【运维--安全相关】cerbot证书自动化续期
前言
Certbot可以配置为在证书过期之前自动更新证书。由于Let’s Encrypt SSL证书有效期时间为90天,所以建议您利用此功能。您可以通过运行以下命令来测试证书的自动续订:
安装
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot python2-certbot-nginx
使用
1.生成配置
certbot --nginx
# 自动生成nginx配置 Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (): acme-v02.api.letsencrypt.org Which names would you like to activate HTTPS for?
:servicemesher.com
: www.servicemsher.com
# 这里直接回车选择所有的域名
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/servicemesher.com.conf) It contains these names: servicemesher.com, www.servicemesher.com You requested these names for the new certificate: servicemesher.com,
prow.servicemesher.com, www.servicemesher.com. Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http- challenge for prow.servicemesher.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
: No redirect - Make no further changes to the webserver configuration.
: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [-] then [enter] (press 'c' to cancel):
# 这里是为了扩展证书支持更多的域名,所有输入 回车
Traffic on port already redirecting to ssl in /etc/nginx/nginx.conf
Redirecting all traffic on port to ssl in /etc/nginx/nginx.conf
Traffic on port already redirecting to ssl in /etc/nginx/nginx.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
2、查看配置
参考重点配置如下:
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256
ssl_ecdh_curve prime256v1;
# ssl_certificate /nginx.crt;
# ssl_certificate_key /nginx.key;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
ssl_verify_client off;
ssl_verify_depth 10;
3、重启,测试
nginx -t;nginx -s reload
4、自动化续期
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
附录:
git代码库,开发文档
git clone https://github.com/certbot/certbot https://certbot.eff.org/docs/contributing.html
certbot命令详解
用法:
certbot [子命令] [选项] [-d 域名] [-d 域名] ... Certbot工具用于获取和安装 HTTPS/TLS/SSL 证书。默认情况下,Certbot会尝试为本地网页服务器
(如果不存在会默认安装一个到本地)获取并安装证书。最常用的子命令和选项如下: 获取, 安装, 更新证书:
(默认) run 获取并安装证书到当前网页服务器
certonly 获取或更新证书,但是不安装
renew 更新已经获取但快过期的所有证书
-d 域名列表 指定证书对应的域名列表,域名之间使用逗号分隔 --apache 使用Apache插件进行身份认证和安装
--standalone 运行一个独立的网页服务器用于身份认证
--nginx 使用Nginx插件进行身份认证和安装
--webroot 把身份认证文件放置在服务器的网页根目录下
--manual 使用交互式或脚本钩子的方式获取证书 -n 非交互式运行
--test-cert 从预交付服务器上获取测试证书
--dry-run 测试获取或更新证书,但是不存储到本地硬盘 证书管理:
certificates 显示使用Certbot生成的所有证书的信息
revoke 撤销证书(supply --cert-path)
delete 删除证书 管理你的Let's Encrypt账户
register 创建Let's Encrypt ACME账户
--agree-tos 同意ACME服务器的订阅协议
-m EMAIL 接收有关账户的重要通知的邮箱地址 可选参数:
-h, --help 显示帮助信息,然后退出
-c 配置文件, --config 配置文件
配置文件的路径 (默认: /etc/letsencrypt/cli.ini
或 ~/.config/letsencrypt/cli.ini)
-v, --verbose 当前参数可以重复使用多次来增加输出信息的详细程度,例如 -vvv.
