0x01 前言

既然使用了proxy,那就说明需要与zabbix server进行通讯。默认情况下的zabbix流量都是未加密的明文数据,为了安全起见,我选择使用数字证书进行加密。

其实也可以配置预共享密钥(PSK)进行加密的,但是相比之下,数字证书的加密强度比PSK的要高。

0x02 准备

首先要准备好server – proxy – client环境,配置过程可以参考以下文章:

0x03 证书

zabbix套件在传输层进行加密(TLS),需要分别配置数字证书。以下是我使用的三个域名:

  • server:webt.t.com
  • proxy:zabbixproxyt1.t.com
  • client:zabbixclientt1

先在server主机上将所有证书一并生成,先生成CA证书:

#新建文件夹
[[email protected] ~]# mkdir /root/crt/ca/

#进入文件夹
[[email protected] ~]# cd /root/crt/ca/

#建立ca key
openssl genrsa 4096 > ca.key

#建立ca证书
openssl req -new -x509 -nodes -days 3650 -key ca.key -subj /C=CN/ST=HongKong/L=HongKong/O=OdinELK/OU=OdinIT/CN=OdinCA/[email protected] > ca.crt

然后签发服务器证书,证书的CN字段请使用域名:

#新建文件夹
[[email protected] ~]# mkdir /root/crt/web-t1.t.com/

#进入文件夹
[[email protected] ~]# cd /root/crt/web-t1.t.com/

#生成key与csr
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout web-t1.t.com.key -subj /C=CN/ST=HongKong/L=HongKong/O=OdinELK/OU=OdinIT/CN=web-t1.t.com/[email protected] > web-t1.t.com.csr

#生成证书
openssl x509 -req -in web-t1.t.com.csr -days 3650 -CA ../ca/ca.crt -CAkey ../ca/ca.key -set_serial 01 > web-t1.t.com.crt

然后是proxy证书:

#新建文件夹
[[email protected] ~]# mkdir /root/crt/zabbix-proxy-t1.t.com/

#进入文件夹
[[email protected] ~]# cd /root/crt/zabbix-proxy-t1.t.com/

#生成key与csr
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout zabbix-proxy-t1.t.com.key -subj /C=CN/ST=HongKong/L=HongKong/O=OdinELK/OU=OdinIT/CN=zabbix-proxy-t1.t.com/[email protected] >zabbix-proxy-t1.t.com.csr

#生成证书
openssl x509 -req -in zabbix-proxy-t1.t.com.csr -days 3650 -CA ../ca/ca.crt -CAkey ../ca/ca.key -set_serial 01 > zabbix-proxy-t1.t.com.crt

最后是client:

#新建文件夹
[[email protected] ~]# mkdir /root/crt/zabbix-client-t1/

#进入文件夹
[[email protected] ~]# cd /root/crt/zabbix-client-t1/

#生成key与csr
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout zabbix-client-t1.t.comkey -subj /C=CN/ST=HongKong/L=HongKong/O=OdinELK/OU=OdinIT/CN=zabbix-client-t1.t.com/[email protected] >zabbix-client-t1.t.com.csr

#生成证书
openssl x509 -req -in zabbix-client-t1.t.com.csr -days 3650 -CA ../ca/ca.crt -CAkey ../ca/ca.key -set_serial 01 > zabbix-client-t1.t.com.crt

还需要吧CA证书分别复制到server、proxy与client的目录中:

[[email protected] ~]# \cp -f /root/crt/ca/ca.crt /root/crt/*

最终这些目录结构如下:

