Merge pull request '完善Nacos安全策略' (#530) from otto/ruoyi-gitlink:dev_PMS into dev_PMS
This commit is contained in:
commit
38b92d29a2
|
|
@ -18,19 +18,6 @@ build_base_image(){
|
||||||
docker build -t gitlink-java:"${base_image_version}" .
|
docker build -t gitlink-java:"${base_image_version}" .
|
||||||
}
|
}
|
||||||
|
|
||||||
gen_nacos_config(){
|
|
||||||
# 修改nacos配置
|
|
||||||
cd "${orgin_path}"/nacos/conf
|
|
||||||
# 删除历史配置文件
|
|
||||||
rm -f application.properties
|
|
||||||
cp default_application.properties application.properties
|
|
||||||
# 替换配置
|
|
||||||
sed -i "s|#nacos_db_url|${nacos_db_url}|g" application.properties
|
|
||||||
sed -i "s|#nacos_db_name|${nacos_db_name}|g" application.properties
|
|
||||||
sed -i "s|#nacos_db_username|${nacos_db_username}|g" application.properties
|
|
||||||
sed -i "s|#nacos_db_password|${nacos_db_password}|g" application.properties
|
|
||||||
}
|
|
||||||
|
|
||||||
gen_nginx_config(){
|
gen_nginx_config(){
|
||||||
# 修改nacos配置
|
# 修改nacos配置
|
||||||
cd "${orgin_path}"/nginx/conf
|
cd "${orgin_path}"/nginx/conf
|
||||||
|
|
@ -148,6 +135,16 @@ gen_docker_compose(){
|
||||||
sed -i "s|#db_password|${db_password}|g" docker-compose.yml
|
sed -i "s|#db_password|${db_password}|g" docker-compose.yml
|
||||||
sed -i "s|#db_name|${db_name}|g" docker-compose.yml
|
sed -i "s|#db_name|${db_name}|g" docker-compose.yml
|
||||||
sed -i "s|#mapping_mysql_port|${mapping_mysql_port}|g" docker-compose.yml
|
sed -i "s|#mapping_mysql_port|${mapping_mysql_port}|g" docker-compose.yml
|
||||||
|
# Nacos配置
|
||||||
|
sed -i "s|#NACOS_MYSQL_SERVICE_HOST|${NACOS_MYSQL_SERVICE_HOST}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_MYSQL_SERVICE_PORT|${NACOS_MYSQL_SERVICE_PORT}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_MYSQL_SERVICE_DB_NAME|${NACOS_MYSQL_SERVICE_DB_NAME}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_MYSQL_SERVICE_USER|${NACOS_MYSQL_SERVICE_USER}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_MYSQL_SERVICE_PASSWORD|${NACOS_MYSQL_SERVICE_PASSWORD}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_AUTH_ENABLE|${NACOS_AUTH_ENABLE}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_AUTH_TOKEN|${NACOS_AUTH_TOKEN}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_AUTH_IDENTITY_KEY|${NACOS_AUTH_IDENTITY_KEY}|g" docker-compose.yml
|
||||||
|
sed -i "s|#NACOS_AUTH_IDENTITY_VALUE|${NACOS_AUTH_IDENTITY_VALUE}|g" docker-compose.yml
|
||||||
}
|
}
|
||||||
|
|
||||||
gen_dockerfile(){
|
gen_dockerfile(){
|
||||||
|
|
@ -191,6 +188,8 @@ replace_dockerfile_config(){
|
||||||
sed -i "s|#nacos_password|${nacos_password}|g" dockerfile
|
sed -i "s|#nacos_password|${nacos_password}|g" dockerfile
|
||||||
sed -i "s|#base_image_version|${base_image_version}|g" dockerfile
|
sed -i "s|#base_image_version|${base_image_version}|g" dockerfile
|
||||||
sed -i "s|#deploy_env|${deploy_env}|g" dockerfile
|
sed -i "s|#deploy_env|${deploy_env}|g" dockerfile
|
||||||
|
sed -i "s|#nacos_username|${nacos_username}|g" dockerfile
|
||||||
|
sed -i "s|#nacos_password|${nacos_password}|g" dockerfile
