SpringBoot+Docker+Prometheus+Grafana
SpringBoot+Security
例如项目端口为:9090
引入依赖
这里使用的org.springframework.boot版本为:2.1.8.RELEASE
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/io.prometheus/simpleclient_spring_boot -->
<dependency>
<groupId>io.prometheus</groupId>
<artifactId>simpleclient_spring_boot</artifactId>
<version>0.10.0</version>
</dependency>
<!-- Micrometer Prometheus registry -->
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
<version>1.1.6</version>
</dependency>
编辑application.yml
# 此处暂时注释,因为上面的spring-boot-starter-security暂未放开
spring:
security:
user:
name: admin
password: 123
# actuator暴露接口的前缀
management:
server:
port: 8888
endpoints:
web:
exposure:
include: '*'
endpoint:
# 开启接口优雅关闭 Spring Boot 应用
shutdown:
enabled: true
health:
show-details: always
控制security拦截的请求
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author zichen
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//对actuator监控所用的访问全部需要认证
http// by default uses a Bean by the name of corsConfigurationSource
.cors()
.and().csrf().disable()
//跨域请求会先进行一次options请求
.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
// 登录成功后重定向的页面
.and().formLogin().defaultSuccessUrl("/actuator/prometheus", true)
// 验证
.and().authorizeRequests().antMatchers("/actuator").authenticated()
.and().authorizeRequests().antMatchers("/actuator/**").authenticated()
// 一定要执行下面这一句,否则prometheus无法自动登录会提示:"INVALID" is not a valid start token
.and().httpBasic();
}
确认加载是否成功(若正常响应则加载成功)
访问http://localhost:8888/actuator/prometheus
登录名:root
密码:123
Prometheus
默认的本地主机端口与容器端口为:9090
这里本地主机端口和我的项目端口正好冲突,所以下面运行命令改了下
下载
docker pull prom/prometheus
配置prometheus.yml
保存位置
此处路径为:E:\DockerDesktop\prometheus\prometheus.yml
编辑内容
scrape_configs:
# 可随意指定
- job_name: 'SpringBootDemo'
scheme: http
# 多久采集一次数据
scrape_interval: 15s
# 采集时的超时时间
scrape_timeout: 10s
# 采集的路径
metrics_path: '/actuator/prometheus'
# Security认证的用户名及密码
basic_auth:
username: root
password: 123
# 采集服务的地址,设置成Springboot应用所在服务器的具体地址
static_configs:
# 此处填写项目ip+项目的yml中management.server.port的端口
- targets: ['localhost:8888']
- job_name: 'prometheus'
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ['192.168.1.130:8080']
basic_auth:
username: root
password: 123
运行
docker run -p 9901:9090 -d -v E:\DockerDesktop\prometheus:/etc/prometheus/ --name prometheus prom/prometheus
命令 | 含义 |
---|---|
-p 9901:9090 | 指定端口 本地主机端口:容器内部端口 |
-v E:\DockerDesktop\prometheus:/etc/prometheus/ | 挂载 本地文件夹:容器内文件夹 |
访问【此访问接口不对外开放,避免被攻击】
添加Nginx代理鉴权
生成密码文件
将生成的内容保存成.htpasswd 文件。例如:passwd.htpasswd
文件内容如下:
root: a p r 1 apr1 apr1SMAFM9AO$Kldr8To0Y3TlPJGnmi9Fk1
配置Nginx代理,编辑nginx.conf
server {
listen 9900;
server_name localhost;
location / {
auth_basic "secret";
# 指向密码文件位置
auth_basic_user_file E:/ideaWork/sdma-cloud/resources/nginx/nginx-1.19.4/conf/prometheus-password.htpasswd;
proxy_redirect off;
proxy_set_header Host $http_host; # 修改转发请求头,让9005端口的应用可以收到真实的请求
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 客户端真实协议(http/https)
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:9901;
}
}
启动Nginx后访问代理的地址
http://localhost:9900/
登录用户名及密码为上面生成密码文件的时候填入的信息
确认项目是否已上线
Grafana
默认端口为:3000
默认账户为:账号:admin,密码:admin
下载
docker pull grafana/grafana
运行
docker run -d --name grafana grafana/grafana