(默认: -2)
-n, --non-interactive, --noninteractive
非交互式运行,即运行过程中不需要询问用户输入,但需要额外的命令行
参数。当客户端发现参数缺失时会给出相应的说明。(默认: False)
--force-interactive 无论Certbot是否以命令行的方式运行,强制交互式运行。当前参数不能
用于renew子命令。(默认: False)
-d 域名列表, --domains 域名列表, --domain 域名列表
指定域名列表。如果有多个域名,可以多次使用-d参数,也可以在-d参数后
使用逗号分隔的域名列表。(默认: 询问)
--cert-name 证书名称 指定证书名称。每次Certbot运行只使用一个证书名称。可以使用命令
'certbot certificates'查看已生成的证书名称。当创建新的证书时,
此选项用于指定证书的名称。(默认: 无)
--dry-run 使用客户端执行一次试运行,获取测试证书(无效的证书)但不保存到磁盘。
当前选项仅用于'certonly'和'renew'子命令。
注: 尽管 --dry-run 选项试图阻止任何对系统的修改,但并不能做到
完全避免: 如果使用类似apache或nginx网页服务器来认证插件,
程序运行过程中,会尝试修改或恢复配置文件来获取测试证书,
也会重启网页服务器来部署和回滚这些修改。如果定义了 --pre-hook 和
--post-hook 选项它们会被同时执行,这两个选项有助于更精确地模拟
更新证书。--renew-hook 选项在这里不会被执行。(默认: False)
--preferred-challenges PREF_CHALLS
A sorted, comma delimited list of the preferred
challenge to use during authorization with the most
preferred challenge listed first (Eg, "dns" or "tls-
sni-01,http,dns"). Not all plugins support all
challenges. See
https://certbot.eff.org/docs/using.html#plugins for
details. ACME Challenges are versioned, but if you
pick "http" rather than "http-01", Certbot will select
the latest version automatically. (default: [])
--user-agent 用户代理
设置本客户端的用户代理信息。用户代理信息用于CA机构收集关于操作系统
和插件的使用成功率。如果你希望隐藏此信息,设置此选项为""。
(默认: CertbotACMEClient/0.12.0 (Ubuntu 16.04.2 LTS)
Authenticator/XXX Installer/YYY)
其他相关
自动化:
用于自动运行或其他情况的参数 --keep-until-expiring, --keep, --reinstall
如果被请求的证书已经存在,那么不执行更新操作直到证书将要过期
(如果使用了'run'子命令,无论是否过期证书都会被更新)。
(默认: 询问)
--expand 如果请求的证书名字是已经存在的证书名字的子集,那么这个本地证书
会被重置并重命名。(默认: 询问)
--version 显示程序和版本号,然后退出
--force-renewal, --renew-by-default
如果请求的证书已经存在,无论是否快要到期,更新该证书。
(通常使用 --keep-until-expiring 选项)。
该选项默认包含了 --expand 选项的功能。(默认: False)
--renew-with-new-domains
如果被请求的证书已经存在,但是域名变了,那么无论该证书是否将要过期
都会被更新。(默认: False)
--allow-subset-of-names
When performing domain validation, do not consider it
a failure if authorizations can not be obtained for a
strict subset of the requested domains. This may be
useful for allowing renewals for multiple domains to
succeed even if some domains no longer point at this
system. This option cannot be used with --csr.
(default: False)
--agree-tos 同意ACME订阅协议 (默认: 询问)
--duplicate Allow making a certificate lineage that duplicates an
existing one (both can be renewed in parallel)
(default: False)
--os-packages-only (仅用于 certbot-auto) 安装系统依赖包,然后停止 (默认: False)
--no-self-upgrade (仅用于 certbot-auto) 禁止 certbot-auto 脚本自动升级自己到
新的发布版本 (默认: 自动升级)
-q, --quiet 程序运行只输出错误信息。这个选项对于 cron 等自动化工具很有用。
该选项默认包含了 --non-interactive 选项的功能。(默认: False) 安全:
有关安全的参数和服务器设置 --rsa-key-size N RSA密钥的大小。 (默认: 2048)
--must-staple 为证书添加 OCSP Must Staple 扩展。当Apache版本高于2.3.3时,
自动配置 OCSP Stapling 支持。 (默认: False)
--redirect 对于新认证的虚拟主机,自动重定向HTTP到HTTPS。 (默认: 询问)
--no-redirect 对于新认证的虚拟主机,不要重定向HTTP到HTTPS。 (默认: 询问)
--hsts Add the Strict-Transport-Security header to every HTTP
response. Forcing browser to always use SSL for the
domain. Defends against SSL Stripping. (default:
False)
--uir Add the "Content-Security-Policy: upgrade-insecure-
requests" header to every HTTP response. Forcing the
browser to use https:// for every http:// resource.