|
||||||
}
|
}
|
||||||
|
|
||||||
# 微服务模块编译
|
# 微服务模块编译
|
||||||
|
|
|
||||||
|
|
@ -62,9 +62,6 @@ copy_jar(){
|
||||||
copy_config(){
|
copy_config(){
|
||||||
# copy 配置文件
|
# copy 配置文件
|
||||||
echo "begin copy config file "
|
echo "begin copy config file "
|
||||||
rm -f "${docker_data}"/gitlink/nacos/conf/application.properties
|
|
||||||
mkdir -p "${docker_data}"/gitlink/nacos/conf/
|
|
||||||
cp ./nacos/conf/application.properties "${docker_data}"/gitlink/nacos/conf/application.properties
|
|
||||||
|
|
||||||
rm -f "${docker_data}"/gitlink/redis/conf/redis.conf
|
rm -f "${docker_data}"/gitlink/redis/conf/redis.conf
|
||||||
mkdir -p "${docker_data}"/gitlink/redis/conf/
|
mkdir -p "${docker_data}"/gitlink/redis/conf/
|
||||||
|
|
|
||||||
|
|
@ -23,10 +23,17 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- MODE=standalone
|
- MODE=standalone
|
||||||
- TZ=Asia/Shanghai
|
- TZ=Asia/Shanghai
|
||||||
- NACOS_AUTH_ENABLE=true
|
- NACOS_AUTH_ENABLE=#NACOS_AUTH_ENABLE
|
||||||
|
- MYSQL_SERVICE_HOST=#NACOS_MYSQL_SERVICE_HOST
|
||||||
|
- MYSQL_SERVICE_PORT=#NACOS_MYSQL_SERVICE_PORT
|
||||||
|
- MYSQL_SERVICE_DB_NAME=#NACOS_MYSQL_SERVICE_DB_NAME
|
||||||
|
- MYSQL_SERVICE_USER=#NACOS_MYSQL_SERVICE_USER
|
||||||
|
- MYSQL_SERVICE_PASSWORD=#NACOS_MYSQL_SERVICE_PASSWORD
|
||||||
|
- NACOS_AUTH_TOKEN=#NACOS_AUTH_TOKEN
|
||||||
|
- NACOS_AUTH_IDENTITY_KEY=#NACOS_AUTH_IDENTITY_KEY
|
||||||
|
- NACOS_AUTH_IDENTITY_VALUE=#NACOS_AUTH_IDENTITY_VALUE
|
||||||
volumes:
|
volumes:
|
||||||
- #docker_data/gitlink/nacos/logs/:/home/nacos/logs
|
- #docker_data/gitlink/nacos/logs/:/home/nacos/logs
|
||||||
- #docker_data/gitlink/nacos/conf/application.properties:/home/nacos/conf/application.properties
|
|
||||||
ports:
|
ports:
|
||||||
- "#mapping_nacos_port:8848"
|
- "#mapping_nacos_port:8848"
|
||||||
deploy:
|
deploy:
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,15 @@ deploy_env=dev
|
||||||
## 基础镜像版本
|
## 基础镜像版本
|
||||||
base_image_version=1.0.0
|
base_image_version=1.0.0
|
||||||
## Nacos数据库连接
|
## Nacos数据库连接
|
||||||
nacos_db_url=127.0.0.1:3306
|
NACOS_MYSQL_SERVICE_HOST=127.0.0.1
|
||||||
nacos_db_name=gitlink-nacos-config
|
NACOS_MYSQL_SERVICE_PORT=3306
|
||||||
|
NACOS_MYSQL_SERVICE_DB_NAME=gitlink-nacos-config
|
||||||
|
NACOS_MYSQL_SERVICE_USER=root
|
||||||
|
NACOS_MYSQL_SERVICE_PASSWORD=123456
|
||||||
|
NACOS_AUTH_ENABLE=true
|
||||||
|
NACOS_AUTH_TOKEN=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
|
||||||
|
NACOS_AUTH_IDENTITY_KEY=gitlink_key
|
||||||
|
NACOS_AUTH_IDENTITY_VALUE=gitlink_value
|
||||||
nacos_db_username=root
|
nacos_db_username=root
|
||||||
nacos_db_password=123456
|
nacos_db_password=123456
|
||||||
## 连接Nacos配置
|
## 连接Nacos配置
|
||||||
|
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
spring.datasource.platform=mysql
|
|
||||||
db.num=1
|
|
||||||
db.url.0=jdbc:mysql://#nacos_db_url/#nacos_db_name?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC
|
|
||||||
db.user=#nacos_db_username
|
|
||||||
db.password=#nacos_db_password
|
|
||||||
nacos.naming.empty-service.auto-clean=true
