$ cat /etc/my.cnf
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
symbolic-links = 0
local-infile = 0
max_connections = 1000
skip_name_resolve
character-set-client-handshake = FALSE
lower_case_table_names = 1
sql-mode = "ONLY_FULL_GROUP_BY,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION,STRICT_ALL_TABLES"
character-set-server = utf8
collation-server = utf8_general_ci
init_connect = "SET NAMES 'utf8'"
plugin-load-add=connection_control.so
connection-control-failed-connections-threshold=3
connection-control-min-connection-delay=1000
connection-control-max-connection-delay=2147483647
connection-control=FORCE_PLUS_PERMANENT
connection-control-failed-login-attempts=FORCE_PLUS_PERMANENT
plugin-load-add=validate_password.so
validate-password=FORCE_PLUS_PERMANENT
validate_password_check_user_name=on
validate_password_length=8
validate_password_number_count=1
validate_password_mixed_case_count=1
validate_password_special_char_count=1
validate_password_policy=2
validate_password_dictionary_file=/var/lib/mysql/dictionary_file
server-id=2020
log-bin=/var/lib/mysql/mysql-bin
expire_logs_days=7
## 此日志只在调试模式下打开
# general_log = on
# general_log_file = /var/lib/mysql/general.log
# log_timestamps = SYSTEM
require_secure_transport = ON
ssl-ca = /var/lib/mysql/ca.pem
ssl-cert = /var/lib/mysql/server-cert.pem
ssl-key = /var/lib/mysql/server-key.pem
[mysql]
default-character-set = utf8
[client]
default-character-set = utf8
注: 此配置只关注安全加固,不涉及性能调优。
参考
MySQL 5.6 Reference Manual / Connection-Control Plugin Installation
https://dev.mysql.com/doc/refman/5.6/en/connection-control-installation.html
MySQL 5.7 Reference Manual / Connection-Control Plugin Installation
https://dev.mysql.com/doc/refman/5.7/en/connection-control-installation.html
MySQL通过CONNECTION_CONTROL限制连接次数
https://zhuanlan.zhihu.com/p/157563612
https://www.cnblogs.com/wshichang/p/14276055.html
mysql8 参考手册--连接控制插件
https://www.1024sky.cn/blog/article/939
网友评论