August 2018 – 一江春水向东流

未分类

jenkins更改admin密码

找了半天，从页面上没找着修改admin超级管理员密码的地方，只能从配置文件着手了： Jenkins 配置文件存放在用户目录下.jenkins中例如root用户在路径 /root/.jenkins/ 其他用户在 /home/user/.jenkins/ cd /root/.jenkins/ 在 .jenkins目录下有一个users目录，存放用户信息 cd users user目录下找到你的帐号目录，例如你的登录帐号是admin，那么目录就是admin cd admin 该目录下有个config.xml文件

<?xml version='1.0' encoding='UTF-8'?>
<user>
  <fullName>admin</fullName>
  <properties>
    <jenkins.security.ApiTokenProperty>
      <apiToken>{AQAAABAAAAAwJXQ1lUdLbUrkaBQDoYajaS1pPTsw6PnANuI+HWeG5ZqyWTY+yAB5+NzlaJYcIx9yuGurOnl8hVNUn7sRR5c99A==}</apiToken>
    </jenkins.security.ApiTokenProperty>
    <hudson.model.MyViewsProperty>
      <views>
        <hudson.model.AllView>
          <owner class="hudson.model.MyViewsProperty" reference="../../.."/>
          <name>All</name>
          <filterExecutors>false</filterExecutors>
          <filterQueue>false</filterQueue>
          <properties class="hudson.model.View$PropertyList"/>
        </hudson.model.AllView>
      </views>
    </hudson.model.MyViewsProperty>
    <hudson.model.PaneStatusProperties>
      <collapsed/>
    </hudson.model.PaneStatusProperties>
    <hudson.search.UserSearchProperty>
      <insensitiveSearch>false</insensitiveSearch>
    </hudson.search.UserSearchProperty>
    <hudson.security.HudsonPrivateSecurityRealm_-Details>
      <passwordHash>#jbcrypt:$2a$12$4OqwS9bCDIh3YHsYo5ApJeEqedGF5ehgK1Ei0T1F2E6p6J1c8EhTu</passwordHash>
    </hudson.security.HudsonPrivateSecurityRealm_-Details>
    <jenkins.security.LastGrantedAuthoritiesProperty>
      <roles>
        <string>authenticated</string>
      </roles>
      <timestamp>1508771221297</timestamp>
    </jenkins.security.LastGrantedAuthoritiesProperty>
  </properties>
</user>

<?xml version='1.0' encoding='UTF-8'?>

<user>

<fullName>admin</fullName>

<jenkins.security.ApiTokenProperty>

<apiToken>{AQAAABAAAAAwJXQ1lUdLbUrkaBQDoYajaS1pPTsw6PnANuI+HWeG5ZqyWTY+yAB5+NzlaJYcIx9yuGurOnl8hVNUn7sRR5c99A==}</apiToken>

</jenkins.security.ApiTokenProperty>

<hudson.model.MyViewsProperty>

<views>

<hudson.model.AllView>

<filterExecutors>false</filterExecutors>

<filterQueue>false</filterQueue>

</hudson.model.AllView>

</views>

</hudson.model.MyViewsProperty>

<hudson.model.PaneStatusProperties>

</hudson.model.PaneStatusProperties>

<hudson.search.UserSearchProperty>

<insensitiveSearch>false</insensitiveSearch>

</hudson.search.UserSearchProperty>

<hudson.security.HudsonPrivateSecurityRealm_-Details>

<passwordHash>#jbcrypt:$2a$12$4OqwS9bCDIh3YHsYo5ApJeEqedGF5ehgK1Ei0T1F2E6p6J1c8EhTu</passwordHash>

</hudson.security.HudsonPrivateSecurityRealm_-Details>

<jenkins.security.LastGrantedAuthoritiesProperty>

<roles>

<string>authenticated</string>

</roles>

</jenkins.security.LastGrantedAuthoritiesProperty>

</properties>

</user>

passwordHash 字段存放的是加密过后的密码 Jenkins的密码采用的是Java加解密工具 jBCrypt，我也是第一次接触到这种加密方式，实在被他惊叹到了！这种加密方式每次加密同一个明文竟然都是得到不一样的结果，那他又是通过怎样的方式来解密的呢？原来，他拿着用户的明文，和存储的密文去重新生成一串密文去判断。总结如下，它有以下特点：关于bcrypt： 1、bcrypt是不可逆的加密算法，无法通过解密密文得到明文。 2、bcrypt和其他对称或非对称加密方式不同的是，不是直接解密得到明文，也不是二次加密比较密文，而是把明文和存储的密文一块运算得到另一个密文，如果这两个密文相同则验证成功。下面，用python生成加密后的密码：

#安装bcrypt
pip install bcrypt
生成加密密码：
bcrypt.hashpw("mypassword".encode('utf-8'), bcrypt.gensalt(prefix=b'2a')).decode('utf-8')

#安装bcrypt

pip install bcrypt

生成加密密码：

bcrypt.hashpw("mypassword".encode('utf-8'), bcrypt.gensalt(prefix=b'2a')).decode('utf-8')