|
|
||||||
nacos.naming.empty-service.clean.initial-delay-ms=50000
|
|
||||||
nacos.naming.empty-service.clean.period-time-ms=30000
|
|
||||||
management.endpoints.web.exposure.include=*
|
|
||||||
management.metrics.export.elastic.enabled=false
|
|
||||||
management.metrics.export.influx.enabled=false
|
|
||||||
server.tomcat.accesslog.enabled=true
|
|
||||||
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i
|
|
||||||
server.tomcat.basedir=/home/ruoyi/nacos/tomcat/logs
|
|
||||||
nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**
|
|
||||||
nacos.core.auth.system.type=nacos
|
|
||||||
nacos.core.auth.enabled=true
|
|
||||||
nacos.core.auth.plugin.nacos.token.expire.seconds=20000
|
|
||||||
nacos.core.auth.plugin.nacos.token.secret.key=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
|
|
||||||
nacos.core.auth.caching.enabled=true
|
|
||||||
nacos.core.auth.enable.userAgentAuthWhite=false
|
|
||||||
nacos.core.auth.server.identity.key=serverIdentity
|
|
||||||
nacos.core.auth.server.identity.value=security
|
|
||||||
nacos.istio.mcp.server.enabled=false
|
|
||||||
|
|
@ -1,7 +1,4 @@
|
||||||
# 基础镜像
|
# 基础镜像
|
||||||
FROM nacos/nacos-server:v2.2.0
|
FROM nacos/nacos-server:v2.3.1
|
||||||
# author
|
# author
|
||||||
MAINTAINER gitlink
|
MAINTAINER gitlink
|
||||||
|
|
||||||
# 复制conf文件到路径
|
|
||||||
COPY ./conf/application.properties /home/nacos/conf/application.properties
|
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,17 @@ deploy_env=prod
|
||||||
## 基础镜像版本
|
## 基础镜像版本
|
||||||
base_image_version=1.0.0
|
base_image_version=1.0.0
|
||||||
## Nacos数据库连接
|
## Nacos数据库连接
|
||||||
nacos_db_url=gitlink-mysql:3306
|
NACOS_MYSQL_SERVICE_HOST=gitlink-mysql
|
||||||
nacos_db_name=gitlink-nacos-config
|
NACOS_MYSQL_SERVICE_PORT=3306
|
||||||
|
NACOS_MYSQL_SERVICE_DB_NAME=gitlink-nacos-config
|
||||||
|
NACOS_MYSQL_SERVICE_USER=root
|
||||||
|
NACOS_MYSQL_SERVICE_PASSWORD=Trust_#%01
|
||||||
|
NACOS_AUTH_ENABLE=true
|
||||||
|
NACOS_AUTH_TOKEN=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
|
||||||
|
NACOS_AUTH_IDENTITY_KEY=gitlink_key
|
||||||
|
NACOS_AUTH_IDENTITY_VALUE=gitlink_value
|
||||||
nacos_db_username=root
|
nacos_db_username=root
|
||||||
nacos_db_password=Trust_#%01
|
nacos_db_password=hnxjy2024#
|
||||||
## 连接Nacos配置
|
## 连接Nacos配置
|
||||||
nacos_ip=gitlink-nacos
|
nacos_ip=gitlink-nacos
|
||||||
nacos_port=8848
|
nacos_port=8848
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,17 @@ deploy_env=test
|
||||||
## 基础镜像版本
|
## 基础镜像版本
|
||||||
base_image_version=1.0.0
|
base_image_version=1.0.0
|
||||||
## Nacos数据库连接
|
## Nacos数据库连接
|
||||||
nacos_db_url=gitlink-mysql:3306
|
NACOS_MYSQL_SERVICE_HOST=gitlink-mysql
|
||||||
nacos_db_name=gitlink-nacos-config
|
NACOS_MYSQL_SERVICE_PORT=3306
|
||||||
nacos_db_username=root
|
NACOS_MYSQL_SERVICE_DB_NAME=gitlink-nacos-config
|
||||||
nacos_db_password=Trust_#%01
|
NACOS_MYSQL_SERVICE_USER=root
|
||||||
|
NACOS_MYSQL_SERVICE_PASSWORD=Trust_#%01
|
||||||
|
NACOS_AUTH_ENABLE=true
|
||||||
|
