安装服务器 - 常规安装

1. 安装和配置MySQL服务器

如果您使用云计算提供商的MySQL云数据库服务，可以跳过此步骤

安装MySQL 8.x服务器 - 请自行查阅网上教程，这里不再赘述。

检查mysql是否正常安装和运行

Ubuntu / Debian

sudo systemctl status mysql  # Ubuntu/Debian

CentOS / RHEL

sudo systemctl status mysqld # CentOS/RHEL

配置root管理员密码

查看端口开放和连接状态

mysql -u root -p -h your.db.host -P 3306

创建数据库

CREATE DATABASE IF NOT EXISTS `upay` /*!40100 DEFAULT CHARACTER SET utf8 */;

创建数据库用户并授权

# 创建用户
CREATE USER '新用户名'@'主机' IDENTIFIED BY '密码'; # 主机可以是%,也可以是api服务的ip

# 授权访问数据库
GRANT SELECT, CREATE, DROP, INSERT, UPDATE, DELETE, INDEX, ALTER, REFERENCES ON upay.* TO '新用户名'@'主机'

# 刷新
FLUSH PRIVILEGES;

测试连接

mysql -u 新用户名 -p -h your.db.host -P 3306

2 .安装Redis服务器

安装无TLS加密的Redis

dnf install -y redis6

其余yum、apt等安装方式请参考互联网内容，此处不在赘述。

编辑 /etc/redis6/redis6.conf

vim /etc/redis6/redis6.conf

根据需求修改配置

requirepass 123456
bind * -::*

启动redis6服务器

systemctl restart redis6

确认redis启动

telnet localhost 6379 

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]

安装带TLS加密的Redis - 自签证书

设置服务端hostname

hostnamectl set-hostname xcache #xcache为自定义redis的服务器名称

生成redis服务端证书

在当前目录下创建一个 redis-server.conf文件

touch redis-server.conf

内容如下，其中dns以及其它字段根据实际情况调整

[ req ]
default_bits       = 2048
prompt             = no
default_md         = sha256
req_extensions     = req_ext
distinguished_name = dn

[ dn ]
C  = CA
ST = BC
L  = VAN
O  = WRB
OU = WRB TECH
CN = xredis

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = xcache
DNS.2 = xcache1

使用openssl和上述配置文件生成根证书和服务端证书

# 生成根ca证书
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 3650 -out ca.crt -config redis-server.conf

# 生成服务器证书
openssl req -new -nodes -out redis.csr -newkey rsa:2048 -keyout redis.key -config redis-server.conf

# 使用ca证书签署服务端证书
openssl x509 -req -in redis.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out redis.crt -days 3650

完成后你将拥有以下几个文件

ca.key
ca.crt
redis.key
redis.crt

复制证书

cp ca.crt /etc/redis6/ca.crt
cp redis.crt /etc/redis6/redis.crt
cp redis.key /etc/redis6/redis.key

# 设置权限：

sudo chown redis6:redis6 /etc/redis6/redis.crt /etc/redis6/redis.key /etc/redis6/ca.crt 
sudo chmod 600 /etc/redis6/redis.key
sudo chmod 644 /etc/redis6/redis.crt /etc/redis6/ca.crt

修改 /etc/redis6/redis6.conf内容

# 启用 TLS 和端口设置
tls-port 6379
# 禁用非 TLS 端口
port 0  

# 证书和密钥文件
tls-cert-file /etc/redis6/redis.crt
tls-key-file /etc/redis6/redis.key
tls-ca-cert-file /etc/redis6/ca.crt

# 启用客户端证书验证
tls-auth-clients yes

# 配置redis，设置登录验证
requirepass 123456

# 绑定所有网口
bind * -::*

启动redis服务器

sudo systemctl restart redis6

生成客户端证书

编辑client.conf文件，写入以下内容，其中dns以及各个字段根据实际情况调整

[ req ]
default_bits       = 2048
prompt             = no
default_md         = sha256
req_extensions     = req_ext
distinguished_name = dn

