springboot集成eureka、eureka获取服务列表、EurekaURI路径存在未授权访问
分为3个项目来讲解: 注册中心,provider,consumer
文章目录
注册中心
注册中心pom.xml添加:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
</dependency>
再添加(注意这个version目前是Hoxton.SR1,以后升级了可能会变):
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Hoxton.SR1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
application.yml
server:
port: 8761
eureka:
instance:
hostname: eureka-server #eureka实例的主机名
client:
register-with-eureka: false #不注册本身到Eureka注册中心
fetch-registry: false #不从Eureka注册中心获取服务的注册信息
service-url:
defaultZone: http://localhost:8761/eureka/
EurekaSpringBootApplication代码:
@EnableEurekaServer//启用Eureka服务
@SpringBootApplication
public class EurekaSpringBootApplication {
public static void main(String[] args) {
SpringApplication.run(EurekaSpringBootApplication.class, args);
}
}
启动项目,访问:http://localhost:8761/ 即可看到注册中心页面。
provider项目
除了注册中心刚才添加的,pom.xml额外添加:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
application.yml代码:
#启动端口
server:
port: 8001
#项目名称
spring:
application:
name: provider
#eureka配置
eureka:
instance:
prefer-ip-address: true #使用服务的id地址注册
client:
service-url:
defaultZone: http://localhost:8761/eureka/
ProviderSpringBootApplication代码:
@EnableEurekaServer//启用Eureka服务
@SpringBootApplication
public class ProviderSpringBootApplication {
public static void main(String[] args) {
SpringApplication.run(ProviderSpringBootApplication.class, args);
}
}
TicketService代码:
@Service
public class TicketService {
public String getTicket(){
return "动车票";
}
}
TicketController代码:
@RestController
public class TicketController {
@Autowired
TicketService ticketService;
@GetMapping("/ticket")
public String getTicket(){
return ticketService.getTicket();
}
}
启动项目。
consumer
pom.xml参照刚才server和client都要。
application.yml代码:
server:
port: 8002
spring:
application:
name: consumer
eureka:
instance:
prefer-ip-address: true #使用服务的id地址注册
client:
service-url:
defaultZone: http://localhost:8761/eureka/
ConsumerSpringBootApplication代码:
@EnableEurekaServer//启用Eureka服务
@SpringBootApplication
public class ConsumerSpringBootApplication {
@Bean
@LoadBalanced//启用负载均衡机制
public RestTemplate restTemplate(){
return new RestTemplate();
}
public static void main(String[] args) {
SpringApplication.run(ConsumerSpringBootApplication.class, args);
}
}
UserController代码:
@RestController
public class UserController {
@Autowired
RestTemplate restTemplate;
@GetMapping("/buy")
public String buyTicket(String name){
String template = restTemplate.getForObject("http://PROVIDER/ticket", String.class);
return name+"购买了"+template;
}
}
启动项目。
效果
注册中心如图(8001是provider,8002是consumer):
浏览器输入: http://localhost:8002/buy?name=zhangsan
返回: zhangsan购买了 动车票
该项目git地址为:
https://github.com/1054294965/boot-eureka
其他
配置例子
### 注册中心地址
eureka.client.serviceUrl.defaultZone=http://registerserver-pool.${DOMAIN}:8889/eureka
# 使用自自定义ip地址
eureka.instance.preferIpAddress=true
# 实例规则是 ip+端口号
eureka.instance.instance-id=${spring.cloud.client.ipAddress}:${server.port}
eureka清理无效节点的默认时间
默认时间是60秒。 停止或启动服务之后,立刻刷新eureka页面是看不到效果的,最好等2分钟。
eureka:
server:
# 开启自我保护模式(开启状态下服务停掉eureka不会立即清除掉宕掉的服务,所以false)
enable-self-preservation: false
# 清理无效节点,默认60*1000毫秒,即60秒
eviction-interval-timer-in-ms: 5000
eureka获取服务列表
eureka后台如何看注册的服务
界面访问:
http://192.168.0.1:8889/
界面最简便,但是有时界面端口被禁掉,或者容易扫描到漏洞,就禁掉了。
curl http://192.168.0.1:8889/eureka/apps
这个拿到的是xml格式的报文。
curl http://192.168.0.1:8889/eureka/apps > eureka.xml
<applications>
<versions__delta>1</versions__delta>
<apps__hashcode>DOWN_1_UP_99_</apps__hashcode>
<application>
<name>service-user</name>
<instance>
<instanceId>192.168.0.1:8003</instanceId>
<hostName>192.168.0.1</hostName>
<app>service-user</app>
