diff --git a/README.md b/README.md index 5f15901..51af8bf 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,16 @@ This project contains a Docker image meant to facilitate the deployment of [Naco [**中文**](README_ZH.md) +## Note + +The following environment variables have been **removed** from the default values in the new version(**Nacos 2.2.1**) +for the sake of **system security**, please add them yourself when starting up, otherwise an error will be reported at +startup. + +1. ~~NACOS_AUTH_IDENTITY_KEY~~ +2. ~~NACOS_AUTH_IDENTITY_VALUE~~ +3. ~~NACOS_AUTH_TOKEN~~ + ## Project directory * build:Nacos makes the source code of the docker image diff --git a/README_ZH.md b/README_ZH.md index 7ea84ea..debff9a 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -2,6 +2,14 @@ 本项目是 [Nacos](https://github.com/alibaba/nacos) Server的docker镜像的build源码,以及Nacos server 在docker的单机和集群的运行例子. +## 注意 + +从Nacos 2.2.1开始为了系统安全考虑**移除**了以下环境变量的默认值,启动时请自行添加,否则会启动报错. + +1. ~~NACOS_AUTH_IDENTITY_KEY~~ +2. ~~NACOS_AUTH_IDENTITY_VALUE~~ +3. ~~NACOS_AUTH_TOKEN~~ + ## 项目目录 * build:nacos 镜像制作的源码 @@ -128,40 +136,40 @@ ## 属性配置列表 -| 属性名称 | 描述 | 选项 | -| --------------------------------------- | -------------------------------------------------- | ------------------------------------------------------------ | -| MODE | 系统启动方式: 集群/单机 | cluster/standalone 默认 **cluster** | -| NACOS_SERVERS | 集群地址 | p1:port1空格ip2:port2 空格ip3:port3 | -| PREFER_HOST_MODE | 支持IP还是域名模式 | hostname/ip 默认**IP** | -| NACOS_SERVER_PORT | Nacos 运行端口 | 默认**8848** | -| NACOS_SERVER_IP | 多网卡模式下可以指定IP | | -| SPRING_DATASOURCE_PLATFORM | 单机模式下支持MYSQL数据库 | mysql / 空 默认:空 | -| MYSQL_SERVICE_HOST | 数据库 连接地址 | | -| MYSQL_SERVICE_PORT | 数据库端口 | 默认 : **3306** | -| MYSQL_SERVICE_DB_NAME | 数据库库名 | | -| MYSQL_SERVICE_USER | 数据库用户名 | | -| MYSQL_SERVICE_PASSWORD | 数据库用户密码 | | -| MYSQL_SERVICE_DB_PARAM | 数据库连接参数 | 默认:**characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false** | -| MYSQL_DATABASE_NUM | 数据库个数 | 默认:**1** | -| JVM_XMS | -Xms | 默认 :1g | -| JVM_XMX | -Xmx | 默认 :1g | -| JVM_XMN | -Xmn | 512m | -| JVM_MS | - XX:MetaspaceSize | 默认 :128m | -| JVM_MMS | -XX:MaxMetaspaceSize | 默认 :320m | -| NACOS_DEBUG | 是否开启远程DEBUG | y/n 默认 :n | -| TOMCAT_ACCESSLOG_ENABLED | server.tomcat.accesslog.enabled | 默认 :false | -| NACOS_AUTH_SYSTEM_TYPE | 权限系统类型选择,目前只支持nacos类型 | 默认 :nacos | -| NACOS_AUTH_ENABLE | 是否开启权限系统 | 默认 :false | -| NACOS_AUTH_TOKEN_EXPIRE_SECONDS | token 失效时间 | 默认 :18000 | -| NACOS_AUTH_TOKEN | token | | -| NACOS_AUTH_CACHE_ENABLE | 权限缓存开关 ,开启后权限缓存的更新默认有15秒的延迟 | 默认 : false | -| MEMBER_LIST | 通过环境变量的方式设置集群地址 | 例子:192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809 | -| EMBEDDED_STORAGE | 是否开启集群嵌入式存储模式 | `embedded` 默认 : none | -| NACOS_AUTH_CACHE_ENABLE | nacos.core.auth.caching.enabled | default : false | -| NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE | nacos.core.auth.enable.userAgentAuthWhite | default : false | -| NACOS_AUTH_IDENTITY_KEY | nacos.core.auth.server.identity.key | | -| NACOS_AUTH_IDENTITY_VALUE | nacos.core.auth.server.identity.value | | -| NACOS_SECURITY_IGNORE_URLS | nacos.security.ignore.urls | default : `/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**` | +| 属性名称 | 描述 | 选项 | +|-----------------------------------------|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| MODE | 系统启动方式: 集群/单机 | cluster/standalone 默认 **cluster** | +| NACOS_SERVERS | 集群地址 | p1:port1空格ip2:port2 空格ip3:port3 | +| PREFER_HOST_MODE | 支持IP还是域名模式 | hostname/ip 默认**IP** | +| NACOS_SERVER_PORT | Nacos 运行端口 | 默认**8848** | +| NACOS_SERVER_IP | 多网卡模式下可以指定IP | | +| SPRING_DATASOURCE_PLATFORM | 单机模式下支持MYSQL数据库 | mysql / 空 默认:空 | +| MYSQL_SERVICE_HOST | 数据库 连接地址 | | +| MYSQL_SERVICE_PORT | 数据库端口 | 默认 : **3306** | +| MYSQL_SERVICE_DB_NAME | 数据库库名 | | +| MYSQL_SERVICE_USER | 数据库用户名 | | +| MYSQL_SERVICE_PASSWORD | 数据库用户密码 | | +| MYSQL_SERVICE_DB_PARAM | 数据库连接参数 | 默认:**characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false** | +| MYSQL_DATABASE_NUM | 数据库个数 | 默认:**1** | +| JVM_XMS | -Xms | 默认 :1g | +| JVM_XMX | -Xmx | 默认 :1g | +| JVM_XMN | -Xmn | 512m | +| JVM_MS | - XX:MetaspaceSize | 默认 :128m | +| JVM_MMS | -XX:MaxMetaspaceSize | 默认 :320m | +| NACOS_DEBUG | 是否开启远程DEBUG | y/n 默认 :n | +| TOMCAT_ACCESSLOG_ENABLED | server.tomcat.accesslog.enabled | 默认 :false | +| NACOS_AUTH_SYSTEM_TYPE | 权限系统类型选择,目前只支持nacos类型 | 默认 :nacos | +| NACOS_AUTH_ENABLE | 是否开启权限系统 | 默认 :false | +| NACOS_AUTH_TOKEN_EXPIRE_SECONDS | token 失效时间 | 默认 :18000 | +| NACOS_AUTH_TOKEN | token | | +| NACOS_AUTH_CACHE_ENABLE | 权限缓存开关 ,开启后权限缓存的更新默认有15秒的延迟 | 默认 : false | +| MEMBER_LIST | 通过环境变量的方式设置集群地址 | 例子:192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809 | +| EMBEDDED_STORAGE | 是否开启集群嵌入式存储模式 | `embedded` 默认 : none | +| NACOS_AUTH_CACHE_ENABLE | nacos.core.auth.caching.enabled | default : false | +| NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE | nacos.core.auth.enable.userAgentAuthWhite | default : false | +| NACOS_AUTH_IDENTITY_KEY | nacos.core.auth.server.identity.key | | +| NACOS_AUTH_IDENTITY_VALUE | nacos.core.auth.server.identity.value | | +| NACOS_SECURITY_IGNORE_URLS | nacos.security.ignore.urls | default : `/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**` | ## 高级配置 diff --git a/build/bin/docker-startup.sh b/build/bin/docker-startup.sh index d88cf16..04b995e 100755 --- a/build/bin/docker-startup.sh +++ b/build/bin/docker-startup.sh @@ -85,13 +85,13 @@ JAVA_OPT="${JAVA_OPT} -Dnacos.member.list=${MEMBER_LIST}" JAVA_MAJOR_VERSION=$($JAVA -version 2>&1 | sed -E -n 's/.* version "([0-9]*).*$/\1/p') if [[ "$JAVA_MAJOR_VERSION" -ge "9" ]]; then - JAVA_OPT="${JAVA_OPT} -cp .:${BASE_DIR}/plugins/cmdb/*.jar:${BASE_DIR}/plugins/mysql/*.jar" JAVA_OPT="${JAVA_OPT} -Xlog:gc*:file=${BASE_DIR}/logs/nacos_gc.log:time,tags:filecount=10,filesize=102400" else - JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${JAVA_HOME}/lib/ext:${BASE_DIR}/plugins/health:${BASE_DIR}/plugins/cmdb:${BASE_DIR}/plugins/mysql" + JAVA_OPT_EXT_FIX="-Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${JAVA_HOME}/lib/ext" JAVA_OPT="${JAVA_OPT} -Xloggc:${BASE_DIR}/logs/nacos_gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=100M" fi +JAVA_OPT="${JAVA_OPT} -Dloader.path=${BASE_DIR}/plugins,${BASE_DIR}/plugins/health,${BASE_DIR}/plugins/cmdb,${BASE_DIR}/plugins/selector" JAVA_OPT="${JAVA_OPT} -Dnacos.home=${BASE_DIR}" JAVA_OPT="${JAVA_OPT} -jar ${BASE_DIR}/target/nacos-server.jar" JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}" diff --git a/env/nacos-embedded.env b/env/nacos-embedded.env index 2bd3b6f..013fab3 100644 --- a/env/nacos-embedded.env +++ b/env/nacos-embedded.env @@ -7,3 +7,6 @@ MYSQL_SERVICE_DB_NAME=nacos_devtest MYSQL_SERVICE_PORT=3306 MYSQL_SERVICE_USER=nacos MYSQL_SERVICE_PASSWORD=nacos +NACOS_AUTH_IDENTITY_KEY=2222 +NACOS_AUTH_IDENTITY_VALUE=2xxx +NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789 \ No newline at end of file diff --git a/env/nacos-hostname.env b/env/nacos-hostname.env index 96f1788..47c5d33 100644 --- a/env/nacos-hostname.env +++ b/env/nacos-hostname.env @@ -1,4 +1,3 @@ -#nacos dev env