cloud config, eureka + security (3 different public network ip, different server LAN environment)
Each server has a eureka respectively (integrated security) and a config, config only within a local area, eureka port exposed to the Internet.
- config startup class uses @EnableConfigServer annotation, eureka start classes with @EnableEurekaServer
//Config的Application启动类
@SpringBootApplication
@EnableConfigServer // 启动Cloud Config服务端服务,获取远程git/gitee的配置
public class HttpConfigN03344Application {
public static void main(String[] args) {
SpringApplication.run(HttpConfigN03344Application.class, args);
}
}
//Eureka的Applicatoin启动类
@SpringBootApplication
@EnableEurekaServer // EnableEurekaSever 服务端的启动类,可以接收别人注册进来~
public class HttpEurekaN17001Application {
public static void main(String[] args) {
SpringApplication.run(HttpEurekaN17001Application.class, args);
}
@EnableWebSecurity //用到了security,如果不写这个,会发现服务之间没法相互注册,明明有开放端口
static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/eureka/**");
super.configure(http);
}
}
}
- Write Config project application.yml and Eureka in application.yml of IDEA and bootstrap.yml
###### Config项目的配置文件 application.yml
server:
port: 3344 # 服务的端口,只用来docker网络网桥内访问,docker中不用另外配置-p 3344:3344来映射到宿主机,因为我们只要本地的eureka访问网桥bridge下的该Cloud Config服务的3344端口即可
spring:
application:
name: http-config-n0-3344 #应用名
# 连接远程仓库
cloud:
config:
server:
git:
uri: https://gitee.com/XXXXXX.git # https,不是git,https才能使用下面的账号密码形式,如果用ssh,那么需要用rsa密钥访问。本来我打算用ssh方式,但是尝试了之后失败了,可能我配置下面参数的rsa出错了,但是我按照网络上各种文章以及官方示例,都没整好,就不折腾了
username: gitee账号
password: gitee密码
# 通过 config-server可以连接到git,访问其中的资源以及配置~
###### Eureka项目的application.yml
spring:
application:
name: http-eureka-n1-7001
##### Eureka项目的bootstrap.yml
spring:
cloud:
config:
name: config-eureka-n1
label: master
profile: dev
uri: http://http-config-n0-3344:3344
- Several configuration files on gitee
-
application.yml
# 选择启动的环境 dev test prod spring: profiles: active: dev --- spring: profiles: dev application: name: http-config-dev-n0-3344 --- spring: profiles: test application: name: http-config-test-n0-3344 --- spring: profiles: prod application: name: http-config-prod-n0-3344
-
config-eureka-n1.yml (I configured three nodes, similar to the other two documents, that is, become n1 n2 and n3, defaultZone to n2, n3 correspond changed n1, n3 and n1, n2)
# eureka节点n1的配置 ip: 你的第一个服务器公网ip # 选择启动的环境 dev test prod spring: profiles: active: dev --- # 服务启动项 server: port: 7001 #spring配置 spring: profiles: dev application: name: http-eureka-dev-n1-7001 security: # 使得Eureka需要账号密码才能访问 user: name: 账号 password: 密码 roles: SUPERUSER #eureka配置 eureka: instance: hostname: http-eureka-n1-7001 appname: http-eureka-7001 instance-id: n1-服务器1的公网ip prefer-ip-address: true ip-address: 服务器1的公网ip client: service-url: #单机 defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/ #设置与Eureka Server交互的地址查询服务和注册服务都需要依赖这个地址(单机)。 defaultZone: http://账号:密码@服务器2公网ip:7001/eureka/,http://账号:密码@服务器3公网ip:7001/eureka/ --- # 服务启动项 server: port: 7001 #spring配置 spring: profiles: test application: name: http-eureka-test-n1-7001 security: # 使得Eureka需要账号密码才能访问 user: name: 账号 password: 密码 roles: SUPERUSER #eureka配置 eureka: instance: hostname: http-eureka-n1-7001 appname: http-eureka-7001 instance-id: n1-服务器1公网ip prefer-ip-address: true ip-address: 服务器1的公网ip client: service-url: #单机 defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/ #设置与Eureka Server交互的地址查询服务和注册服务都需要依赖这个地址(单机)。 defaultZone: http://账号:密码@服务器2公网ip:7001/eureka/,http://账号:密码@服务器3公网ip:7001/eureka/ --- # 服务启动项 server: port: 7001 #spring配置 spring: profiles: prod application: name: http-eureka-prod-n1-7001 security: # 使得Eureka需要账号密码才能访问 user: name: 账号 password: 密码 roles: SUPERUSER #eureka配置 eureka: instance: hostname: http-eureka-n1-7001 appname: http-eureka-7001 instance-id: n1-服务器1的公网ip prefer-ip-address: true ip-address: 服务器1的公网ip client: service-url: #单机 defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/ #设置与Eureka Server交互的地址查询服务和注册服务都需要依赖这个地址(单机)。 defaultZone: http://账号:密码@服务器2公网ip:7001/eureka/,http://账号:密码@服务器3公网ip:7001/eureka/
- pom dependent not posted, which was attached to a point, the configuration does not find package generated after performing operations maven jar file is very small, not up and running on the docker. eureka still need to add the pom-dependent security of their own investigation
