/usr/local]#
chown -R root:root /usr/local/mysql/
#4.准备配置文件
[root@centos7:/usr/local]#
vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
#5.创建数据库文件
[root@centos7:/usr/local]#
cd /usr/local/mysql
[root@centos7:/usr/local]#
./scripts/mysql_install_db --datadir=/data/mysql --user=mysql #运行脚本,生成数据库相关配置文件
#6.准备服务脚本
[root@centos7:/usr/local/mysql]#
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@centos7:/usr/local/mysql]#
chkconfig --add mysqld
[root@centos7:/usr/local/mysql]#
service mysqld start
Starting mysqld (via systemctl):
#7.PATH路径
[root@centos7:/usr/local/mysql]#
echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@centos7:/usr/local/mysql]#
. /etc/profile.d/mysql.sh
#8.登录mysql
[root@centos7:/usr/local/mysql]#
mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.4.24-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
#9.改密码
[root@centos7:/usr/local/mysql]#
mysqladmin -uroot password 123456
#10.带密码登录
[root@centos7:/usr/local/mysql]#
mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.4.24-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>