安装elasticsearch

elasticsearch 目录结构

type description location
home Home of elasticsearch installation /usr/share/elasticsearch
bin Binary scripts including elasticsearch to start a node /usr/share/elasticsearch/bin
conf Configuration files elasticsearch.yml and logging.yml /etc/elasticsearch
conf Environment variables including heap size,file descriptors /etc/default/elasticsearch
data The location of the data files /var/lib/elasticsearch/
logs Log files location /var/log/elasticsearch
plugins Plugin files location /usr/share/elasticsearch/plugins

下载地址

2.4.1

window7

bin目录执行安装

1
2
3
4
F:\ELK\elasticsearch-2.4.1\bin>service install
Installing service      :  "elasticsearch-service-x64"
Using JAVA_HOME (64-bit):  "F:\java\jdk8"
The service 'elasticsearch-service-x64' has been installed.

安装成功,如果启动失败(进logs目录,查看错误信息)

ELKelasticsearch

进入详情 >>

搭建hexo

准备工具

node https://nodejs.org/zh-cn/download/
git
hexo

node 安装

linux

1
2
3
4
5
$tar  -zxvf  node.tar.gz
$cd node
$./config  --prefix=/opt/node
$sudo make
$sudo make install

添加环境变量

1
2
3
4
5
6
7
#set nodejs
export NODE_HOME=/opt/node
export PATH=$NODE_HOME/bin:$PATH
$node -v #显示版本号
$sudo node -v #当用root执行,commond not found
#mousepad  ~/.bashrc
alias sudo='sudo env PATH=$PATH'
npmhexo

进入详情 >>

https签名

制作流程

为服务器端和客户端准备公钥、私钥

1
2
#私钥
>openssl genrsa -out server.key 1024 -config E:\Git\mingw64\ssl\openssl.cnf
1
2
#公钥
>openssl rsa -in server.key -pubout -out server.pem

生成 CA 证书

1
2
3
 <!--more--> 
#ca私钥
>openssl genrsa -out ca.key 1024 -config E:\Git\mingw64\ssl\openssl.cnf

第一次填写信息

1
>openssl req -new -key ca.key -out ca.csr -config E:\Git\mingw64\ssl\openssl.cnf

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:localhost
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:12345678
An optional company name []:cs

1
>openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt -days 365

生成服务器端证书

服务器端需要向 CA 机构申请签名证书,在申请签名证书之前依然是创建自己的 CSR 文件 与第一次信息填写一样

1
>openssl req -new -key server.key -out server.csr -config E:\Git\mingw64\ssl\openssl.cnf

向自己的 CA 机构申请证书,签名过程需要 CA 的证书和私钥参与,最终颁发一个带有 CA 签名的证书

1
>openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt

Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
Getting CA Private Key

生成cer文件

使用openssl 进行转换

1
>openssl x509 -in server.crt -out server.cer -outform der

生成p12

1
2
3
4
5
F:\logs\http>openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out client.p12
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
Enter Export Password:12345678
Verifying - Enter Export Password:12345678

浏览器信任

运行脚本 浏览器导入自制pem

ssl.sh 
bash  ./ssl.sh
#!/bin/bash


# 定义变量
name=${1:-'local.org'}
KEY_FILE="${name}.key"
CSR_FILE="${name}.csr"
CRT_FILE="${name}.crt"
PEM_FILE="${name}.pem"
CONFIG_FILE="openssl.cnf"


# 直接在脚本中定义配置内容并赋值给变量  
#如果使用引号可以防止被解析cat <<"EOF"
CONFIG_CONTENT=$(cat << EOF
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
copy_extensions = copy
req_extensions = req_ext
x509_extensions = v3_req
prompt = no


[req_distinguished_name]
countryName = CN
stateOrProvinceName = GuangDong
localityName = ShenZhen
organizationName = SRE
commonName = $name


[req_ext]
basicConstraints = CA:FALSE
subjectAltName = @alt_names


[v3_req]
basicConstraints = CA:FALSE
subjectAltName = @alt_names


[alt_names]
IP.1 = 192.168.122.1
IP.2 = 192.168.1.100
IP.3 = 127.0.0.1
DNS.1 = $name
DNS.2 = *.$name
EOF
)


# 将配置内容写入文件
[ -d "$name" ] || mkdir -p $name
echo "$CONFIG_CONTENT" > "$name/$CONFIG_FILE"
if [ ! -f "$name/$CONFIG_FILE" ]; then
    echo "配置文件创建失败,退出脚本。"
    exit 1
fi






# 生成私钥
openssl genrsa -out "$name/$KEY_FILE" 2048
if [ ! -f "$name/$KEY_FILE" ]; then
    echo "私钥生成失败,退出脚本。"
    exit 1
fi


# 创建自签名证书
openssl req -x509 -new -nodes -key "$name/$KEY_FILE" -sha256 -days 3650 -out "$name/$PEM_FILE" -subj "/C=CN/ST=GuangDong/O=SRE/CN=local.org"
if [ ! -f "$name/$PEM_FILE" ]; then
    echo "证书生成失败,退出脚本。"
    exit 1
fi


# 生成CSR
openssl req -new -key "$name/$KEY_FILE" -config "$name/$CONFIG_FILE" -out "$name/$CSR_FILE"
if [ ! -f "$name/$CSR_FILE" ]; then
    echo "CSR生成失败,退出脚本。"
    exit 1
fi


# 使用CA证书和私钥签署CSR
openssl x509 -req -in "$name/$CSR_FILE" -CA "$name/$PEM_FILE" -CAkey "$name/$KEY_FILE"  \
   -CAcreateserial -out "$name/$CRT_FILE" -days 3650 -sha256 -extensions v3_req -extfile "$name/$CONFIG_FILE"
if [ ! -f "$name/$CRT_FILE" ]; then
    echo "证书签署失败,退出脚本。"
    exit 1
fi


# 验证证书
openssl verify -CAfile "$name/$PEM_FILE" "$name/$CRT_FILE"
if [ $? -ne 0 ]; then
    echo "证书验证失败。"
    exit 1
else
    echo "证书验证成功。"
fi


echo "所有步骤执行完毕。"




<
#默认local.org
bash  ./ssl.sh  k8s.org


EOF
http协议https
载入天数...载入时分秒... ,