当前位置: 首页 > news >正文

【Nacos】docker-compose启动nacos v2.2.3,启动时修改默认密码不使用naocs

news 来源:原创 2024/9/29 7:18:12

1. 背景

出于安全考虑,我司DevOps平台自动部署的容器化nacos密码不能是弱密码或默认值
但是nacos-v2.2.3官方镜像启动后会初始化nacos用户密码为nacos,修改启动时的变量并没有生效。

2. 部署验证

2.1 yml文件如下

注意将derby库的初始化文件挂载出来(如果你使用的是mysql库,则暴露mysql-schema.sql

version: '3.7'
services:nacos:image: nacos/nacos-server:v2.2.3container_name: nacos-standaloneenvironment:- PREFER_HOST_MODE=hostname- MODE=standalone- NACOS_AUTH_ENABLE=true- NACOS_AUTH_IDENTITY_KEY=nacos- NACOS_AUTH_IDENTITY_VALUE=liubei@161 #这里写了没用,不写程序报错- NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789volumes:- ./derby-schema.sql:/home/nacos/conf/derby-schema.sql #将derby库的初始化文件暴露出来- ./standalone-logs:/home/nacos/logs- ./data:/home/nacos/dataports:- 8848:8848- 9848:9848- 9849:9849restart: always

很多文档说修改/home/nacos/conf/application.properties这个配置文件,该版本亲测修改里边的变量没有用

2.2 修改derby的初始化文件

  • 启动一下nacos,将/home/nacos/conf/derby-schema.sql 文件拷贝出来(我直接贴出来了)
/** Copyright 1999-2018 Alibaba Group Holding Ltd.** Licensed under the Apache License, Version 2.0 (the "License");* you may not use this file except in compliance with the License.* You may obtain a copy of the License at**      http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the License for the specific language governing permissions and* limitations under the License.*/CREATE SCHEMA nacos AUTHORIZATION nacos;CREATE TABLE config_info (id bigint NOT NULL generated by default as identity,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,tenant_id varchar(128) default '',app_name varchar(128),content CLOB,md5 varchar(32) DEFAULT NULL,gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',src_user varchar(128) DEFAULT NULL,src_ip varchar(50) DEFAULT NULL,c_desc varchar(256) DEFAULT NULL,c_use varchar(64) DEFAULT NULL,effect varchar(64) DEFAULT NULL,type varchar(64) DEFAULT NULL,c_schema LONG VARCHAR DEFAULT NULL,encrypted_data_key LONG VARCHAR DEFAULT NULL,constraint configinfo_id_key PRIMARY KEY (id),constraint uk_configinfo_datagrouptenant UNIQUE (data_id,group_id,tenant_id));CREATE INDEX configinfo_dataid_key_idx ON config_info(data_id);
CREATE INDEX configinfo_groupid_key_idx ON config_info(group_id);
CREATE INDEX configinfo_dataid_group_key_idx ON config_info(data_id, group_id);CREATE TABLE his_config_info (id bigint NOT NULL,nid bigint NOT NULL generated by default as identity,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,tenant_id varchar(128) default '',app_name varchar(128),content CLOB,md5 varchar(32) DEFAULT NULL,gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00.000',gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00.000',src_user varchar(128),src_ip varchar(50) DEFAULT NULL,op_type char(10) DEFAULT NULL,encrypted_data_key LONG VARCHAR DEFAULT NULL,constraint hisconfiginfo_nid_key PRIMARY KEY (nid));CREATE INDEX hisconfiginfo_dataid_key_idx ON his_config_info(data_id);
CREATE INDEX hisconfiginfo_gmt_create_idx ON his_config_info(gmt_create);
CREATE INDEX hisconfiginfo_gmt_modified_idx ON his_config_info(gmt_modified);CREATE TABLE config_info_beta (id bigint NOT NULL generated by default as identity,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,tenant_id varchar(128) default '',app_name varchar(128),content CLOB,beta_ips varchar(1024),md5 varchar(32) DEFAULT NULL,gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',src_user varchar(128),src_ip varchar(50) DEFAULT NULL,encrypted_data_key LONG VARCHAR DEFAULT NULL,constraint configinfobeta_id_key PRIMARY KEY (id),constraint uk_configinfobeta_datagrouptenant UNIQUE (data_id,group_id,tenant_id));CREATE TABLE config_info_tag (id bigint NOT NULL generated by default as identity,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,tenant_id varchar(128) default '',tag_id varchar(128) NOT NULL,app_name varchar(128),content CLOB,md5 varchar(32) DEFAULT NULL,gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',src_user varchar(128),src_ip varchar(50) DEFAULT NULL,constraint configinfotag_id_key PRIMARY KEY (id),constraint uk_configinfotag_datagrouptenanttag UNIQUE (data_id,group_id,tenant_id,tag_id));CREATE TABLE config_info_aggr (id bigint NOT NULL generated by default as identity,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,tenant_id varchar(128) default '',datum_id varchar(255) NOT NULL,app_name varchar(128),content