NACOS_AUTH_TOKEN=RHBxaW5kTllsQ1dIUlJ6ZXM0ajdzUmgxbXJIMzVaZFFmbXlqNkw5c1dCNnBFd082V21EeFBtME5NazFYYnQwWW43ekZXQQ==
|
||||||
|
NACOS_AUTH_IDENTITY_KEY=gitlink_key
|
||||||
|
NACOS_AUTH_IDENTITY_VALUE=gitlink_value
|
||||||
|
nacos_username=nacos
|
||||||
|
nacos_password=hnxjy2023
|
||||||
## 连接Nacos配置
|
## 连接Nacos配置
|
||||||
nacos_ip=gitlink-nacos
|
nacos_ip=gitlink-nacos
|
||||||
nacos_port=8848
|
nacos_port=8848
|
||||||
|
|
|
||||||
|
|
@ -125,6 +125,10 @@ public class Constants
|
||||||
* JSON类型
|
* JSON类型
|
||||||
*/
|
*/
|
||||||
public static final String JSON_CONTENT_TYPE = "application/json";
|
public static final String JSON_CONTENT_TYPE = "application/json";
|
||||||
|
/**
|
||||||
|
* 文本类型
|
||||||
|
*/
|
||||||
|
public static final String TEXT_CONTENT_TYPE = "text/plain";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 定时任务违规的字符
|
* 定时任务违规的字符
|
||||||
|
|
|
||||||
|
|
@ -8,12 +8,8 @@ import com.ruoyi.common.core.constant.HttpStatus;
|
||||||
import com.ruoyi.common.httpClient.domain.CustomHttpDelete;
|
import com.ruoyi.common.httpClient.domain.CustomHttpDelete;
|
||||||
import org.apache.commons.collections4.MapUtils;
|
import org.apache.commons.collections4.MapUtils;
|
||||||
import org.apache.http.HttpEntity;
|
import org.apache.http.HttpEntity;
|
||||||
import org.apache.http.HttpEntity;
|
|
||||||
import org.apache.http.NameValuePair;
|
|
||||||
import org.apache.http.client.config.RequestConfig;
|
import org.apache.http.client.config.RequestConfig;
|
||||||
import org.apache.http.client.methods.*;
|
import org.apache.http.client.methods.*;
|
||||||
import org.apache.http.client.utils.URIBuilder;
|
|
||||||
import org.apache.http.entity.ContentType;
|
|
||||||
import org.apache.http.entity.ContentType;
|
import org.apache.http.entity.ContentType;
|
||||||
import org.apache.http.entity.StringEntity;
|
import org.apache.http.entity.StringEntity;
|
||||||
import org.apache.http.entity.mime.MultipartEntityBuilder;
|
import org.apache.http.entity.mime.MultipartEntityBuilder;
|
||||||
|
|
@ -25,7 +21,6 @@ import org.springframework.web.multipart.MultipartFile;
|
||||||
|
|
||||||
import java.net.URLEncoder;
|
import java.net.URLEncoder;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.*;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
@ -246,7 +241,7 @@ public class HttpAPIService {
|
||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
private JSONObject doRequest(HttpUriRequest request, HashMap<String, String> headers) throws Exception {
|
public JSONObject doRequest(HttpUriRequest request, HashMap<String, String> headers) throws Exception {
|
||||||
if (headers != null && !headers.isEmpty()) {
|
if (headers != null && !headers.isEmpty()) {
|
||||||
headers.forEach(request::setHeader);
|
headers.forEach(request::setHeader);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ import com.ruoyi.cms.utils.CmsConstants;
|
||||||
import com.ruoyi.cms.utils.CmsGitLinkRequestUrl;
|
import com.ruoyi.cms.utils.CmsGitLinkRequestUrl;
|
||||||
import com.ruoyi.cms.utils.CmsUtils;
|
import com.ruoyi.cms.utils.CmsUtils;
|
||||||
import com.ruoyi.common.core.constant.CacheConstants;
