91av网站入口,不卡av在线观看,99欧美草久视频

1.腳本內(nèi)容

#!/bin/bash
# @author zxk175

#============================================#
#    下面為證書密鑰及相關(guān)信息配置,注意修改         #
#============================================#
IP="服務(wù)器外網(wǎng)IP"
IN_IP="127.0.0.1"
ZERO_IP="0.0.0.0"
PORT="2376"
CODE="證書后綴"
PASSWORD="證書密碼"
COUNTRY="CN"
STATE="GD"
CITY="SZ"
ORGANIZATION="組織名稱"
ORGANIZATIONAL_UNIT="Dev"
COMMON_NAME="$IP"
EMAIL="郵箱"
SUBJ="/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL"

# 創(chuàng)建目錄
if [ ! -d "/etc/docker/certs.d/" ];then
    mkdir /etc/docker/certs.d
else
    echo "/etc/docker/certs.d/ 文件夾已經(jīng)存在"
fi

HD=~/.docker/
if [ ! -d "$HD" ];then
    mkdir ~/.docker
else
    echo "$HD 文件夾已經(jīng)存在"
fi

CE=~/certs
if [ ! -d "$CE" ];then
    mkdir ~/certs
else
    echo "$CE 文件夾已經(jīng)存在"
fi

echo -e "\n"

# 如果目錄已經(jīng)存在則清空目錄中已存在的信息
rm -rf /etc/docker/certs.d/*
rm -rf ~/.docker/*
rm -rf ~/certs/*

cd ~/certs

# 1.生成根證書RSA私鑰，PASSWORD作為私鑰文件的密碼
openssl genrsa -aes256 -passout "pass:$PASSWORD" -out "ca-key-$CODE.pem" 4096

# 2.用根證書RSA私鑰生成自簽名的根證書
openssl req -new -x509 -days 365 -key "ca-key-$CODE.pem" -sha256 -out "ca.pem" -passin "pass:$PASSWORD" -subj "$SUBJ"

echo -e "\n\e[1;31m============================================\e[0m"
echo -e "\e[1;31m    用根證書簽發(fā)server端證書                   \e[0m"
echo -e "\e[1;31m============================================\e[0m"

# 3.生成服務(wù)端私鑰"
openssl genrsa -out "server-key-$CODE.pem" 4096

# 4.生成服務(wù)端證書請(qǐng)求文件"
openssl req -subj "/CN=$COMMON_NAME" -sha256 -new -key "server-key-$CODE.pem" -out server.csr

# 5.使tls連接能通過ip地址方式，綁定IP"
echo subjectAltName = IP:127.0.0.1,IP:$IP > extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
echo -e "\n\e[1;32mserver extfile.cnf內(nèi)容\e[0m"
cat extfile.cnf
echo -e "\n"

# 6.使用根證書簽發(fā)服務(wù)端證書
openssl x509 -req -days 365 -sha256 -in server.csr -passin "pass:$PASSWORD" -CA "ca.pem" -CAkey "ca-key-$CODE.pem" -CAcreateserial -out "server-cert-$CODE.pem" -extfile extfile.cnf

echo -e "\n\e[1;31m============================================\e[0m"
echo -e "\e[1;31m    用根證書簽發(fā)client端證書                   \e[0m"
echo -e "\e[1;31m============================================\e[0m"

# 7.生成客戶端私鑰
openssl genrsa -out "client-key-$CODE.pem" 4096

# 8.生成客戶端證書請(qǐng)求文件
openssl req -subj '/CN=client' -new -key "client-key-$CODE.pem" -out client.csr

# 9.客戶端證書配置文件
echo extendedKeyUsage = clientAuth > extfile.cnf
echo -e "\n\e[1;32mclient extfile.cnf內(nèi)容\e[0m"
cat extfile.cnf
echo -e "\n"

# 10.使用根證書簽發(fā)客戶端證書
openssl x509 -req -days 365 -sha256 -in client.csr -passin "pass:$PASSWORD" -CA "ca.pem" -CAkey "ca-key-$CODE.pem" -CAcreateserial -out "client-cert-$CODE.pem" -extfile extfile.cnf

# 11.設(shè)置私鑰權(quán)限為只讀
chmod -v 0400 "ca-key-$CODE.pem" "client-key-$CODE.pem" "server-key-$CODE.pem"
chmod -v 0444 "ca.pem" "server-cert-$CODE.pem" "client-cert-$CODE.pem"

#============================================#
#                     清理                   #
#============================================#

# 刪除臨時(shí)文件
rm -f ca.srl client.csr server.csr extfile.cnf

# 打包客戶端證書
mkdir -p "tls-client-certs-$CODE"
cp -f "ca.pem" "client-cert-$CODE.pem" "client-key-$CODE.pem" "tls-client-certs-$CODE/"
cd "tls-client-certs-$CODE"
# 修改pem名字 否則Idea無法識(shí)別pem
mv "client-key-$CODE.pem" key.pem && mv "client-cert-$CODE.pem" cert.pem
tar zcf "tls-client-certs-$CODE.tar.gz" *
mv "tls-client-certs-$CODE.tar.gz" ../
cd ..
rm -rf "tls-client-certs-$CODE"