[ dn ]
C  = CA
ST = BC
L  = VAN
O  = WRB
OU = WRB TECH
CN = *.xnode.host

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = *.yourhost.com
DNS.2 = example

使用上述文件生成客户端证书

# 支持泛域名，生成客户端证书
openssl req -new -nodes -out client.csr -newkey rsa:2048 -keyout client.key -config client.conf

# 使用前序步骤生成的ca根证书签署客户端证书
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650 

# 合并成为p12
openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile ca.crt

此时得到了客户的证书

client.p12

如果redis启用tls连接的话，以下文件要在第三步中使用：

ca.crt
client.p12

3. 安装Beaver Payment API接口服务器

获取安装脚本

git clone git@github.com:WhiteRiverBay/beaver-payment-install.git

（可选）如果redis启用了tls，需要先把客户端证书放到对应目录中

# 其中ca.crt和 client.p12是第二步产生的tls根证书和客户端证书
cp ca.crt .config/
cp client.p12 .config/

执行安装脚本

sh install.sh

系统显示如下界面

Beaver Payment Configuration Initialization
1 - Generating RSA Key Pair
...+..+..........+..+++++++++++++++++++++++++++++++++++++++++++++*..+.+........+....+...+.....+++++++++++++++++++++++++++++++++++++++++++++*..........................+.+...+...........+......+.+............+..+..........+...+...+........+......+..........+...........+...+...........................+.........+......+.............+..+....+..............+........................+.+..+...+.......+..+.....................................+........+.......+..............+.......+........+.........+..........+...+.....+...+....+...+............+...+...+..+.........+...+..........+............+...............+......+.....+.........+.+..+.......+........................+.................+...+.......+........+.+...+.....+.+.....+.+..............+.......+........+....+.................+.+...+.................+..........+..+.......+..............+...............+.+.....+......+...............+...+......+.+.....+.......+..+....+.........+.....+.+............+..............+......+............+..........+......+.....+............+...............+....+...+...+.................+.+...........+......+.......+..+.+........+....+......+.....................+.....+....+..+...............+.......+..+...+................+..+.......+..................+............+.....+...+...............+...................+.....+....+..............+..........+...+..+.......+......+.....+.............+..+.............+.....+.........+.+..+...+......+.+.......................+.+......+............+...+.....+...+.........+......................+.........+...........+...+.............+..+.....................+.+.....+....+..+..........+..+..........+...............+...+..+...+.......+.................+.+...............+..................+..+.........+......+.......+......+..+....+........+.+..+...+.+...+..+...+......+.+.....+.+.......................+.......+........+..........+.........+........+...................+......+..+......+.+.........+.........+...........+......+.........+..........+..+.........+......+....+......+...+...........+....+....................+....+...........+....+..+.........+....+.....+.+..+....+..................+.....+......+++++
....+.+...+..+............+.+......+.....+...+.+..+...+.+...........+....+..............+.+......+.........+...+...+++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++*........+...+..+.........+.+..............+.......+.....+...+...............................+.....+...+.+......+......+..+.......+........+......+.+......+............+.....+...+.......+........+.........+.+...+.........+......+..+...+.+......+..+......+......+...+.......+........+...+...+.+......+.....+.........+.........+............+..................+............+..........+...+...............+......+...+...+........+.+.......................+.+....................+.........+...+.......+..+...+.+......+.........+.....+.+...........+.......+...+...............+.....+.......+..+......+.......+...........+....+....................+..........+..+.........+.......+.....+...........................+...+...+............+..........+..+......+.+......+..+.+..+...+....+...+.........+.........+.........+..+.+..+...+.......+......+.....+..........+..+...+.+......+..............+....+.........+.....+...+.............+.........+++++
writing RSA key
Please keep the private.pem file safe and secure
public.pem saved in .config successful
Generating Google Authenticator Secret:

