Versions Compared

Old Version 18

changes.mady.by.user Nicolas Rios

Saved on

compared with

New Version 19

changes.mady.by.user Nicolas Rios

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
themeConfluence
server {
     server_name _;
     listen 80;
     location / {
            proxy_pass http://<ip-system-b>:5555;
            proxy_redirect     off;
            proxy_cache my-cache;
            proxy_cache_valid  200 302  0m;
            proxy_cache_valid  404      0m;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_max_temp_file_size 0;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      9000;
            proxy_send_timeout         9000;
            proxy_read_timeout         9000;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
      }
}
server {
     server_name _;
     listen 443;
     ssl on;
     ssl_certificate /etc/nginx/conf/<certificate_name>.crt; 
     ssl_certificate_key /etc/nginx/conf/<certificate_key>.key; 
     location / { 
            proxy_pass http://<ip-system-b>:5555; 
            proxy_redirect off; 
            proxy_cache my-cache;
            proxy_cache_valid 200 302 0m; 
            proxy_cache_valid 404 0m; 
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_max_temp_file_size 0; 
            client_max_body_size 10m; 
            client_body_buffer_size 128k;
            proxy_connect_timeout 9000; 
            proxy_send_timeout 9000; 
            proxy_read_timeout 9000;
            proxy_buffer_size 4k; 
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k; 
            proxy_temp_file_write_size 64k; 
     } 
}



TOP

14. Can I access SQL DM for MySQL pages using encrypted connection such as "https"?

A: Yes, you can access SQL DM for MySQL using "https", you may acquire a certificate from a certificate authority, such as Verisign or you may use the OpenSSL package to create your own certificate and configure your Apache webserver for "https".

Here are the steps you may follow to setup "https" in your Apache webserver.

  1. Create a directory

    Code Block
    themeConfluence
    mkdir sslcert

    Now protect the directory,

...

...

themeConfluence

chmod

...

0700

...

sslcert

...

  1. Create two subdirectories

...

themeConfluence

mkdir

...

certs

...

private

...

  1. Create a database to keep track of each certificate

...

echo

...

'100001'

...

>serial

...

touch

...

certindex.txt

...

  1. Create a custom config file for OpenSSL to use similar to openssl.cnf in your /etc/pki/tls folder.

...

themeConfluence

...

        dir = .

        [ ca ]

        default_ca = CA_default

        [ CA_default ]

        serial = $dir/serial

        database = $dir/certindex.txt

        new_certs_dir

...

=

...

$dir/certs

...

        certificate = $dir/cacert.pem

...

        private_key

...

=

...

$dir/private/cakey.pem

...

        default_days

...

=

...

365

        default_md

...

=

...

md5

        preserve = no

        email_in_dn

...

=

...

no

        nameopt = default_ca

        certopt = default_ca

        policy = policy_match

        [ policy_match ]

        countryName = match

        stateOrProvinceName = match

        organizationName = match

        organizationalUnitName = optional

        commonName = supplied

        emailAddress = optional

        [ req ]

        default_bits = 1024 # Size of keys

        default_keyfile = key.pem # name of generated keys

        default_md = md5 # message digest algorithm

        string_mask = nombstr # permitted characters

        distinguished_name = req_distinguished_name

        req_extensions = v3_req

        [ req_distinguished_name ]

        0.organizationName = Organization Name (company)

        organizationalUnitName = Organizational Unit Name (department, division)

        emailAddress = Email Address

        emailAddress_max = 40

        localityName = Locality Name (city, district)

        stateOrProvinceName = State or Province Name (full name)

        countryName = Country Name (2 letter code)

        countryName_min = 2

        countryName_max = 2

        commonName = Common Name (hostname, IP, or your name)

        commonName_max = 64

        0.organizationName_default = My Company

        localityName_default = My Town

        stateOrProvinceName_default = State or Providence

        countryName_default = US

        [ v3_ca ]

        basicConstraints = CA:TRUE

        subjectKeyIdentifier = hash

        authorityKeyIdentifier = keyid:always,issuer:always

        [ v3_req ]

        basicConstraints = CA:FALSE

        subjectKeyIdentifier = hash

...

  1. Create a root certificate All other certificates you create will be based of this. Since this is not a commercial certificate software may complain when they use your certificates. You may give people the "public" certifcate and your certifcate will work like commercial ones when they import it. To create, while in the 'sslcert' directory type:

...

openssl

...

req

...

-new

...

-x509

...

-extensions

...

v3_ca

...

-keyout

...

private/cakey.pem

...

-out

...

cacert.pem

...

-days

...

365

...

-config

...

./openssl.cnf

You will be prompted for information and a password. Do not lose this password, make sure it is a secure one and back up the two files that are created.

The two files that are created are cacert.pem, which is the one you can give to others for import in their browsers and cakey.pem, which will be in the private directory.

...

  1. Create a key and signing request

...

...

themeConfluence

openssl

...

req

...

-new

...

-nodes

...

-out

...

name-req.pem

...

-keyout

...

private/name-key.pem

...

-config

...

./openssl.cnf

You will be prompted for information. The critical part is the "Common Name". This must be the server's hostname, such as mail.your.domain or the IP address. If you want to cover all subdomains you can enter *.your.domain. Use the "Organizational Unit" to remind you what the certificate is for, such as "Web Server". This will generate two files,

  • name-req.pem - the request
  • name-key.pem - the private key in the private directory

 

...

  1. Sign the request This will generate the certificate,

openssl

...

ca

...

-out

...

name-cert.pem

...

-config

...

./openssl.cnf

...

-infiles

...

name-req.pem

You will be prompted for the password used when creating the root certificate. Two files are created,

  • name-cert.pem - which is the certificate
  • <number.pem> - a copy of it in the certs directory

 

  1. Copy to the correct location For apache 2.x on Red Hat using the default location, the directory is:
  • For the name-key.pem:
  • For the certificate:

 cp

...

name-key.pem

...

/etc/httpd/conf/ssl.

...

key/

  • For the certificate:

 cp

...

name-cert.pem

...

/etc/httpd/conf/ssl.crt/

  1. Create a Virtual Host
  2. Configure proxy in Apache described in FAQ 13 and restart Apache.

...

    <VirtualHost ip-system-A>:443>

...

DocumentRoot

...

/var/www/html

...

     ServerName myserver

     ErrorLog

...

64.       ServerName myserver

...

/etc/httpd/logs/ssl_error_log

...

     TransferLog

...

/etc/httpd/logs/ssl_access_log

...

67.       SSLEngine On

...

     SSLEngine On

     SSLCertificateFile /etc/httpd/conf/ssl.crt/name-cert.pem

...

     SSLCertificateKeyFile

...

/etc/httpd/conf/ssl.key/name-key.pem

...

...

      </VirtualHost>

  1. Configure proxy in Apache described in FAQ 13 and restart Apache.

Edit the Hosts file [/etc/hosts]

 

...

<ip-system-A>

...

myserver

 

TOP

15. What are the major differences between other major MySQL Monitoring Tool and SQL DM for MySQL?

...