Rootop 服务器运维与web架构

2025-06-13
发表者 Venus
php使用自签名证书调用三方接口已关闭评论

php使用自签名证书调用三方接口

自己生成csr和私钥,将csr发给对方,对方颁发公钥,php代码需要配置证书及私钥访问对方接口。

对方给的证书只有服务器证书,没有给根证书,可以访问对方域名提取,或者命令行获取。

openssl s_client -connect x.x.xgaming.com:443 -showcerts


命令输出的比较多,通过判断 “CN =” 字段来确认是服务器证书、还是中间证书或者根证书。

用浏览器方式导出根证书最方便。

// 设置对方CA根证书(验证服务器身份)
curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . "/ca.crt");
// 设置客户端证书和私钥(双向TLS用)
curl_setopt($ch, CURLOPT_SSLCERT, __DIR__ . "/prod-cert.pem");
curl_setopt($ch, CURLOPT_SSLKEY, __DIR__ . "/PrivateKey.key");

PS:通过 https://decoder.link/result 这个网站可以解析证书内容。

2025-04-28
发表者 Venus
通过udev修改/dev/下的设备权限已关闭评论

通过udev修改/dev/下的设备权限

admin@rd-GMB5188:~$ ll /dev/gpcdrv 
crw------- 1 root root 236, 0 Apr 27 21:00 /dev/gpcdrv

默认此设备只有root账户可以读写,其它账号无法使用,通过udev规则实现自动修改。

# 查看设备属性等信息
root@rd-GMB5188:~# udevadm info -a -n /dev/gpcdrv 

Udevadm info starts with the device specified by the devpath and then
walks up the chain of parent devices. It prints for every device
found, all possible attributes in the udev rules key format.
A rule to match, can be composed by the attributes of the device
and the attributes from one single parent device.

  looking at device '/devices/virtual/gpcdrv/gpcdrv':
    KERNEL=="gpcdrv"
    SUBSYSTEM=="gpcdrv"
    DRIVER==""
    ATTR{power/async}=="disabled"
    ATTR{power/control}=="auto"
    ATTR{power/runtime_active_kids}=="0"
    ATTR{power/runtime_active_time}=="0"
    ATTR{power/runtime_enabled}=="disabled"
    ATTR{power/runtime_status}=="unsupported"
    ATTR{power/runtime_suspended_time}=="0"
    ATTR{power/runtime_usage}=="0"


# 确定可以通过KERNEL和SUBSYSTEM属性匹配设备进行修改权限。
root@rd-GMB5188:~# cat /etc/udev/rules.d/98-gpcdrv.rules 
KERNEL=="gpcdrv", SUBSYSTEM=="gpcdrv", MODE="0664"

# 重启后再次查看权限
admin@rd-GMB5188:~$ ll /dev/gpcdrv 
crw-rw-r-- 1 root root 235, 0 Apr 27 21:05 /dev/gpcdrv

2025-02-28
发表者 Venus
配置 docker container 连接到主机上的 MySQL 服务已关闭评论

配置 docker container 连接到主机上的 MySQL 服务

docker-compose.yml 里加入这一条:

extra_hosts:
  - "host.docker.internal:host-gateway"


变成:
services:
  app:
    image: ...
    container_name: ...
    ...
    extra_hosts:
      - "host.docker.internal:host-gateway"


与此同时, MySQL 需要监听在 docker 的网卡上:


# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether 00:0c:ff:cc:af:af brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
    inet 172.16.212.135/24 brd 172.16.212.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80:20c:29ff:3::bca/64 scope global
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 76:1f:8c:eb:62:f8 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
25: br-c5516318dfee: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 7e:e9:0e:61:6e:cb brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-c5516318dfee
       valid_lft forever preferred_lft forever
    inet6 fe80::7ce9:eff:fe61:6ecb/64 scope link
       valid_lft forever preferred_lft forever


这里可以看到 docker0 网卡的地址是 172.17.0.1, 也就是容器内 host.docker.internal 会解析到的地址


打开 MySQL 配置文件, 位于:
/etc/mysql/mysql.conf.d/mysqld.cnf


将
bind-address            = 127.0.0.1
改为
bind-address            = 127.0.0.1,172.17.0.1
重启 MySQL:
systemctl restart mysql
即可完成配置

2025-02-24
发表者 Venus
mysql load data导入数据报 The used command is not allowed with this MySQL version 错误已关闭评论

mysql load data导入数据报 The used command is not allowed with this MySQL version 错误

版本:mysql 8.0.18

mysql> use dkparel_prod;
mysql> load data local infile '/mnt/upload_sql/2024-01-10_gameAccountingHistory.csv' into table gameaccountinghistory3 fields terminated by '\t' lines terminated by '\n';
ERROR 1148 (42000): The used command is not allowed with this MySQL version

# 通过mysql命令行临时修改也没效果
mysql> set global local_infile=on;
mysql> show global variables like 'local_infile';

# 可以在进mysql命令行时加参数解决
[root@db01 ~]# mysql -uroot -pxxx --local-infile=1

# 或者在shell中加参数直接执行sql语句
[root@db01 ~]# mysql -uroot -pxxx --local-infile=1 dkparel_prod -e "load data local infile '/mnt/upload_sql/2024-01-10_gameAccountingHistory.csv' into table gameaccountinghistory3 fields terminated by '\t' lines terminated by '\n';"

2025-02-13
发表者 Venus
almalinux9.5安装阿里ossfs已关闭评论

almalinux9.5安装阿里ossfs

# 官方文档
https://help.aliyun.com/zh/oss/developer-reference/install-ossfs

# 通过源码方式安装
sudo yum makecache
sudo yum install automake gcc-c++ git libcurl-devel libxml2-devel fuse-devel make openssl-devel

git clone https://github.com/aliyun/ossfs.git
cd ossfs
./autogen.sh 

# 在下面这一步会报错,提示需要fuse版本需要大于指定版本
./configure 
make
make install



# 在almalinux9中,fuse叫fuse3和fuse3-devel,但是无法被ossfs编译使用,手动安装fuse和fuse-devel

# 通过rpmfind网站查到centos stream9的包并安装

# 先装fuse
yum install -y https://rpmfind.net/linux/centos-stream/9-stream/BaseOS/x86_64/os/Packages/fuse-2.9.9-17.el9.x86_64.rpm

# 装fuse-libs,会被fuse-devel依赖
yum install -y https://rpmfind.net/linux/centos-stream/9-stream/BaseOS/x86_64/os/Packages/fuse-libs-2.9.9-17.el9.x86_64.rpm
yum install -y https://rpmfind.net/linux/centos-stream/9-stream/CRB/x86_64/os/Packages/fuse-devel-2.9.9-17.el9.x86_64.rpm
再次 ./configure 通过

按照官方文档继续配置剩下的部分。