环境:服务端centos7(langly) 客户端ubuntu(frohike)
一、安装openssl 制作ssl证书
可在任意电脑主机安装配置
1、yum install openssl
默认需要的东西安装在/etc/pki/**
2、openssl.conf 配置(一般不用)
一下几项比较重要
[CA_default]
dir =/etc/pki/CA
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crlunmber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
3、生成配置相关文件
cd /etc/pki/tls/misc
./CA -newca
执行是会有交互
第一个提示 回车
passphrase 自己定义密码(如:Don't worry, this is my 1st CA and it's much more secure than a password like 52334XCq24sdf122, Dude!)
Organizational Unit Name 如:证书颁发机构
Common Name 你的ip
A challenge password 不需要填写
4、生成CA签证:
以下是制作服务端(longly)的签证
# 生成自己的秘钥:
openssl genrsa -out langly_ssl.key 2048
#对秘钥进行加密:
openssl rsa -in langly_ssl.key -des3 -out langly_encrypted.key
#生成证书请求
openssl req -new -key langly_ssl.key -out langly_ssl.csr
# 生成X509自签名
openssl x509 -req -in langly_ssl.csr -signkey langly_ssl.key -out langly_ssl.crt
制作客户端(frohike)与服务端相似只需要把文件名字换成frohike_stunnel_**.pem
common name 修改为客户端的名字(frohike)
Organizational Unit Name 修改为stunnel客户端即可
二、安装配置rsync
需要服务器和客户端都安装
服务器端:
1、安装:yum install rsync
2、配置:
修改rsync配置文件文件在/etc/rsyncd.conf
syslog faciity = local5
use chroot = yes
uid = root
gid = root
max connections = 10
timeout = 600
read only = yes
[frohike]
path = /backup/frohike
comment = Frohike Backups
auth users = root #系统中已有的用户名
hosts allow = 127.0.0.1
secrets file =/etc/rsyncd.secrets
read only = no
ignore nonreadable = yes
refuse options = checksum
dont compress = *
# 终端执行
echo "root:1234" > /etc/rsyncd.secrets #用户名是系统中已有的用户名,密码可以自己设置可以不是系统中用户名的密码。
chmod 600 /etc/rsyncd.secrets
rsync --daemon
/backup/frohike 已有文档 需要同步的文件
hosts allow 为127.0.0.1只允许自己主机连接 因为本机的stunnel接收的数据传给本机的rsync
客户端安装(客户端无需配置)
1、sudo apt-get install rsync
三、stunnel安装与配置
需要客户端服务端都安装和配置
服务端:
1、安装yum install stunnel
2、配置
-
在/etc/servies下添加端口服务信息(可不做)
ssyncd 273/tcp # secure rsync over stunnel -
在/etc/hosts.allow下添加以下行(可不做)
ssyncd : xx.xx.xx.xx # xxx 为服务端ip -
配置stunnel.conf文件(/etc/stunnel/stunnel.conf)
cp langly_ssl.key /etc/stunnel/cp langly_ssl.crt /etc/stunnel/
key = /etc/stunnel/langly_ssl.key
cert = /etc/stunnel/langly_ssl.crt
client = no
pid = /var/run/stunnel.pid
#debug = 7
#foreground = yes
[ssync]
accept = 273
connect = 873
- 终端启动
stunnel # 执行后无返回为成功 - 查看服务是否开启:
netstat -pan | grep stunnel
客户端:
1、安装 sudo apt-get install stunnel
2、配置
- 在/etc/servies下添加端口服务信息(可不做)
ssync 273/tcp # rsync over stunnel - 在/etc/hosts.allow下添加一下行 使本地连接ssync端口上传递(可不做)
ssync : LOCAL - 配置stunnel.conf文件(/etc/stunnel/stunnel.conf)
key = /etc/stunnel/frohike_ssl.key
cert = /etc/stunnel/frohike_ssl.crt
client = yes
pid = /var/run/stunnel.pid
#debug = 7
#foreground = yes
[ssync]
accept = 873
connect = domain.of.langly.com:273 # domain.of.langly.com 换成服务端ip
- 终端启动
stunnel # 执行后无返回为成功 - 查看服务是否开启:
netstat -pan | grep stunnel
四、测试
客户端执行:
rsync -vv -a -R --numeric-ids /etc/stunnel/stunnel.conf localhost::frohike
#返回
opening tcp connection to localhost port 873
sending daemon args: --server -vvlogDtprRe.iLsfx --numeric-ids . frohike/ (5 args)
sending incremental file list
Setting --timeout=600 to match server
/etc/
/etc/stunnel/
/etc/stunnel/stunnel.conf
total: matches=0 hash_hits=0 false_alarms=0 data=132
sent 301 bytes received 55 bytes 237.33 bytes/sec
total size is 132 speedup is 0.37
rsync -avz root@127.0.0.1::frohike /test #同步数据在本/test文件夹下
#返回
Password:
receiving incremental file list
created directory /frohikes
./
tests
testss
sent 69 bytes received 217 bytes 63.56 bytes/sec
total size is 31 speedup is 0.11
518
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
