7.8 KiB
7.8 KiB
Nacos 安装及 SSO 接入指南
- Nacos 版本
2.1.1 - JDK 版本
1.8.0_431 - Node 版本
v16.20.2 - 附件包
Nacos 打包
获取 Nacos 代码
获取代码
#- 进入工作目录
cd /usr/local/nacos
#- 克隆代码
git clone https://github.com/alibaba/nacos.git
#- 从 2.1.1 tag 中切出新分支
git checkout -b feat/add-oidc-auth 2.1.1
添加SSO功能
附件包解压
- 将附件包释放到 /usr/local/nacos 文件夹下
cd /usr/local/nacos
unzip nacos.zip
前端变更
cp /usr/local/nacos/Login.jsx /usr/local/nacos/nacos/console-ui/src/pages/Login/Login.jsx
cp /usr/local/nacos/index.scss /usr/local/nacos/nacos/console-ui/src/pages/Login/index.scss
后端变更
mkdir /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc
cp /usr/local/nacos/OidcAuthController.java /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc/OidcAuthController.java
cp /usr/local/nacos/OidcService.java /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc/OidcService.java
cp /usr/local/nacos/OidcUtil.java /usr/local/nacos/nacos/plugin-default-impl/src/main/java/com/alibaba/nacos/plugin/auth/impl/oidc/OidcUtil.java
前端构建
#- 进入目录
cd /usr/local/nacos/nacos/console-ui
#- 安装依赖
npm install --registry https://registry.npmmirror.com
#- 构建项目
npm run build --registry https://registry.npmmirror.com
npm run build执行成功后会自动把 dist 文件夹下的某些文件拷贝到对应的项目下
服务构建
#- 进入目录
cd /usr/local/nacos/nacos
#- 打包
mvn -Prelease-nacos -Dmaven.test.skip=true clean install -U
获取打包服务
cp /usr/local/nacos/nacos/distribution/target/nacos-server-2.1.1.tar.gz /usr/local/nacos
镜像构建
获取阿里镜像源
- 附件包中的
Centos-7.repo - 或者执行以下命令获取
wget -O /usr/local/nacos/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo
创建 Dockerfile 文件
vi /usr/local/nacos/Dockerfile
FROM centos:7.9.2009
MAINTAINER pader "test@test.com"
#- set environment
ENV MODE="cluster" \
PREFER_HOST_MODE="ip"\
BASE_DIR="/home/nacos" \
CLASSPATH=".:/home/nacos/conf:$CLASSPATH" \
CLUSTER_CONF="/home/nacos/conf/cluster.conf" \
FUNCTION_MODE="all" \
JAVA_HOME="/usr/lib/jvm/java-1.8.0-openjdk" \
NACOS_USER="nacos" \
JAVA="/usr/lib/jvm/java-1.8.0-openjdk/bin/java" \
JVM_XMS="1g" \
JVM_XMX="1g" \
JVM_XMN="512m" \
JVM_MS="128m" \
JVM_MMS="320m" \
NACOS_DEBUG="n" \
TOMCAT_ACCESSLOG_ENABLED="false" \
TIME_ZONE="Asia/Shanghai"
ARG NACOS_VERSION=2.1.1
ARG HOT_FIX_FLAG=""
WORKDIR $BASE_DIR
COPY ./Centos-7.repo /etc/yum.repos.d/CentOS-Base.repo
RUN set -x \
&& yum update -y \
&& yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel wget iputils nc vim libcurl
#- RUN wget https://github.com/alibaba/nacos/releases/download/${NACOS_VERSION}${HOT_FIX_FLAG}/nacos-server-${NACOS_VERSION}.tar.gz -P /home
COPY ./nacos-server-${NACOS_VERSION}.tar.gz /home/
RUN tar -xzvf /home/nacos-server-${NACOS_VERSION}.tar.gz -C /home \
&& rm -rf /home/nacos-server-${NACOS_VERSION}.tar.gz /home/nacos/bin/* /home/nacos/conf/*.properties /home/nacos/conf/*.example /home/nacos/conf/nacos-mysql.sql
RUN yum autoremove -y wget \
&& ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone \
&& yum clean all
ADD bin/docker-startup.sh bin/docker-startup.sh
ADD conf/application.properties conf/application.properties
