russellchang54
commented
7 years ago 创建一个镜像: docker build target/docker -t ebey/echo-service
启动一个带暴露端口(9090)的容器 docker run -t -name echo-service -p 9090:9090
容器里访问的服务地址要带域名,配置文件里不要出现localhost/127.0.0.1
Open russellchang54 opened 7 years ago
russellchang54
commented
7 years ago 创建一个镜像: docker build target/docker -t ebey/echo-service
启动一个带暴露端口(9090)的容器 docker run -t -name echo-service -p 9090:9090
容器里访问的服务地址要带域名,配置文件里不要出现localhost/127.0.0.1
russellchang54
commented
7 years ago //将当前用户添加至docker组 sudo gpasswd -a ${USER} docker //重新启动docker 服务 sudo systemctl restart docker
当前用户退出系统重新登陆
russellchang54
commented
7 years ago docker run --name=echo-service -it -p 9090:9090 --add-host config-center:10.8.4.3 --add-host register-center:10.8.4.3 ebey/echo-service
russellchang54
commented
7 years ago java -jar target/echo-service-0.0.1-SNAPSHOT.jar -Dspring.profiles.active=docker //not working
java -jar target/echo-service-0.0.1-SNAPSHOT.jar --spring.profiles.active=docker //working
russellchang54
commented
7 years ago 把服务放在容器里运行,访问refresh方法,报错:
{ "timestamp": 1491407603373, "status": 401, "error": "Unauthorized", "message": "Full authentication is required to access this resource.", "path": "/refresh" }
russellchang54
commented
7 years ago russellchang54
commented
7 years ago $ TOKEN=2219199c-966e-4466-8b7e-12bb9038c9bb $ curl -H "Authorization: Bearer $TOKEN" localhost:9000 {"id":"03af8be3-2fc3-4d75-acf7-c484d9cf32b1","content":"Hello World"} $ curl -H "Authorization: Bearer $TOKEN" localhost:9999/uaa/user {"details":...,"principal":{"username":"user",...},"name":"user"}
russellchang54
commented
7 years ago 根据用户名和密码生成token curl --request POST -u client_aek56:secret_aek56 "http://localhost:8899/userauth/oauth/token?grant_type=password&username=russell&password=aek56"
根据refresh_token生成token http://localhost:8899/userauth/oauth/token?grant_type=refresh_token&client_id=client&refresh_token=<>
使用token访问受限资源 curl -H "Authorization: Bearer e337e070-0a45-4b86-876f-08735c83e611" http://localhost:8099/user
http://localhost:8899/userauth/oauth/token? grant_type=client_credentials&client_id=client&client_secret=secret
russellchang54
commented
7 years ago <dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>没有这个配置,就不能启用config client
russellchang54
commented
7 years ago Factory method 'authenticationHeaderFilter' threw exception;nested exception is java.lang.NoSuchMethodError: org.springframework.cloud.netflix.zuul.filters.ProxyRequestHelper.setTraces(Lorg/springframework/boot/actuate/trace/TraceRepository;
russellchang54
commented
7 years ago 检索docker 上特定应用
application.yml http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
russellchang54
commented
7 years ago 1>通过spring cloud bus利用kafka/rabbitMQ/activeMQ/rocketMQ消息机制实现无停机自动刷新加载配置文件: 先把refresh消息统一推送到config-server,config-server做为消息的Producer,把消息push到消息队列的broker里。各个服务做为消息的消费者,主动pull或者由broker 把refresh信号主动push 到各服务中去。收到refresh信号的服务,自动刷新、加载配置
2>通过zuul实现服务路由、验证/授权、以及依赖短路时的回退方法 3>sidecar 构建异构平台的服务注册与通信 4> 注册中心第一启动;配置服务、网关服务以及其他服务都注册到注册中心,实例的ID命名规则 ${eureka.instance.hostname}:${server.port} ;注册中心多实例 5>配置服务第二启动,其他服务都依赖配置服务,从配置服务指定的git/profile/分支上获取配置 6>其他服务通过 spring.cloud.discovery.{enabled: true ,service-id: <配置服务的ID>},访问配置服务 7>boot应用的监管 spring-boot-starter-actuator 8>Hystrix 使用与分析 9>客户端负载均衡 Ribbon VS feign
russellchang54
commented
7 years ago 自定义基于JWT的安全过滤器:
1》自定义一个filter类xxxFilter:继承OncePerRequestFilter,或GenericFilterBean 2》开发这个filter类xxxFilter,重写doFilter 3》自定义一个WebSecurityConfig类,继承WebSecurityConfigurerAdapter,重写configure(HttpSecurity security)
security.addFilterBefore(xxxFilter(), UsernamePasswordAuthenticationFilter.class);
http://www.itmuch.com/
https://segmentfault.com/a/1190000005029218