(default: None)
--staple-ocsp Enables OCSP Stapling. A valid OCSP response is
stapled to the certificate that the server offers
during TLS. (default: None)
--strict-permissions Require that all configuration files are owned by the
current user; only needed if your config is somewhere
unsafe like /tmp/ (default: False) 测试:
The following flags are meant for testing and integration purposes only. --test-cert, --staging
Use the staging server to obtain or revoke test
(invalid) certs; equivalent to --server https://acme-
staging.api.letsencrypt.org/directory (default: False)
--debug Show tracebacks in case of errors, and allow certbot-
auto execution on experimental platforms (default:
False)
--no-verify-ssl Disable verification of the ACME server's certificate.
(default: False)
--tls-sni-01-port TLS_SNI_01_PORT
Port used during tls-sni-01 challenge. This only
affects the port Certbot listens on. A conforming ACME
server will still attempt to connect on port 443.
(default: 443)
--http-01-port HTTP01_PORT
Port used in the http-01 challenge. This only affects
the port Certbot listens on. A conforming ACME server
will still attempt to connect on port 80. (default:
80)
--break-my-certs Be willing to replace or renew valid certs with
invalid (testing/staging) certs (default: False) 路径:
修改有关执行路径和服务器的参数 --cert-path 证书路径
Path to where cert is saved (with auth --csr),
installed from, or revoked. (default: None)
--key-path 密钥路径 Path to private key for cert installation or
revocation (if account key is missing) (default: None)
--chain-path 钥匙链路径
Accompanying path to a certificate chain. (default:
None)
--config-dir 配置文件目录
Configuration directory. (default: /etc/letsencrypt)
--work-dir 工作目录 Working directory. (default: /var/lib/letsencrypt)
--logs-dir 日志目录 Logs directory. (default: /var/log/letsencrypt)
--server 服务器 ACME Directory Resource URI. (default:
https://acme-v01.api.letsencrypt.org/directory) 管理:
Various subcommands and flags are available for managing your
certificates: certificates List certificates managed by Certbot
delete Clean up all files related to a certificate
renew Renew all certificates (or one specified with --cert-
name)
revoke Revoke a certificate specified with --cert-path
update_symlinks Recreate symlinks in your /etc/letsencrypt/live/
directory run:
获取和安装证书的选项 certonly:
修改获取证书方式的选项 --csr CSR Path to a Certificate Signing Request (CSR) in DER or
PEM format. Currently --csr only works with the
'certonly' subcommand. (default: None) renew:
The 'renew' subcommand will attempt to renew all certificates (or more
precisely, certificate lineages) you have previously obtained if they are
close to expiry, and print a summary of the results. By default, 'renew'
will reuse the options used to create obtain or most recently successfully
renew each certificate lineage. You can try it with `--dry-run` first. For
more fine-grained control, you can renew individual lineages with the
`certonly` subcommand. Hooks are available to run commands before and
after renewal; see https://certbot.eff.org/docs/using.html#renewal for
more information on these. --pre-hook PRE_HOOK Command to be run in a shell before obtaining any
certificates. Intended primarily for renewal, where it
can be used to temporarily shut down a webserver that
might conflict with the standalone plugin. This will
only be called if a certificate is actually to be
obtained/renewed. When renewing several certificates
that have identical pre-hooks, only the first will be
executed. (default: None)
--post-hook POST_HOOK
Command to be run in a shell after attempting to
obtain/renew certificates. Can be used to deploy
renewed certificates, or to restart any servers that
