Install Master/Slave Ezeelogin with MySQL SSL
How to install master Ezeelogin with secure MySQL
Refer article to take a trial license and install dependencies according to the OS you are running.
1. Install Ezeelogin by running the installation script. Refer below example.
root@jumpserver:~# sh ezlogin_7.x.x.bin
2. Follow the prompt for installation. Type I AGREE and continue the installation.
Type "I AGREE" and press enter to accept the license:
You may be prompted to enter the missing settings. The default value will be given in bold. Simply pressing enter key will choose the default value.
Enter the path where web panel files should be installed.
This path should be accessible via a web browser.
The directory should not exist, but its parent directory should exist.
path to install web panel files ( /var/www/html/ezlogin ):
You need to specify the document root here if it differs from the default or press enter to choose default.
Enter the path where web panel system files should be installed.
This should be preferably outside the DocumentRoot (should not be accessible via web browser) for security reasons.
If safe_mode restriction is enabled, this path should be allowed for include with safe_mode_include_dir
The directory should not exist, but its parent directory should exist.
path to install web panel system files ( /var/www/ezlogin ):
If you need to access the Ezeelogin jump server web panel as www.yourdomain.com choose " / " & change your document root to {your existing document root}/ezlogin. For example ,If your document root is /var/www/html change to /var/www/html/ezlogin , else press enter to choose default
For example, if the DocumentRoot of http://www.yourdomain.com/ is /usr/local/apache/htdocs/yourdomain and you specified /usr/local/apache/htdocs/yourdomain/ezlogin as path to install web panel, the web panel would be accessible as http://www.yourdomain.com/ezlogin/. In this case the REQUEST-URI would be ’/ezlogin/’.
If you specified DocumentRoot itself as the path to install web panel files, it would be ’/’
URI path to access the web panel ( /ezlogin/ ):
Enter the hostname/IP address of the remote database server or use localhost, if you are going to run the database server on the current server.
If the MySQL server is running on this system itself, use ’localhost’
MySQL server ( localhost ):
port or path to unix socket used by the MySQL server.
MySQL port/socket ( 3306 ):
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
mysql> flush privileges;
Enter the username with super user (root) privileges for the database server.
This is usually ’root’, sometimes ’admin’ etc.
MySQL super user ( root ):
Please enter the password for the database super user.
MySQL super user password:
Type yes and follow the below steps to install Ezeelogin with secure MySQL.
Enable this option to use MySQL SSL connectivity when using a cluster so that mysql communication between the primary and secondary gateways would be encrypted
Do you want to use secure MySQL connection (yes/no) ? ( no ): yes
Provide the path to the private key file in provided space and continue.
Path to the private key file for secure MySQL connection.
Path to the private key file (Press x to exit) : /etc/certs/client-key.pem
Provide the path to the public key file in provided space and continue.
Path to the public key certificate file for secure MySQL connection.
Path to the public key certificate file: /etc/certs/client-cert.pem
Provide the path to the CA file in provided space and continue.
Path to the certificate authority file for secure MySQL connection.
Path to the certificate authority file: /etc/certs/ca.pem
Path to a directory containing trusted CA certificates for secure MySQL connection.
Path to a directory containing trusted CA certificates: /etc/certs/
Continue with the default settings.
List of *allowed* ciphers to be used for the encryption, separated by colons (':')
Allowed ciphers (DHE-RSA-AES256-SHA):
Whether to verify the server certificate for secure MySQL connection (yes/no).
Verify the server certificate? (no):
Type in Ezeelogin super admin username and password in the specific field or enter to install with default username and password.
Enter the ezlogin Administrator username (less than 21 chars).
This user should not exist on this system. It will be created.
admin user ( ezadm118 ):
Enter the password for ezlogin Administrator.
admin password ( }AkJy.%R3TQaX(P ):
Enter the security code for ezlogin Administrator.
security code ( FIyW6x7Lbz ):
Continue with the default settings.
Whether web panel should force HTTPS (secure) protocol or not. [yes/no]
Force HTTPS for web panel? (no):
You can review the settings and continue to install Ezeelogin.
Review settings:
Install web panel files in : /var/www/html/ezlogin/
Install web panel system files in : /var/www/ezlogin/
URI path to access web panel : /ezlogin/
MySQL server : 127.0.0.1
MySQL port/socket : 3306
MySQL database : ezlogin_seuegn
MySQL user : ezlogin_vntns
MySQL password : wGP}[nFxX@A8
Force HTTPS for web panel? : no
Secure MySQL connection? : yes
Path to the private key file : /etc/certs/client-key.pem
Path to the public key certificate file : /etc/certs/client-cert.pem
Path to the certificate authority file : /etc/certs/ca.pem
Path to a directory containing trusted CA certificates : /etc/certs/
Allowed ciphers : DHE-RSA-AES256-SHA
Verify the server certificate? : no
Admin user :ezadm118
Admin password :}AkJy.%R3TQaX(P
Admin security code :FIyW6x7Lbz
Note these down for future reference. Certain values such as passwords cannot be retrieved after setup.
