【开源产品部署系列】一、RuoYi-Radius搭建流程_开源radius认证服务器

系列文章目录

【开源产品部署系列】一、RuoYi-Radius搭建流程

文章目录

• 系列文章目录
• • @[TOC](文章目录)
• 前言
• 一、RuoYi-Radius简介
• 二、部署过程
• • 2.1、Centos8 环境准备
  • 2.2、启动虚拟机
  • 2.3、freeradius 安装
  • 2.4、freeradius 配置
  • • 2.4.1、通过软连接方式启动rest模块
    • 2.4.2、修改配置文件启动 rest 模块
    • 2.4.3、修改默认认证方式为rest
    • 2.4.4、修改rest模块配置
    • 2.4.5、修改客户端配置
  • 2.5、安装 mariadb 数据库
  • • 2.5.1、安装数据库
    • 2.5.2、修改密码
    • 2.5.3、创建数据库
  • 2.6、ruoyi-radius 安装
  • • 2.6.1、下载源码
    • 2.6.2、修改配置文件
    • 2.6.3、创建日志目录
    • 2.6.4、初始化数据库
    • 2.6.5、maven打包
    • 2.6.6、安装jdk
    • 2.6.7、启动
  • 3、调试验证

前言

本系列文章主要讲解开源产品如何在Linux上快速部署，我们的使用 vbox + vagrant 方案部署。

一、RuoYi-Radius简介

RuoYi-Radius 是以 若依管理框架V4.6.0 作为基础框架，实现了 ToughRADIUS大部分功能，支持标准RADIUS协议(RFC2865， RFC2866)，提供完整的AAA实现，可以用于酒店WIFI认证，公司局域网认证、商城WIFI认证等。

二、部署过程

2.1、Centos8 环境准备

vagrant init centos/8
1

修改 Vagrantfile 配置

# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "centos/8"

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false  

  config.vm.network "forwarded_port", guest: 3306, host: 3306
  config.vm.network "forwarded_port", guest: 8090, host: 8090
  config.vm.network "forwarded_port", guest: 5005 , host: 5005 

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"

  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  config.vm.synced_folder "../vagrant_data", "/data"

 
  # Disable the default share of the current code directory. Doing this
  # provides improved isolation between the vagrant box and your host
  # by making sure your Vagrantfile isn't accessible to the vagrant box.
  # If you use this you may want to enable additional shared subfolders as
  # shown above.
  # config.vm.synced_folder ".", "/vagrant", disabled: true

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  config.vm.provider "virtualbox" do |vb|
    # Display the VirtualBox GUI when booting the machine
    # vb.gui = true
  
    # Customize the amount of memory on the VM:
    vb.memory = "2048"
    vb.name = "ruoyi-radius"
  end
  #
  # View the documentation for the provider you are using for more
  # information on available options.

  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   apt-get update
  #   apt-get install -y apache2
  # SHELL
end
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

2.2、启动虚拟机

vagrant up
1

此时启动，我们发现yum更新源报错，错误信息如下：

Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist
1

先ssh登陆到 linux 虚拟机

vagrant ssh
1

解决方案：

sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*

sudo yum clean all && yum makecache
sudo yum install -y centos-release
sudo yum update -y
sudo yum install net-tools dejavu-sans-fonts fontconfig  -y
1
2
3
4
5
6
7

需要注意某些 JDK 版本没有对应的字体，kaptcha 组件在LInux 环境下会报错，我们只需要安装 dejavu-sans-fonts fontconfig 这两个软件包即可。

2.3、freeradius 安装

sudo yum install freeradius freeradius-rest freeradius-utils -y
1
2

2.4、freeradius 配置

2.4.1、通过软连接方式启动rest模块

sudo ln -s /etc/raddb/mods-available/rest /etc/raddb/mods-enabled/rest
1

2.4.2、修改配置文件启动 rest 模块

sudo yum install vim-enhance* -y
sudo vim /etc/raddb/sites-enabled/default
1
2

分别在authorize，authenticate,accounting3个模块中插入rest配置

2.4.3、修改默认认证方式为rest

sudo  vim /etc/raddb/users
1

把freeradius的默认认证方式改为rest(DEFAULT Auth-Type := rest)

2.4.4、修改rest模块配置

sudo vim /etc/raddb/mods-enabled/rest
1

修改 rest api 地址与入参信息

2.4.5、修改客户端配置

sudo  vim /etc/raddb/clients.conf
1

修改成自己的ip

su -
cd /etc/raddb/certs/
./bootstrap
1
2
3

2.5、安装 mariadb 数据库

2.5.1、安装数据库

sudo yum install mariadb* -y
1

2.5.2、修改密码

默认root密码是空密码

mysql -uroot -p
1

ALTER USER 'root'@'localhost' IDENTIFIED BY '123456';
ALTER USER 'root'@'127.0.0.1' IDENTIFIED BY '123456';
update mysql.user set host = '%' where user = 'root'and host='localhost';
FLUSH PRIVILEGES;
1
2
3
4

2.5.3、创建数据库

CREATE DATABASE ruoyiradius CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
1

2.6、ruoyi-radius 安装

2.6.1、下载源码

git clone https://gitee.com/panweilei/ruoyi-radius.git
1

2.6.2、修改配置文件

修改radius-application.properties,避免和freeradius端口冲突

org.toughradius.authport=${RADIUSD_AUTH_PORT:2812}
org.toughradius.acctport=${RADIUSD_ACCT_PORT:2813}

修改为false
org.toughradius.portal.portalEnabled=${PORTAL_ENABLED:false}
1
2
3
4
5

2.6.3、创建日志目录

sudo mkdir -p /opt/server/ruoyiradius/logs
1

2.6.4、初始化数据库

use ruoyiradius
source /vagrant_data/ruoyi-radius/sql/ruoyiradius-init.sql
source /vagrant_data/ruoyi-radius/sql/ry_20201214.sql
1
2
3

2.6.5、maven打包

D:\ruoyi-radius\bin\package.bat
1

2.6.6、安装jdk

sudo yum install wget -y
wget https://repo.huaweicloud.com/java/jdk/8u202-b08/jdk-8u202-linux-x64.rpm
sudo rpm -ivh jdk-8u202-linux-x64.rpm
1
2
3

2.6.7、启动

# 调试启动
bash -x ry.sh
1
2

3、调试验证

我们做了端口映射，可用远程调试