SkyWalking的可视化后台是没有用户认证功能的,默认下所有知道地址的用户都能访问,官网是建议通过网关增加认证。
本文介绍通过Nginx和Spring Gateway两种方式
1、使用Nginx增加认证。
生成密钥
yum install -y httpd-tools
htpasswd -cb nginx/htpasswd skywalking rtgdbhyffddu#
配置nginx
worker_processes 1;
error_log stderr notice;
events {
worker_connections 1024;
}
http {
variables_hash_max_size 1024;
access_log off;
#ireal_ip_header X-Real-IP;
charset utf-8;
server {
listen 8081;
#auth_basic "Please enter the user name and password"; #这里是验证时的提示信息
#auth_basic_user_file /data/skywalking/nginx/htpasswd;
index index.html;
location / {
root html;
index index.html index.htm;
#auth_basic on;
auth_basic "Please enter the user name and password"; #这里是验证时的提示信息
auth_basic_user_file /etc/nginx/htpasswd;
proxy_pass http://172.17.0.9:8080;
# WebSocket 穿透
#proxy_set_header Origin "";
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
}
}
}
密码配置:/etc/nginx/htpasswd
skywalking:$apr1$FVaUB8RE$.brXLk5N.IsNRqm3.Vy2n1
2、使用Spring Gateway增加认证
主要是使用Spring Gateway和Spring Security的基础认证formLogin实现,
pom.xml使用的依赖包
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.penngo.web.gateway</groupId>
<artifactId>web_gateway</artifactId>
<version>1.0.0</version>
<properties>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-loadbalancer</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>2022.0.4</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>3.1.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.penngo.web.gateway.WebGatewayMain</mainClass>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
WebGatewayMain.java
package com.penngo.web.gateway;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class WebGatewayMain {
public static void main(String[] args) {
SpringApplication.run(WebGatewayMain.class, args);
}
}
SecurityConfiguration.java配置
package com.penngo.web.gateway;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
import static org.springframework.security.config.Customizer.withDefaults;
@EnableWebFluxSecurity
@Configuration
public class SecurityConfiguration {
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange((authorize) -> authorize
.anyExchange().authenticated()
)
.cors(cors->cors.disable())
.csrf(csrf->csrf.disable())
.formLogin(withDefaults());
return http.build();
}
/**
* 可以在代码中配置密码,也可以在application.xml中配置密码
* @return
*/
// @Bean
// MapReactiveUserDetailsService userDetailsService() {
//
// UserDetails user = User.withDefaultPasswordEncoder()
// .username("admin")
// .password("123456")
// .roles("USER")
// .build();
// return new MapReactiveUserDetailsService(user);
// }
}
application.yml
server:
port: 8081
servlet:
encoding:
force: true
charset: UTF-8
enabled: true
spring:
application:
name: gatewayapp
security:
user:
name: admin2
password: 123456
bootstrap.yml
spring:
cloud:
gateway:
routes:
- id: skywalking
uri: http://localhost:8080/
# 绑定ip白名单
predicates:
- RemoteAddr=127.0.0.1/32,192.168.245.65/32
运行效果
4087
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