修改 #jbcrypt:$2a$12$4OqwS9bCDIh3YHsYo5ApJeEqedGF5ehgK1Ei0T1F2E6p6J1c8EhTu 为 #jbcrypt:$2a$12$ldO4lUKecFxyMTgSntrVNuyaeRBIhN1onQvpXf2fQ1asnV6mkESBi 最后重启jenkins 注：在python2里测试生成加密字符串的过程没有问题，但是在python3会报如下错误：

Unicode-objects must be encoded before hashing

1	Unicode-objects must be encoded before hashing

查找了下原因，是因为python3里，字符串有str和bytes两种形态，所以需要改成

bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt()).decode(<span class="hljs-string">'utf-8'</span>)

1	bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt()).decode(<span class="hljs-string">'utf-8'</span>)

另外，bcrypt有多种标准，我们需要的是2a，所以还要改成：

bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt(prefix=<span class="hljs-string">b'2a'</span>)).decode(<span class="hljs-string">'utf-8'</span>)

1	bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt(prefix=<span class="hljs-string">b'2a'</span>)).decode(<span class="hljs-string">'utf-8'</span>)

这样就得到正确结果了。

By sean, 6 years08/31/2018 ago

未分类

nginx反向代理和 ip重定向到域名配置

配置说明： 1 访问test.cn将会跳转到test.cn/cms。并重新匹配server里面的规则 2 将前端用户访问test.cn/cms 页面转发到 http://172.16.20.1:8080/cms/ 并且前端显示为test.cn/cms 3 将前端用户访问test.cn/u 页面转发到 http://172.16.20.2:8080/u/ 并且前端显示为test.cn/u 4 将前端用户访问‘test.cn/任意6个字符或者数字’ 页面转发到a.b.c/前端输入的任意6个字符或者数字。并且前端显示为‘test.cn/任意6个字符或者数字’ 5 将前端用户访问的163.177.111.111重定向到test.cn 并且前端显示为test.cn。如果用户输入163.177.111.111/test 页面会重定向到test.cn/test 6 将域名重定向到ip+端口的形式访问

server {
        listen       80;
        server_name  test.cn;
        rewrite ^/$  http://test.cn/cms;
        location ^~ /cms/ {
                proxy_redirect off;
                proxy_set_header   Host    $host; 
                proxy_set_header   X-Real-IP   $remote_addr; 
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for; 
                proxy_pass http://172.16.20.1:8080/cms/;
                   }
        location ^~ /u/ {
                proxy_redirect off;
                proxy_set_header   Host    $host;
                proxy_set_header   X-Real-IP   $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://172.16.20.2:8080/u/;
                   }
         location ^~ /([A-Za-z0-9]\{6\}) {
                proxy_redirect off;
                proxy_set_header   Host    $host;
                proxy_set_header   X-Real-IP   $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://a.b.c/$1;
                   }
         location  / {
                proxy_redirect off;
                proxy_set_header   Host    $host;
                proxy_set_header   X-Real-IP   $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://172.16.20.3;
                   }
        }
        
server {
        listen       80;
        server_name  163.177.111.111;
        rewrite ^(.*)  test.cn #将ip重定向到域名 
           }

server {
        listen 80;
        server_name www.yuming.com;
        rewrite ^(.*) http://103.111.111.3:8111$1;
           }

server {

listen 80;

server_name test.cn;

rewrite ^/$ http://test.cn/cms;

location ^~ /cms/ {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.16.20.1:8080/cms/;

}

location ^~ /u/ {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.16.20.2:8080/u/;

}

location ^~ /([A-Za-z0-9]\{6\}) {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://a.b.c/$1;

}

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.16.20.3;

}

server {

listen 80;

server_name 163.177.111.111;

rewrite ^(.*) test.cn #将ip重定向到域名

}

server {

listen 80;

server_name www.yuming.com;

rewrite ^(.*) http://103.111.111.3:8111$1;

}

By sean, 6 years08/31/2018 ago

未分类

nginx编译安装

Yum安装的nginx模块不全，有时需要编译安装，在centos7上编译安装前，需要安装一些依赖包，命令是：

yum  install  gcc  gcc-c++  pcre  pcre-devel openssl  openssl-devel gd-devel

1	yum install gcc gcc-c++ pcre pcre-devel openssl openssl-devel gd-devel

可能会提示pcre已经装过或存在多重版本，则可以去掉pcre 之后进入Nginx源码目录，进行安装：

./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_image_filter_module --with-http_sub_module --with-http_secure_link_module --with-pcre --with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-ld-opt=-Wl,-rpath,/path/to/luajit-or-lua/lib --with-http_stub_status_module --with-stream
make && make install

./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_image_filter_module --with-http_sub_module --with-http_secure_link_module --with-pcre --with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-ld-opt=-Wl,-rpath,/path/to/luajit-or-lua/lib --with-http_stub_status_module --with-stream

make && make install

By sean, 7 years08/08/2018 ago