默认的

django=2.2 version
2021-04-19 08:41:22 +08:00 · 2021-04-19 08:41:22 +08:00 · d8ac7552a6
parent ffbe96425d
commit d8ac7552a6
10 changed files with 410 additions and 11 deletions
--- a/35
+++ b/35
@ -0,0 +1,35 @@
 # 编译代码
 FROM python:3.6.13-slim as stage-build
 MAINTAINER Xiangle0109@outlook.com
 ARG VERSION
 ENV VERSION=1.0
 WORKDIR /opt/password-self-service
 ADD ./ad-password.tar.gz ./
 ARG PIP_MIRROR=https://pypi.douban.com/simple
 ENV PIP_MIRROR=$PIP_MIRROR
 WORKDIR /opt/password-self-service
 RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
    && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
    && apt update \
    && grep -v '^#' ./docker-src/deb_requirement | xargs apt -y install \
    && rm -rf /var/lib/apt/lists/* \
    && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
    && pip config set global.index-url ${PIP_MIRROR} \
    && pip install --no-cache-dir -r ./docker-src/requirement
 VOLUME /opt/password-self-service/log
 ENV LANG=zh_CN.UTF-8
 EXPOSE 8070
 EXPOSE 8080
 ENTRYPOINT ["./entrypoint.sh"]
--- a/Python-3.6.9.tar.xz
+++ b/Python-3.6.9.tar.xz
--- a/docker-compose.yml
+++ b/docker-compose.yml
--- a/docker-install.sh
+++ b/docker-install.sh
@ -0,0 +1,255 @@
 #!/bin/bash
 echo -e "此脚本为Docker快速部署脚本"
 ##Check IP
 function check_ip() {
    local IP=$1
    VALID_CHECK=$(echo $IP|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
    if echo $IP|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then
        if [[ $VALID_CHECK == "yes" ]]; then
            return 0
        else
            return 1
        fi
    else
        return 1
    fi
 }
 ##Check domain
 function check_domain() {
    local DOMAIN=$1
    if echo $DOMAIN |grep -P "(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$)" >/dev/null; then
        return 0
    else
        return 1
    fi
 }
 ##Check Port
 function check_port() {
    local PORT=$1
    VALID_CHECK=$(echo $PORT|awk '$1<=65535&&$1>=1{print "yes"}')
    if echo $PORT |grep -E "^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]{1}|6553[0-5])$" >/dev/null; then
        if [[ $VALID_CHECK == "yes" ]]; then
            return 0
        else
            return 1
        fi
    else
        return 1
    fi
 }
 while :; do echo
    echo "请确认你此台服务器是全新干净的，以防此脚本相关操作对正在运行的服务造成影响（不可逆）。"
    read -p "请确认是否继续执行，输入 [y/n]: " ensure_yn
    if [[ ! "${ensure_yn}" =~ ^[y,n]$ ]]; then
      echo "输入有误，请输入 y 或 n"
    else
      break
    fi
 done
 if [[ "${ensure_yn}" = n ]]; then
    exit 0
 fi
 echo "======================================================================="
 while :; do echo
    read -p "请输入密码自助平台使用的本机IP: " PWD_SELF_SERVICE_IP
    check_ip ${PWD_SELF_SERVICE_IP}
    if [[ $? -ne 0 ]]; then
      echo "---输入的IP地址格式有误，请重新输入。"
    else
      break
    fi
 done
 echo "======================================================================="
 while :; do echo
    read -p "请输入密码自助平台使用的端口: " PWD_SELF_SERVICE_PORT
    check_port ${PWD_SELF_SERVICE_PORT}
    if [[ $? -ne 0 ]]; then
      echo "---输入的端口有误，请重新输入。"
    else
      break
    fi
 done
 echo "======================================================================="
 while :; do echo
    read -p "请输入密码自助平台使用域名，例如：pwd.abc.com: " PWD_SELF_SERVICE_DOMAIN
    check_domain ${PWD_SELF_SERVICE_DOMAIN}
    if [[ $? -ne 0 ]]; then
      echo "---输入的域名格式有误，请重新输入。"
    else
      break
    fi
 done
 ##当前脚本的绝对路径
 SHELL_FOLDER=$(dirname $(readlink -f "$0"))
 echo "关闭SELINUX"
 sudo setenforce 0
 sudo sed -i 's@SELINUX=*@SELINUX=disabled@g' /etc/selinux/config
 echo "DONE....."
