Happywzy

加密数据如何进行模糊查询

发表于 2021-03-04 分类于 mysql

问题

数据加密之后，如何进行模糊查询？

解决办法 —— 分词

如abcdefghijklmn按4个字符一组分词，则可分为

abcd
bcde
cdef
defg
efgh
fghi
…

分词后分别加密存储,模糊查询时就可以直接使用了.

traefik配置

发表于 2021-02-07 分类于 traefik

概述

Entrypoints -> 入口
HTTP Router -> 路由规则
Service -> 可以理解为部署在docker中的容器、这里也可以是在配置文件中自定义的service
TLS -> https

toml配置文件

traefik支持通过toml配置文件手动配置https、自定义Router、Service;

traefik.toml

# 全局配置
[global]
  checkNewVersion = false
  sendAnonymousUsage = false
# 入口
[entryPoints]
  # http 
  [entryPoints.web]
    address = ":80"
  # https "websecure"这个名字是自己定义的  
  [entryPoints.websecure]
    address = ":443"
  #  traefik web ui 
  [entryPoints.traefik]
    address = ":8080" 
# 免费Let's Encrypt 证书（注意：必须域名解析到的主机中才有效，traefik会把秘钥写入acme.json中）
[certificatesResolvers.bxtlschallenge.acme]
  # 自己的邮箱地址
  email = "xxxx@xx.com"
  # 秘钥写入地址，根据自己文件映射来配置
  storage = "/letsencrypt/acme.json"
  [certificatesResolvers.bxtlschallenge.acme.httpChallenge]
  entryPoint = "web"

# 自定义Router、Services（貌似必须定义在外部文件里面，坑了好久）
[providers.file]
  directory = "/etc/traefik/conf"
# traefik 需要开启的功能
[api]
  insecure = true
  dashboard = true
[ping]
[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedByDefault = true
# 传输配置
[serversTransport]
  # 如果后端需要代理https自定义证书，可以使用这种方式就可以跳过验证，不然会报x509证书错误
  insecureSkipVerify = true

file.toml

[http]
  # 自定义 routers
  [http.routers]
    # http 方式
    [http.routers.routers-cnblogs]
      entryPoints = ["web"]
      rule = "Host(`cnblogs.fanxp.com`)"
      service = "cnblogs"
    # https 方式
    [http.routers.routers-cnblogs1]
      entryPoints = ["websecure"]
      rule = "Host(`cnblogs.fanxp.com`)"
      service = "cnblogs"
      [http.routers.routers-cnblogs1.tls]
        certResolver = "bxtlschallenge"
  # 自定义 services
  [http.services]
    [http.services.cnblogs]
      # 可以设置多个url traefik 根据算法做负载均衡
      [http.services.cnblogs.loadBalancer]
        [[http.services.cnblogs.loadBalancer.servers]]
          url = "https://www.cnblogs.com/fanxp/"
        [[http.services.cnblogs.loadBalancer.servers]]
          url = "https://github.com/fanxiaoping/grpc-test"

测试traefik-compose.yml

version: '3'

services:
    traefik:
        image: traefik:v2.1
        container_name: traefik
        ports:
            # HTTP 端口
            - "80:80"
            # HTTPS 端口
            - "443:443"
            # Web UI 端口
            - "8080:8080"
        volumes:
            # 这样Traefik可以监听Docker事件
            - /var/run/docker.sock:/var/run/docker.sock:ro
            # 启动配置文件
            - ./traefik.toml:/etc/traefik/traefik.toml
            # 自定义routers、services
            - ./conf:/etc/traefik/conf
            # 存储证书秘钥
            - ./letsencrypt:/letsencrypt

    whoami:
        # 公开API以显示其IP地址的容器
        image: containous/whoami
        container_name: whoami
        labels:
            # 地址：whoami.fanxp.com
            - "traefik.http.routers.whoami.rule=Host(`whoami.fanxp.com`)"
            # 入口方式，这里采用https
            - "traefik.http.routers.whoami.entrypoints=websecure"
            # 指定证书
            - "traefik.http.routers.whoami.tls.certresolver=bxtlschallenge"

    whoami2:
        # 公开API以显示其IP地址的容器
        image: containous/whoami
        container_name: whoami2
        labels:
            # 地址：whoami.fanxp.com/v2
            - "traefik.http.routers.whoami2.rule=Host(`whoami.fanxp.com`) && PathPrefix(`/v2`)"
            # 默认代理使用http://172.0.0.4 配置方式用https://172.0.0.4
            # - "traefik.http.services.bx_resource_library.loadbalancer.server.scheme=https"
            # 定义中间件 规则
            - "traefik.http.routers.whoami2.middlewares=whoami2-stripprefix"
            # 代理：172.0.0.4/v2访问，这肯定不是我们想要的 写上规则后 代理：172.0.0.4
            - "traefik.http.middlewares.whoami2-stripprefix.stripprefix.prefixes=/v2"
            # 如果容器有多个端口 可以指定当前service暴露哪一个端口，默认第一个
            - "traefik.http.services.whoami2.loadbalancer.server.port=80"
            # 入口方式，这里采用https
            - "traefik.http.routers.whoami2.entrypoints=websecure"
            # 指定证书
            - "traefik.http.routers.whoami2.tls.certresolver=bxtlschallenge"