Generate Notify Secret:
Generating .env file
Please enter the database host:
127.0.0.1
Please enter the database port:
3306
Please enter the database name:
upay
Please enter the database username:
root
Please enter the database password:
root123321
Testing database connection
mysql: [Warning] Using a password on the command line interface can be insecure.
+---+
| 1 |
+---+
| 1 |
+---+
Database connection successful
Creating database if it does not exist
mysql: [Warning] Using a password on the command line interface can be insecure.
Please enter the redis host:
xcache
Please enter the redis port:
6379
Is redis password required? (true/false):
true
Please enter whether redis ssl is enabled (true/false):
false
Please enter the redis password (if it is no password, keep it empty):
123456
Do you want to set telegram bot? (true/false):
false
Do you want to set default callback url now? (true/false):
false
Configuration Initialization Successful
Please run the server now
docker-compose -f docker-compose-prod.yml up -d

注意，执行安装后会在同目录下生成private.pem，这个是管理员归集资金的私钥。您可以将它保存在单独的u盘中，或者加密后保存到Google Drive中。

根据命令行提示完成配置后，启动服务器

docker-compose -f docker-compose-prod.yml up -d

# logs
docker logs -f upayapi

访问本地端口，确认启动成功

curl -vX GET http://localhost:8080

接口返回ok表示启动成功，示例如下：

curl -vX GET http://localhost:8080

Note: Unnecessary use of -X or --request, GET is already inferred.
* Host localhost:8080 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:8080...
* Connected to localhost (::1) port 8080
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/1.1 200
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
< Content-Type: text/plain;charset=ISO-8859-1
< Content-Length: 2
< Date: Fri, 03 Jan 2025 22:33:06 GMT
<
* Connection #0 to host localhost left intact
ok

Previous安装服务器 - 极简安装 Next配置rpc和服务参数

Last updated 3 months ago

# 创建用户 CREATE USER '新用户名'@'主机' IDENTIFIED BY '密码'; # 主机可以是%,也可以是api服务的ip # 授权访问数据库 GRANT SELECT, CREATE, DROP, INSERT, UPDATE, DELETE, INDEX, ALTER, REFERENCES ON upay.* TO '新用户名'@'主机' # 刷新 FLUSH PRIVILEGES;

[ req ] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = CA ST = BC L = VAN O = WRB OU = WRB TECH CN = xredis [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = xcache DNS.2 = xcache1

# 生成根ca证书 openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -days 3650 -out ca.crt -config redis-server.conf # 生成服务器证书 openssl req -new -nodes -out redis.csr -newkey rsa:2048 -keyout redis.key -config redis-server.conf # 使用ca证书签署服务端证书 openssl x509 -req -in redis.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out redis.crt -days 3650

cp ca.crt /etc/redis6/ca.crt cp redis.crt /etc/redis6/redis.crt cp redis.key /etc/redis6/redis.key # 设置权限： sudo chown redis6:redis6 /etc/redis6/redis.crt /etc/redis6/redis.key /etc/redis6/ca.crt sudo chmod 600 /etc/redis6/redis.key sudo chmod 644 /etc/redis6/redis.crt /etc/redis6/ca.crt

# 启用 TLS 和端口设置 tls-port 6379 # 禁用非 TLS 端口 port 0 # 证书和密钥文件 tls-cert-file /etc/redis6/redis.crt tls-key-file /etc/redis6/redis.key tls-ca-cert-file /etc/redis6/ca.crt # 启用客户端证书验证 tls-auth-clients yes # 配置redis，设置登录验证 requirepass 123456 # 绑定所有网口 bind * -::*

[ req ] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = CA ST = BC L = VAN O = WRB OU = WRB TECH CN = *.xnode.host [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = *.yourhost.com DNS.2 = example

# 支持泛域名，生成客户端证书 openssl req -new -nodes -out client.csr -newkey rsa:2048 -keyout client.key -config client.conf # 使用前序步骤生成的ca根证书签署客户端证书 openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650 # 合并成为p12 openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile ca.crt

