How to enable Encryption for MariaDB

Generate Keys

1. make keys file

# sudo su

# mkdir -p /etc/mysql/encryption

# cd /etc/mysql/encryption 

# echo "1;"$(openssl rand -hex 32) > keys

# echo "2;"$(openssl rand -hex 32) >> keys

# echo "3;"$(openssl rand -hex 32) >> keys

# echo "4;"$(openssl rand -hex 32) >> keys

2. make password file

# openssl rand -hex 128 > password_file

3. make key enc

# openssl enc -aes-256-cbc -md sha1 -pass file:password_file -in keys -out keys.enc

Updating MariaDB Configuration

create config file

# sudo vim /etc/mysql/mariadb.conf.d/encryption.cnf

Pass content

[mariadb]

## File Key Management

plugin_load_add = file_key_management

file_key_management_filename = /etc/mysql/encryption/keys.enc

file_key_management_filekey = FILE:/etc/mysql/encryption/password_file

file_key_management_encryption_algorithm = aes_cbc

## InnoDB/XtraDB Encryption Setup

innodb_default_encryption_key_id = 1

innodb_encrypt_tables = FORCE ( or ON )

innodb_encrypt_log = ON

innodb_encryption_threads = 4

## Aria Encryption Setup

aria_encrypt_tables = ON

## Temp & Log Encryption

encrypt-tmp-disk-tables = 1

encrypt-tmp-files = 1

encrypt_binlog = ON

Change Permissions

# cd /etc/mysql/

# sudo chown -R mysql:root ./encryption 

# sudo chmod 500 /etc/mysql/encryption/

# cd ./encryption

# chmod 400 keys.enc password_file 

# chmod 644 /etc/mysql/mariadb.conf.d/encryption.cnf

Restart MariaDB

# sudo service mariadb restart

Check Result

REF

https://webdock.io/en/docs/how-guides/security-guides/how-to-enable-encryption-mariadb

Apache2 VirtualHost

參考公爵的文章


假設localhost會看到本機端的www資料夾下的index
以及www.test.com會看到www/test資料夾下的index


首先，先在apache2/conf.d下產生virtual.cof文件


sudo gedit /etc/apache2/conf.d/virtual.conf


設定接收所有IP回應80埠


NameVirtualHost: *:80


設定資料夾讀取權限



<Directory /var/www>
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>


<Directory /var/www/test>
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>



設定虛擬主機


<VirtualHost *:80>
    ServerName   www.test.com
    DocumentRoot   /var/www/test

</VirtualHost>


<VirtualHost *:80>
    ServerName   localhost
    DocumentRoot   /var/www
</VirtualHost>


重新啟動Apache2


sudo /etc/init.d/apache2 restart

MySQL table is read only

今天弄了一天，就因為這個

table is read only

為什麼會這樣吶～

我改了權限也不行

用了mysqladmin -u -p FLUSH TALBES WITH READ LOCK

也不行

最後看了到別人提到使用者和群組都要改成mysql

我就姑且一試，果然給我試成功了！

windows的mysql沒有權限的限制，但是linux有權限的限制。

把資料庫直接拷貝到linux底下會使檔案的權限及使用者改變。

不熟linux的我只好上網拼命查拼命試囉！

sudo chown -R mysql:mysql /var/lib/mysql/[database]

sudo /etc/init.d/mysql restart

Apache Rewrite on Ubuntu

啟動 mod_rewrite

sudo a2enmod rewrite

修改 /etc/apache2/apache2.conf

Allowoverride All

重啟 Apache2

接著在你要rewrite的資料夾下加入.htaccess

修改.htaccess

RewriteEngine on
Options +FollowSymLinks
RewriteBase
RewriteRule
...

存檔，完成