9.5 config server的详细配置加密

config server的详细配置

spring:
  application:
    name: microservice-config-server
  cloud:
    config:
      server:
        git:
          uri: https://git.oschina.net/itmuch/spring-cloud-config-repo      # 配置Git仓库的地址
          username:                                                         # Git仓库的账号
          password:                                                         # Git仓库的密码

支持占位符 {application} {profile} {label}

  1. 一个项目使用一个git仓库,也可以一个profile 一个git仓库
spring:
  application:
    name: microservice-config-server
  cloud:
    config:
      server:
        git:
          uri: https://git.oschina.net/itmuch/{application}
          username:                                                         # Git仓库的账号
          password:                                                         # Git仓库的密码
logging:
  level:
    org.springframework.cloud: DEBUG
    org.springframework.boot: DEBUG
    
## 测试:可以使用http://localhost:8080/spring-cloud-config-repo-default.yml 获取到http://localhost:8080/spring-cloud-config-repo下的application.properties
  1. 模式匹配

    1. special 只访问special开头的。
    2. local只访问local开头的
    3. {application} /{profile} 配置,如果不配置,使用 上面配置的uri
    spring:
      cloud:
        config:
          server:
            git:
              uri: https://github.com/spring-cloud-samples/config-repo
              repos:
                simple: https://github.com/simple/config-repo
                special:
                  pattern: special*/dev*,*special*/dev*
                  uri: https://github.com/special/config-repo
                local:
                  pattern: local*
                  uri: file:/home/configsvc/config-repo
    
    # 测试:
    # 使用http://localhost:8080/foo-default.yml,可以访问到https://github.com/spring-cloud-samples/config-repo
    # 使用http://localhost:8080/special/dev,观察日志及返回结果
    
  2. 搜索目录

    foo,bar* 都会查询

spring:
  cloud:
    config:
      server:
        git:
          uri: http://git.oschina.net/itmuch/spring-cloud-config-repo
          search-paths: foo,bar*
logging:
  level:
    org.springframework.cloud: DEBUG
    org.springframework.boot: DEBUG

# 测试:访问http://localhost:8080/application/default
  1. 启动的时候,就加载配置文件

    启动时快速识别错误的配置源

spring:
  cloud:
    config:
      server:
        git:
          uri: https://github.com/spring-cloud-samples/config-repo
          repos:
            team-a:
                pattern:  microservice-*
                clone-on-start: true
                uri: http://git.oschina.net/itmuch/spring-cloud-config-repo
logging:
  level:
    org.springframework.cloud: DEBUG
    org.springframework.boot: DEBUG

# 测试:
# 1.观察启动日志
# 2.访问http://localhost:8080/microservice-foo/dev

全局配置启动时加载配置文件:

spring:
  cloud:
    config:
      server:
        git:
          clone-on-start: true

9.6 config server的健康状态指示器

/health

{profile} 是 default, {label} 是 master

spring:
  application:
    name: microservice-config-server
  cloud:
    config:
      server:
        git:
          uri: https://git.oschina.net/itmuch/spring-cloud-config-repo/     # 配置Git仓库的地址
          username:                                                         # Git仓库的账号
          password:                                                         # Git仓库的密码
        health:
          repositories:
            a-foo: 
              label: config-label-v2.0
              name: microservice-foo
              profiles: dev

http://localhost:8080/health

{

   "status": "UP"

}

然鹅 ,并不能用。

配置内容的加密

config server 依赖的加密是: jce

bootstrap.yml

encrypt:
  key: foo  # 设置对称密钥

http://localhost:8080/encrypt -d mysecret

http://localhost:8080/decrypt -d 密文解密

存储加密的内容

encryption.yml

spring:
  datasource:
    username: dbuser
    password: '{cipher}851a6effab6619f43157a714061f4602be0131b73b56b0451a7e268c880daea3'

如果用properties,则’{cipher}'不能使用单引号

http://localhost:8080/encryption-default.yml

profile: default
spring:
  datasource:
    password: mysecret
    username: dbuser
test: '1'

直接返回密文本身:

spring:
  application:
    name: microservice-config-server
  cloud:
    config:
      server:
        git:
          uri: https://git.oschina.net/itmuch/spring-cloud-config-repo      # 配置Git仓库的地址
          username:                                                         # Git仓库的账号
          password:                                                         # Git仓库的密码
        encrypt:
          enabled: false

测试结果失败:

profile: default
spring:
  datasource:
    password: mysecret
    username: dbuser
test: '1'

非对称加密

生成秘钥对:

keytool -genkeypair -alias mytestkey -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass changeme -keystore serverhua.jks -storepass letmein

复制到 classpath 目录下

在application.yml中添加一下内容

bootstrap.yml

encrypt:
  keyStore:
    location: classpath:/server.jks # jks文件的路径
    password: letmein               # storepass
    alias: mytestkey                # alias
    secret: changeme                # keypass

尝试加密

curl http://localhost:8080/encrypt -d mysecret

你可能感兴趣的:(spring,cloud与docker)