# 拷貝服務(wù)端證書
cp "ca.pem" "server-cert-$CODE.pem" "server-key-$CODE.pem" /etc/docker/certs.d/

echo -e "\n\e[1;32m修改 /usr/lib/systemd/system/docker.service 文件\e[0m"
cat >/usr/lib/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
#ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://$ZERO_IP:$PORT
ExecStart=/usr/bin/dockerd --tlsverify \
--tlscacert=/etc/docker/certs.d/ca.pem \
--tlscert=/etc/docker/certs.d/server-cert-$CODE.pem \
--tlskey=/etc/docker/certs.d/server-key-$CODE.pem \
-H unix:///var/run/docker.sock -H tcp://$ZERO_IP:$PORT
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

StartLimitBurst=3

StartLimitInterval=60s

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity

Delegate=yes

KillMode=process

[Install]
WantedBy=multi-user.target
EOF

# 拷貝客戶端證書文件"
cp "ca.pem" "server-cert-$CODE.pem" "server-key-$CODE.pem" "client-cert-$CODE.pem" "client-key-$CODE.pem" ~/.docker

echo -e "\n\e[1;32m重啟Docker\e[0m"
systemctl daemon-reload && service docker restart

echo -e "\n\e[1;31m客戶端遠(yuǎn)程連接\e[0m"
echo -e "\ndocker -H $IP:$PORT --tlsverify --tlscacert ~/.docker/ca.pem --tlscert ~/.docker/client-cert-$CODE.pem --tlskey ~/.docker/client-key-$CODE.pem ps -a"
docker -H $IP:$PORT --tlsverify --tlscacert ~/.docker/ca.pem --tlscert ~/.docker/client-cert-$CODE.pem --tlskey ~/.docker/client-key-$CODE.pem ps -a
echo -e "\ndocker -H $IN_IP:$PORT --tlsverify --tlscacert ~/.docker/ca.pem --tlscert ~/.docker/client-cert-$CODE.pem --tlskey ~/.docker/client-key-$CODE.pem ps -a"
docker -H $IN_IP:$PORT --tlsverify --tlscacert ~/.docker/ca.pem --tlscert ~/.docker/client-cert-$CODE.pem --tlskey ~/.docker/client-key-$CODE.pem ps -a

echo -e "\n\e[1;31m客戶端使用 cURL 連接\e[0m"
echo -e "\ncurl --cacert ~/.docker/ca.pem --cert ~/.docker/client-cert-$CODE.pem --key ~/.docker/client-key-$CODE.pem https://$IP:$PORT/containers/json"
curl --cacert ~/.docker/ca.pem --cert ~/.docker/client-cert-$CODE.pem --key ~/.docker/client-key-$CODE.pem https://$IP:$PORT/containers/json
echo -e "\ncurl --cacert ~/.docker/ca.pem --cert ~/.docker/client-cert-$CODE.pem --key ~/.docker/client-key-$CODE.pem https://$IN_IP:$PORT/containers/json"
curl --cacert ~/.docker/ca.pem --cert ~/.docker/client-cert-$CODE.pem --key ~/.docker/client-key-$CODE.pem https://$IN_IP:$PORT/containers/json

echo -e "\n\e[1;32mAll be done.\e[0m"

2.在服務(wù)器根目錄執(zhí)行腳本內(nèi)容

3.復(fù)制根目錄下certs中的 tls-client-certs-xxxx.tar.gz 文件到客戶端中備用

image.png

色偷偷精品伊人,欧洲久久精品,欧美综合婷婷骚逼,国产AV主播,国产最新探花在线,九色在线视频一区,伊人大交九欧美,1769亚洲,黄色成人av

Docker遠(yuǎn)程TLS遠(yuǎn)程連接

Docker遠(yuǎn)程TLS遠(yuǎn)程連接

1.腳本內(nèi)容

2.在服務(wù)器根目錄執(zhí)行腳本內(nèi)容

3.復(fù)制根目錄下certs中的 tls-client-certs-xxxx.tar.gz 文件到客戶端中備用

友情鏈接更多精彩內(nèi)容

色偷偷精品伊人,欧洲久久精品,欧美综合婷婷骚逼,国产AV主播,国产最新探花在线,九色在线视频一区,伊人大交九 欧美,1769亚洲,黄色成人av

Docker遠(yuǎn)程TLS遠(yuǎn)程連接

1.腳本內(nèi)容

2.在服務(wù)器根目錄執(zhí)行腳本內(nèi)容

3.復(fù)制根目錄下certs中的 tls-client-certs-xxxx.tar.gz 文件到客戶端中備用

友情鏈接更多精彩內(nèi)容

色偷偷精品伊人,欧洲久久精品,欧美综合婷婷骚逼,国产AV主播,国产最新探花在线,九色在线视频一区,伊人大交九欧美,1769亚洲,黄色成人av