参考链接

原文链接

tarefik入门使用

发表于 2021-02-07 分类于 traefik

traefik概述

traefik 与 nginx 一样，是一款优秀的反向代理工具，或者叫 Edge Router。具有以下优势:

无须重启即可更新配置
自动的服务发现与负载均衡
与 docker 的完美集成，基于 container label 的配置
漂亮的 dashboard 界面
metrics 的支持，对 prometheus 和 k8s 的集成

traefik在1.x和2.x版本差异巨大,本文采用2.4.1版本.

traefik部署

本文采用docker-compose方式部署traefik.

version: '3'
services:
  reverse-proxy:
    image: traefik:2.4.1
    # Enables the web UI and tells Traefik to listen to docker
    # 启用webUI 并告诉Traefile去监听docker的容器实例
    command: --api.insecure=true --providers.docker
    ports:
      # traefik暴露的http端口
      - "80:80"
      # webUI暴露的端口(必须制定--api.insecure=true才可以访问)
      - "8080:8080"
    volumes:
      # 指定docker的sock文件来让traefik获取docker的事件，从而实现动态负载均衡
      - /var/run/docker.sock:/var/run/docker.sock

访问 http://192.168.41.128:8080 traefik的dashboard.

traefik使用

新建个whoami服务.

# ...
  whoami:
    # A container that exposes an API to show its IP address
    image: traefik/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"

启动whoami服务：

# 启动一个whoami实例
docker-compose up -d whoami

# 测试
curl -H Host:whoami.docker.localhost http://127.0.0.1
# 输出
Hostname: a656c8ddca6c
IP: 172.27.0.3

# 启动多个whoami实例
docker-compose up -d --scale whoami=2

# 在测试
curl -H Host:whoami.docker.localhost http://127.0.0.1
# 输出自动在两个实例中负载均衡
IP: 172.18.0.4
IP: 172.18.0.3

在daskboard上也可以看到http service中有两个whoami实例.

参考链接

maven配置编译环境

发表于 2021-01-16 分类于 java

<properties>
    <java.version>1.8</java.version>
    <maven.compiler.source>1.8</maven.compiler.source>
    <maven.compiler.target>1.8</maven.compiler.target>
    <maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
</properties>

docker-compose常用配置

发表于 2021-01-13 分类于 docker

version: '3'
services:
  nginx-route:
    image: hub.deri.org.cn/library/nginx
    container_name: nginx-route
    ports:
    - "8080:80"
    restart: always
    volumes:
    - "/etc/localtime:/etc/localtime"
    - "/wuzhiyong/nginx.conf:/etc/nginx/nginx.conf"
  authservice:
    image: wuzhiyong/authservice
    container_name: authservice
    restart: always
    volumes:
    - "/etc/localtime:/etc/localtime"
  dbcompare:
    image: wuzhiyong/dbcompare
    container_name: dbcompare
    restart: always
    volumes:
    - "/etc/localtime:/etc/localtime"
  graphcompare:
    image: wuzhiyong/graphcompare
    container_name: graphcompare
    restart: always
    volumes:
    - "/etc/localtime:/etc/localtime"
    - "/wuzhiyong/svg:/root/svg"
  hbasecompare:
    image: wuzhiyong/hbasecompare
    container_name: hbasecompare
    restart: always
    volumes:
    - "/etc/localtime:/etc/localtime"
    extra_hosts:
    - "hadoop1:172.16.0.7"
    - "hadoop2:172.16.0.8"
    - "hadoop3:172.16.0.9"
  taskservice:
    image: wuzhiyong/taskservice
    container_name: taskservice
    restart: always
    volumes:
    - "/etc/localtime:/etc/localtime"
networks:
  nwzb:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

    upstream taskservice{
        server taskservice:28080;
    }

    upstream authservice{
        server authservice:25050;
    }

    upstream dbcompare{
        server dbcompare:28082;
    }

    upstream hbasecompare{
        server hbasecompare:26060;
    }

    upstream graphcompare{
        server graphcompare:29090;
    }

    server {
        listen    80 default_server;
        server_name _;
    location /ts {
        proxy_pass    http://taskservice;
    }
        location /auth {
            proxy_pass  http://authservice;
        }
        location /dbc {
            proxy_pass  http://dbcompare;
        }
        location /hbc {
            proxy_pass  http://hbasecompare;
        }
        location /graph {
            proxy_pass  http://graphcompare;
        }
    }
}

java容器中时区问题

发表于 2020-12-31 分类于 java

问题

容器时间与主机差8个小时,如果里面运行的是java程序，那么程序时间还是有8个小时时差.

解决

容器内时间与宿主机时间不一样

#启动容器时增加
-v /etc/localtime:/etc/localtime

java时区主要从/etc/timezone获取

#dockerfile增加
RUN echo "Asia/shanghai" > /etc/timezone

#也也可以从宿主机映射，宿主机可能没有该文件，则需要先新增
-v /etc/timezone:/etc/timezone

#或者jvm参数传递
-Duser.timezone=GMT+08