[开发问题]项目上线服务器部署问题

普通用户免密登录linux服务器

客户端要想免密登陆服务器必须把客户端的公钥(pub)文件的内容添加到服务器的authorized_keys文件中。

//客户端生成公钥对
yxl@client:~$ ssh-keygen -t rsa -P ''
//将公钥拷贝到目标服务器指定目录下
yxl@client:~$ scp .ssh/id_rsa.pub yxl@server_IP:/home/yxl/.ssh/id_rsa.pub

服务器下将pub文件内容追加到authorized_keys文件中

//将公钥追加到该文件中
richard@richard~$  cat id_rsa.pub >> .ssh/authorized_keys
sudo chmod 700 .ssh && sudo chmod 600 authorized_keys//必须如此权限，否则免密登陆无效

//客户端免密登陆服务器
ssh richard@server_IP

阿里云服务器格式化后客户端重新拷贝本地公钥无效

$ ssh-copy-id root@ XX.XX.XX.XX 
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:mTzfuYMQARxWPH1UCszXMrqAkjlvZc+8gg4dw8vB3cE.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /c/Users/hp/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /c/Users/hp/.ssh/known_hosts:6
ERROR: ECDSA host key for XX.XX.XX.XX has changed and you have requested strict checking.
ERROR: Host key verification failed.

这是由于，ssh连接服务器时，如果之前连接过，ssh会默认保存该ip的连接协议信息，当我们再次访问此ip服务器时，ssh会自动匹配之前ssh保存的信息，由于我们的服务器做了更改，例如重装系统等操作，会导致本地保存的ssh信息失效，于是再次连接时就会出现上述错误。另外，远程服务器的ssh服务被卸载重装或ssh相关数据（协议信息）被删除也会导致这个错误

解决方案：删除本地kown_hosts里面响应服务器IP的信息重新执行上述拷贝

ssh-keygen -R "你的远程服务器ip地址" 

Ubuntu18 安装mysql-server如何修改root用户默认密码

查看root用户默认账户密码

sudo cat /etc/mysql/debian.cnf 

用默认账户密码登录

mysql root用户默认账户密码.jpg

mysql -u  debian-sys-maint -p 
password:...

修改root用户账户密码

mysql> use mysql;  
mysql> update mysql.user set authentication_string=password('123456') where user='root' and Host ='localhost';   
mysql> update user set  plugin="mysql_native_password";   
mysql> flush privileges;
mysql> quit; 

重启服务器

service mysql restart

内容安全策略（Content Security Policy)

 because it violates the following Content Security Policy directive: "default-src 'none'".\
 Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

http://www.ruanyifeng.com/blog/2016/09/csp.html
https://blog.csdn.net/qq_37943295/article/details/79978761

远程拷贝scp: not a regular file报错

添加 -r 参数

scp  -r /c/Users/hp/Desktop/mongoDB/myblog yxl@47.103.140.10:/home/yxl

MongoDB数据备份和恢复问题

 mongodump -h 127.0.0.1:27017 -d myblog -o ./
2020-01-27T15:32:23.381+0800    Failed: error getting collections for database `myblog`: error running `listCollections`. Database: `myblog` Err: command listCollections requires authentication

解决方案:

 mongodump -h 127.0.0.1:27017 -u=blogAdmin -p=123456 -d myblog  -o ./  --authenticationDatabase myblog

mongo无法登陆问题

问题描述：创建超级管理员之后，通过超级管理员可以正常登录mongo admin数据库,但是登录myblog 数据库就一直报 以下错误，

MongoDB shell version v4.0.15
connecting to: mongodb://127.0.0.1:27017/myblog?gssapiServiceName=mongodb
2020-01-27T15:54:24.841+0800 E QUERY [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:344:17
@(connect):2:6
exception: connect failed

问题原因:没有为这个数据库创建拥有者，解决方案：

use blogdb
db.createUser( { user: "blogadmin", pwd: "123456", roles: [ { role: "dbOwner", db: "blogdb" } ] } )

跨域cookie问题

A cookie associated with a cross-site resource at http://localhost/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.```

nginx配置问题

nginx -t //检查配置文件是否正确
nginx -s reload  //中期nginx
nginx -s stop

nginx: [warn] conflicting server name "" on 0.0.0.0:8888, ignored

可以忽略

"http" directive is not allowed here in

问题原因：自己新建的react-demo.conf文件中包含http{},因为在nginx.conf中已经有http{},而nginx.conf中又会引入site-enable文件夹下的.conf文件,造成nginx有两个http模块，
解决方案：去除自定义的nginx配置文件的http设置包裹

申请免费证书

https://console.cloud.tencent.com/ssl

image.png
image.png
image.png
image.png image.png

我是在阿里云上买的域名，进入控制台-》域名-》解析-》添加解析记录

image.png

回到证书页面，点击查询，验证解析成功

image.png

nginx配置https

https://cloud.tencent.com/document/product/400/35244
在服务器/etc/nginx/sites-enabled下新建https-demo.conf文件，输入一下内容

server {
     #SSL 访问端口号为 443
     listen 443 ssl;
     # ssl on;
     #填写绑定证书的域名
     server_name www.<domain_Name>.com;
     #证书文件名称
     ssl_certificate /etc/nginx/ssl/1_www.<domain_Name>.com_bundle.crt;
     #私钥文件名称
     ssl_certificate_key /etc/nginx/ssl/2_www.<domain_Name>.com.key;
      ssl_session_timeout 5m;
     #请按照以下协议配置
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;
  
     location / {
           root /home/yxl/www/blog/prod/source/dist/;
           try_files $uri $uri/ /index.html;

     }

     location /assets {
           alias  /home/yxl/www/blog/prod/source/dist/;
           gzip_static on;
           expires max;
           add_header Cache-Control public;
     }
 }
server {
  listen 80;
  #填写绑定证书的域名
  server_name www.<domain_Name>.com;
  #把http的域名请求转成https
 return 301 https://$host$request_uri;
}

执行 sudo /etc/init.d/nginx reload，重启nginx
在没有配置 location / 出现过404的情况，在没配置和 location /assets 出现过__ js报Uncaught SyntaxError: Unexpected token < __错误,查看网页静态资源，发现显示空白，所以问题是静态资源 未找到造成的。按照之前http的配置，配置一下静态路径即可。