charnet1019
commented
1 year ago 已实现,用到的文件如下,希望可以帮到有需要的人:
新增render_uuwaf_nginx_conf函数用于设置nginx代理中的数据库连接信息
Dockerfile:
FROM centos:7
WORKDIR /uuwaf
COPY uuwaf .
COPY docker-entrypoint.sh .
RUN chmod +x /uuwaf/waf-service && \
chmod +x /uuwaf/sbin/uuwaf && \
chmod +x /uuwaf/captcha/captchaServer && \
chmod +x /uuwaf/docker-entrypoint.sh
ENTRYPOINT ["/uuwaf/docker-entrypoint.sh"]
CMD ["/uuwaf/waf-service"]docker-entrypoint.sh:
#!/bin/sh
set -e
WEB_CONF_BASE_DIR="/uuwaf/web/conf"
WEB_CONF_TMPL="${WEB_CONF_BASE_DIR}/conf_tmpl.yaml"
WEB_CONF="${WEB_CONF_BASE_DIR}/conf.yaml"
UUWAF_NGINX_CONF="/uuwaf/conf/uuwaf.conf"
#render_web_conf_settings() {
#envsubst < ${WEB_CONF_TMPL} > ${WEB_CONF}
#}
render_web_conf_settings() {
cat << EOF > ${WEB_CONF}
addr: :4443
#dsn: root:Safe3.WAF@tcp(172.22.0.7:3306)/uuwaf?charset=utf8&parseTime=true&loc=Local
dsn: $DB_USERNAME:$DB_PASSWORD@tcp($DB_HOST:$DB_PORT)/$DB_NAME?charset=utf8&parseTime=true&loc=Local
#jwtKey: G9uP5NvCmBHLU8ktAUetDx0b38g7fakL
jwtKey: $JWTKEY
expireTime: 43200
wafNodes:
- 127.0.0.1:4444
EOF
}
gen_domain_ssl_cert() {
if [ ! -f ${WEB_CONF_BASE_DIR}/.lock ]; then
rm -f ${WEB_CONF_BASE_DIR}/*.crt
rm -f ${WEB_CONF_BASE_DIR}/*.key
/uuwaf/waf-service -c "${DOMAIN_NAME}"
touch ${WEB_CONF_BASE_DIR}/.lock
fi
}
render_uuwaf_nginx_conf() {
sed -r -i "s/^[[:space:]]+db[[:space:]]+=.*$/ db = { host = \"$DB_HOST\", port = $DB_PORT, user = \"$DB_USERNAME\", password = \"$DB_PASSWORD\" },/" ${UUWAF_NGINX_CONF}
}
_main () {
render_web_conf_settings
render_uuwaf_nginx_conf
gen_domain_ssl_cert
exec "$@"
}
######### entrypoint
_main "$@"k8s编排:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: uuwaf-data
namespace: waf
spec:
#storageClassName: nfs-based-cstor-storage
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: uuwaf
component: secure
name: uuwaf
namespace: waf
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app: uuwaf
component: secure
template:
metadata:
labels:
app: uuwaf
component: secure
spec:
imagePullSecrets:
- name: harborsecret
volumes:
- name: uuwaf-data
persistentVolumeClaim:
claimName: uuwaf-data
containers:
- name: uuwaf
image: uuwaf:2.5.1
volumeMounts:
- name: uuwaf-data
mountPath: /uuwaf/web/conf
#imagePullPolicy: Always
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: mysql-headless.middleware
- name: DB_PORT
value: "3306"
- name: DB_USERNAME
value: uuwaf
- name: DB_PASSWORD
value: uLxxxxxxxxxxx
- name: DB_NAME
value: uuwaf
- name: JWTKEY
value: P8uxxxxxxxxxxxxxxxxxxx
- name: DOMAIN_NAME
value: 192.168.5.3
- name: TZ
value: "Asia/Shanghai"
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: web-admin
containerPort: 4443
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 1000Mi
requests:
cpu: 100m
memory: 100Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
labels:
app: uuwaf
component: secure
name: uuwaf
namespace: waf
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
- name: web-admin
port: 4443
protocol: TCP
targetPort: 4443
selector:
app: uuwaf
component: secure
type: ClusterIP
Safe3
修改compose文件就可以,自行查一查文件格式