CLOB,gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00',constraint configinfoaggr_id_key PRIMARY KEY (id),constraint uk_configinfoaggr_datagrouptenantdatum UNIQUE (data_id,group_id,tenant_id,datum_id));CREATE TABLE app_list (id bigint NOT NULL generated by default as identity,app_name varchar(128) NOT NULL,is_dynamic_collect_disabled smallint DEFAULT 0,last_sub_info_collected_time timestamp DEFAULT '1970-01-01 08:00:00.0',sub_info_lock_owner varchar(128),sub_info_lock_time timestamp DEFAULT '1970-01-01 08:00:00.0',constraint applist_id_key PRIMARY KEY (id),constraint uk_appname UNIQUE (app_name));CREATE TABLE app_configdata_relation_subs (id bigint NOT NULL generated by default as identity,app_name varchar(128) NOT NULL,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,gmt_modified timestamp DEFAULT '2010-05-05 00:00:00',constraint configdatarelationsubs_id_key PRIMARY KEY (id),constraint uk_app_sub_config_datagroup UNIQUE (app_name, data_id, group_id));CREATE TABLE app_configdata_relation_pubs (id bigint NOT NULL generated by default as identity,app_name varchar(128) NOT NULL,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,gmt_modified timestamp DEFAULT '2010-05-05 00:00:00',constraint configdatarelationpubs_id_key PRIMARY KEY (id),constraint uk_app_pub_config_datagroup UNIQUE (app_name, data_id, group_id));CREATE TABLE config_tags_relation (id bigint NOT NULL,tag_name varchar(128) NOT NULL,tag_type varchar(64) DEFAULT NULL,data_id varchar(255) NOT NULL,group_id varchar(128) NOT NULL,tenant_id varchar(128) DEFAULT '',nid bigint NOT NULL generated by default as identity,constraint config_tags_id_key PRIMARY KEY (nid),constraint uk_configtagrelation_configidtag UNIQUE (id, tag_name, tag_type));CREATE INDEX config_tags_tenant_id_idx ON config_tags_relation(tenant_id);CREATE TABLE group_capacity (id bigint NOT NULL generated by default as identity,group_id varchar(128) DEFAULT '',quota int DEFAULT 0,usage int DEFAULT 0,max_size int DEFAULT 0,max_aggr_count int DEFAULT 0,max_aggr_size int DEFAULT 0,max_history_count int DEFAULT 0,gmt_create timestamp DEFAULT '2010-05-05 00:00:00',gmt_modified timestamp DEFAULT '2010-05-05 00:00:00',constraint group_capacity_id_key PRIMARY KEY (id),constraint uk_group_id UNIQUE (group_id));CREATE TABLE tenant_capacity (id bigint NOT NULL generated by default as identity,tenant_id varchar(128) DEFAULT '',quota int DEFAULT 0,usage int DEFAULT 0,max_size int DEFAULT 0,max_aggr_count int DEFAULT 0,max_aggr_size int DEFAULT 0,max_history_count int DEFAULT 0,gmt_create timestamp DEFAULT '2010-05-05 00:00:00',gmt_modified timestamp DEFAULT '2010-05-05 00:00:00',constraint tenant_capacity_id_key PRIMARY KEY (id),constraint uk_tenant_id UNIQUE (tenant_id));CREATE TABLE tenant_info (id bigint NOT NULL generated by default as identity,kp varchar(128) NOT NULL,tenant_id varchar(128)  DEFAULT '',tenant_name varchar(128)  DEFAULT '',tenant_desc varchar(256)  DEFAULT NULL,create_source varchar(32) DEFAULT NULL,gmt_create bigint NOT NULL,gmt_modified bigint NOT NULL,constraint tenant_info_id_key PRIMARY KEY (id),constraint uk_tenant_info_kptenantid UNIQUE (kp,tenant_id));
CREATE INDEX tenant_info_tenant_id_idx ON tenant_info(tenant_id);CREATE TABLE users (username varchar(50) NOT NULL PRIMARY KEY,password varchar(500) NOT NULL,enabled boolean NOT NULL DEFAULT true
);CREATE TABLE roles (username varchar(50) NOT NULL,role varchar(50) NOT NULL,constraint uk_username_role UNIQUE (username,role)
);CREATE TABLE permissions (role varchar(50) NOT NULL,resource varchar(512) NOT NULL,action varchar(8) NOT NULL,constraint uk_role_permission UNIQUE (role,resource,action)
);INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu', TRUE);INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN');/******************************************/
/*   ipv6 support   */
/******************************************/
ALTER TABLE `config_info_tag`
MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`;ALTER TABLE `his_config_info`
MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL AFTER `src_user`;ALTER TABLE `config_info`
MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`;ALTER TABLE `config_info_beta`
MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`;
  • 将密插入用户这里写成你需要的密码加密字串
INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$slAXwA60U6aP6uVAzaWfLO7qX3qxxxxxxxxxxxxxa4LaL2', TRUE);

