我的乐与怒

Life, thoughts, stories and ideas.

Ingress添加权限验证

生成密码文件 ~ htpasswd -c httpauth admin New password: Re-type new password: Adding password for user admin 添加密文 apiVersion: v1 kind: Secret metadata: name: httpauth data: auth: admin:$apr1$RjgQNPDx$e9htPYO4fELnCxOb07GIK0 配置对你需要增加权限验证的INgress设置注释 nginx.ingress.kubernetes.io/auth-realm: '"Authentication Required - admin"' nginx.ingress.kubernetes.io/auth-secret: httpauth nginx.ingress.kubernetes.io/auth-type: basic INgress YAML如下 apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: field.cattle.io/creatorId: user-ng7cm field.cattle.io/ingressState: '{"Y29uc3VsL2xvY2FsL2NvbnN1bC5sb2NhbC5waGlsby5pbi8vaHR0cA==":""}' field.cattle.io/publicEndpoints: '[{"addresses":["10.10.0.31"],"port":80,"protocol":"HTTP","serviceName":"local:consul","ingressName":"local:consul","hostname":"consul.local.philo.in","allNodes":true}]' nginx.ingress.kubernetes.io/auth-realm: '"Authentication Required - admin"' nginx.ingress.kubernetes.io/auth-secret: httpauth nginx.ingress.kubernetes.io/auth-type: basic creationTimestamp: "2020-04-23T05:52:00Z" generation: 2 labels: cattle.io/creator: norman name: consul namespace: local resourceVersion: "1102762" selfLink: /apis/extensions/v1beta1/namespaces/local/ingresses/consul uid: a55e4299-2552-401b-91a8-a595fd3ff7e3 spec: rules: - host: consul.local.philo.in http: paths: - backend: serviceName: consul servicePort: http status: loadBalancer: ingress: - ip: 10.10.0.31 - ip: 10.10.0.32 - ip: 10.10.0.41 - ip:

Posted by Vincent on Thursday, April 30, 2020

Lets Encrypt 申请免费SSL证书

申请SSL docker run -it --rm -v /Users/vincentmi/cert:/etc/letsencrypt certbot/certbot certonly --manual --preferred-challenges dns 路径 SSL保存路径为 /Users/vincentmi/cert/live/philo.in NGINX 配置 server { listen 443 ssl http2; server_name *.dev.philo.in; ssl_certificate /Users/vincentmi/cert/live/philo.in/fullchain.pem; ssl_certificate_key /Users/vincentmi/cert/live/philo.in/privkey.pem; } 更新SSL docker run -it --rm -v /Users/vincentmi/cert:/etc/letsencrypt certbot/certbot renew

Posted by Vincent on Wednesday, April 8, 2020

Docker+Consul+Ngxin配置脚本

Docker #!/bin/sh sudo apt-get remove docker docker-engine docker.io sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo apt-key fingerprint 0EBFCD88 sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get -y install docker-ce apt-cache madison docker-ce sudo apt-get install docker-ce=<VERSION> NGINX server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; server_name localhost; location / { proxy_pass http://127.0.0.1:8009; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } 容器 #mysql docker run \ --name mysql-primary \ -v /alidata/mysqldb:/var/lib/mysql \ -p 3306:3306 \ -e MYSQL_ROOT_PASSWORD=xxxx \ -e "SERVICE_NAME=mysql_promary"

Posted by Vincent on Friday, April 13, 2018