PREFER_HOST_MODE=hostname NACOS_SERVERS=nacos1:8848 nacos2:8849 nacos3:8850 SPRING_DATASOURCE_PLATFORM=mysql @@ -7,4 +6,8 @@ MYSQL_SERVICE_DB_NAME=nacos_devtest MYSQL_SERVICE_PORT=3306 MYSQL_SERVICE_USER=nacos MYSQL_SERVICE_PASSWORD=nacos -MYSQL_SERVICE_DB_PARAM=characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true \ No newline at end of file +MYSQL_SERVICE_DB_PARAM=characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true +NACOS_AUTH_IDENTITY_KEY=2222 +NACOS_AUTH_IDENTITY_VALUE=2xxx +NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789 +SPRING_DATASOURCE_PLATFORM=mysql \ No newline at end of file diff --git a/env/nacos-ip.env b/env/nacos-ip.env index 28c3b41..62bd783 100644 --- a/env/nacos-ip.env +++ b/env/nacos-ip.env @@ -6,4 +6,8 @@ MYSQL_SERVICE_DB_NAME=nacos_devtest MYSQL_SERVICE_PORT=3306 MYSQL_SERVICE_USER=nacos MYSQL_SERVICE_PASSWORD=nacos -MYSQL_SERVICE_DB_PARAM=characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true \ No newline at end of file +MYSQL_SERVICE_DB_PARAM=characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true +NACOS_AUTH_IDENTITY_KEY=2222 +NACOS_AUTH_IDENTITY_VALUE=2xxx +NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789 +SPRING_DATASOURCE_PLATFORM=mysql \ No newline at end of file diff --git a/env/nacos-standlone-mysql.env b/env/nacos-standlone-mysql.env index 993a9a0..d47098b 100644 --- a/env/nacos-standlone-mysql.env +++ b/env/nacos-standlone-mysql.env @@ -6,4 +6,8 @@ MYSQL_SERVICE_DB_NAME=nacos_devtest MYSQL_SERVICE_PORT=3306 MYSQL_SERVICE_USER=nacos MYSQL_SERVICE_PASSWORD=nacos -MYSQL_SERVICE_DB_PARAM=characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true \ No newline at end of file +MYSQL_SERVICE_DB_PARAM=characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true +NACOS_AUTH_IDENTITY_KEY=2222 +NACOS_AUTH_IDENTITY_VALUE=2xxx +NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789 +SPRING_DATASOURCE_PLATFORM=mysql \ No newline at end of file diff --git a/example/.env b/example/.env index 5f66880..789157b 100644 --- a/example/.env +++ b/example/.env @@ -1 +1 @@ -NACOS_VERSION=v2.2.1 +NACOS_VERSION=test diff --git a/example/cluster-embedded.yaml b/example/cluster-embedded.yaml index f2d93fb..9e30919 100644 --- a/example/cluster-embedded.yaml +++ b/example/cluster-embedded.yaml @@ -9,8 +9,8 @@ services: ports: - "7848:7848" - "8848:8848" - - "9848:9848" - - "9849:9849" + - "9868:9848" + - "9850:9849" env_file: - ../env/nacos-embedded.env restart: always @@ -24,8 +24,8 @@ services: ports: - "7849:7848" - "8849:8848" - - "9849:9848" - - "9850:9849" + - "9869:9848" + - "9851:9849" env_file: - ../env/nacos-embedded.env restart: always @@ -38,8 +38,8 @@ services: ports: - "7850:7848" - "8850:8848" - - "9850:9848" - - "9851:9849" + - "9870:9848" + - "9852:9849" env_file: - ../env/nacos-embedded.env restart: always diff --git a/example/cluster-hostname.yaml b/example/cluster-hostname.yaml index d1902bd..6036dea 100644 --- a/example/cluster-hostname.yaml +++ b/example/cluster-hostname.yaml @@ -9,8 +9,8 @@ services: ports: - "7848:7848" - "8848:8848" - - "9848:9848" - - "9849:9849" + - "9868:9848" + - "9850:9849" env_file: - ../env/nacos-hostname.env restart: always @@ -27,8 +27,8 @@ services: ports: - "7849:7848" - "8849:8848" - - "9849:9848" - - "9850:9849" + - "9869:9848" + - "9851:9849" env_file: - ../env/nacos-hostname.env restart: always @@ -44,8 +44,8 @@ services: ports: - "7850:7848" - "8850:8848" - - "9850:9848" - - "9851:9849" + - "9870:9848" + - "9852:9849" env_file: - ../env/nacos-hostname.env restart: always