Nacos Docker 快速开始

一、参见官网 Nacos Docker 快速开始

• Clone 项目

  git clone https://github.com/nacos-group/nacos-docker.git
  cd nacos-docker
  

• 单机模式 Derby

  docker-compose -f example/standalone-derby.yaml up
  

裁剪standalone-derby.yaml，删除prometheus、grafana，命名为standalone-me.yaml

standalone-me.yaml如下：

version: "2"
services:
nacos:
image: nacos/nacos-server:${NACOS_VERSION}
container_name: nacos-standalone
environment:
- PREFER_HOST_MODE=hostname
- MODE=standalone
- NACOS_AUTH_IDENTITY_KEY=serverIdentity
- NACOS_AUTH_IDENTITY_VALUE=security
- NACOS_AUTH_TOKEN=eXpsaEAyMDIzbWlubmVyQDIwMjMxMjN2aWdmbzNkNjM4d2didmFyaHly
volumes:
- ./standalone-logs/:/home/nacos/logs
ports:
- "8848:8848"
- "9848:9848"
二、开启鉴权

参考资料 nacos 2.2.3版本部署_nacos2.2.3鉴权配置-CSDN博客

进入容器，修改配置

root@yzlhserver2:~# docker exec -it 15338c65e512 /bin/bash
[root@15338c65e512 nacos]#
[root@15338c65e512 nacos]# ll
total 68
-rw-r--r-- 1  502 games 16583 Mar  6  2023 LICENSE
-rw-r--r-- 1  502 games  1305 May 14  2020 NOTICE
drwxr-xr-x 1 root root   4096 Jun 12 19:40 bin
drwxr-xr-x 1  502 games  4096 Dec  8 15:17 conf
drwxr-xr-x 5 root root   4096 Sep  7 14:31 data
-rw-r--r-- 1 root root    683 Sep  7 14:32 derby.log
drwxr-xr-x 3 root root   4096 Sep  7 14:31 file:
drwxr-xr-x 2 root root  12288 Dec  8 15:04 logs
lrwxrwxrwx 1 root root     11 Jun 12 19:40 start.out -> /dev/stderr
drwxr-xr-x 2 root root   4096 Jun 12 19:40 target
drwxr-xr-x 3 root root   4096 Sep  7 14:31 work
[root@15338c65e512 nacos]# ll conf/
total 68
-rw-r--r-- 1  502 games  1224 Mar 13  2023 1.4.0-ipv6_support-update.sql
-rw-r--r-- 1  502 games   127 May 24  2023 announcement.conf
-rw-r--r-- 1 root root   2742 Dec  8 15:06 application.properties
-rw-r--r-- 1  502 games  8939 May 24  2023 derby-schema.sql
-rw-r--r-- 1  502 games 10825 May 25  2023 mysql-schema.sql
-rw-r--r-- 1  502 games 31156 May 25  2023 nacos-logback.xml
[root@15338c65e512 nacos]# vi conf/application.properties

开启鉴权之后，application.properties中的配置信息为：

### If turn on auth system:
nacos.core.auth.system.type=nacos
nacos.core.auth.enabled=true

自定义密钥时，推荐将配置项设置为Base64编码的字符串，且原始密钥长度不得低于32字符。例如下面的的例子：

### The default token(Base64 String):
nacos.core.auth.default.token.secret.key=VGhpc0lzTXlDdXN0b21TZWNyZXRLZXkwMTIzNDU2Nzg=
 
### 2.1.0 版本后
nacos.core.auth.plugin.nacos.token.secret.key=VGhpc0lzTXlDdXN0b21TZWNyZXRLZXkwMTIzNDU2Nzg=

注意：鉴权开关是修改之后立马生效的，不需要重启服务端。动态修改token.secret.key时，请确保token是有效的，如果修改成无效值，会导致后续无法登录，请求访问异常。

[root@15338c65e512 nacos]# vi conf/application.properties
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i
server.tomcat.accesslog.enabled=${TOMCAT_ACCESSLOG_ENABLED:false}
server.error.include-message=ALWAYS
# default current work dir
server.tomcat.basedir=file:.
#*************** Config Module Related Configurations ***************#
### Deprecated configuration property, it is recommended to use `spring.sql.init.platform` replaced.
#spring.datasource.platform=${SPRING_DATASOURCE_PLATFORM:}
spring.sql.init.platform=${SPRING_DATASOURCE_PLATFORM:}
nacos.cmdb.dumpTaskInterval=3600
nacos.cmdb.eventTaskInterval=10
nacos.cmdb.labelTaskInterval=300
nacos.cmdb.loadDataAtStart=false
db.num=${MYSQL_DATABASE_NUM:1}
db.url.0=jdbc:mysql://${MYSQL_SERVICE_HOST}:${MYSQL_SERVICE_PORT:3306}/${MYSQL_SERVICE_DB_NAME}?${MYSQL_SERVICE_DB_PARAM:characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false}
db.user.0=${MYSQL_SERVICE_USER}
db.password.0=${MYSQL_SERVICE_PASSWORD}
### The auth system to use, currently only 'nacos' and 'ldap' is supported:
nacos.core.auth.system.type=${NACOS_AUTH_SYSTEM_TYPE:nacos}
#nacos.core.auth.enabled配置修改实时生效，不需要重启
#nacos.core.auth.enabled=true
### worked when nacos.core.auth.system.type=nacos
### The token expiration in seconds:
nacos.core.auth.plugin.nacos.token.expire.seconds=${NACOS_AUTH_TOKEN_EXPIRE_SECONDS:18000}
### The default token:
nacos.core.auth.plugin.nacos.token.secret.key=${NACOS_AUTH_TOKEN:eXpsaEAyMDIzbWlubmVyQDIwMjMxMjN2aWdmbzNkNjM4d2didmFyaHly}
### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay.
nacos.core.auth.caching.enabled=${NACOS_AUTH_CACHE_ENABLE:false}
nacos.core.auth.enable.userAgentAuthWhite=${NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE:false}
nacos.core.auth.server.identity.key=${NACOS_AUTH_IDENTITY_KEY:serverIdentity}
nacos.core.auth.server.identity.value=${NACOS_AUTH_IDENTITY_VALUE:security}
## spring security config
### turn off security
nacos.security.ignore.urls=${NACOS_SECURITY_IGNORE_URLS:/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**}
# metrics for elastic search
management.metrics.export.elastic.enabled=false
management.metrics.export.influx.enabled=false
nacos.naming.distro.taskDispatchThreadCount=10
nacos.naming.distro.taskDispatchPeriod=200
nacos.naming.distro.batchSyncKeyCount=1000
nacos.naming.distro.initDataRatio=0.9
nacos.naming.distro.syncRetryDelay=5000
nacos.naming.data.warmup=true