0.省流
只有环境搭建步骤和过程,poc需自力更生。
1.Nacos简介
Nacos (Dynamic Naming and Configuration Service) 是阿里巴巴开源的一个用于动态服务发现、配置管理和服务治理的平台。Nacos 提供以下主要功能:
服务发现和注册:支持基于DNS和HTTP的动态服务发现,帮助你实现微服务架构中的负载均衡和故障转移。配置管理:提供动态配置服务,能够集中管理应用的所有配置,支持配置的实时更新和推送。服务健康监控:提供服务的健康检查、实时监控和告警功能。
2.环境搭建
2.1.编写Dockerfile
FROM openjdk:8-jdk
RUN apt-get update && apt-get install -y wget unzip bash
RUN wget https://github.com/alibaba/nacos/releases/download/2.3.2/nacos-server-2.3.2.zip -O /opt/nacos-server-2.3.2.zip
RUN unzip /opt/nacos-server-2.3.2.zip -d /opt && rm /opt/nacos-server-2.3.2.zip
RUN mv /opt/nacos/bin/startup.sh /opt/nacos/bin/startup.sh.bak &&
echo '#!/bin/bashn' > /opt/nacos/bin/startup.sh &&
cat /opt/nacos/bin/startup.sh.bak >> /opt/nacos/bin/startup.sh &&
chmod +x /opt/nacos/bin/startup.sh
EXPOSE 8848
CMD ["bash", "/opt/nacos/bin/startup.sh", "-m", "standalone"]
2.2.运行docker
sudo docker build -t nacos-vulnerable:2.3.2 .
sudo docker run -d -p 8848:8848 --name nacos-vulnerable nacos-vulnerable:2.3.2
2.3.完整安装过程
(base) hx@orz:~/nacos$sudo docker build -t nacos-vulnerable:2.3.2 .
[+] Building 22.1s (9/9) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 627B 0.0s
=> [internal] load metadata for docker.io/library/openjdk:8-jdk 1.7s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/5] FROM docker.io/library/openjdk:8-jdk@sha256:86e863cc57215cfb181bd319736d0baf625fe8f150577f9eb5 0.0s
=> CACHED [2/5] RUN apt-get update && apt-get install -y wget unzip bash 0.0s
=> [3/5] RUN wget https://github.com/alibaba/nacos/releases/download/2.3.2/nacos-server-2.3.2.zip -O / 17.6s
=> [4/5] RUN unzip /opt/nacos-server-2.3.2.zip -d /opt && rm /opt/nacos-server-2.3.2.zip 1.8s
=> [5/5] RUN mv /opt/nacos/bin/startup.sh /opt/nacos/bin/startup.sh.bak && echo '#!/bin/bashn' > / 0.3s
=> exporting to image 0.6s
=> => exporting layers 0.6s
=> => writing image sha256:f293d4eea3c2c4acf73a5e1f66c19ee6132074f9b50b32398f726a3417fa69c2 0.0s
=> => naming to docker.io/library/nacos-vulnerable:2.3.2 0.0s
(base) hx@orz:~/nacos$ sudo docker run -d -p 8848:8848 --name nacos-vulnerable nacos-vulnerable:2.3.2
d244a369e679d11df8ec95a45705706e154356301bd6e1d30b85c9502cf8ac9d
2.4.确认安装成功
(base) hx@orz:~/nacos$ sudo docker run -it --rm -p 8848:8848 nacos-vulnerable:2.3.2 bash
root@96e8fb06497a:/# bash /opt/nacos/bin/startup.sh -m standalone
/usr/local/openjdk-8/bin/java -Djava.ext.dirs=/usr/local/openjdk-8/jre/lib/ext:/usr/local/openjdk-8/lib/ext -Xms512m -Xmx512m -Xmn256m -Dnacos.standalone=true -Dnacos.member.list= -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:CMSInitiatingOccupancyFraction=70 -XX:+CMSParallelRemarkEnabled -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+CMSClassUnloadingEnabled -XX:SurvivorRatio=8 -Xloggc:/opt/nacos/logs/nacos_gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=100M -Dloader.path=/opt/nacos/plugins,/opt/nacos/plugins/health,/opt/nacos/plugins/cmdb,/opt/nacos/plugins/selector -Dnacos.home=/opt/nacos -jar /opt/nacos/target/nacos-server.jar --spring.config.additional-location=file:/opt/nacos/conf/ --logging.config=/opt/nacos/conf/nacos-logback.xml --server.max-http-header-size=524288
nacos is starting with standalone
nacos is starting. you can check the /opt/nacos/logs/start.out
root@96e8fb06497a:/# cat /opt/nacos/logs/start.out
/usr/local/openjdk-8/bin/java -Djava.ext.dirs=/usr/local/openjdk-8/jre/lib/ext:/usr/local/openjdk-8/lib/ext -Xms512m -Xmx512m -Xmn256m -Dnacos.standalone=true -Dnacos.member.list= -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:CMSInitiatingOccupancyFraction=70 -XX:+CMSParallelRemarkEnabled -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+CMSClassUnloadingEnabled -XX:SurvivorRatio=8 -Xloggc:/opt/nacos/logs/nacos_gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=100M -Dloader.path=/opt/nacos/plugins,/opt/nacos/plugins/health,/opt/nacos/plugins/cmdb,/opt/nacos/plugins/selector -Dnacos.home=/opt/nacos -jar /opt/nacos/target/nacos-server.jar --spring.config.additional-location=file:/opt/nacos/conf/ --logging.config=/opt/nacos/conf/nacos-logback.xml --server.max-http-header-size=524288
OpenJDK 64-Bit Server VM warning: UseCMSCompactAtFullCollection is deprecated and will likely be removed in a future release.
