功能

页面展示（以下展示Nilorg任务调度平台对接使用）

部署

使用Docker

docker run -d \-p 8080:8080 -p 5000:5000 -p 9000:9000 \--name naas \-v<local path>/naas/configs:/workspace/configs \-v<local path>/naas/web:/workspace/web \--link mysql:mysql \--link redis:redis \-e HTTP_ENABLE=true \-e GRPC_ENABLE=true \-e GRPC_GATEWAY_ENABLE=true \nilorg/naas:latest

使用Kubernetes

apiVersion:v1kind:Namespacemetadata:name:nilorg

kubectl apply -f ./deployments/k8s/namespace.yaml

apiVersion:v1kind:ConfigMapmetadata:name:naasnamespace:nilorgdata:config.yaml:|    <内容和configs/config.yaml相同>rbac_model.conf:|    <内容和configs/rbac_model.conf相同>

kubectl apply -f ./deployments/k8s/config-cm.yaml

apiVersion:apps/v1kind:Deploymentmetadata:name:naasnamespace:nilorgspec:selector:matchLabels:app:naasservice:naasversion:v1replicas:1template:metadata:labels:app:naasservice:naasversion:v1spec:restartPolicy:Alwayscontainers:        -name:naasimage:nilorg/naas:latestimagePullPolicy:Alwaysports:            -containerPort:8080# 对应 HTTP_ENABLE            -containerPort:5000# 对应 GRPC_ENABLE            -containerPort:9000# 对应 GRPC_GATEWAY_ENABLEenv:            -name:GRPC_ENABLEvalue:"true"            -name:GRPC_GATEWAY_ENABLEvalue:"true"            -name:HTTP_ENABLEvalue:"true"volumeMounts:            -name:config-cm# 配置文件mountPath:/workspace/configs/volumes:        -name:config-cm# 配置文件configMap:name:naas

kubectl apply -f ./deployments/k8s/pod.yaml

kind:ServiceapiVersion:v1metadata:name:naasnamespace:nilorglabels:app:naasspec:selector:app:naasservice:naasversion:v1ports:# 根据自己实际需求配置端口    -name:naas-8080port:8080protocol:TCPtargetPort:8080    -name:naas-5000port:5000protocol:TCPtargetPort:5000    -name:naas-9000port:9000protocol:TCPtargetPort:9000

kubectl apply -f ./deployments/k8s/service.yaml

apiVersion:traefik.containo.us/v1alpha1kind:IngressRoutemetadata:name:naasnamespace:nilorgspec:entryPoints:    -webroutes:    -kind:Rulematch:Host(`naas.nilorg.com`)services:        -name:naasnamespace:nilorgport:8080