Accept the above settings? (y/n/x) : y
Login to MySQL as root and grant privileges for Ezeelogin database user. Refer below example.
Ezeelogin database username can be find out from below command.
root@gateway ~]# php /usr/local/ezlogin/eztool.php -show_db_credentials
MariaDB [(none)]> grant all on ezlogin_databasename.* to 'mysql_username'@'%' identified by 'password';
MariaDB [(none)]> flush privileges;
Login to MySQL as Ezeelogin database username and password with SSL and type \s to confirm MySQL SSL is working.
[root@gateway ~]# mysql -u ezlogin_database_username -p -h hostname or ip --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem
Enter password:
MariaDB [(none)]> \s
---------------
. . .
SSL: Cipher in use is DHE-RSA-AES256-SHA
. . .
Connection: 127.0.0.1 via TCP/IP
. . .
----------------
SSL cipher is displayed, indicating that SSL is being used to secure our connection.
How to install slave Ezeelogin with secure MySQL
Refer below article to install the secondary node.
1. Install secondary Ezeelogin by running the installation script. Refer below example.
root@jumpserver:~# sh ezlogin_7.x.x.bin -- -secondary slave_ip -othernode master_ip
2. Follow the prompt for installation. Type I AGREE and continue the installation.
You may be prompted to enter the missing settings. The default value will be given in bold. Simply pressing enter key will choose the default value.
You need to specify the document root here if it differs from the default or press enter to choose default.
If you need to access the Ezeelogin jump server web panel as www.yourdomain.com choose " / " & change your document root to {your existing document root}/ezlogin. For example ,If your document root is /var/www/html change to /var/www/html/ezlogin , else press enter to choose default
Enter the hostname/IP address of the remote database server or use localhost, if you are going to run the database server on the current server.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
mysql> flush privileges;
Type yes and follow the below steps to install Ezeelogin with secure MySQL.
Provide the path to the private key file in provided space and continue.
Provide the path to the public key file in provided space and continue.
Provide the path to the CA file in provided space and continue.
Continue with the default settings.
Enter the super username of the master node and continue the installation.
Enter the privileged username (less than 21 chars) on the other node.
Other node super user (root):
Enter the port number of the master node and continue the installation. The default port number is 22.
Enter the SSH port on the other node.
Other node SSH port (22):
Enter the password of the super admin user of the master node and continue the installation.
Checking SSH access to other node (enter password when prompted)...
root@master_ip's password:
You can review the settings and continue to install Ezeelogin.
Review settings:
Install web panel files in : /var/www/html/ezlogin/
Install web panel system files in : /var/www/ezlogin/
URI path to access web panel : /ezlogin/
MySQL server : 127.0.0.1
MySQL port/socket : 3306
MySQL database : ezlogin_seuegn
MySQL user : ezlogin_vntns
MySQL password : wGP}[nFxX@A8
Force HTTPS for web panel? : no
Secure MySQL connection? : yes
Path to the private key file : /etc/certs/client-key.pem
Path to the public key certificate file : /etc/certs/client-cert.pem
Path to the certificate authority file : /etc/certs/ca.pem
Path to a directory containing trusted CA certificates : /etc/certs/
Allowed ciphers : DHE-RSA-AES256-SHA
Verify the server certificate? : no
Other node : 192.168.1.2
Other node SSH port : 22
Other node super user : root
Accept the above settings? (y/n/x) :
Login to MySQL as root and grant privileges for Ezeelogin database user. Refer below example.
Ezeelogin database username can be find out from below command.
FAQ:
1. Can we disable the slave server since we are currently using only the master node?
Certainly, the choice to disable the slave server is yours, but keep a note that data synchronization between the master and slave servers will not occur if the slave is disabled. It is recommended to keep both servers running and synchronized for real-time data updates, as changes made to the master server will automatically sync with the slave server.
Related Articles:
Troubleshooting Mysql SSL in Secondary node
Configure jump server to use SSL for MySQL
Configure ssh jump server to use SSL for Mariadb
SSL Certificate failed with MySQL SSL
Unable to access GUI while using MySQL SSL
failed to connect to database: Error: TLS/SSL error: Permission denied