跳到主要內容

SmartOS安裝Self-Gen SSL憑證

下面的設定是在MiCloud SmartOS上的設定,版本為SmartOSPlus64:3.2.0
如果需要在其他版本實作,則需要考慮apache server的設定檔案位置

原則上pkgin install安裝的時候可以看到設定說明...

STEP1: 產生Self-Gen SSL金鑰

[root@SmartOS /opt/local/share]# cd /opt/local/etc/httpd/
[root@SmartOS /opt/local/etc/httpd]# openssl genrsa -des3 -out server.key 1024                                                                                                  
Generating RSA private key, 1024 bit long modulus
......++++++
......................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@SmartOS /opt/local/etc/httpd]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW     
State or Province Name (full name) [Some-State]:Taipei
Locality Name (eg, city) []:Taiwan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:********
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:********
Email Address []:***********

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:       
An optional company name []:
[root@SmartOS /opt/local/etc/httpd]# cp server.key server.key.org
[root@SmartOS /opt/local/etc/httpd]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
[root@SmartOS /opt/local/etc/httpd]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=TW/ST=Taipei/L=Taiwan/O=MiCloud/CN=MiCloud/emailAddress=service@micloud.tw
Getting Private key
[root@SmartOS /opt/local/etc/httpd]#

STEP2: 編輯Virtual Host資訊

# vi /opt/local/etc/httpd/virtualhosts/test.conf
<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile /opt/local/etc/httpd/server.crt
SSLCertificateKeyFile /opt/local/etc/httpd/server.key
ServerName your.ip.or.domaonname
DocumentRoot /opt/local/share/httpd/htdocs
</VirtualHost>

STEP3: 測試連線

瀏覽器連線:https://your.ip.or.domaonname/

這個網誌中的熱門文章

Oracle LISTAGG

同事介紹的一個Oracle的好用查詢:LISTAGG
SELECT A.GROUP_ID,A.KEY, LISTAGG(A.VALUE,'; ')WITHINGROUP(ORDERBYA.VALUE)as GG  fromSYS_PROPERTIESaGROUP byA.GROUP_ID,A.KEY
LISTAGG可以將group後的結果會總顯示於一個欄位 上述SQL原本A.VALUE會是一個row一個row的排列 使用LISTAGG之後,可以將A.VALUE顯示在同一個row中 並且可以指定間隔符號(在此設定為';') 針對某一些報表查詢非常有用唷 :D

使用GCP Cloud Builder建置CI/CD Flow

服務的建置通常是持續性的作業,而部署則一般是專案初期建置一次,未來可以沿用該部署設定... 這樣的流程走向自動化,在Container的環境又更是重要... 本篇介紹一下,在Google雲端,我們可以搭配Source Repository與Build Trigger等服務來完成服務的自動建置與部屬,讓封裝Container與部署到Container Engine的動作可以一氣呵成...
首先幾單瞭解一下一個Container Engine服務的建置與部屬過程...
使先,建立Container Engine Cluster,透過GCP Winzard可以很快速地開立您的GKE Cluster…

假設您的cluster是叫做demo-cluster,則可以透過下面的指令來跟GKE建立連線
$ gcloud container clusters get-credentials demo-cluster --zone asia-east1-a
這串指令不用記ㄛ~可以在Cluster的頁面找到他...

點選複製,即可貼到您的Terminal執行...

跟GKE建立鏈結後,接下來可以部署您的城市,這邊我們以我的一個範例程式Demoweb (https://github.com/peihsinsu/demoweb) 為例,

這個專案中,包含幾個重要結構:
app/ : 放置您的程式,在Dockerfile中會將該資料匣複製到Docker Image中 k8s/ : 放置k8s的deployment與service描述檔 Dockerfile : 封裝docker的描述檔,會以node.js的image為基礎來建置執行環境 cloudbuild.yaml : Google Cloud Build Trigger的步驟描述檔

Flashback Query

感謝我的好友提供的: 在Oracle好用的指令...
Flashback Query: 讓異動過的資料表回到歷史時間點 Step 1. è
show parameter undo_retention  PS: 這個參數顯示系統上設定歷史保留時間(ex: 900 = 900秒) Step 2. è CREATETABLE XXXXX_0815 ASSELECT *  FROM XXXXXASOFTIMESTAMPTO_TIMESTAMP('2011-08-15 12:00:00','YYYY-MM-DD HH24:MI:SS');
PS: 透過as of timestamp方式取出該時間點的表格資料