[[email protected] ~]# ll crt/*
crt/ca:
total 8
-rw-r--r-- 1 root root 2110 Apr 29 16:14 ca.crt
-rw-r--r-- 1 root root 3243 Apr 29 16:14 ca.key

crt/web-t1.t.com:
total 16
-rw-r--r-- 1 root root 2110 Apr 29 16:22 ca.crt
-rw-r--r-- 1 root root 1643 Apr 29 16:20 web-t1.t.com.crt
-rw-r--r-- 1 root root 1062 Apr 29 16:20 web-t1.t.com.csr
-rw-r--r-- 1 root root 1704 Apr 29 16:20 web-t1.t.com.key

crt/zabbix-client-t1:
total 16
-rw-r--r-- 1 root root 2110 Apr 29 16:23 ca.crt
-rw-r--r-- 1 root root 1655 Apr 29 16:22 zabbix-client-t1.t.com.crt
-rw-r--r-- 1 root root 1074 Apr 29 16:22 zabbix-client-t1.t.com.csr
-rw-r--r-- 1 root root 1708 Apr 29 16:22 zabbix-client-t1.t.key

crt/zabbix-proxy-t1.t.com:
total 16
-rw-r--r-- 1 root root 2110 Apr 29 17:12 ca.crt
-rw-r--r-- 1 root root 1655 Apr 29 16:21 zabbix-proxy-t1.t.com.crt
-rw-r--r-- 1 root root 1074 Apr 29 16:21 zabbix-proxy-t1.t.com.csr
-rw-r--r-- 1 root root 1708 Apr 29 16:21 zabbix-proxy-t1.t.key

准备好证书,还需要将文件夹分别放置到适当的位置,首先是server:

[[email protected] ~]# cp -r /root/crt/web-t1.t.com/ /usr/local/zabbix/crt

然后是proxy,在这里我使用sftp传输证书文件:

#新建文件夹
[[email protected] ~]# mkdir /usr/local/zabbix/crt

#通过sftp登入server
[[email protected] ~]# sftp web-t1.t.com
[email protected]'s password: 
Connected to web-t1.t.com.

#获取证书  
sftp> get /root/crt/zabbix-proxy-t1.t.com/ /usr/local/zabbix/crt/

#输出内容
Fetching /root/crt/zabbix-proxy-t1.t.com/ to /usr/local/zabbix/crt/zabbix-proxy-t1.t.com
Cannot download non-regular file: /root/crt/zabbix-proxy-t1.t.com/
sftp> get /root/crt/zabbix-proxy-t1.t.com/* /usr/local/zabbix/crt/
Fetching /root/crt/zabbix-proxy-t1.t.com/ca.crt to /usr/local/zabbix/crt/ca.crt
/root/crt/zabbix-proxy-t1.t.com/ca.crt                                                                                                                                    100% 2110     2.1KB/s   00:00    
Fetching /root/crt/zabbix-proxy-t1.t.com/zabbix-proxy-t1.t.com.crt to /usr/local/zabbix/crt/zabbix-proxy-t1.t.com.crt
/root/crt/zabbix-proxy-t1.t.com/zabbix-proxy-t1.t.com.crt                                                                                                                 100% 1655     1.6KB/s   00:00    
Fetching /root/crt/zabbix-proxy-t1.t.com/zabbix-proxy-t1.t.com.csr to /usr/local/zabbix/crt/zabbix-proxy-t1.t.com.csr
/root/crt/zabbix-proxy-t1.t.com/zabbix-proxy-t1.t.com.csr                                                                                                                 100% 1074     1.1KB/s   00:00    
Fetching /root/crt/zabbix-proxy-t1.t.com/zabbix-proxy-t1.t.key to /usr/local/zabbix/crt/zabbix-proxy-t1.t.key
/root/crt/zabbix-proxy-t1.t.com/zabbix-proxy-t1.t.key 

#退出sftp
sftp> exit

用同样的办法将数字证书放置到client中:

#通过sftp登入server
[[email protected] ~]# sftp [email protected]
[email protected]'s password: 
Connected to web-t1.t.com.