 echo "关闭防火墙"
 sudo systemctl disable firewalld
 sudo systemctl stop firewalld
 echo "DONE....."
 echo "初始化编译环境----------"
 sudo yum install gcc patch libffi-devel python-devel zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget psmisc -y
 echo "======================================================================="
 echo "初始化编译环境完成"
 echo "======================================================================="
 ##Quick install nginx
 echo "======================================================================="
 echo "安装 Nginx"
 sudo cat << EOF > /etc/yum.repos.d/nginx.repo
 [nginx-stable]
 name=nginx stable repo
 baseurl=http://nginx.org/packages/centos/7/\$basearch/
 gpgcheck=1
 enabled=1
 gpgkey=https://nginx.org/keys/nginx_signing.key
 module_hotfixes=true
 EOF
 sudo yum makecache fast
 sudo yum install nginx -y
 if [[ $? -eq 0 ]]
 then
  sudo systemctl enable nginx
  sudo systemctl start nginx
  echo "======================================================================="
  echo "nginx 安装成功！"
  echo "======================================================================="
 else
  echo "======================================================================="
  echo "nginx 安装失败！"
  echo "======================================================================="
  exit 1
 fi
 ##install python3
 ##如果之前用此脚本安装过python3，后续就不会再次安装。
 if [[ -f "/usr/share/python-3.6.9/bin/python3" ]]
 then
    echo "己发现Python3，将不会安装。"
 else
    if [[ -f "Python-3.6.9.tar.xz" ]]
    then
        echo "将安装Python3.6.9"
        tar xf Python-3.6.9.tar.xz
        cd Python-3.6.9
        sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install
    else
        echo "脚本目录下没有发现Python3.6.9.tar.xz，将会下载python 3.6.9"
        sudo wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tar.xz
        tar xf Python-3.6.9.tar.xz
        cd Python-3.6.9
        sudo ./configure --prefix=/usr/share/python-3.6.9 && make && make install
    fi
    if [[ $? -eq 0 ]]
    then
      echo "创建python3和pip3的软件链接"
      cd ${SHELL_FOLDER}
      sudo ln -svf /usr/share/python-3.6.9/bin/python3 /usr/bin/python3
      sudo ln -svf /usr/share/python-3.6.9/bin/pip3 /usr/bin/pip3
      echo "======================================================================="
      echo "Python3 安装成功！"
      echo "======================================================================="
    else
      echo "======================================================================="
      echo "Python3 安装失败！"
      echo "======================================================================="
      exit 1
    fi
 fi
 ##修改PIP源为国内
 mkdir -p ~/.pip
 cat << EOF > ~/.pip/pip.conf
 [global]
 index-url = https://pypi.tuna.tsinghua.edu.cn/simple
 [install]
 trusted-host=pypi.tuna.tsinghua.edu.cn
 EOF
 cd ${SHELL_FOLDER}
 echo "====升级pip================"
 /usr/bin/pip3 install --upgrade pip
 /usr/bin/pip3 install -r requestment
 if [[ $? -eq 0 ]]
 then
  echo "======================================================================="
  echo "Pip3 requestment 安装成功！"
  echo "======================================================================="
 else
  echo "======================================================================="
  echo "Pip3 requestment 安装失败！"
  echo "======================================================================="