were stopped by --pre-hook. This is only run if an
attempt was made to obtain/renew a certificate. If
multiple renewed certificates have identical post-
hooks, only one will be run. (default: None)
--renew-hook RENEW_HOOK
Command to be run in a shell once for each
successfully renewed certificate. For this command,
the shell variable $RENEWED_LINEAGE will point to the
config live subdirectory containing the new certs and
keys; the shell variable $RENEWED_DOMAINS will contain
a space-delimited list of renewed cert domains
(default: None)
--disable-hook-validation
Ordinarily the commands specified for --pre-hook
/--post-hook/--renew-hook will be checked for
validity, to see if the programs being run are in the
$PATH, so that mistakes can be caught early, even when
the hooks aren't being run just yet. The validation is
rather simplistic and fails if you use more advanced
shell constructs, so you can use this switch to
disable it. (default: False) certificates:
列出由Certbot管理的所有证书信息 delete:
用于删除证书的选项 revoke:
用于撤销证书的选项 --reason {keycompromise,affiliationchanged,superseded,unspecified,cessationofoperation}
Specify reason for revoking certificate. (default: 0) register:
用于账户注册和更新的选项 --register-unsafely-without-email
Specifying this flag enables registering an account
with no email address. This is strongly discouraged,
because in the event of key loss or account compromise
you will irrevocably lose access to your account. You
will also be unable to receive notice about impending
expiration or revocation of your certificates. Updates
to the Subscriber Agreement will still affect you, and
will be effective 14 days after posting an update to
the web site. (default: False)
--update-registration
With the register verb, indicates that details
associated with an existing registration, such as the
e-mail address, should be updated, rather than
registering a new account. (default: False)
-m EMAIL, --email EMAIL
Email used for registration and recovery contact.
(default: Ask)
--eff-email Share your e-mail address with EFF (default: None)
--no-eff-email Don't share your e-mail address with EFF (default:
None) unregister:
用于注销账户的选项 --account 账户ID 需要注销的账户ID (默认: 无) install:
用于修改证书部署路径的选项 --fullchain-path 完整钥匙链的路径
Accompanying path to a full certificate chain (cert
plus chain). (default: None) config_changes:
Options for controlling which changes are displayed --num NUM How many past revisions you want to be displayed
(default: None) rollback:
Options for rolling back server configuration changes --checkpoints N Revert configuration N number of checkpoints.
(default: 1) plugins:
Options for for the "plugins" subcommand --init Initialize plugins. (default: False)
--prepare Initialize and prepare plugins. (default: False)
--authenticators Limit to authenticator plugins only. (default: None)
--installers Limit to installer plugins only. (default: None) update_symlinks:
Recreates cert and key symlinks in /etc/letsencrypt/live, if you changed
them by hand or edited a renewal configuration file plugins:
Plugin Selection: Certbot client supports an extensible plugins
architecture. See 'certbot plugins' for a list of all installed plugins
and their names. You can force a particular plugin by setting options
provided below. Running --help <plugin_name> will list flags specific to
that plugin. --configurator CONFIGURATOR
Name of the plugin that is both an authenticator and
an installer. Should not be used together with
--authenticator or --installer. (default: Ask)
-a AUTHENTICATOR, --authenticator AUTHENTICATOR
Authenticator plugin name. (default: None)
-i INSTALLER, --installer INSTALLER
Installer plugin name (also used to find domains).