#获取证书  
sftp> get /root/crt/zabbix-client-t1/* /usr/local/zabbix/crt/

#输出内容
Fetching /root/crt/zabbix-client-t1/ca.crt to /usr/local/zabbix/crt/ca.crt
/root/crt/zabbix-client-t1/ca.crt                                                                                                                                         100% 2110     2.1KB/s   00:00    
Fetching /root/crt/zabbix-client-t1/zabbix-client-t1.t.com.crt to /usr/local/zabbix/crt/zabbix-client-t1.t.com.crt
/root/crt/zabbix-client-t1/zabbix-client-t1.t.com.crt                                                                                                                     100% 1655     1.6KB/s   00:00    
Fetching /root/crt/zabbix-client-t1/zabbix-client-t1.t.com.csr to /usr/local/zabbix/crt/zabbix-client-t1.t.com.csr
/root/crt/zabbix-client-t1/zabbix-client-t1.t.com.csr                                                                                                                     100% 1074     1.1KB/s   00:00    
Fetching /root/crt/zabbix-client-t1/zabbix-client-t1.t.key to /usr/local/zabbix/crt/zabbix-client-t1.t.key
/root/crt/zabbix-client-t1/zabbix-client-t1.t.key                                                                                                                         100% 1708     1.7KB/s   00:00    

#退出sftp
sftp> exit

0x04 server

在server端编辑zabbix_server.conf:

#打开文件
[[email protected] ~]# vim /usr/local/zabbix/etc/zabbix_server.conf

#取消TLSCAFile字段的注释并填写CA证书的绝对路径
TLSCAFile=/usr/local/zabbix/crt/ca.crt

#取消TLSCertFile字段的注释并填写server证书的绝对路径
TLSCertFile=/usr/local/zabbix/crt/web-t1.t.com.crt

#取消TLSKeyFile字段的注释并填写server私钥的绝对路径
TLSKeyFile=/usr/local/zabbix/crt/web-t1.t.com.key

使用killall停止所有zabbix_server进程然后再启动:

#killall
[[email protected] ~]# killall zabbix_server

#启动
[[email protected] ~]# zabbix_server

检查日志中的启动情况:

