Janusec 应用网关容器化
Janusec 官方已经详细介绍了产品的许多特性,在我看来,最主要的是提供了 Web 应用防火墙和 Web 统一身份验证的能力。此外,架构上也支持一主多从,虽然未实现高可用性,但已经能满足大部分中小企业的需求。
欲了解更多细节,可参考官方提供的 pdf 文档:www.janusec.com/download/Ja…
官方文档中已经清楚地描述了在主机上安装的过程,本文主要阐述在 Docker 或 Kubernetes 中运行 Janusec 的方法。
构建及运行
构建
# cat Dockerfile
FROM ubuntu:22.04 as Build
ENV OS_ARCH="${TARGETARCH:-amd64}" \
OS_NAME="linux" \
VERSION='1.2.9'
RUN apt update && \
apt install wget -y
RUN wget https://github.com/Janusec/Application-Gateway/releases/download/v${VERSION}/janusec-${VERSION}-${OS_ARCH}.tar.gz -O /tmp/janusec.tar.gz \
&& tar -zxvf /tmp/janusec.tar.gz -C /tmp/ \
&& mv /tmp/janusec-${VERSION}-${OS_ARCH} /tmp/janusec \
&& mkdir -p /tmp/janusec/log
FROM ubuntu:22.04 as Image
ENV APP_VERSION="v1.2.9" \
TZ=Asia/Shanghai
WORKDIR /
LABEL work.amap.image.description="Application packaged by orrn" \
work.amap.image.version="v1.2.9" \
work.amap.image.source="https://github.com/Janusec/Application-Gateway"
RUN apt-get update -y \
&& ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime \
&& echo "${TZ}" > /etc/timezone \
&& apt install -y tzdata \
&& rm -rf /var/lib/apt/lists/*
COPY --from=Build /tmp/janusec /janusec
CMD ["/janusec/janusec"]
# docker build -f Dockerfile gotafire/janusec:v1.2.9 .
主节点/单节点
#cat docker-compose.yaml
version: '3.8'
services:
postgresql:
image: docker.io/bitnami/postgresql:13
restart: always
ports:
- '5432:5432'
volumes:
- 'postgresql_data:/bitnami/postgresql'
environment:
- 'POSTGRESQL_USERNAME=janusec'
- 'POSTGRESQL_PASSWORD=123456'
- 'POSTGRESQL_DATABASE=janusec'
networks:
- janusec
healthcheck:
test: "pg_isready -U $${POSTGRESQL_USERNAME} -d $${POSTGRESQL_DATABASE}"
interval: 2s
timeout: 5s
start_period: 30s
retries: 60
janusec:
image: docker.io/gotafire/janusec:v1.2.9
restart: always
ports:
- '80:80'
- '443:443'
- '9080:9080'
volumes:
- 'janusec_certs:/janusec/certs/'
- './config.json:/janusec/config.json'
#- 'janusec_log:/janusec/log/'
networks:
- janusec
depends_on:
postgresql:
condition: service_healthy
volumes:
postgresql_data:
driver: local
janusec_certs:
driver: local
networks:
janusec:
driver: bridge
# cat config.json
{
"node_role": "primary",
"listen_http": "",
"listen_https": "",
"primary_node": {
"admin": {
"listen": true,
"listen_http": ":9080",
"listen_https": ":9443",
"portal": "https://gateway.primary_node.com:9443/janusec-admin/",
"webssh_enabled": false
},
"database": {
"host": "postgresql",
"port": "5432",
"user": "janusec",
"password": "123456",
"dbname": "janusec"
}
},
"replica_node": {
"node_key": "",
"sync_addr": "http://gateway.primary_node.com:9080/janusec-admin/api"
}
}
#docker compose up -d
从节点
#cat docker-compose.yaml
version: '3.8'
services:
janusec:
image: docker.io/gotafire/janusec:v1.2.9
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- 'janusec_certs:/janusec/certs/'
- './config.json:/janusec/config.json'
#- 'janusec_log:/janusec/log/'
networks:
- janusec
volumes:
janusec_certs:
driver: local
networks:
janusec:
driver: bridge
# cat config.json
{
"node_role": "replica",
"listen_http": "",
"listen_https": "",
"primary_node": {
"admin": {
"listen": true,
"listen_http": ":9080",
"listen_https": ":9443",
"portal": "https://gateway.primary_node.com:9443/janusec-admin/",
"webssh_enabled": false
},
"database": {
"host": "postgresql",
"port": "5432",
"user": "",
"password": "",
"dbname": ""
}
},
"replica_node": {
"node_key": "node_key_generated_in_node_management",
"sync_addr": "http://gateway.primary_node.com:9080/janusec-admin/api"
}
}
#docker compose up -d
使用
默认管理入口:http://您的网关IP地址:9080/janusec-admin/
默认用户名:admin
默认口令:J@nusec123
