跳到主要内容

· 阅读需 3 分钟
Duke Lu

下载 MySQL 压缩包并上传服务器

下载地址:MySQL :: Download MySQL Community Server

安装 MySQL

  1. 为系统创建 MySQL 用户组
groupadd mysql
useradd -r -g mysql -s /bin/false mysql
  1. 创建 MySQL 安装目录、数据目录
mkdir -p /usr/local/mysql
mkdir -p /usr/local/mysql/data
  1. 解压 MySQL 压缩包至安装目录
tar -xvf mysql-8.0.15-linux-glibc2.12-x86_64.tar.xz -C /usr/local/mysql --strip-components 1
  1. 进入 MySQL 安装目录,初始化 MySQL (设置 user、basedir、datadir)
cd /usr/local/mysql 
./bin/mysqld --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --initialize

注意:初始化后,记得记录 MySQL 的初始密码

  1. 创建 MySQL 命令软链接
ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql
  1. 修改相关配置文件
  • 修改 /etc/my.conf 配置文件,内容如下:
[mysqld]
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd


[mysqld_safe]
log-error=/var/log/mysql/mysql.log
pid-file=/var/run/mysql/mysql.pid


#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
  • 拷贝并修改 /etc/init.d/mysqld 文件
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld

修改以下内容:

basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
  1. 创建 MySQL 日志文件、进程文件,并进行相关赋权 创建 /var/log/mysql/mysql.log 、 /var/run/mysql/mysql.pid
mkdir -p /var/log/mysql
mkdir -p /var/run/mysql
touch /var/log/mysql/mysql.log
touch /var/run/mysql/mysql.pid

chown -R mysql:mysql /var/log/mysql
chown -R mysql:mysql /var/run/mysql
chmod 750 /var/log/mysql/mysql.log
chmod 750 /var/run/mysql/mysql.pid
  1. 为 mysql.sock 文件创建软链接,并为相应文件夹赋权
chown -R mysql:mysql /var/lib/mysql
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock

到这里,MySQL 的安装就完成了,可以启动 MySQL 了,相关命令如下:

service mysqld start --启动mysql
service mysqld stop --关闭mysql
service mysqld restart --重启mysql

对 MySQL 进行初始配置

  1. 登陆 mysql,用到初始化时记录的密码
mysql -uroot -p
  1. 修改 root 用户密码为: root
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root';
  1. 开启远程访问
GRANT ALL ON *.* TO 'root'@'%';

报错:创建一个 root 用户,并开启远程访问

CREATE USER 'root'@'%' IDENTIFIED BY 'root'; --创建root用户,host为%
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;

将刚刚创建的 root 用户,密码修改为:root

ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'root';
  1. 刷新权限
FLUSH PRIVILEGES;

防火墙设置

  • 内网环境,可以直接考虑关闭防火墙
systemctl stop firewalld.service --关闭防火墙
  • 外网环境,建议开启 3306 端口即可
firewall-cmd —zone=public —add-port=3306/tcp —permanent -—添加3306端口
firewall-cmd —reload --重启防火墙规则

参考:Centos7安装Mysql8.0.11 - baidu_27055141的博客 - CSDN博客

· 阅读需 5 分钟
Duke Lu

问题

Redis protected-mode 是3.2 之后加入的新特性,通过参考配置文件上的说明:

# When protected mode is on and if:
# 1) The server is not binding explicitly to a set of addresses using the "bind" directive.
# 2) No password is configured.

可以知道,以下两种情况会开启保护模式:

  1. 服务器没有使用“bind”指令显式绑定到一组地址
  2. 没有配置密码

从而不能进行远程连接,否则就会有以下提示:

-DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
Connection closed by foreign host.

解决

在问题描述中,已经给出了相应的解决方案

1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 
2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server.
3) If you started the server manually just for testing, restart it with the '--protected-mode no' option.
4) Setup a bind address or an authentication password.
NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside
  1. 发送命令 CONFIG SET protected-mode no ,这种设置不是永久的,但可以修改配置文件使之永久生效
  2. 修改配置文件 /etc/redis.conf ,将 protected-mode yes 设置为 no
  3. 启动时添加选项 --protected-mode no
  4. 绑定地址或者设置认证密码 注意:您只需要执行上述操作之一,服务器就可以开始接受来自外部的连接

其实有用的就 2 和 4 两种方式:

  1. 修改配置文件 /etc/redis.conf ,将 protected-mode yes 设置为 no

    protected-mode no

    注意:关闭保护模式后,同时又设置了绑定地址或者认证密码,仍需满足绑定地址和认证密码的条件,才能访问 redis 服务

  2. 绑定地址或者设置认证密码

  • 绑定地址:不设置,默认均可访问

    # bind 可绑定多个主机地址,类似过滤器的作用
    # 当配置为 0.0.0.0 时,允许任何主机访问
    bind 127.0.0.1 # 允许本机访问
    bind 45.123.77.99 # 允许 45.123.77.99 的主机访问
  • 设置认证密码

    # 官方提示:密码应该足够强壮,不然很容易被破解
    # 原因是:since Redis is pretty fast -- Redis 非常快,可以以 150k次/s 的速度进行破解
    requirepass idukelu

注意:即绑定了地址,又设置了认证密码,需要满足两者才能访问 redis 服务

· 阅读需 3 分钟
Duke Lu

问题

运行命令时,oh-my-zsh 冒出下面一大堆提示:

[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x 16 duke staff 512 Jul 14 10:14 /Users/duke/.oh-my-zsh
drwxr-xr-x 250 duke staff 8000 Jul 14 10:14 /Users/duke/.oh-my-zsh/plugins
drwxr-xr-x 4 duke staff 128 Jul 14 10:14 /Users/duke/.oh-my-zsh/plugins/git
drwxr-xr-x 3 duke staff 96 Jun 17 11:33 /usr/local/share/zsh
drwxr-xr-x 6 duke staff 192 Oct 3 10:04 /usr/local/share/zsh/site-functions
lrwxr-xr-x 1 duke staff 39 Jun 17 11:37 /usr/local/share/zsh/site-functions/_brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x 1 duke staff 44 Jun 17 11:37 /usr/local/share/zsh/site-functions/_brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
lrwxr-xr-x 1 duke staff 58 Oct 3 10:04 /usr/local/share/zsh/site-functions/_git -> ../../../Cellar/git/2.19.0_2/share/zsh/site-functions/_git

[oh-my-zsh] For safety, we will not load completions from these directories until
[oh-my-zsh] you fix their permissions and ownership and restart zsh.
[oh-my-zsh] See the above list for directories with group or other writability.

[oh-my-zsh] To fix your permissions you can do so by disabling
[oh-my-zsh] the write permission of "group" and "others" and making sure that the
[oh-my-zsh] owner of these directories is either root or your current user.
[oh-my-zsh] The following command may help:
[oh-my-zsh] compaudit | xargs chmod g-w,o-w

[oh-my-zsh] If the above didn't help or you want to skip the verification of
[oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
[oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.