<ipAddr>192.168.0.1</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">8003</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1702639885249</registrationTimestamp>
<lastRenewalTimestamp>1704352647876</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1702627994046</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://192.168.0.1:8003/</homePageUrl>
<statusPageUrl>http://192.168.0.1:8003/info</statusPageUrl>
<healthCheckUrl>http://192.168.0.1:8003/health</healthCheckUrl>
<vipAddress>service-user</vipAddress>
<secureVipAddress>service-user</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1702639885249</lastUpdatedTimestamp>
<lastDirtyTimestamp>1702639884730</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
<instance>
<instanceId>192.168.0.2:8003</instanceId>
<hostName>192.168.0.2</hostName>
<app>service-user</app>
<ipAddr>192.168.0.2</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">8003</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1702639913029</registrationTimestamp>
<lastRenewalTimestamp>1704352630498</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1702628217414</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://192.168.0.2:8003/</homePageUrl>
<statusPageUrl>http://192.168.0.2:8003/info</statusPageUrl>
<healthCheckUrl>http://192.168.0.2:8003/health</healthCheckUrl>
<vipAddress>service-user</vipAddress>
<secureVipAddress>service-user</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1702639913029</lastUpdatedTimestamp>
<lastDirtyTimestamp>1702639913026</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
</application>
<application>
<name>CONTAINER-CORE</name>
<instance>
<instanceId>192.168.0.4:11188</instanceId>
<hostName>192.168.0.4</hostName>
<app>CONTAINER-CORE</app>
<ipAddr>192.168.0.4</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">11188</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1702624960160</registrationTimestamp>
<lastRenewalTimestamp>1704352625597</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1702624960160</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://192.168.0.4:11188/</homePageUrl>
<statusPageUrl>http://192.168.0.4:11188/info</statusPageUrl>
<healthCheckUrl>http://192.168.0.4:11188/health</healthCheckUrl>
<vipAddress>container-core</vipAddress>
<secureVipAddress>container-core</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1702624960160</lastUpdatedTimestamp>
<lastDirtyTimestamp>1702624960090</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
<instance>
<instanceId>192.168.0.3:11188</instanceId>
<hostName>192.168.0.3</hostName>
<app>CONTAINER-CORE</app>
<ipAddr>192.168.0.3</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">11188</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1702624805637</registrationTimestamp>
<lastRenewalTimestamp>1704352625397</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1702624805637</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://192.168.0.3:11188/</homePageUrl>
<statusPageUrl>http://192.168.0.3:11188/info</statusPageUrl>
<healthCheckUrl>http://192.168.0.3:11188/health</healthCheckUrl>
<vipAddress>container-core</vipAddress>
<secureVipAddress>container-core</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1702624805637</lastUpdatedTimestamp>
<lastDirtyTimestamp>1702624805566</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
</application>
</applications>
那么直接grep下即可。
grep instanceId eureka.xml -A 2 >eureka.txt
安全漏洞 EurekaURI路径存在未授权访问
http://192.168.0.1:8889
一般来说eureka的界面是可以直接访问的,但是也因为如此,被漏扫到了。
方案一:
添加访问账号密码。
但是这样其他微服务注册过来也需要账号密码,改动比较大,例如集群有几十个微服务。
方案二(推荐):
通过防火墙策略来实现。
只允许集群内的机器访问8889端口,其他机器不允许访问。
该方案改动较小。