kubectl apply -f ./deployments/k8s/traefik.yaml

配置文件解答

server:name:naas# 服务器名oauth2:port:8080# http服务端口issuer:"https://github.com/nilorg/naas"device_authorization_endpoint_enabled:true# 设备授权端点introspection_endpoint_enabled:true# 内省端点revocation_endpoint_enabled:true# Token销毁端点grpc:port:9000gateway:port:5000oidc:enabled:true# 是否开启OpenID Connentuserinfo_endpoint_enabled:true# 根据token获取用户信息open:enabled:true# 开放APIadmin:enabled:true# 管理端external:true# 启用外部管理，需要配置外部URLexternal_url:http://naas-admin.nilorg.comsuper_user:"root"oauth2:# 管理端的OAuth2Client配置信息client_id:1000log:level:"debug"# panic/fatal/error/warn/info/debugreport_caller:truejwt:secret:"github.com/nilorg/naas"timeout:20# Token过期时间 分钟单位max_refresh:10#Token过期容忍刷新时间rsa:# 用于JWT Token生成，使用脚本创建`./scripts/create.sh`私钥和证书private:|# 私钥      -----BEGIN RSA PRIVATE KEY-----      MIIEowIBAAKCAQEA20St6pqB4LQvqT1Aq2jZPbrkpSiwFeQwiu6AA2eBz3oYveYA      SCDzl/jXfPsY36b8VahDWmhgB/ie5Ku+R6yXiZcY9SYDiu8sMONwdkhlIL4nP1oC      97CffWf4vkt4mH7i5/rJWCd/MMLzjSmrMPdUOh9Jd2awNjUZ9QiVTBogZeMo8b5i      nVBRfRcKAQDZYlo5/VkpaRBTqahh+RoIReX1MHy/LuPMJywPaqHpIh3dlwOvnY6Q      uFrPo3cF4B7mi/ofTeRX7xzm6z+uxVZGkUHAxgm4VMAYmiP0dLSzyagA5IHUaPHV      ex8luTSR6DcbINm0bw9skUzI8zYPIGzI/rchSQIDAQABAoIBAQDazaAXOfNcvbHJ      2jvMUKZn+TXssbt1PO5L1U+dFg7tcVN7PCcP0wIBpumx6AecNtAa0fvUHc+mZKx6      V/9bGpllTYg0KajjXWPlrTAueHOhxt73UuUfMfsVc0k+66T917Cp+RIui8taZ1AO      j4QrKsO79Dilk61HipnKcLQ66t9liv4Uf/oxOjfvjaw0+mRDgD2eulTNE+pSIw6L      uZXduUcpZkYenXCIS+YfRjKMJGHdCiy0bj8887vg0JiqF+mPxGo1UrOMrkWtC4am      Fht7IMUO5KnfBveL1rMB3ed8LRie9B5EOopRoBZ7PhZ31sqlimYargHGnZwYH8BH      HzazCGwBAoGBAO8N14JcbqEcs0VpGqyuuBffheu3+6waGt90MhYEMVJsL07qLkIw      8P4zvPDthXMncrLBC7VJzKkZ7hmww3/qZX5xYjeSVggxG149I1Kncqn9l9BW/Qes      IEmTUfDE8Js6mQfJVxf7qKDsN9E5N90Oj2j4XZK2ECfaLKbwWfDv3IBBAoGBAOrP      x/jm9s6Y6KBzxBkXK0jtx2PGM1KxwJFcH9TKgz1A5yue0I1gVdU5Yf3HQowkUGJK      lT2sUHh1JXUWd2gSrZ5ba6Fc7yITIRUYjAJaW4JKvGtk59QsdRUsHiKsMxmM1GJl      /uDuZem+EiSA4R9ZZZSHAIfQY2VJD3MLDWVMvt8JAoGAJDebo/NvC1e2zVhMI0dh      OrSxrHG2Xm+iDKKlB/LgqhUb4b/W/E4/5LNf97x0kGq0lOJsbK3epOv5x8ihBds0      P0DcWYEBKcKO2+s1U8tsstZpzrWvJh9s0NjR/EFKFqp9DtHxMP/+n0rKdhdOIF6Z      WZTvUE/nCLKkOzKE3dzpMkECgYAYkkmwyCqHkAS31aVtorkK1qcIz9LLEoK+M0+5      ar+1BzepnuLgCHay62BPuCxEkgA/aOKZI5EAKfITgJhaMaotag+nQRxdCndpx7nO      /TmaNsvkyRhhYY2W+5jjs/Vc9Rm8ekPjsc7EWPl5DGuCZk507nOlwq7ECJMvTLbI      JPHMUQKBgF9O0xzJu7NwR1njqeU1MWdo8nzmb9F2itsYRXmOtC+rjTs3uqWBqlu3      TE+L0j3o3S6navSHhzzcZLwozW6otHfDcmfFBQG48zbH7YgBVuTnSQyegEpSUHRa      Pk78NMGbTCMJ65lA96vscXaSk0hF9Y83YY9Jjiju+uwWdnx74khb      -----END RSA PRIVATE KEY-----cert:|# 签名后的证书      -----BEGIN CERTIFICATE-----      MIIDSjCCAjICCQDWXqh/wC9VZjANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJD      TjERMA8GA1UECAwIU2hhbmRvbmcxDjAMBgNVBAcMBUppbmFuMQ8wDQYDVQQKDAZk      ZXZvcHMxDzANBgNVBAsMBmRldm9wczETMBEGA1UEAwwKbmlsb3JnLmNvbTAeFw0y      MDA1MTYxMjA5MjNaFw0yMTA1MTYxMjA5MjNaMGcxCzAJBgNVBAYTAkNOMREwDwYD      