[[email protected] ~]# ps -aux | grep zabbix
zabbix   26024  0.0  0.1 151480  3188 ?        S    16:26   0:00 zabbix_server
zabbix   26028  0.0  0.1 151480  2540 ?        S    16:26   0:00 zabbix_server: configuration syncer [synced configuration in 0.005151 sec, idle 60 sec]
zabbix   26029  0.0  0.1 151472  2192 ?        S    16:26   0:00 zabbix_server: db watchdog [synced alerts config in 0.001144 sec, idle 60 sec]
zabbix   26030  0.0  0.2 258476  4820 ?        S    16:26   0:00 zabbix_server: poller #1 [got 0 values in 0.000004 sec, idle 5 sec]
zabbix   26032  0.0  0.2 258476  4820 ?        S    16:26   0:00 zabbix_server: poller #2 [got 0 values in 0.000005 sec, idle 5 sec]
zabbix   26033  0.0  0.2 258476  4820 ?        S    16:26   0:00 zabbix_server: poller #3 [got 0 values in 0.000003 sec, idle 5 sec]
zabbix   26034  0.0  0.2 258476  4820 ?        S    16:26   0:00 zabbix_server: poller #4 [got 0 values in 0.000003 sec, idle 5 sec]
zabbix   26035  0.0  0.2 258476  4820 ?        S    16:26   0:00 zabbix_server: poller #5 [got 0 values in 0.000004 sec, idle 5 sec]
zabbix   26036  0.0  0.2 258476  4820 ?        S    16:26   0:00 zabbix_server: unreachable poller #1 [got 0 values in 0.000003 sec, idle 5 sec]
zabbix   26037  0.0  0.2 154136  4928 ?        S    16:26   0:05 zabbix_server: trapper #1 [processed data in 0.000006 sec, waiting for connection]
zabbix   26038  0.0  0.2 154136  5200 ?        S    16:26   0:05 zabbix_server: trapper #2 [processed data in 0.000821 sec, waiting for connection]
zabbix   26039  0.0  0.2 154136  5184 ?        S    16:26   0:05 zabbix_server: trapper #3 [processed data in 0.000952 sec, waiting for connection]
zabbix   26040  0.0  0.2 154288  5096 ?        S    16:26   0:05 zabbix_server: trapper #4 [processed data in 0.001088 sec, waiting for connection]
zabbix   26041  0.0  0.2 154136  5132 ?        S    16:26   0:05 zabbix_server: trapper #5 [processed data in 0.001016 sec, waiting for connection]
zabbix   26042  0.0  0.0 153996  1856 ?        S    16:26   0:00 zabbix_server: icmp pinger #1 [got 0 values in 0.000003 sec, idle 5 sec]
zabbix   26043  0.0  0.1 151472  2180 ?        S    16:26   0:00 zabbix_server: alerter [sent alerts: 0 success, 0 fail in 0.000468 sec, idle 30 sec]
zabbix   26044  0.0  0.1 151764  2568 ?        S    16:26   0:00 zabbix_server: housekeeper [deleted 0 hist/trends, 0 items, 0 events, 0 sessions, 0 alarms, 0 audit items in 0.001157 sec, idle for 1 hour(s)]
zabbix   26045  0.0  0.1 151560  2664 ?        S    16:26   0:00 zabbix_server: timer #1 [processed 1 triggers, 0 events in 0.000180 sec, 0 maintenances in 0.000000 sec, idle 30 sec]
zabbix   26046  0.0  0.1 151472  2220 ?        S    16:26   0:00 zabbix_server: http poller #1 [got 0 values in 0.000417 sec, idle 5 sec]
zabbix   26047  0.0  0.2 255952  4820 ?        S    16:26   0:00 zabbix_server: discoverer #1 [processed 0 rules in 0.000615 sec, idle 60 sec]
zabbix   26048  0.0  0.1 151532  3072 ?        S    16:26   0:00 zabbix_server: history syncer #1 [synced 0 items in 0.000001 sec, idle 1 sec]
zabbix   26049  0.0  0.1 151616  3044 ?        S    16:26   0:00 zabbix_server: history syncer #2 [synced 0 items in 0.000001 sec, idle 1 sec]
zabbix   26050  0.0  0.1 151792  3276 ?        S    16:26   0:00 zabbix_server: history syncer #3 [synced 0 items in 0.000001 sec, idle 1 sec]
zabbix   26051  0.0  0.1 151532  3112 ?        S    16:26   0:00 zabbix_server: history syncer #4 [synced 0 items in 0.000001 sec, idle 1 sec]
zabbix   26052  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: escalator #1 [processed 0 escalations in 0.000716 sec, idle 3 sec]
zabbix   26053  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #1 [exchanged data with 0 proxies in 0.000002 sec, idle 5 sec]
zabbix   26055  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #2 [exchanged data with 0 proxies in 0.000003 sec, idle 5 sec]
zabbix   26057  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #3 [exchanged data with 0 proxies in 0.000002 sec, idle 5 sec]
zabbix   26058  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #4 [exchanged data with 0 proxies in 0.000002 sec, idle 5 sec]
zabbix   26059  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #5 [exchanged data with 0 proxies in 0.000005 sec, idle 5 sec]
zabbix   26060  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #6 [exchanged data with 0 proxies in 0.000003 sec, idle 5 sec]
zabbix   26061  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #7 [exchanged data with 0 proxies in 0.000002 sec, idle 5 sec]
zabbix   26062  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #8 [exchanged data with 0 proxies in 0.000012 sec, idle 5 sec]
zabbix   26063  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #9 [exchanged data with 0 proxies in 0.000011 sec, idle 5 sec]
zabbix   26064  0.0  0.1 151616  3272 ?        S    16:26   0:00 zabbix_server: proxy poller #10 [exchanged data with 0 proxies in 0.000003 sec, idle 5 sec]
zabbix   26065  0.0  0.0 151480  1856 ?        S    16:26   0:00 zabbix_server: self-monitoring [processed data in 0.000004 sec, idle 1 sec]
zabbix   26066  0.0  0.1 151472  2320 ?        S    16:26   0:00 zabbix_server: task manager [processed 0 task(s) in 0.000264 sec, idle 5 sec]
root     27569  0.0  0.0 112652   964 pts/0    S+   18:40   0:00 grep --color=auto zabbix

0x05 proxy

同样在proxy主机上打开配置文件zabbix_proxy.conf进行修改:

[[email protected] ~]# vim /usr/local/zabbix/etc/zabbix_proxy.conf 

#取消注释TLSConnect字段并修改为cert
TLSConnect=cert

##取消注释TLSAccept字段并修改为cert
TLSAccept=cert

#取消TLSCAFile字段的注释并填写CA证书的绝对路径
TLSCAFile=/usr/local/zabbix/crt/ca.crt

##取消TLSCertFile字段的注释并填写proxy证书的绝对路径
TLSCertFile=/usr/local/zabbix/crt/zabbix-proxy-t1.t.com.crt