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.version}</version>
<configuration>
<!-- 指定该Main Class为全局的唯一入口 -->
<mainClass>com.ash.springcloud.HttpConfigN03344Application</mainClass>
<layout>ZIP</layout>
</configuration>
<executions>
<execution>
<goals>
<goal>repackage</goal><!--可以把依赖的包都打包到生成的Jar包中-->
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
-
Focus here, and write Dockerfile of docker-compose.yml
-
Config project Dockerfile
FROM java:8-alpine ADD http-config-n0-3344-0.0.1-SNAPSHOT.jar http-config-n0-3344-0.0.1-SNAPSHOT.jar EXPOSE 3344 ENTRYPOINT ["java","-jar","/http-config-n0-3344-0.0.1-SNAPSHOT.jar"]
-
Config project docker-compose.yml
version: '3.3' services: http-config-n0-3344: container_name: http-config-n0-3344 build: . image: http-config-n0-3344 restart: always hostname: http-config-n0-3344 networks: ash-http-bridge: ipv4_address: 172.20.0.2 networks: ash-http-bridge: external: name: ash-http-bridge
-
Eureka project Dockerfile
FROM java:8-alpine ADD http-eureka-n1-7001-0.0.1-SNAPSHOT.jar http-eureka-n1-7001-0.0.1-SNAPSHOT.jar EXPOSE 7001 ENTRYPOINT ["java","-jar","/http-eureka-n1-7001-0.0.1-SNAPSHOT.jar"]
-
Eureka project docker-compose.yml
version: '3.3' services: http-eureka-n1-7001: container_name: http-eureka-n1-7001 build: . image: http-eureka-n1-7001 restart: always hostname: http-eureka-n1-7001 ports: - 7001:7001 # 对宿主机提供端口,这样其他Eureka服务器才能访问到这个服务器节点的docker容器的7001端口 networks: ash-http-bridge: ipv4_address: 172.20.0.3 # 我自己创建的网桥bridge网络,下面会说 networks: ash-http-bridge: external: name: ash-http-bridge
-
-
The project generated Config and Eureka jar package put on the server
# linux上自己找文件夹放,这个文件夹内保证只有jar包、Dockerfile和docker-compose.yml # 我创建文件夹后,执行ls获取目录下文件如下,另一个eureka同理 docker-compose.yml Dockerfile http-config-n0-3344-0.0.1-SNAPSHOT.jar
-
Installation docker do not speak up, speak this installation docker-compose (My environment is CentOS7, other environmental sure if the same)
Tencent cloud server Centos7.6 the docker-compose tool installation
# 推荐根据上面的文章安装,因为我自己安装也出过问题,下面直接贴上面文章的安装方式 # 首先我说下我的环境 CentOS7,自带python2.7.5,环境不同的情况不保证安装方式相同,自己解决 yum -y install epel-release yum -y install python-pip pip install --upgrade pip pip install docker-compose # 如果安装docker-compose报错了,安装不了,就执行以下几个步骤后再重新安装 pip install cffi==1.6.0 yum install python-devel pip install --ignore-installed requests #上面几个步骤我也没细追究,但是执行完后,我就能成功安装docker-compose了 pip install docker-compose docker-compose --version #查看安装的版本,我是docker-compose version 1.25.4, build unknown
-
Custom bridge
# 先通过ifconfig查看docker0网卡的ip,一般都是172.17.0.1或者172.18.0.1等(172.1X.0.1)左右,我们需要保证自定义的网桥和当前所有的其他网络网段不冲突,包括eth0->linux服务器自带的网卡 # 这里我172.20.0.1不存在于ifconfig里面已有的网卡信息中,所以我使用这个来演示 docker network ls # 查看当前docker配置的网络,一般会默认有bridge、host和none docker network inspect bridge #查看bridge的详细配置 # 发现我们要配置的设置项有Subnet和Gateway docker network create ash-http-bridge --subnet=172.20.0.0/16 --gateway=172.20.0.1 # 创建名为ash-http-bridge的网络 ifconfig # 发现出现了新的网络设备(br-XXXX),inet为172.20.0.1,netmask为255.255.0.0符合我们刚才的配置 docker network ls # 看到我们新建的ash-http-bridge docker network inspect ash-http-bridge # 查看ash-http-bridge具体配置,确认Subnet和Gateway参数设置正确
-
Because I have not fully established the project down, so the front of the docker-compose.yml points two write, or are generally integrated in to write a file inside. The following are two docker-compose.yml file to the same folder, start the project (because eureka configuration from the config read there, so you need to start config)
# 先到config的jar包所在目录,确保只有jar、Dockerfile和docker-compose.yml docker-compose up -d --build # -d后台运行,--build临时通过Dockerfile构建image后使用该image来构建、运行容器 # 再到eureka的jar包所在目录进行相同操作。之后只要开放服务器的7001端口。就可以通过ip:7001访问到eureka的界面了
-
Different network environments (LAN) of several public IP server, you must open the port to eureka Internet access to register with each other.