texousliu/keyfil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[2025-01-11] 添加Nacos安装及SSO接入指南
All checks were successful
Publish to Confluence / confluence (push) Successful in 47s
Details

Browse Source
This commit is contained in:
liuxiaohua 2025-01-11 15:41:56 +08:00
parent f7328b0b37
commit ac9b62262a
3 changed files with 262 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
任务/周报.md
View File

@ -1,15 +1,16 @@
## 20250106 - 20250110 ## 20250106 - 20250110
- [X] [Yearning SSO接入](http://confluence.qifu.com/pages/viewpage.action?pageId=38508162) - [X] [Yearning SSO接入](http://confluence.qifu.com/pages/viewpage.action?pageId=38508162)
- [X] [Gitlab SSO接入](http://confluence.qifu.com/pages/viewpage.action?pageId=38508192) - [X] [Gitlab SSO接入](http://confluence.qifu.com/pages/viewpage.action?pageId=38508192)
- [X] K8s健康检查接口集成。 - [X] [K8s健康检查接口集成。](http://confluence.qifu.com/pages/viewpage.action?pageId=38508360)
- [X] [Confluence安装及SSO接入指南](http://confluence.qifu.com/pages/viewpage.action?pageId=38508352)
- [ ] 集简云对接(需要付费后才能介入) - [ ] 集简云对接(需要付费后才能介入)
- [X] 基础架子搭建 - [X] 基础架子搭建
- [ ] 接口对接 - [ ] 接口对接
- [ ] 面试 - [ ] 面试
- 附加任务 - 附加任务
- [ ] starter-sso 封装 - [X] starter-sso 封装
- [ ] 国际电子面单下单测试 - [ ] 国际电子面单下单测试
- [ ] 物流轨迹字段完善 - [X] 物流轨迹字段完善
## 20241230 - 20250103 ## 20241230 - 20250103