#取消TLSKeyFile字段的注释并填写proxy私钥的绝对路径
TLSKeyFile=/usr/local/zabbix/crt/zabbix-proxy-t1.t.com.key

使用killall停止所有zabbix_进程然后再启动:

#killall
[[email protected] ~]# killall zabbix_proxy

#启动
[[email protected] ~]# zabbix_proxy

检查启动情况:

[[email protected] ~]# ps -aux | grep zabbix
zabbix   24301  0.0  0.3 141160  3540 ?        S    16:40   0:00 zabbix_proxy
zabbix   24305  0.0  0.4 141412  4732 ?        S    16:40   0:00 zabbix_proxy: configuration syncer [synced config 9238 bytes in 0.026664 sec, idle 300 sec]
zabbix   24306  0.0  0.3 141296  3900 ?        S    16:40   0:04 zabbix_proxy: heartbeat sender [sending heartbeat message success in 0.012053 sec, idle 10 sec]
zabbix   24307  0.3  0.4 141416  4348 ?        S    16:40   0:25 zabbix_proxy: data sender [sent 1 values in 0.013919 sec, idle 1 sec]
zabbix   24308  0.0  0.5 248312  5796 ?        S    16:40   0:04 zabbix_proxy: poller #1 [got 0 values in 0.000004 sec, idle 1 sec]
zabbix   24309  0.0  0.5 248312  5812 ?        S    16:40   0:04 zabbix_proxy: poller #2 [got 0 values in 0.000003 sec, idle 1 sec]
zabbix   24310  0.0  0.5 248312  5808 ?        S    16:40   0:04 zabbix_proxy: poller #3 [got 1 values in 0.011627 sec, idle 1 sec]
zabbix   24311  0.0  0.5 248312  5800 ?        S    16:40   0:04 zabbix_proxy: poller #4 [got 0 values in 0.000004 sec, idle 1 sec]
zabbix   24312  0.0  0.5 248312  5812 ?        S    16:40   0:04 zabbix_proxy: poller #5 [got 0 values in 0.000003 sec, idle 1 sec]
zabbix   24313  0.0  0.5 248360  5868 ?        S    16:40   0:00 zabbix_proxy: unreachable poller #1 [got 0 values in 0.000004 sec, idle 5 sec]
zabbix   24314  0.0  0.3 141284  3404 ?        S    16:40   0:00 zabbix_proxy: trapper #1 [processed data in 0.000000 sec, waiting for connection]
zabbix   24315  0.0  0.3 141284  3404 ?        S    16:40   0:00 zabbix_proxy: trapper #2 [processed data in 0.000000 sec, waiting for connection]
zabbix   24316  0.0  0.3 141284  3404 ?        S    16:40   0:00 zabbix_proxy: trapper #3 [processed data in 0.000000 sec, waiting for connection]
zabbix   24317  0.0  0.3 141320  4028 ?        S    16:40   0:00 zabbix_proxy: trapper #4 [processed data in 0.010555 sec, waiting for connection]
zabbix   24318  0.0  0.3 141284  3404 ?        S    16:40   0:00 zabbix_proxy: trapper #5 [processed data in 0.000000 sec, waiting for connection]
zabbix   24319  0.0  0.1 143676  1880 ?        S    16:40   0:00 zabbix_proxy: icmp pinger #1 [got 0 values in 0.000004 sec, idle 5 sec]
zabbix   24320  0.0  0.2 141152  2524 ?        S    16:40   0:00 zabbix_proxy: housekeeper [deleted 1885 records in 0.028891 sec, idle for 1 hour(s)]
zabbix   24321  0.0  0.2 141152  2436 ?        S    16:40   0:00 zabbix_proxy: http poller #1 [got 0 values in 0.000465 sec, idle 5 sec]
zabbix   24322  0.0  0.4 245636  4772 ?        S    16:40   0:00 zabbix_proxy: discoverer #1 [processed 0 rules in 0.000571 sec, idle 60 sec]
zabbix   24323  0.0  0.2 141152  2712 ?        S    16:40   0:00 zabbix_proxy: history syncer #1 [synced 0 items in 0.000004 sec, idle 1 sec]
zabbix   24324  0.0  0.2 141152  2712 ?        S    16:40   0:00 zabbix_proxy: history syncer #2 [synced 0 items in 0.000004 sec, idle 1 sec]
zabbix   24325  0.0  0.2 141152  2712 ?        S    16:40   0:00 zabbix_proxy: history syncer #3 [synced 0 items in 0.000003 sec, idle 1 sec]
zabbix   24326  0.0  0.2 141152  2712 ?        S    16:40   0:00 zabbix_proxy: history syncer #4 [synced 1 items in 0.001658 sec, idle 1 sec]
zabbix   24327  0.0  0.1 141160  1876 ?        S    16:40   0:00 zabbix_proxy: self-monitoring [processed data in 0.000004 sec, idle 1 sec]
root     24583  0.0  0.0 112648   964 pts/0    R+   18:56   0:00 grep --color=auto zabbix