,--.
,--.'|
,--,: : | Nacos 2.3.2
,`--.'`| ' : ,---. Running in stand alone mode, All function modules
| : : | | ' ,' .--.--. Port: 8848
: | | : ,--.--. ,---. / / | / / ' Pid: 31
| : ' '; | / / . ; ,. :| : /`./ Console: http://172.17.0.2:8848/nacos/index.html
' ' ;. ;.--. .-. | / / '' | |: :| : ;_
| | | | __/: . .. ' / ' | .; : `. https://nacos.io
' : | ; .' ," .--.; |' ; :__| : | `----.
| | '`--' / / ,. |' | '.'| / / /`--' /
' : | ; : .' : : `----' '--'. /
; |.' | , .-./ / `--'---'
'---' `--`---' `----'
2024-07-16 01:56:21,303 INFO Tomcat initialized with port(s): 8848 (http)
2024-07-16 01:56:21,588 INFO Root WebApplicationContext: initialization completed in 2989 ms
2024-07-16 01:56:26,028 INFO Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@411c6d44, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1687eb01, org.springframework.security.web.context.SecurityContextPersistenceFilter@518bfd90, org.springframework.security.web.header.HeaderWriterFilter@181b8c4b, org.springframework.security.web.csrf.CsrfFilter@69fe0ed4, org.springframework.security.web.authentication.logout.LogoutFilter@44f24a20, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@56dfab87, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@7fb29ca9, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@748d2277, org.springframework.security.web.session.SessionManagementFilter@437486cd, org.springframework.security.web.access.ExceptionTranslationFilter@6573d2f7]
2024-07-16 01:56:26,406 INFO Adding welcome page: class path resource [static/index.html]
2024-07-16 01:56:26,759 INFO Exposing 1 endpoint(s) beneath base path '/actuator'
2024-07-16 01:56:26,777 WARN You are asking Spring Security to ignore Ant [pattern='/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2024-07-16 01:56:26,778 INFO Will not secure Ant [pattern='/**']
2024-07-16 01:56:26,778 WARN You are asking Spring Security to ignore Mvc [pattern='/prometheus']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2024-07-16 01:56:26,778 INFO Will not secure Mvc [pattern='/prometheus']
2024-07-16 01:56:26,778 WARN You are asking Spring Security to ignore Mvc [pattern='/prometheus/namespaceId/{namespaceId}']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2024-07-16 01:56:26,778 INFO Will not secure Mvc [pattern='/prometheus/namespaceId/{namespaceId}']
2024-07-16 01:56:26,778 WARN You are asking Spring Security to ignore Mvc [pattern='/prometheus/namespaceId/{namespaceId}/service/{service}']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2024-07-16 01:56:26,778 INFO Will not secure Mvc [pattern='/prometheus/namespaceId/{namespaceId}/service/{service}']
2024-07-16 01:56:26,880 INFO Tomcat started on port(s): 8848 (http) with context path '/nacos'
2024-07-16 01:56:26,894 INFO No TaskScheduler/ScheduledExecutorService bean found for scheduled processing
2024-07-16 01:56:26,923 INFO Nacos started successfully in stand alone mode. use embedded storage
访问http://ip:8848
原文始发于微信公众号(攻防SRC):如何使用Docker搭建NacOS 环境
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论