258
教程/20250111-Nacos安装及SSO接入指南.md Normal file
View File

@ -0,0 +1,258 @@
<!-- Space: qifu -->
<!-- Parent: 后端技术&知识&规范 -->
<!-- Parent: 技术方案 -->
<!-- Parent: 基建 -->
<!-- Title: 20250111-Nacos安装及SSO接入指南 -->
<!-- Attachment: ../材料/nacos.zip -->
<!-- Macro: :anchor\((.*)\):
Template: ac:anchor
Anchor: ${1} -->
<!-- Macro: \!\[.*\]\((.+)\)\<\!\-\- width=(.*) \-\-\>
Template: ac:image
Url: ${1}
Width: ${2} -->
<!-- Macro: \<\!\-\- :toc: \-\-\>
Template: ac:toc
Printable: 'false'
MinLevel: 2
MaxLevel: 4 -->
<!-- Include: 杂项/声明文件.md -->
<!-- :toc: -->
# Nacos 安装及 SSO 接入指南
- Nacos 版本 `2.1.1`
- JDK 版本 `1.8.0_431`
- Node 版本 `v16.20.2`
- [附件包](../材料/nacos.zip)
## Nacos 打包
### 获取 Nacos 代码
#### 获取代码
```shell
#- 进入工作目录
cd /usr/local/nacos
#- 克隆代码
git clone https://github.com/alibaba/nacos.git
#- 从 2.1.1 tag 中切出新分支
git checkout -b feat/add-oidc-auth 2.1.1
```
### 添加SSO功能
#### 附件包解压
- 将附件包释放到 /usr/local/nacos 文件夹下
```shell
cd /usr/local/nacos
unzip nacos.zip
```
#### 前端变更
```shell
cp /usr/local/nacos/Login.jsx /usr/local/nacos/nacos/console-ui/src/pages/Login/Login.jsx
cp /usr/local/nacos/index.scss /usr/local/nacos/nacos/console-ui/src/pages/Login/index.scss
```
#### 后端变更
```shell
mkdir /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc
cp /usr/local/nacos/OidcAuthController.java /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc/OidcAuthController.java
cp /usr/local/nacos/OidcService.java /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc/OidcService.java
cp /usr/local/nacos/OidcUtil.java /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc/OidcUtil.java
```
#### 前端构建
```shell
#- 进入目录
cd /usr/local/nacos/nacos/console-ui
#- 安装依赖
npm install --registry https://registry.npmmirror.com
#- 构建项目
npm run build --registry https://registry.npmmirror.com
```
- `npm run build` 执行成功后会自动把 dist 文件夹下的某些文件拷贝到对应的项目下
#### 服务构建
```shell
#- 进入目录
cd /usr/local/nacos/nacos
#- 打包
mvn -Prelease-nacos -Dmaven.test.skip=true clean install -U
```
#### 获取打包服务
```shell
cp /usr/local/nacos/nacos/distribution/target/nacos-server-2.1.1.tar.gz /usr/local/nacos
```
## 镜像构建
### 获取阿里镜像源
- 附件包中的 `Centos-7.repo`
- 或者执行以下命令获取
```shell
wget -O /usr/local/nacos/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo
```
### 创建 Dockerfile 文件
- `vi /usr/local/nacos/Dockerfile`
```dockerfile
FROM centos:7.9.2009
MAINTAINER pader "test@test.com"
# set environment
ENV MODE="cluster" \
PREFER_HOST_MODE="ip"\
BASE_DIR="/home/nacos" \
CLASSPATH=".:/home/nacos/conf:$CLASSPATH" \
CLUSTER_CONF="/home/nacos/conf/cluster.conf" \
FUNCTION_MODE="all" \
JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" \
NACOS_USER="nacos" \
JAVA="/usr/lib/jvm/java-1.8.0-openjdk/bin/java" \
JVM_XMS="1g" \
JVM_XMX="1g" \
JVM_XMN="512m" \
JVM_MS="128m" \
JVM_MMS="320m" \
NACOS_DEBUG="n" \
TOMCAT_ACCESSLOG_ENABLED="false" \
TIME_ZONE="Asia/Shanghai"
ARG NACOS_VERSION=2.1.1
ARG HOT_FIX_FLAG=""
WORKDIR $BASE_DIR
COPY ./Centos-7.repo /etc/yum.repos.d/CentOS-Base.repo
RUN set -x \
&& yum update -y \
&& yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel wget iputils nc vim libcurl
# RUN wget https://github.com/alibaba/nacos/releases/download/${NACOS_VERSION}${HOT_FIX_FLAG}/nacos-server-${NACOS_VERSION}.tar.gz -P /home
COPY ./nacos-server-${NACOS_VERSION}.tar.gz /home/
RUN tar -xzvf /home/nacos-server-${NACOS_VERSION}.tar.gz -C /home \
&& rm -rf /home/nacos-server-${NACOS_VERSION}.tar.gz /home/nacos/bin/* /home/nacos/conf/*.properties /home/nacos/conf/*.example /home/nacos/conf/nacos-mysql.sql
RUN yum autoremove -y wget \
&& ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone \
&& yum clean all
ADD bin/docker-startup.sh bin/docker-startup.sh
ADD conf/application.properties conf/application.properties
# set startup log dir
RUN mkdir -p logs \
&& cd logs \
&& touch start.out \
&& ln -sf /dev/stdout start.out \
&& ln -sf /dev/stderr start.out
RUN chmod +x bin/docker-startup.sh
EXPOSE 8848
ENTRYPOINT ["bin/docker-startup.sh"]
```
### 构建镜像
#### 添加启动脚本
```shell
#- 创建文件夹
mkdir /usr/local/naco/bin
mkdir /usr/local/nacos/conf
cp /usr/local/nacos/docker-startup.sh /usr/local/nacos/bin/docker-startup.sh
cp /usr/local/nacos/application.properties /usr/local/nacos/conf/application.properties
```
#### 构建
```shell
#- 进入工作目录
cd /usr/local/nacos
#- 构建镜像
docker build -f Dockerfile -t nacos/nacos-server:v2.1.1 .
```
## 服务启动
### 创建 Docker Compose 文件
- `vi /usr/local/nacos/docker-compose.yaml`
```yaml
version: "3.6"
services:
nacos:
image: nacos/nacos-server:v2.1.1
container_name: nacos-standalone
environment:
- PREFER_HOST_MODE=hostname
- MODE=standalone
- NACOS_AUTH_IDENTITY_KEY=serverIdentity
- NACOS_AUTH_IDENTITY_VALUE=security
- NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789
volumes:
- ./standalone-logs/:/home/nacos/logs
- ./init.d/application.properties:/home/nacos/conf/application.properties
ports:
- "8848:8848"
- "9848:9848"
```
### 启动服务
```shell
docker compose -f /usr/local/nacos/docker-compose.yaml up -d
```
### 配置 OIDC
- `vi /usr/local/nacos/init.d/application.properties`
- 在最后面追加
```properties
#*************** OIDC Related Configurations ***************#
### OpenId providers' key, list is supported(separated by comma)
nacos.core.auth.oidc-idp=keycloak
### corresponding OpenId providers' name, displayed in the login page
nacos.core.auth.oidc-idp.keycloak.name=企业微信
### the url of the corresponding OpenId provider used to initialize the authentication
nacos.core.auth.oidc-idp.keycloak.auth-url=http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/auth
### the url of the corresponding OpenId provider used to get the access token
nacos.core.auth.oidc-idp.keycloak.exchange-token-url=http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/token
### the url of the corresponding OpenId provider used to get the user information
nacos.core.auth.oidc-idp.keycloak.userinfo-url=http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/userinfo
### the client_id of the corresponding OpenId provider
nacos.core.auth.oidc-idp.keycloak.client-id=nacos
### the client_secret of the corresponding OpenId provider
nacos.core.auth.oidc-idp.keycloak.client-secret=7bBJVwRRAxb6PGzrGOj2SyIaSpxcPC9Y
### the scopes of the corresponding OpenId provider, sometimes it can be omitted (e.g. Github)
nacos.core.auth.oidc-idp.keycloak.scope=openid profile email
### the jsonpath expression of the corresponding OpenId provider used to extract the user's unique identifier from the user information
nacos.core.auth.oidc-idp.keycloak.username-key=preferred_username
nacos.core.auth.oidc-idp.keycloak.email-key=email
nacos.core.auth.oidc-idp.keycloak.full-name-key=name
nacos.core.auth.oidc-idp.keycloak.enable-create=true
```
### 重启服务
```shell
#- 停止
docker compose -f /usr/local/nacos/docker-compose.yaml down
#- 启动
docker compose -f /usr/local/nacos/docker-compose.yaml up -d
```
- 或者使用 `docker compose restart` 重启服务
## 参考
- [Support for logining to console through OIDC #7747](https://github.com/alibaba/nacos/pull/7747/files)
- [Nacos安装](https://nacos.io/docs/v2/quickstart/quick-start/?spm=5238cd80.47ee59c.0.0.189fcd362F2139)

BIN
材料/nacos.zip Normal file
View File

Binary file not shown.