91 lines
2.8 KiB
Markdown
91 lines
2.8 KiB
Markdown
|
## 环境信息-移动云
|
|||
|
|
移动云:
|
|||
|
|
https://ecloud.10086.cn/portal
|
|||
|
|
用户名:1600004401jyrmzf
|
|||
|
|
初始密码:nelvNO77
|
|||
|
|
|
|||
|
|
网络策略是 安全组+云下一代防火墙控制的
|
|||
|
|
[云下一代防火墙官方文档](https://ecloud.10086.cn/op-help-center/doc/article/48845)
|
|||
|
|
https://36.137.98.216:11443/
|
|||
|
|
|
|||
|
|
## 服务器信息
|
|||
|
|
```bash
|
|||
|
|
lunix:CentOS Linux release 7.6.1810 (Core)
|
|||
|
|
192.168.0.7 绑定公网ip:36.137.98.216,移动部署的云下一代防火墙,我方没用户密码
|
|||
|
|
192.168.0.8 前后端、中间件服务器,36.137.98.216:10022 ssh登录上来是这台机器
|
|||
|
|
192.168.0.22 空服务器
|
|||
|
|
|
|||
|
|
windows:
|
|||
|
|
192.168.0.11
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
一.服务器相关账号密码
|
|||
|
|
服务器ip、账号/密码、端口
|
|||
|
|
36.137.98.216:10022
|
|||
|
|
|
|||
|
|
root/=nelvNO@77*
|
|||
|
|
userapp/Jy@216_web
|
|||
|
|
mysql/SxJy@123456!
|
|||
|
|
|
|||
|
|
二.中间件
|
|||
|
|
内网
|
|||
|
|
1.1nacos访问地址 http://192.168.0.8:8848/nacos/index.html
|
|||
|
|
默认账号密码:nacos/nacos
|
|||
|
|
1.2minio访问地址 http://192.168.0.8:62216
|
|||
|
|
账号密码:fileadmin/fileadmin
|
|||
|
|
1.3mysql数据库
|
|||
|
|
IP地址:192.168.0.8端口:3306
|
|||
|
|
用户名密码:root/Jy&mysql@216!
|
|||
|
|
1.4redis的连接信息
|
|||
|
|
ip地址:192.168.0.8端口:6379 密码:Jy&rds@216!
|
|||
|
|
2.外网访问(外网访问nacos、minio、msqyl、redis需要申请开通白名单,谁部署谁申请)
|
|||
|
|
申请方法:在百度输入框输入“IP”,回车会显示出口地址,将该ip发给添加负责人即可。
|
|||
|
|
外网
|
|||
|
|
2.1nacos的访问:http://36.137.98.216:8848/nacos/index.html
|
|||
|
|
2.2minio的访问 http://36.137.98.216:62216
|
|||
|
|
2.3mysql数据库
|
|||
|
|
IP地址:36.137.98.216端口:3306
|
|||
|
|
用户名密码:root/Jy&mysql@216!
|
|||
|
|
2.4redis的连接信息
|
|||
|
|
ip地址:36.137.98.216端口:6379 密码:Jy&rds@216!
|
|||
|
|
三. 系统外网访问地址
|
|||
|
|
http://36.137.98.216:9080
|
|||
|
|
或者
|
|||
|
|
https://zhihuijuyuan.com:9443
|
|||
|
|
|
|||
|
|
账号:admin
|
|||
|
|
密码:Asiainfo@cq.1014
|
|||
|
|
|
|||
|
|
## 2024-05-06 ssl证书更新 加密套件配置
|
|||
|
|
刘老师,去年通过线上平台有申请了一张服务器加密证书 配置在企业网站服务器中 现在后端也需要做数据更新 今年证书443端口做了证书支持协议的升级 将原用的TLS1.0 现在升级成1.2\1.3
|
|||
|
|
|
|||
|
|
登上服务器发现原来的运维是在 `letsencrypt`申请的免费证书,通过`certbot`进行自动更新
|
|||
|
|
```bash
|
|||
|
|
vim /etc/nginx/nginx.conf
|
|||
|
|
------
|
|||
|
|
server_name www.zhihuijuyuan.com;
|
|||
|
|
ssl_certificate /etc/letsencrypt/live/zhihuijuyuan.com/fullchain.pem;
|
|||
|
|
ssl_certificate_key /etc/letsencrypt/live/zhihuijuyuan.com/privkey.pem;
|
|||
|
|
------
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
加密套件配置:
|
|||
|
|
[# Nginx 服务器 SSL 证书安装部署(Linux)](https://cloud.tencent.com/document/product/400/35244)
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
192.168.0.8
|
|||
|
|
cd /etc/nginx
|
|||
|
|
mv nginx.conf nginx.conf_bak20240506
|
|||
|
|
rz上传修改后的nginx.conf
|
|||
|
|
|
|||
|
|
# 校验配置文件
|
|||
|
|
nginx -t
|
|||
|
|
|
|||
|
|
# 重新载入配置文件
|
|||
|
|
nginx -s reload
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
2024-05-07 说是得保留http,第三方对接要用
|
|||
|
|
实际就是:80-http , 443-https
|