关于Nacos的介绍就不在多说,不知道的可以看看Nacos的官网:nacos.io
1、下载安装Nacos
下载地址:https://nacos.io/download/nacos-server/,下载后将Nacos解压到本地磁盘即可,Nacos使用Java语言开发,因此下载包不区分Windows和Linux,在不同的环境通过不同的脚本启动即可。
2、开启Nacos鉴权
本文主要使用Nacos自带的鉴权插件,参考文档:https://nacos.io/docs/latest/guide/user/auth/。进入到nacos/conf目录下,修改application.properties的参数,如下图所示:
参数说明:
# 鉴权类型 nacos | ldap
nacos.core.auth.system.type=nacos
# 是否开启鉴权
nacos.core.auth.enabled=true
# 是否使用useragent白名单,主要用于适配老版本升级,置为true时有安全风险
nacos.core.auth.enable.userAgentAuthWhite=false
# 用于替换useragent白名单的身份识别key,使用默认值有安全风险
nacos.core.auth.server.identity.key=admin
# 用于替换useragent白名单的身份识别value,使用默认值有安全风险
nacos.core.auth.server.identity.value=1234567890
# 默认鉴权插件用于生成用户登陆临时accessToken所使用的密钥,使用默认值有安全风险
# 推荐将配置项设置为Base64编码的字符串,且原始密钥长度不得低于32字符
nacos.core.auth.plugin.nacos.token.secret.key=OTTlubTnmoTkuIHpk7bljY7mmK/=
3. 启动Nacos
进入到nacos/bin路径下打开cmd控制台命令执行"startup.cmd -m standalone"命令以单机模式启动Nacos,启动后访问http://localhost:8848/nacos/,此时如果要求验证用户名和密码,则Nacos的鉴权功能开启成功,默认用户名密码:nacos/nacos
4、SpringBoot集成Nacos
SpringBoot集成Nacos还是挺简单的,首先是引入依赖库,然后开启Nacos客户端,最后在编写配置即可,本文不在详细展示,有需要的可以参考我的另一篇博客:Springcloud Alibaba Nacos 注册中心与配置中心
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
<version>2021.0.4.0</version>
</dependency>
@SpringBootApplication
@EnableDiscoveryClient // 开启nacos客户端
public class HxzSystemApplication {
public static void main(String[] args) {
SpringApplication.run(HxzSystemApplication.class, args);
}
}
spring:
cloud:
nacos:
server-addr: 127.0.0.1:8848
username: nacos
password: nacos
5. 连接其他电脑的Nacos
先说说背景,我的局域网内有一台当做服务器使用的电脑,安装的是Centos7版本,开启了防火墙,现在是将Nacos装在这台服务器上的,我的SpringBoot连接它然后抛出了异常,具体异常如下:
2024-06-24 16:42:45-ERROR--[com.alibaba.nacos.client.naming.security]-c.a.n.client.security.SecurityProxy:[SecurityProxy] login http request failed url: http://192.168.101.8:8848/nacos/v1/auth/users/login, params: {username=admin}, bodyMap: {password=123456}, errorMsg: connect timed out
2024-06-24 16:42:46-ERROR--[main]-c.a.n.c.r.client.grpc.GrpcClient:Server check fail, please check server 192.168.101.8 ,port 9848 is available , error ={}
java.util.concurrent.TimeoutException: Waited 3000 milliseconds (plus 433700 nanoseconds delay) for com.alibaba.nacos.shaded.io.grpc.stub.ClientCalls$GrpcFuture@179ee36b[status=PENDING, info=[GrpcFuture{clientCall={delegate={delegate=ClientCallImpl{method=MethodDescriptor{fullMethodName=Request/request, type=UNARY, idempotent=false, safe=false, sampledToLocalTracing=true, requestMarshaller=com.alibaba.nacos.shaded.io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@6b16de91, responseMarshaller=com.alibaba.nacos.shaded.io.grpc.protobuf.lite.ProtoLiteUtils$MessageMarshaller@71bb8b34, schemaDescriptor=com.alibaba.nacos.api.grpc.auto.RequestGrpc$RequestMethodDescriptorSupplier@197ce367}}}}}]]
at com.alibaba.nacos.shaded.com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:508)
at com.alibaba.nacos.common.remote.client.grpc.GrpcClient.serverCheck(GrpcClient.java:148)
at com.alibaba.nacos.common.remote.client.grpc.GrpcClient.connectToServer(GrpcClient.java:264)
at com.alibaba.nacos.common.remote.client.RpcClient.start(RpcClient.java:390)
at com.alibaba.nacos.client.naming.remote.gprc.NamingGrpcClientProxy.start(NamingGrpcClientProxy.java:96)
at com.alibaba.nacos.client.naming.remote.gprc.NamingGrpcClientProxy.<init>(NamingGrpcClientProxy.java:89)
at com.alibaba.nacos.client.naming.remote.NamingClientProxyDelegate.<init>(NamingClientProxyDelegate.java:76)
at com.alibaba.nacos.client.naming.NacosNamingService.init(NacosNamingService.java:95)
at com.alibaba.nacos.client.naming.NacosNamingService.<init>(NacosNamingService.java:81)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.alibaba.nacos.api.naming.NamingFactory.createNamingService(NamingFactory.java:59)
at com.alibaba.nacos.api.NacosFactory.createNamingService(NacosFactory.java:77)
at com.alibaba.cloud.nacos.NacosServiceManager.createNewNamingService(NacosServiceManager.java:99)
at com.alibaba.cloud.nacos.NacosServiceManager.buildNamingService(NacosServiceManager.java:90)
at com.alibaba.cloud.nacos.NacosServiceManager.getNamingService(NacosServiceManager.java:46)
at com.alibaba.cloud.nacos.discovery.NacosWatch.start(NacosWatch.java:130)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:179)
at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:54)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:357)
at java.lang.Iterable.forEach(Iterable.java:75)
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:156)
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:124)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:938)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:147)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:731)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:408)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292)
at com.hxz.computer.HxzComputerLocalApplication.main(HxzComputerLocalApplication.java:20)
其中有一条信息很重要,让检查948端口,因此去查阅了Nacos的端口信息
Nacos在2.0版本增加了两个端口,如下:
官方对端口的使用也做了说明:
因此,局域网内服务器开启了防火墙,需要将8848和9848两个端口开放
# 添加端口
firewall-cmd --zone=public --add-port=9848/tcp --permanent
# 重新加载防火墙配置
firewall-cmd --reload
# 查询防火墙端口列表
firewall-cmd --list-ports