  exit 1
 fi
 ##处理配置文件
 echo "======================================================================="
 echo "处理uwsgi.ini配置文件"
 sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgi.ini
 sed -i "s@PWD_SELF_SERVICE_IP@${PWD_SELF_SERVICE_IP}@g" ${SHELL_FOLDER}/uwsgi.ini
 sed -i "s@PWD_SELF_SERVICE_PORT@${PWD_SELF_SERVICE_PORT}@g" ${SHELL_FOLDER}/uwsgi.ini
 echo "处理uwsgi.ini配置文件完成"
 echo
 echo "处理uwsgiserver启动脚本"
 sed -i "s@PWD_SELF_SERVICE_HOME@${SHELL_FOLDER}@g" ${SHELL_FOLDER}/uwsgiserver
 alias cp='cp'
 cp -f ${SHELL_FOLDER}/uwsgiserver /etc/init.d/uwsgiserver
 chmod +x /etc/init.d/uwsgiserver
 chkconfig uwsgiserver on
 echo "处理uwsgiserver启动脚本完成"
 echo
 sed -i "s@PWD_SELF_SERVICE_DOMAIN@${PWD_SELF_SERVICE_DOMAIN}@g" ${SHELL_FOLDER}/pwdselfservice/local_settings.py
 ##Nginx vhost配置
 cat << EOF > /etc/nginx/conf.d/pwdselfservice.conf
 server {
    listen  80;
    server_name ${PWD_SELF_SERVICE_DOMAIN} ${PWD_SELF_SERVICE_IP};
    location / {
        proxy_pass         http://${PWD_SELF_SERVICE_IP}:${PWD_SELF_SERVICE_PORT};
        proxy_set_header   Host              \$host;
        proxy_set_header   X-Real-IP         \$remote_addr;
        proxy_set_header   X-Forwarded-For   \$proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto \$scheme;
    }
 	access_log off;
 }
 EOF
 rm -f /etc/nginx/conf.d/default.conf
 systemctl restart nginx
 echo
 echo "======================================================================="
 echo
 echo "密码自助服务平台的访问地址是：http://${PWD_SELF_SERVICE_DOMAIN}或http://${PWD_SELF_SERVICE_IP}"
 echo "请确保以上域名能正常解析，否则使用域名无法访问。"
 echo
 echo "Uwsgi启动：/etc/init.d/uwsgi start"
 echo "Uwsgi停止：/etc/init.d/uwsgi stop"
 echo "Uwsgi重启：/etc/init.d/uwsgi restart"
 echo
 echo
 echo "文件${SHELL_FOLDER}/pwdselfservice/local_setting.py中必要参数需要你自行修改"
 echo "此文件中有AD和钉钉的一些参数，按自己企业的修改"
 echo
 echo "======================================================================="
--- a/docker-src/deb_requestment
+++ b/docker-src/deb_requestment
@ -0,0 +1,23 @@
 # common
 gcc
 cmake
 curl
 wget
 vim
 locales
 iputils-ping
 python3
 nginx
 # mysql-client
 default-mysql-client
 default-libmysqlclient-dev
 openssl
 libssl-dev
 libldap2-dev
 libsasl2-dev
 libkrb5-dev
 sqlite
 sshpass
--- a/docker-src/uwsgi.ini
+++ b/docker-src/uwsgi.ini
@ -0,0 +1,28 @@
 [uwsgi]
 http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
 chdir = PWD_SELF_SERVICE_HOME
 module = pwdselfservice.wsgi:application
 master = true
 processes = 4
 threads = 4
 max-requests = 2000
 chmod-socket = 755
 vacuum = true
 #设置缓冲
 post-buffering = 4096
 #设置静态文件
 static-map = /static=PWD_SELF_SERVICE_HOME/static
 #设置日志目录
 daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log
--- a/docker-src/uwsgiserver
+++ b/docker-src/uwsgiserver
@ -0,0 +1,50 @@
 #!/bin/bash
 # Startup script for the uwsgi server
 # chkconfig: - 85 15
 # description: uwsgi server is Web Server
 # HTML files and CGI.
 # processname: uwsgiserver
 INI="/opt/password-self-service/uwsgi.ini"
 UWSGI="/usr/local/bin/uwsgi"
 PSID=$(ps -ef | grep "password-self-service-uwsgi uWSGI master" | grep -v grep | awk '{print $2}')
 if [ ! -n "$1" ]
 then
    content="Usages: $0 [start|stop|restart|status]"
    echo -e "\033[31m $content \033[0m"
    exit 0
 fi
 if [ $1 = start ]
 then
    if [[ `eval $PSID` -gt 4 ]]
    then
        content="uWsgi is Running!"