(default: None)
--apache Obtain and install certs using Apache (default: False)
--nginx Obtain and install certs using Nginx (default: False)
--standalone 运行一个独立的网页服务器用于获取证书。(默认: False)
--manual Provide laborious manual instructions for obtaining a
cert (default: False)
--webroot 把身份认证文件放置在服务器的网页根目录下用于获取证书。
(默认: False) nginx:
Nginx网页服务器插件 - Alpha版本 --nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx)
--nginx-ctl NGINX_CTL
Path to the 'nginx' binary, used for 'configtest' and
retrieving nginx version number. (default: nginx) standalone:
启动一个临时的网页服务器 manual:
Authenticate through manual configuration or custom shell scripts. When
using shell scripts, an authenticator script must be provided. The
environment variables available to this script are $CERTBOT_DOMAIN which
contains the domain being authenticated, $CERTBOT_VALIDATION which is the
validation string, and $CERTBOT_TOKEN which is the filename of the
resource requested when performing an HTTP-01 challenge. An additional
cleanup script can also be provided and can use the additional variable
$CERTBOT_AUTH_OUTPUT which contains the stdout output from the auth
script. --manual-auth-hook MANUAL_AUTH_HOOK
Path or command to execute for the authentication
script (default: None)
--manual-cleanup-hook MANUAL_CLEANUP_HOOK
Path or command to execute for the cleanup script
(default: None)
--manual-public-ip-logging-ok
Automatically allows public IP logging (default: Ask) webroot:
Place files in webroot directory --webroot-path WEBROOT_PATH, -w WEBROOT_PATH
public_html / webroot path. This can be specified
multiple times to handle different domains; each
domain will have the webroot path that preceded it.
For instance: `-w /var/www/example -d example.com -d
www.example.com -w /var/www/thing -d thing.net -d
m.thing.net` (default: Ask)
--webroot-map WEBROOT_MAP
JSON dictionary mapping domains to webroot paths; this
implies -d for each entry. You may need to escape this
from your shell. E.g.: --webroot-map
'{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}'
This option is merged with, but takes precedence over,
-w / -d entries. At present, if you put webroot-map in
a config file, it needs to be on a single line, like:
webroot-map = {"example.com":"/var/www"}. (default:
{}) apache:
Apache网页服务器插件 - Beta版本 --apache-enmod APACHE_ENMOD
Path to the Apache 'a2enmod' binary. (default:
a2enmod)
--apache-dismod APACHE_DISMOD
Path to the Apache 'a2dismod' binary. (default:
a2dismod)
--apache-le-vhost-ext APACHE_LE_VHOST_EXT
SSL vhost configuration extension. (default: -le-
ssl.conf)
--apache-server-root APACHE_SERVER_ROOT
Apache server root directory. (default: /etc/apache2)
--apache-vhost-root APACHE_VHOST_ROOT
Apache server VirtualHost configuration root (default:
/etc/apache2/sites-available)
--apache-logs-root APACHE_LOGS_ROOT
Apache server logs directory (default:
/var/log/apache2)
--apache-challenge-location APACHE_CHALLENGE_LOCATION
Directory path for challenge configuration. (default:
/etc/apache2)
--apache-handle-modules APACHE_HANDLE_MODULES
Let installer handle enabling required modules for
you.(Only Ubuntu/Debian currently) (default: True)
--apache-handle-sites APACHE_HANDLE_SITES
Let installer handle enabling sites for you.(Only
Ubuntu/Debian currently) (default: True)
【运维--安全相关】cerbot证书自动化续期的更多相关文章
- 【目录】Python自动化运维
目录:Python自动化运维笔记 Python自动化运维 - day2 - 数据类型 Python自动化运维 - day3 - 函数part1 Python自动化运维 - day4 - 函数Part2 ...
- 自动化运维与Saltstack
一.自动化运维介绍 1.自动化运维产生背景 传统的IT运维是将数据中心中的网络设备.服务器.数据库.中间件.存储.虚拟化.硬件等资源进行统一监控,当资源出现告警时,运维人员通过工具或者基于经验进行 ...
- 自动化运维:(1)认识 Shell
目录 (一)运维是什么? (二)什么是 Shell? (三)Shell的分类 (四)Shell脚本 (五)Shell的变量 (六)表达式 (七)Linux常见符号 (八)常见命令 (一)自动化运维是什 ...
- 真正云原生的智能运维体系,阿里云发布ECS自动化运维套件
云计算的发展,推动了自动化运维.DevOps.AIOps 等趋势的兴起,在业务快速变化的今天,企业希望通过一套自动化运维的专家系统提高运维效率,为业务提供支撑. 传统的方式下,打造一套成熟的 DevO ...
