Docker 或k8s部署 NACOS开启登录 |
| 发表者:admin分类:云计算容器2024-01-17 15:35:43 阅读[148] |
Docker 或k8s部署 NACOS开启登录
一,修改 Nacos 主目录 config/application.properties 文件
(1)启动登录认证功能 原本是 false 修改为 true。
### If turn on auth system:
nacos.core.auth.enabled=``true
(2)客户端和服务端交互时用于加密的密钥,可以防止认证过程中的信息泄露。
### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.
### The two properties is the white list for auth and used by identity the request from other server.
nacos.core.auth.server.identity.key=yourKey
nacos.core.auth.server.identity.value=yourKey
注意:yourKey 就是秘钥,根据自己需求填写。
(3)设置 Token 认证的密钥
### The default token (Base64 String):
nacos.core.auth.plugin.nacos.token.secret.key=VGhpc0lzTXlDdXN0b21TZWNyZXRLZXkwMTIzNDU2Nzg=
注意:这里设置的秘钥长度必须大于等于 32 字节,并且使用 Base64 加密,例如:VGhpc0lzTXlDdXN0b21TZWNyZXRLZXkwMTIzNDU2Nzg= 实际字符串为 ThisIsMyCustomSecretKey012345678
(4)重启 Nacos 服务。
二,以下是docker 与k8s运行nacos时的参数
Common property configuration
| name | description | option |
|---|---|---|
| MODE | cluster/standalone | cluster/standalone default cluster |
| NACOS_SERVERS | nacos cluster address | eg. ip1:port1 ip2:port2 ip3:port3 |
| PREFER_HOST_MODE | Whether hostname are supported | hostname/ip default ip |
| NACOS_APPLICATION_PORT | nacos server port | default 8848 |
| NACOS_SERVER_IP | custom nacos server ip when network was mutil-network | |
| SPRING_DATASOURCE_PLATFORM | standalone support mysql | mysql / empty default empty |
| MYSQL_SERVICE_HOST | mysql host | |
| MYSQL_SERVICE_PORT | mysql database port | default : 3306 |
| MYSQL_SERVICE_DB_NAME | mysql database name | |
| MYSQL_SERVICE_USER | username of database | |
| MYSQL_SERVICE_PASSWORD | password of database | |
| MYSQL_DATABASE_NUM | It indicates the number of database | default :1 |
| MYSQL_SERVICE_DB_PARAM | Database url parameter | default : characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false |
| JVM_XMS | -Xms | default :1g |
| JVM_XMX | -Xmx | default :1g |
| JVM_XMN | -Xmn | default :512m |
| JVM_MS | -XX:MetaspaceSize | default :128m |
| JVM_MMS | -XX:MaxMetaspaceSize | default :320m |
| NACOS_DEBUG | enable remote debug | y/n default :n |
| TOMCAT_ACCESSLOG_ENABLED | server.tomcat.accesslog.enabled | default :false |
| NACOS_AUTH_SYSTEM_TYPE | The auth system to use, currently only 'nacos' is supported | default :nacos |
| NACOS_AUTH_ENABLE | If turn on auth system | default :false |
| NACOS_AUTH_TOKEN_EXPIRE_SECONDS | The token expiration in seconds | default :18000 |
| NACOS_AUTH_TOKEN | The default token | default :SecretKey012345678901234567890123456789012345678901234567890123456789 |
| NACOS_AUTH_CACHE_ENABLE | Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay. | default : false |
| MEMBER_LIST | Set the cluster list with a configuration file or command-line argument | eg:192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809 |
| EMBEDDED_STORAGE | Use embedded storage in cluster mode without mysql | embedded default : none |
| NACOS_AUTH_CACHE_ENABLE | nacos.core.auth.caching.enabled | default : false |
| NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE | nacos.core.auth.enable.userAgentAuthWhite | default : false |
| NACOS_AUTH_IDENTITY_KEY | nacos.core.auth.server.identity.key | default : serverIdentity |
| NACOS_AUTH_IDENTITY_VALUE | nacos.core.auth.server.identity.value | default : security |
| NACOS_SECURITY_IGNORE_URLS | nacos.security.ignore.urls | default : /,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/** |
转载请标明出处【Docker 或k8s部署 NACOS开启登录】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
| Tags: | [阅读全文...] |
最新评论