diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e7d332c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,35 @@ +# 编译代码 +FROM python:3.6.13-slim as stage-build +MAINTAINER Xiangle0109@outlook.com +ARG VERSION +ENV VERSION=1.0 + +WORKDIR /opt/password-self-service +ADD ./ad-password.tar.gz ./ + +ARG PIP_MIRROR=https://pypi.douban.com/simple +ENV PIP_MIRROR=$PIP_MIRROR + +WORKDIR /opt/password-self-service + + +RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \ + && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \ + && apt update \ + && grep -v '^#' ./docker-src/deb_requirement | xargs apt -y install \ + && rm -rf /var/lib/apt/lists/* \ + && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \ + && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime + + +RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \ + && pip config set global.index-url ${PIP_MIRROR} \ + && pip install --no-cache-dir -r ./docker-src/requirement + +VOLUME /opt/password-self-service/log + +ENV LANG=zh_CN.UTF-8 + +EXPOSE 8070 +EXPOSE 8080 +ENTRYPOINT ["./entrypoint.sh"] diff --git a/Python-3.6.9.tar.xz b/Python-3.6.9.tar.xz deleted file mode 100644 index 9939829..0000000 Binary files a/Python-3.6.9.tar.xz and /dev/null differ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e69de29 diff --git a/docker-install.sh b/docker-install.sh new file mode 100644 index 0000000..4fea1b5 --- /dev/null +++ b/docker-install.sh @@ -0,0 +1,255 @@ +#!/bin/bash +echo -e "此脚本为Docker快速部署脚本" + +##Check IP +function check_ip() { + local IP=$1 + VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}') + if echo $IP|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then + if [[ $VALID_CHECK == "yes" ]]; then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +##Check domain +function check_domain() { + local DOMAIN=$1 + if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then + return 0 + else + return 1 + fi +} + +##Check Port +function check_port() { + local PORT=$1 + VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}') + if echo $PORT |grep -E "^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]{1}|6553[0-5])$" >/dev/null; then + if [[ $VALID_CHECK == "yes" ]]; then + return 0 + else + return 1 + fi + else + return 1 + fi +} + +while :; do echo + echo "请确认你此台服务器是全新干净的,以防此脚本相关操作对正在运行的服务造成影响(不可逆)。" + read -p "请确认是否继续执行,输入 [y/n]: " ensure_yn + if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then + echo "输入有误,请输入 y 或 n" + else + break + fi +done + +if [[ "${ensure_yn}" = n ]]; then + exit 0 +fi + +echo "=======================================================================" +while :; do echo + read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP + check_ip ${PWD_SELF_SERVICE_IP} + if [[ $? -ne 0 ]]; then + echo "---输入的IP地址格式有误,请重新输入。" + else + break + fi +done + +echo "=======================================================================" +while :; do echo + read -p "请输入密码自助平台使用的端口: " PWD_SELF_SERVICE_PORT + check_port ${PWD_SELF_SERVICE_PORT} + if [[ $? -ne 0 ]]; then + echo "---输入的端口有误,请重新输入。" + else + break + fi +done + +echo "=======================================================================" +while :; do echo + read -p "请输入密码自助平台使用域名,例如:pwd.abc.com: " PWD_SELF_SERVICE_DOMAIN + check_domain ${PWD_SELF_SERVICE_DOMAIN} + if [[ $? -ne 0 ]]; then + echo "---输入的域名格式有误,请重新输入。" + else + break + fi +done + +##当前脚本的绝对路径 +SHELL_FOLDER=$(dirname $(readlink -f "$0")) + +echo "关闭SELINUX" +sudo setenforce 0 +sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config +echo "DONE....." +echo "关闭防火墙" +sudo systemctl disable firewalld +sudo systemctl stop firewalld +echo "DONE....." + +echo "初始化编译环境----------" +sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y +echo "=======================================================================" +echo "初始化编译环境完成" +echo "=======================================================================" + +##Quick install nginx +echo "=======================================================================" +echo "安装 Nginx" +sudo cat << EOF > /etc/yum.repos.d/nginx.repo +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/7/\$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true +EOF + +sudo yum makecache fast +sudo yum install nginx -y + +if [[ $? -eq 0 ]] +then + sudo systemctl enable nginx + sudo systemctl start nginx + echo "=======================================================================" + echo "nginx 安装成功!" + echo "=======================================================================" +else + echo "=======================================================================" + echo "nginx 安装失败!" + echo "=======================================================================" + exit 1 +fi + +##install python3 +##如果之前用此脚本安装过python3,后续就不会再次安装。 +if [[ -f "/usr/share/python-3.6.9/bin/python3" ]] +then + echo "己发现Python3,将不会安装。" +else + if [[ -f "Python-3.6.9.tar.xz" ]] + then + echo "将安装Python3.6.9" + tar xf Python-3.6.9.tar.xz + cd Python-3.6.9 + sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install + else + echo "脚本目录下没有发现Python3.6.9.tar.xz,将会下载python 3.6.9" + sudo wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tar.xz + tar xf Python-3.6.9.tar.xz + cd Python-3.6.9 + sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install + fi + + if [[ $? -eq 0 ]] + then + echo "创建python3和pip3的软件链接" + cd ${SHELL_FOLDER} + sudo ln -svf /usr/share/python-3.6.9/bin/python3 /usr/bin/python3 + sudo ln -svf /usr/share/python-3.6.9/bin/pip3 /usr/bin/pip3 + echo "=======================================================================" + echo "Python3 安装成功!" + echo "=======================================================================" + else + echo "=======================================================================" + echo "Python3 安装失败!" + echo "=======================================================================" + exit 1 + fi +fi + + +##修改PIP源为国内 +mkdir -p ~/.pip +cat << EOF > ~/.pip/pip.conf +[global] +index-url = https://pypi.tuna.tsinghua.edu.cn/simple +[install] +trusted-host=pypi.tuna.tsinghua.edu.cn +EOF + +cd ${SHELL_FOLDER} +echo "====升级pip================" +/usr/bin/pip3 install --upgrade pip +/usr/bin/pip3 install -r requestment + +if [[ $? -eq 0 ]] +then + echo "=======================================================================" + echo "Pip3 requestment 安装成功!" + echo "=======================================================================" +else + echo "=======================================================================" + echo "Pip3 requestment 安装失败!" + echo "=======================================================================" + exit 1 +fi + +##处理配置文件 +echo "=======================================================================" +echo "处理uwsgi.ini配置文件" +sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini +sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini +sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini +echo "处理uwsgi.ini配置文件完成" +echo +echo "处理uwsgiserver启动脚本" +sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver +alias cp='cp' +cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver +chmod +x /etc/init.d/uwsgiserver +chkconfig uwsgiserver on +echo "处理uwsgiserver启动脚本完成" +echo + +sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/pwdselfservice/local_settings.py + +##Nginx vhost配置 +cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf +server { + listen 80; + server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP}; + + location / { + proxy_pass http://${PWD_SELF_SERVICE_IP}:${PWD_SELF_SERVICE_PORT}; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + access_log off; +} +EOF +rm -f /etc/nginx/conf.d/default.conf +systemctl restart nginx + +echo +echo "=======================================================================" +echo +echo "密码自助服务平台的访问地址是:http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}" +echo "请确保以上域名能正常解析,否则使用域名无法访问。" +echo +echo "Uwsgi启动:/etc/init.d/uwsgi start" +echo "Uwsgi停止:/etc/init.d/uwsgi stop" +echo "Uwsgi重启:/etc/init.d/uwsgi restart" +echo +echo +echo "文件${SHELL_FOLDER}/pwdselfservice/local_setting.py中必要参数需要你自行修改" +echo "此文件中有AD和钉钉的一些参数,按自己企业的修改" +echo +echo "=======================================================================" diff --git a/docker-src/deb_requestment b/docker-src/deb_requestment new file mode 100644 index 0000000..feb6f44 --- /dev/null +++ b/docker-src/deb_requestment @@ -0,0 +1,23 @@ +# common +gcc +cmake +curl +wget +vim +locales +iputils-ping +python3 +nginx + +# mysql-client +default-mysql-client +default-libmysqlclient-dev + +openssl +libssl-dev +libldap2-dev +libsasl2-dev +libkrb5-dev +sqlite + +sshpass \ No newline at end of file diff --git a/docker-src/uwsgi.ini b/docker-src/uwsgi.ini new file mode 100644 index 0000000..7ecedf7 --- /dev/null +++ b/docker-src/uwsgi.ini @@ -0,0 +1,28 @@ +[uwsgi] +http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT + +chdir = PWD_SELF_SERVICE_HOME + +module = pwdselfservice.wsgi:application + +master = true + +processes = 4 + +threads = 4 + +max-requests = 2000 + +chmod-socket = 755 + +vacuum = true + +#设置缓冲 +post-buffering = 4096 + +#设置静态文件 +static-map = /static=PWD_SELF_SERVICE_HOME/static + +#设置日志目录 +daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log + diff --git a/docker-src/uwsgiserver b/docker-src/uwsgiserver new file mode 100644 index 0000000..b0e727b --- /dev/null +++ b/docker-src/uwsgiserver @@ -0,0 +1,50 @@ +#!/bin/bash +# Startup script for the uwsgi server +# chkconfig: - 85 15 +# description: uwsgi server is Web Server +# HTML files and CGI. +# processname: uwsgiserver + +INI="/opt/password-self-service/uwsgi.ini" +UWSGI="/usr/local/bin/uwsgi" +PSID=$(ps -ef | grep "password-self-service-uwsgi uWSGI master" | grep -v grep | awk '{print $2}') + +if [ ! -n "$1" ] +then + content="Usages: $0 [start|stop|restart|status]" + echo -e "\033[31m $content \033[0m" + exit 0 +fi + +if [ $1 = start ] +then + if [[ `eval $PSID` -gt 4 ]] + then + content="uWsgi is Running!" + echo -e "\033[32m $content \033[0m" + exit 0 + else + $UWSGI --ini $INI + content="Start uWsgi Service [OK]" + echo -e "\033[32m $content \033[0m" + fi + +elif [ $1 = stop ];then + kill -9 $PSID > /dev/null 2>&1 + content="Stop uWsgi Service [OK]" + echo -e "\033[32m $content \033[0m" + +elif [ $1 = restart ];then + kill -9 $PSID > /dev/null 2>&1 + echo "Pls wait...." + sleep 3s + $UWSGI --ini $INI + content="Restart uWsgi Service [OK]" + echo -e "\033[32m $content \033[0m" + +elif [ $1 = status ];then + ps -ef | grep "password-self-service-uwsgi" | grep -v "grep" +else + content="Usages: $0 [start|stop|restart|status]" + echo -e "\033[31m $content \033[0m" +fi diff --git a/pwdselfservice/local_settings.py b/pwdselfservice/local_settings.py index 42b2529..03e9bc4 100644 --- a/pwdselfservice/local_settings.py +++ b/pwdselfservice/local_settings.py @@ -28,7 +28,8 @@ DING_APP_SECRET = '修改为自己的' DING_SELF_APP_ID = '修改为自己的' DING_SELF_APP_SECRET = '修改为自己的' -# Crypty key 通过generate_key生成,可不用修改 +# 执行:python3 ./resetpwd/utils/crypto.py 生成 +# 可自行生成后替换 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs=' # COOKIE 超时单位是秒,可不用修改 diff --git a/resetpwd/utils/crypto.py b/resetpwd/utils/crypto.py index c996977..1118c9d 100644 --- a/resetpwd/utils/crypto.py +++ b/resetpwd/utils/crypto.py @@ -1,4 +1,11 @@ -from cryptography.fernet import Fernet +import os +import random + +try: + from cryptography.fernet import Fernet +except ImportError: + os.system('pip3 install cryptography') + from cryptography.fernet import Fernet class Crypto(object): @@ -6,11 +13,6 @@ class Crypto(object): def __init__(self, key): self.factory = Fernet(key) - @staticmethod - def generate_key(): - key = Fernet.generate_key() - print(key) - # 加密 def encrypt(self, string): token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8') @@ -20,3 +22,8 @@ class Crypto(object): def decrypt(self, token): string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8') return string + + +if __name__ == '__main__': + key = Fernet.generate_key() + print(key) diff --git a/uwsgi.ini b/uwsgi.ini index 7ecedf7..6aa822f 100644 --- a/uwsgi.ini +++ b/uwsgi.ini @@ -1,7 +1,7 @@ [uwsgi] -http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT +http-socket = 0.0.0.0:8000 -chdir = PWD_SELF_SERVICE_HOME +chdir = /opt/password-self-service module = pwdselfservice.wsgi:application @@ -21,8 +21,8 @@ vacuum = true post-buffering = 4096 #设置静态文件 -static-map = /static=PWD_SELF_SERVICE_HOME/static +static-map = /static=/opt/password-self-service/static #设置日志目录 -daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log +daemonize = /opt/password-self-service/log/uwsgi.log