需求:需要从一台服务器同步证书文件到另一台服务器,文件小,选择使用scp。
要点:在证书所在主机用root用户scp到目标主机普通用户,目标文件夹为目标普通用户所拥有;目标主机root加密码;非必要目标普通用户不在wheel管理组;
零、准备
配置证书自动登录,详见【参考FreeBSD配置密钥对登录】
一、测试
scp -r /usr/local/etc/letsencrypt/live/mail.mozii.org/* sshfs@172.16.1.8:/usr/local/etc/letsencrypt/live/mail.mozii.org/
二、设置定时任务
vim /etc/crontab
效果如下:
# /etc/crontab - root's crontab for FreeBSD
#
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
#
# /etc/crontab - root's crontab for FreeBSD
#
# /etc/crontab - root's crontab for FreeBSD
#
#
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
#
#minute hour mday month wday who command
#
# Save some entropy so that /dev/random can re-seed on boot.
*/11 * * * * operator /usr/libexec/save-entropy
#
# Rotate log files every hour, if necessary.
0 * * * * root newsyslog
#
# Perform daily/weekly/monthly maintenance.
1 3 * * * root periodic daily
15 4 * * 6 root periodic weekly
30 5 1 * * root periodic monthly
#
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time. See adjkerntz(8) for details.
1,31 0-5 * * * root adjkerntz -a
# 添加证书同步任务
10 3 * * 3 root /usr/bin/scp -r /usr/local/etc/letsencrypt/live/mail.mozii.org/* sshfs@172.16.1.8:/usr/local/etc/letsencrypt/live/mail.mozii.org/