使用Nginx和Spring Gateway为SkyWalking的增加登录认证功能

文章目录 1、使用Nginx增加认证。2、使用Spring Gateway增加认证
SkyWalking的可视化后台是没有用户认证功能的，默认下所有知道地址的用户都能访问，官网是建议通过网关增加认证。
本文介绍通过Nginx和Spring Gateway两种方式

1、使用Nginx增加认证。

生成密钥

yum install -y httpd-tools htpasswd -cb nginx/htpasswd skywalking rtgdbhyffddu#

配置nginx

worker_processes 1; error_log stderr notice; events { worker_connections 1024; } http { variables_hash_max_size 1024; access_log off; #ireal_ip_header X-Real-IP; charset utf-8; server { listen 8081; #auth_basic"Please enter the user name and password"; #这里是验证时的提示信息 #auth_basic_user_file /data/skywalking/nginx/htpasswd; index index.html; location / { root html; index index.html index.htm; #auth_basic on; auth_basic"Please enter the user name and password"; #这里是验证时的提示信息 auth_basic_user_file /etc/nginx/htpasswd; proxy_pass http://172.17.0.9:8080; # WebSocket 穿透 #proxy_set_header Origin""; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection"upgrade"; } } }

密码配置：/etc/nginx/htpasswd

skywalking:$apr1$FVaUB8RE$.brXLk5N.IsNRqm3.Vy2n1

2、使用Spring Gateway增加认证

主要是使用Spring Gateway和Spring Security的基础认证formLogin实现，
pom.xml使用的依赖包

4.0.0com.penngo.web.gatewayweb_gateway1.0.01717UTF-8org.springframework.cloudspring-cloud-starter-gatewayorg.springframework.cloudspring-cloud-starter-loadbalancerorg.springframework.cloudspring-cloud-starter-bootstraporg.springframework.bootspring-boot-starter-securityorg.springframework.cloudspring-cloud-dependencies2022.0.4pomimportorg.springframework.bootspring-boot-dependencies3.1.0pomimportorg.springframework.bootspring-boot-maven-plugincom.penngo.web.gateway.WebGatewayMainorg.projectlomboklombok

WebGatewayMain.java

package com.penngo.web.gateway; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class WebGatewayMain { public static void main(String[] args) { SpringApplication.run(WebGatewayMain.class, args); } }

SecurityConfiguration.java配置

package com.penngo.web.gateway; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.server.SecurityWebFilterChain; import static org.springframework.security.config.Customizer.withDefaults; @EnableWebFluxSecurity @Configuration public class SecurityConfiguration { @Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) { http .authorizeExchange((authorize) -> authorize .anyExchange().authenticated() ) .cors(cors->cors.disable()) .csrf(csrf->csrf.disable()) .formLogin(withDefaults()); return http.build(); } /** * 可以在代码中配置密码，也可以在application.xml中配置密码 * @return */ // @Bean // MapReactiveUserDetailsService userDetailsService() { // // UserDetails user = User.withDefaultPasswordEncoder() // .username("admin") // .password("123456") // .roles("USER") // .build(); // return new MapReactiveUserDetailsService(user); // } }

application.yml

server: port: 8081 servlet: encoding: force: true charset: UTF-8 enabled: true spring: application: name: gatewayapp security: user: name: admin2 password: 123456

bootstrap.yml

spring: cloud: gateway: routes: - id: skywalking uri: http://localhost:8080/ # 绑定ip白名单 predicates: - RemoteAddr=127.0.0.1/32,192.168.245.65/32

运行效果