init

visual/monitor/README.md

@@ -0,0 +1,26 @@
+# actuator 内容暴露安全控制
+1. 使用一个与应用无关的端口暴露,在内网环境下,只会将内网的应用端口暴露,所以actuator的独立端口是不被外网感知的
+```yaml
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "*"  
+  server:
+    port: 9595
+  endpoint:
+    health:
+      show-details: ALWAYS
+```
+2. 使用exclude屏蔽掉访问的地址,比如gateway外网暴露就可以屏蔽掉外网gateway的域名
+```yaml
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "*"  
+        exclude: "需要屏蔽的地址"
+  endpoint:
+    health:
+      show-details: ALWAYS
+```

visual/monitor/pom.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>visual</artifactId>
+        <groupId>cn.fateverse</groupId>
+        <version>1.0.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>monitor</artifactId>
+    <description>监控服务器</description>
+
+    <dependencies>
+
+        <!-- SpringBoot Admin -->
+        <dependency>
+            <groupId>de.codecentric</groupId>
+            <artifactId>spring-boot-admin-starter-server</artifactId>
+        </dependency>
+        <!-- 开启登录认证功能 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <!--Spring Boot We-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.fateverse</groupId>
+            <artifactId>common-core</artifactId>
+        </dependency>
+    </dependencies>
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>2.7.3</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

visual/monitor/src/main/java/cn/fateverse/monitor/MonitorApplication.java

@@ -0,0 +1,23 @@
+package cn.fateverse.monitor;
+
+import de.codecentric.boot.admin.server.config.EnableAdminServer;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+
+/**
+ * 监控中心
+ *
+ * @author Clay
+ * @date 2022/11/10
+ */
+@EnableAdminServer
+@EnableDiscoveryClient
+@SpringBootApplication
+public class MonitorApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(MonitorApplication.class, args);
+        System.out.println("监控中心 启动成功!");
+    }
+}

visual/monitor/src/main/java/cn/fateverse/monitor/conf/SecuritySecureConfig.java

@@ -0,0 +1,52 @@
+package cn.fateverse.monitor.conf;
+
+import de.codecentric.boot.admin.server.config.AdminServerProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+
+/**
+ * 配置安全认证,以便其他服务注册
+ *
+ * @author Clay
+ * @date 2022/11/10
+ */
+@Configuration
+public class SecuritySecureConfig {
+
+    /**
+     * 应用上下文路径
+     */
+    private final String adminContextPath;
+
+    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
+        this.adminContextPath = adminServerProperties.getContextPath();
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+        successHandler.setTargetUrlParameter("redirectTo");
+        successHandler.setDefaultTargetUrl(adminContextPath + "/");
+        http.authorizeRequests()
+                //1.配置所有静态资源和登录也可以公开访问
+                .antMatchers(adminContextPath + "/assets/**")
+                .permitAll()
+                .antMatchers(adminContextPath + "/login")
+                .permitAll()
+                //2. 其他请求,必须经过认证
+                .antMatchers("/actuator/**","/instances").permitAll()
+                .anyRequest().authenticated()
+                .and()
+                //3. 配置登录和登出路径
+                .formLogin().loginPage(adminContextPath + "/login")
+                .successHandler(successHandler)
+                .and()
+                .logout().logoutUrl(adminContextPath + "/logout");
+        http.headers().frameOptions().disable();
+        return http.build();
+    }
+
+}

visual/monitor/src/main/java/cn/fateverse/monitor/notifier/SecurityCloudNotifier.java

@@ -0,0 +1,42 @@
+package cn.fateverse.monitor.notifier;
+
+import de.codecentric.boot.admin.server.domain.entities.Instance;
+import de.codecentric.boot.admin.server.domain.entities.InstanceRepository;
+import de.codecentric.boot.admin.server.domain.events.InstanceEvent;
+import de.codecentric.boot.admin.server.domain.events.InstanceStatusChangedEvent;
+import de.codecentric.boot.admin.server.notify.AbstractEventNotifier;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import reactor.core.publisher.Mono;
+
+/**
+ * 自定义告警
+ */
+
+
+@Slf4j
+@Component
+@SuppressWarnings(("all"))
+public class SecurityCloudNotifier extends AbstractEventNotifier {
+
+    protected SecurityCloudNotifier(InstanceRepository repository) {
+        super(repository);
+    }
+
+    @Override
+    protected Mono<Void> doNotify(InstanceEvent event, Instance instance) {
+        return Mono.fromRunnable(() ->{
+            if (event instanceof InstanceStatusChangedEvent){
+                log.info(" Instance Status Changed : [{}],[{}],[{}]",
+                        instance.getRegistration().getName(),
+                        event.getInstance(),
+                        ((InstanceStatusChangedEvent) event).getStatusInfo().getStatus());
+            }else {
+                log.info("Instance Info : [{}],[{}],[{}]",
+                        instance.getRegistration().getName(),
+                        event.getInstance(),
+                        event.getType());
+            }
+        });
+    }
+}

visual/monitor/src/main/resources/bootstrap-dev.yml

@@ -0,0 +1,8 @@
+# Spring
+spring:
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 10.7.127.189:38848
+        namespace: dev

visual/monitor/src/main/resources/bootstrap-pro.yml

@@ -0,0 +1,7 @@
+# Spring
+spring:
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: nacos.fateverse.svc.cluster.local:8848

visual/monitor/src/main/resources/bootstrap.yml

@@ -0,0 +1,33 @@
+# Tomcat
+server:
+  port: 5050
+
+# Spring
+spring:
+  application:
+    # 应用名称
+    name: monitor
+  profiles:
+    # 环境配置
+    active: dev
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 192.168.101.108:8848
+        username: nacos
+        password: nacos
+        namespace: ${spring.profiles.active}
+      config:
+        # 配置中心地址
+        server-addr: ${spring.cloud.nacos.discovery.server-addr}
+        file-extension: yaml
+        namespace: ${spring.profiles.active}
+        shared-configs:
+          - ${spring.application.name}-${spring.profiles.active}.yaml
+  boot:
+    admin:
+      client:
+        instance:
+          # 忽略notice-ws服务
+          ignore: notice-ws