#### Tạo key cho MongoDB
mkdir /opt/ssl/
cd /op/ssl
openssl req -nodes
-newkey rsa:2048 -keyout mongo.key -out mongo.crt -x509 -days 1000 -subj
"/C=VN/ST=HCM/L=HCM/O=IT/OU=IT/CN=trueid05-worker03"
cat mongo.crt
mongo.key > mongo.pem
########## Cấu hình SSL MongoDB
vi /etc/mongod.conf
systemLog:
destination: file
path: '/data/mongod.log'
logAppend: true
processManagement:
fork: true
pidFilePath: '/data/mongod.pid'
net:
bindIp: localhost
port: 27017
ssl:
mode: requireSSL
PEMKeyFile: '/opt/ssl/mongo.pem'
storage:
dbPath: '/data
######## Tạo User cho BI connect vào MonggoDB
mongo
use admin
db.createUser({
user:
"hoanc",
pwd:
"password",
roles:[{role:
"userAdminAnyDatabase" , db:"admin"}]})
###### Start dịch vụ MongoDB
mongod -f
/etc/mongod.conf --fork
############ Tạo Key cho BI
cd /op/ssl
openssl req -nodes
-newkey rsa:2048 -keyout bi.key -out bi.crt -x509 -days 1000 -subj
"/C=VN/ST=HCM/L=HCM/O=IT/OU=IT/CN=172.27.5.13"
cat bi.crt bi.key
> bi.pem
/######## Cấu hình SSL cho BI
vi
/etc/mongosqld.conf
systemLog:
logAppend: false
path: '/data/mongosqld.log'
verbosity: 2
security:
enabled: true
mongodb:
net:
uri: trueid05-worker03
auth:
username: "hoanc"
password: "password"
ssl:
enabled: true
PEMKeyFile:
"/opt/ssl/mongo.pem"
CAFile: "/opt/ssl/mongo.crt"
net:
bindIp: 172.27.5.13
port: 3307
ssl:
mode: "allowSSL"
PEMKeyFile: "/opt/ssl/bi.pem"
############### Start dịch vụ BI
mongosqld --config
/etc/mongosqld.conf --sslAllowInvalidCertificates &
######## kiểm tra kết nối SLL
mysql --ssl-mode
REQUIRED --ssl-ca=/opt/ssl/bi.crt --enable-cleartext-plugin --port 3307 -u
hoanc -p -h 172.27.5.13
No comments:
Post a Comment