        echo -e "\033[32m $content \033[0m"
        exit 0
    else
        $UWSGI --ini $INI
        content="Start uWsgi Service [OK]"
        echo -e "\033[32m $content \033[0m"
    fi
 elif [ $1 = stop ];then
    kill -9 $PSID > /dev/null 2>&1
    content="Stop uWsgi Service [OK]"
    echo -e "\033[32m $content \033[0m"
 elif [ $1 = restart ];then
    kill -9 $PSID > /dev/null 2>&1
    echo "Pls wait...."
    sleep 3s
    $UWSGI --ini $INI
    content="Restart uWsgi Service [OK]"
    echo -e "\033[32m $content \033[0m"
 elif [ $1 = status ];then
    ps -ef | grep "password-self-service-uwsgi" | grep -v "grep"
 else
    content="Usages: $0 [start|stop|restart|status]"
    echo -e "\033[31m $content \033[0m"
 fi
--- a/pwdselfservice/local_settings.py
+++ b/pwdselfservice/local_settings.py
@ -28,7 +28,8 @@ DING_APP_SECRET = '修改为自己的'
 DING_SELF_APP_ID = '修改为自己的'
 DING_SELF_APP_SECRET = '修改为自己的'
-# Crypty key 通过generate_key生成，可不用修改
+# 执行：python3 ./resetpwd/utils/crypto.py 生成
 # 可自行生成后替换
 CRYPTO_KEY = b'dp8U9y7NAhCD3MoNwPzPBhBtTZ1uI_WWSdpNs6wUDgs='
 # COOKIE 超时单位是秒，可不用修改
--- a/resetpwd/utils/crypto.py
+++ b/resetpwd/utils/crypto.py
@ -1,4 +1,11 @@
-from cryptography.fernet import Fernet
+import os
 import random
 try:
    from cryptography.fernet import Fernet
 except ImportError:
    os.system('pip3 install cryptography')
    from cryptography.fernet import Fernet
 class Crypto(object):
@ -6,11 +13,6 @@ class Crypto(object):
    def __init__(self, key):
        self.factory = Fernet(key)
    @staticmethod
    def generate_key():
        key = Fernet.generate_key()
        print(key)
    # 加密
    def encrypt(self, string):
        token = str(self.factory.encrypt(string.encode('utf-8')), 'utf-8')
@ -20,3 +22,8 @@ class Crypto(object):
    def decrypt(self, token):
        string = self.factory.decrypt(bytes(token.encode('utf-8'))).decode('utf-8')
        return string
 if __name__ == '__main__':
    key = Fernet.generate_key()
    print(key)
--- a/uwsgi.ini
+++ b/uwsgi.ini
@ -1,7 +1,7 @@
 [uwsgi]
-http-socket = PWD_SELF_SERVICE_IP:PWD_SELF_SERVICE_PORT
+http-socket = 0.0.0.0:8000
-chdir = PWD_SELF_SERVICE_HOME
+chdir = /opt/password-self-service
 module = pwdselfservice.wsgi:application
@ -21,8 +21,8 @@ vacuum = true
 post-buffering = 4096
 #设置静态文件
-static-map = /static=PWD_SELF_SERVICE_HOME/static
+static-map = /static=/opt/password-self-service/static
 #设置日志目录
-daemonize = PWD_SELF_SERVICE_HOME/log/uwsgi.log
+daemonize = /opt/password-self-service/log/uwsgi.log