 

0x06 client

最后是client的证书配置,这一部分的配置过程和以下文章中的类似:

打开agent的配置文件进行修改:

[[email protected] ~]# vim /usr/local/zabbix/etc/zabbix_agentd.conf

#取消注释TLSConnect字段并修改为cert
TLSConnect=cert

##取消注释TLSAccept字段并修改为cert
TLSAccept=cert

#取消TLSCAFile字段的注释并填写CA证书的绝对路径
TLSCAFile=/usr/local/zabbix/crt/ca.crt

##取消TLSCertFile字段的注释并填写proxy证书的绝对路径
TLSCertFile=/usr/local/zabbix/crt/zabbix-client-t1.t.com.crt

#取消TLSKeyFile字段的注释并填写proxy私钥的绝对路径
TLSKeyFile=/usr/local/zabbix/crt/zabbix-client-t1.t.com.key

再次使用killall停止所有agent进程然后启动:

#killall
[[email protected] ~]# killall zabbix_agentd

#启动
[[email protected] ~]# zabbix_agentd

检查启动情况:

[[email protected] ~]# ps -aux | grep zabbix
zabbix   16333  0.0  0.1  79992  1384 ?        S    16:39   0:00 zabbix_agentd
zabbix   16334  0.0  0.1  79992  1412 ?        S    16:39   0:01 zabbix_agentd: collector [idle 1 sec]
zabbix   16335  0.1  0.3  82312  3516 ?        S    16:39   0:08 zabbix_agentd: listener #1 [waiting for connection]
zabbix   16336  0.1  0.3  82312  3508 ?        S    16:39   0:08 zabbix_agentd: listener #2 [waiting for connection]
zabbix   16337  0.1  0.3  82312  3508 ?        S    16:39   0:08 zabbix_agentd: listener #3 [waiting for connection]
zabbix   16338  0.0  0.3  82324  3308 ?        S    16:39   0:00 zabbix_agentd: active checks #1 [idle 1 sec]
zabbix   16339  0.0  0.3  82324  3312 ?        R    16:39   0:00 zabbix_agentd: active checks #2 [getting list of active checks]
root     18117  0.0  0.0 112648   960 pts/0    R+   18:55   0:00 grep --color=auto zabbix

0x07 配置

0x07.1 proxy

配置好服务后,还需要到控制面板中启用证书验证,首先配置proxy:

进入Administration –> Proxies中选择代理配置文件并到Encryption选项中将Connections from proxy勾选Certificate以启用proxy的证书加密。

因为我的proxy的模式为主动模式,所以当proxy会自动获取新的配置信息。如果你所设置的轮训间隔较长,那需要较长的时候才能成功同步。一旦同步成功后,显示如下:

0x07.2 client

如果使用agent,也需要手动启用证书加密:

点击update后需要等待一段时间,等待的时长由轮询时间设置所决定的。

如果一些正常,那么显示如下:

0x08 结语

配置过程非常简单,使用证书加密后,还能大大提高安全性。