Beaver Payment Configuration Initialization 1 - Generating RSA Key Pair ...+..+..........+..+++++++++++++++++++++++++++++++++++++++++++++*..+.+........+....+...+.....+++++++++++++++++++++++++++++++++++++++++++++*..........................+.+...+...........+......+.+............+..+..........+...+...+........+......+..........+...........+...+...........................+.........+......+.............+..+....+..............+........................+.+..+...+.......+..+.....................................+........+.......+..............+.......+........+.........+..........+...+.....+...+....+...+............+...+...+..+.........+...+..........+............+...............+......+.....+.........+.+..+.......+........................+.................+...+.......+........+.+...+.....+.+.....+.+..............+.......+........+....+.................+.+...+.................+..........+..+.......+..............+...............+.+.....+......+...............+...+......+.+.....+.......+..+....+.........+.....+.+............+..............+......+............+..........+......+.....+............+...............+....+...+...+.................+.+...........+......+.......+..+.+........+....+......+.....................+.....+....+..+...............+.......+..+...+................+..+.......+..................+............+.....+...+...............+...................+.....+....+..............+..........+...+..+.......+......+.....+.............+..+.............+.....+.........+.+..+...+......+.+.......................+.+......+............+...+.....+...+.........+......................+.........+...........+...+.............+..+.....................+.+.....+....+..+..........+..+..........+...............+...+..+...+.......+.................+.+...............+..................+..+.........+......+.......+......+..+....+........+.+..+...+.+...+..+...+......+.+.....+.+.......................+.......+........+..........+.........+........+...................+......+..+......+.+.........+.........+...........+......+.........+..........+..+.........+......+....+......+...+...........+....+....................+....+...........+....+..+.........+....+.....+.+..+....+..................+.....+......+++++ ....+.+...+..+............+.+......+.....+...+.+..+...+.+...........+....+..............+.+......+.........+...+...+++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++++*........+...+..+.........+.+..............+.......+.....+...+...............................+.....+...+.+......+......+..+.......+........+......+.+......+............+.....+...+.......+........+.........+.+...+.........+......+..+...+.+......+..+......+......+...+.......+........+...+...+.+......+.....+.........+.........+............+..................+............+..........+...+...............+......+...+...+........+.+.......................+.+....................+.........+...+.......+..+...+.+......+.........+.....+.+...........+.......+...+...............+.....+.......+..+......+.......+...........+....+....................+..........+..+.........+.......+.....+...........................+...+...+............+..........+..+......+.+......+..+.+..+...+....+...+.........+.........+.........+..+.+..+...+.......+......+.....+..........+..+...+.+......+..............+....+.........+.....+...+.............+.........+++++ writing RSA key Please keep the private.pem file safe and secure public.pem saved in .config successful Generating Google Authenticator Secret: Generate Notify Secret: Generating .env file Please enter the database host: 127.0.0.1 Please enter the database port: 3306 Please enter the database name: upay Please enter the database username: root Please enter the database password: root123321 Testing database connection mysql: [Warning] Using a password on the command line interface can be insecure. +---+ | 1 | +---+ | 1 | +---+ Database connection successful Creating database if it does not exist mysql: [Warning] Using a password on the command line interface can be insecure. Please enter the redis host: xcache Please enter the redis port: 6379 Is redis password required? (true/false): true Please enter whether redis ssl is enabled (true/false): false Please enter the redis password (if it is no password, keep it empty): 123456 Do you want to set telegram bot? (true/false): false Do you want to set default callback url now? (true/false): false Configuration Initialization Successful Please run the server now docker-compose -f docker-compose-prod.yml up -d

curl -vX GET http://localhost:8080 Note: Unnecessary use of -X or --request, GET is already inferred. * Host localhost:8080 was resolved. * IPv6: ::1 * IPv4: 127.0.0.1 * Trying [::1]:8080... * Connected to localhost (::1) port 8080 > GET / HTTP/1.1 > Host: localhost:8080 > User-Agent: curl/8.5.0 > Accept: */* > < HTTP/1.1 200 < Vary: Origin < Vary: Access-Control-Request-Method < Vary: Access-Control-Request-Headers < Content-Type: text/plain;charset=ISO-8859-1 < Content-Length: 2 < Date: Fri, 03 Jan 2025 22:33:06 GMT < * Connection #0 to host localhost left intact ok