- Linux系统运维工程该具备哪些素质
记得在上高中时,物理老师总是会对我们一句话:"学习是件苦差事."工作后发现,其实做运维也是件苦差事.最为一名运维工程师,深知这一行的艰辛,但和IT行业其他职务一样,那就是付出的越多 ...
- linux运维架构师职业规划
1.假如你从来未接触过Linux的话,首先要做的就找一本指导书来学习.现在公认的Linux的入门书籍是“鸟哥的私房菜”,讲的很全面,鸟哥的私房菜一共分为两部,一部是基础篇,一部是服务器篇.“鸟哥的私房 ...
- 百度云曲显平:AIOps时代下如何用运维数据系统性地解决运维问题?
百度云智能运维负责人 曲显平 本文是根据百度云智能运维负责人曲显平10月20日在msup携手魅族.Flyme.百度云主办的第十三期魅族技术开放日<百度云智能运维实践>演讲中的分享内容整理而 ...
- 浅谈SDN架构下的运维工作
导读 目前国内的网络运维还处于初级阶段,工作人员每天就像救火一样,天天疲于奔命.运维人员只能埋头查找系统运行的日志,耗时耗力,老眼昏花不说,有时候忙了半天还一无所获,作为运维工程师的你,有木有遇到过类 ...
- 零基础转行Linux云计算运维工程师获得20万年薪的超级学习技巧
云计算概念一旦产生便一发不可收拾,成为移动互联网时代最为火热的行业之一.国内各大互联网公司例如阿里.腾讯.百度.网易等纷纷推出自己的云计算产品,3月10日,腾讯云0.01元投标时间更是让云计算在普罗大 ...
随机推荐
- Activity学习笔记1
Activity概述 简单的理解Activity就是指Android手机或平板的一个屏,类似Window的一个窗口,浏览器的一个页面. Activity的4种状态 Activity的生命周期 创建Ac ...
- 鼠标悬停,使用css切换图片
鼠标悬停,使用css切换图片 当鼠标悬停在li上面切换另一张图片,只需添加下述css样式即可
- Optional 容器类
什么是Optional容器类 Optional 类(java.util.Optional) 是一个容器类,代表一个值存在或不存在,原来用 null 表示一个值不存在,现在 Optional 可以更好的 ...
- 国内透明代理IP
- 警告Establishing SSL connection without server's identity verification is not recommended
[本文版权归微信公众号"代码艺术"(ID:onblog)所有,若是转载请务必保留本段原创声明,违者必究.若是文章有不足之处,欢迎关注微信公众号私信与我进行交流!] SpringBo ...
- bugku 一个神奇的登录框
一个登录界面,填个admin,123试试,提示try again 抓包看看. 在admin后加个’提示try again 看来是被过滤了,试试” 报错了,加上# 报错没有了,说明存在注入点. 先来判断 ...
- 入门大数据---Spark_Streaming整合Kafka
一.版本说明 Spark 针对 Kafka 的不同版本,提供了两套整合方案:spark-streaming-kafka-0-8 和 spark-streaming-kafka-0-10,其主要区别如下 ...
- 利用oracle数据库闪回功能将oracle数据库按时间点恢复
oracle更新脚本把原数据冲了,并且没有备份,急煞我也 解决办法: oracle数据库有闪回功能: select * from tab 可以查出已被删除的表 ...
- Zookeeper Watcher 流程分析(结合源码)
概述 ZK提供了分布式数据的发布/订阅功能,一个典型的发布/订阅模型系统定义了一种一对多的订阅关系,能够让多个订阅者同时监听某个主题对象,当这个主题对象自身状态发生变化时,会通知所有的订阅者.在ZK中 ...
- 洛谷 P2298 【Mzc和男家丁的游戏 】
这道题还是挺水的,广搜模板题,注意一下细节就是了. :码代上上代码: #include <bits/stdc++.h> using namespace std; int n , m , s ...