VQQIDAhTaGFuZG9uZzEOMAwGA1UEBwwFSmluYW4xDzANBgNVBAoMBmRldm9wczEP      MA0GA1UECwwGZGV2b3BzMRMwEQYDVQQDDApuaWxvcmcuY29tMIIBIjANBgkqhkiG      9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20St6pqB4LQvqT1Aq2jZPbrkpSiwFeQwiu6A      A2eBz3oYveYASCDzl/jXfPsY36b8VahDWmhgB/ie5Ku+R6yXiZcY9SYDiu8sMONw      dkhlIL4nP1oC97CffWf4vkt4mH7i5/rJWCd/MMLzjSmrMPdUOh9Jd2awNjUZ9QiV      TBogZeMo8b5inVBRfRcKAQDZYlo5/VkpaRBTqahh+RoIReX1MHy/LuPMJywPaqHp      Ih3dlwOvnY6QuFrPo3cF4B7mi/ofTeRX7xzm6z+uxVZGkUHAxgm4VMAYmiP0dLSz      yagA5IHUaPHVex8luTSR6DcbINm0bw9skUzI8zYPIGzI/rchSQIDAQABMA0GCSqG      SIb3DQEBBQUAA4IBAQAxCCdWsJjI0BNja2VhW4UjN+E2NiE5YQU0wZWtoPtc//lt      RziOGrZP82W6uh6BreonBu9JdNOJ0z+FYO957OrCrk6YBoFHe3l38KkQa13Vc4yG      2I4s1QPwor9rPRLcRQv4rB/ZS42IXXQBaCEHg+RfQ6oOX8E8YVpmRI8i3fBL4Zcf      KPiaI5i2Ey9p7ncV+7LhZ9+rZvMeA10v1jdXhl0rRphJjN+EyC+pHCu01NAaQKAo      Cj3vnvAfK8f8dEsZ9hUHLw1olVz0PbdsoUwdvULvVU5weVNyIGFfFMQeoZESrhxr      B36K98eWEdm2Wc3IY6OL2xj+DaYm8Tuyh9KzL9hU      -----END CERTIFICATE-----session:name:"naas-session"# session使用的cookie名称secret:"github.com/nilorg/naas"# 用于session的加密options:# session 配置的可选项path:"/"domain:"naas.nilorg.com"max_age:86400secure:false# 要在HTTPS下开启才可以，HTTP下开启导致Session不可用问题http_only:trueredis:# 用于存储Session的Redis配置信息address:"localhost:6379"password:""mysql:# MySQL数据库address:"root:test123@tcp(localhost:3306)/naas?charset=utf8&parseTime=True&loc=Local"log:true# 是否打印logredis:# Redisaddress:"localhost:6379"password:""db:0swagger:# https://swagger.ioenabled:true# 是否启用Swaggeroauth2:# 用于Swagger中的OAuth2配置信息client_id:1000client_secret:22222realm:app_name:naas-serverredirect_url:http://naas.nilorg.com/swagger/oauth2-redirect.html# 授权回调地址casbin:# https://casbin.orginit:enabled:false# 是否初始化Casbin信息，用于项目第一次初始化使用。config:configs/rbac_model.conf# casbin配置文件storage:# 对象存储，目前支持两种方式default和oss，default使用指定文件夹目录进行存储、oss使用阿里云对象存储进行存储type:default# default/ossdefault:base_path:./web/storageoss:# 阿里云对象存储配置信息endpoint:oss-cn-shanghai.aliyuncs.combucket:xxxaccess:key_id:aaaaakey_secret:bbbbbpublic_path:http://localhost:8080/storage# 文件前缀地址，用于访问文件使用.oss的方式可以使用外网地址max_memory:20# 20MBnaas:resource:# 用于后端API授权资源使用id:1geetest:# https://www.geetest.com 极验验证enabled:trueid:"c9c4facd1a6feeb80802222cbb74ca8e"# 可更换为自己的key:"f7475f921a41f7ba79ae15e41658627c"# 可更换为自己的

# Model语法 https://casbin.org/docs/zh-CN/syntax-for-models# sub, obj, act 表示经典三元组: 访问实体 (Subject)，访问资源 (Object) 和访问方法 (Action)。# sub:希望访问资源的用户# dom:域/域租户 https://casbin.org/docs/zh-CN/rbac-with-domains# obj:要访问的资源# act:用户对资源执行的操作# request_definition:请求定义[request_definition]r = sub, dom, obj, act# policy_definition:策略定义[policy_definition]p = sub, dom, obj, act# role_definition:角色定义[role_definition]g = _, _, _# policy_effect:政策的影响[policy_effect]e = some(where (p.eft == allow))# matchers:匹配器[matchers]m = g(r.sub, p.sub, r.dom) == true \&& MyDomKeyMatch2(r.obj, p.obj, r.dom, p.dom) == true \&& MyRegexMatch(r.act, p.act, r.dom, p.dom) == true \|| r.sub == "role:naas_root"