#- set startup log dir
RUN mkdir -p logs \
&& cd logs \
&& touch start.out \
&& ln -sf /dev/stdout start.out \
&& ln -sf /dev/stderr start.out
RUN chmod +x bin/docker-startup.sh
EXPOSE 8848
ENTRYPOINT ["bin/docker-startup.sh"]
构建镜像
添加启动脚本
#- 创建文件夹
mkdir /usr/local/naco/bin
mkdir /usr/local/nacos/conf
cp /usr/local/nacos/docker-startup.sh /usr/local/nacos/bin/docker-startup.sh
cp /usr/local/nacos/application.properties /usr/local/nacos/conf/application.properties
构建
#- 进入工作目录
cd /usr/local/nacos
#- 构建镜像
docker build -f Dockerfile -t nacos/nacos-server:v2.1.1 .
服务启动
创建 Docker Compose 文件
vi /usr/local/nacos/docker-compose.yaml
version: "3.6"
services:
nacos:
image: nacos/nacos-server:v2.1.1
container_name: nacos-standalone
environment:
- PREFER_HOST_MODE=hostname
- MODE=standalone
- NACOS_AUTH_IDENTITY_KEY=serverIdentity
- NACOS_AUTH_IDENTITY_VALUE=security
- NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789
volumes:
- ./standalone-logs/:/home/nacos/logs
- ./init.d/application.properties:/home/nacos/conf/application.properties
ports:
- "8848:8848"
- "9848:9848"
启动服务
docker compose -f /usr/local/nacos/docker-compose.yaml up -d
配置 OIDC
vi /usr/local/nacos/init.d/application.properties- 在最后面追加
#*************** OIDC Related Configurations ***************#
### OpenId providers' key, list is supported(separated by comma)
nacos.core.auth.oidc-idp=keycloak
### corresponding OpenId providers' name, displayed in the login page
nacos.core.auth.oidc-idp.keycloak.name=企业微信
### the url of the corresponding OpenId provider used to initialize the authentication
nacos.core.auth.oidc-idp.keycloak.auth-url=http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/auth
### the url of the corresponding OpenId provider used to get the access token
nacos.core.auth.oidc-idp.keycloak.exchange-token-url=http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/token
### the url of the corresponding OpenId provider used to get the user information
nacos.core.auth.oidc-idp.keycloak.userinfo-url=http://keycloak.qifu.com/realms/keyfil/protocol/openid-connect/userinfo
### the client_id of the corresponding OpenId provider
nacos.core.auth.oidc-idp.keycloak.client-id=nacos
### the client_secret of the corresponding OpenId provider
nacos.core.auth.oidc-idp.keycloak.client-secret=7bBJVwRRAxb6PGzrGOj2SyIaSpxcPC9Y
### the scopes of the corresponding OpenId provider, sometimes it can be omitted (e.g. Github)
nacos.core.auth.oidc-idp.keycloak.scope=openid profile email
### the jsonpath expression of the corresponding OpenId provider used to extract the user's unique identifier from the user information
nacos.core.auth.oidc-idp.keycloak.username-key=preferred_username
nacos.core.auth.oidc-idp.keycloak.email-key=email
nacos.core.auth.oidc-idp.keycloak.full-name-key=name
nacos.core.auth.oidc-idp.keycloak.enable-create=true
重启服务
#- 停止
docker compose -f /usr/local/nacos/docker-compose.yaml down
#- 启动
docker compose -f /usr/local/nacos/docker-compose.yaml up -d
- 或者使用
docker compose restart重启服务