我没看nacos源码的加密方法,只是从其他nacos数据库里拷贝了一个密码加密的字串(加密字串当然和mysql还是derby无关)

2.3 启动服务

docker-compose up -d

2.4 验证

页面登录,验证可以使用

3. 新镜像制作

通过Dokerfile将 derby-schema.sql拷贝到镜像替换 /home/nacos/conf/derby-schema.sql

  • Dokerfile文件内容如下
FROM nacos/nacos-server:v2.2.3
MAINTAINER liubei
CP ./derby-schema.sql /home/nacos/conf/derby-schema.sql
  • 打镜像
docker build -t nacos/nacos-server-safe:v2.2.3 .

在这里插入图片描述

相关文章:

  • ChatGPT Edu版本来啦:支持GPT-4o、自定义GPT、数据分析等
  • 全文检索-ElasticSearch
  • 在python中连接了数据库后想要在python中通过图形化界面显示数据库的查询结果,请问怎么实现比较好? /ttk库的treeview的使用
  • 【网络原理】HTTP|认识请求“报头“|Host|Content-Length|Content-Type|UA|Referer|Cookie
  • 07C回调函数
  • SpringCloud Sleuth 分布式请求链路跟踪
  • 【控制实践——四旋翼无人机】【一】四旋翼无人机运动分析和建模
  • Mysql全文搜索和LIKE搜索有什么区别
  • 【PB案例学习笔记】-15怎样限制应用程序运行次数?
  • Ant Design Vue 动态表头并填充数据
  • 解决方案:ANSYS旋转机械行业
  • 鸿蒙开发接口资源调度:【@ohos.workScheduler (延迟任务调度)】
  • PTA 7-4 按层遍历二叉树
  • ES 8的向量检索性能调优实践
  • MPEG-TS 封装格式详解
  • 10个确保微服务与容器安全的最佳实践
  • Apache Pulsar 2.1 重磅发布
  • canvas 高仿 Apple Watch 表盘
  • CSS实用技巧
  • electron原来这么简单----打包你的react、VUE桌面应用程序
  • hadoop入门学习教程--DKHadoop完整安装步骤
  • Java面向对象及其三大特征
  • Node.js 新计划:使用 V8 snapshot 将启动速度提升 8 倍
  • php的插入排序,通过双层for循环
  • Vue2 SSR 的优化之旅
  • Vue学习第二天
  • 百度地图API标注+时间轴组件
  • 分享自己折腾多时的一套 vue 组件 --we-vue
  • 精彩代码 vue.js
  • 如何学习JavaEE,项目又该如何做?
  • 什么软件可以提取视频中的音频制作成手机铃声
  • 数组的操作
  • 微信开源mars源码分析1—上层samples分析
  • 项目实战-Api的解决方案
  • [地铁译]使用SSD缓存应用数据——Moneta项目: 低成本优化的下一代EVCache ...
  • 【干货分享】dos命令大全
  • ​LeetCode解法汇总1410. HTML 实体解析器
  • ​VRRP 虚拟路由冗余协议(华为)
  • ​七周四次课(5月9日)iptables filter表案例、iptables nat表应用
  • #if等命令的学习
  • #window11设置系统变量#
  • $GOPATH/go.mod exists but should not goland
  • (13)Hive调优——动态分区导致的小文件问题
  • (2)(2.4) TerraRanger Tower/Tower EVO(360度)
  • (done) NLP “bag-of-words“ 方法 (带有二元分类和多元分类两个例子)词袋模型、BoW
  • (八)光盘的挂载与解挂、挂载CentOS镜像、rpm安装软件详细学习笔记
  • (二十一)devops持续集成开发——使用jenkins的Docker Pipeline插件完成docker项目的pipeline流水线发布
  • (力扣记录)235. 二叉搜索树的最近公共祖先
  • (十八)三元表达式和列表解析
  • (一)pytest自动化测试框架之生成测试报告(mac系统)
  • .ai域名是什么后缀?
  • .describe() python_Python-Win32com-Excel
  • .net core docker部署教程和细节问题
  • .Net CoreRabbitMQ消息存储可靠机制
  • .NET Core工程编译事件$(TargetDir)变量为空引发的思考