|
import com.ruoyi.common.core.constant.CacheConstants;
|
||||||
|
import com.ruoyi.common.core.constant.Constants;
|
||||||
import com.ruoyi.common.core.constant.SecurityConstants;
|
import com.ruoyi.common.core.constant.SecurityConstants;
|
||||||
import com.ruoyi.common.core.enums.SystemRole;
|
import com.ruoyi.common.core.enums.SystemRole;
|
||||||
import com.ruoyi.common.core.exception.ServiceException;
|
import com.ruoyi.common.core.exception.ServiceException;
|
||||||
|
|
@ -32,6 +33,9 @@ import com.ruoyi.common.security.utils.SecurityUtils;
|
||||||
import com.ruoyi.system.api.RemoteDeptService;
|
import com.ruoyi.system.api.RemoteDeptService;
|
||||||
import com.ruoyi.system.api.RemoteZoneService;
|
import com.ruoyi.system.api.RemoteZoneService;
|
||||||
import com.ruoyi.system.api.utils.FeignUtils;
|
import com.ruoyi.system.api.utils.FeignUtils;
|
||||||
|
import org.apache.http.client.config.RequestConfig;
|
||||||
|
import org.apache.http.client.methods.HttpPost;
|
||||||
|
import org.apache.http.entity.StringEntity;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
|
@ -90,6 +94,8 @@ public class CmsAsyncServiceImpl implements ICmsAsyncService {
|
||||||
private HttpAPIService httpAPIService;
|
private HttpAPIService httpAPIService;
|
||||||
@Autowired
|
@Autowired
|
||||||
private RemoteZoneService remoteZoneService;
|
private RemoteZoneService remoteZoneService;
|
||||||
|
@Autowired
|
||||||
|
private RequestConfig config;
|
||||||
/**
|
/**
|
||||||
* 异步设置文章更新时间
|
* 异步设置文章更新时间
|
||||||
*
|
*
|
||||||
|
|
@ -897,11 +903,22 @@ public class CmsAsyncServiceImpl implements ICmsAsyncService {
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
JSONArray jsonArray = new JSONArray();
|
|
||||||
jsonArray.add(docDetailUrl);
|
|
||||||
// 推送至百度搜索
|
// 推送至百度搜索
|
||||||
String baiduSearchPushUrl = String.format("%s?site=%s&token=%s", baiduSearchUrl, gitlinkUrl, baiduSearchToken);
|
String baiduSearchPushUrl = String.format("%s?site=%s&token=%s", baiduSearchUrl, gitlinkUrl, baiduSearchToken);
|
||||||
JSONObject res = httpAPIService.doPost(baiduSearchPushUrl, jsonArray);
|
// 声明httpPost请求
|
||||||
|
HttpPost httpPost = new HttpPost(baiduSearchPushUrl);
|
||||||
|
// 加入配置信息
|
||||||
|
httpPost.setConfig(config);
|
||||||
|
String[] param = {
|
||||||
|
docDetailUrl
|
||||||
|
};
|
||||||
|
|
||||||
|
StringEntity stringEntity = new StringEntity(String.join(",", param), Constants.UTF8);
|
||||||
|
stringEntity.setContentEncoding(Constants.UTF8);
|
||||||
|
stringEntity.setContentType(Constants.TEXT_CONTENT_TYPE);
|
||||||
|
// 把表单放到post里
|
||||||
|
httpPost.setEntity(stringEntity);
|
||||||
|
JSONObject res = httpAPIService.doRequest(httpPost, null);
|
||||||
logger.info("推送文章【{}】至百度搜索成功,请求响应为:{}", cmsDoc.getName(), res);
|
logger.info("推送文章【{}】至百度搜索成功,请求响应为:{}", cmsDoc.getName(), res);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("推送文章【{}】至百度搜索引擎失败:{0}", cmsDoc.getName(), e);
|
logger.error("推送文章【{}】至百度搜索引擎失败:{0}", cmsDoc.getName(), e);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue