There are two ways to deploy the system: using Docker or manually.
The default login method is password-based, and if you want to log in with LDAP, please refer to the LDAP Configuration Guide.
- Docker
- Docker Compose
- Node.js 12+
- npm
cd path/to/wolf
bash bin/build-all.sh 0.1.10
After a successful build, you can view the image using the following command:
docker images |grep wolf
The output should look similar to this:
igeeky/wolf-agent 0.1.10 c8013cdbc95d 1 hours ago 101MB
igeeky/wolf-agent latest c8013cdbc95d 7 hours ago 101MB
igeeky/wolf-server 0.1.10 25ee3cb46296 7 hours ago 143MB
igeeky/wolf-server latest 25ee3cb46296 7 hours ago 143MB
For instructions, please refer to: Quick Start with Docker.
You can choose between PostgreSQL
and MySQL
databases, and we recommend using PostgreSQL.
- Installing PostgreSQL
You can find the installation method by searching on Google.
- Create accounts and databases
To create the wolfroot
user and wolf
database (with custom username and password if needed), log in to the PostgreSQL database with a PostgreSQL account and execute the following script:
CREATE USER wolfroot WITH PASSWORD '123456';
CREATE DATABASE wolf with owner=wolfroot ENCODING='UTF8';
GRANT ALL PRIVILEGES ON DATABASE wolf to wolfroot;
- Creation tables
Creating database tables using scripts
\i path/to/wolf/server/script/db-psql.sql;
To view the created table, run the following command:
\d
The output should look similar to this, indicating a successful creation of the database table:
List of relations
Schema | Name | Type | Owner
--------+-------------------+----------+----------
public | access_log | table | wolfroot
public | access_log_id_seq | sequence | wolfroot
public | application | table | wolfroot
public | category | table | wolfroot
public | category_id_seq | sequence | wolfroot
public | permission | table | wolfroot
public | resource | table | wolfroot
public | resource_id_seq | sequence | wolfroot
public | role | table | wolfroot
public | user | table | wolfroot
public | user_id_seq | sequence | wolfroot
public | user_role | table | wolfroot
(12 rows)
- Installing MySQL
Please search for the installation method on your own.
- Create Accounts and Databases
Login to the MySQL database using a MySQL account and run the following script to create the wolfroot
user and wolf
database (change the username and password as needed):
create database `wolf` CHARACTER SET utf8mb4;
grant DELETE,EXECUTE,INSERT,SELECT,UPDATE
on wolf.* to wolfroot@'127.0.0.1' IDENTIFIED BY '123456';
grant DELETE,EXECUTE,INSERT,SELECT,UPDATE
on wolf.* to wolfroot@'localhost' IDENTIFIED BY '123456';
FLUSH PRIVILEGES;
use wolf;
- Creating Tables
Create the database tables using the following script:
source path/to/wolf/server/script/db-mysql.sql;
Run the following command to view the created tables:
show tables;
The output should be similar to the following, indicating that the database tables have been successfully created:
+----------------+
| Tables_in_wolf |
+----------------+
| access_log |
| application |
| category |
| oauth_code |
| oauth_token |
| permission |
| resource |
| role |
| user |
| user_role |
+----------------+
10 rows in set (0.01 sec)
-
The main configuration parameters of the server are as follows:
RBAC_ROOT_PASSWORD
: The default password for the root and admin accounts. The default value is123456
.RBAC_TOKEN_KEY
: A key used to encrypt the user token. It is highly recommended to set this value.WOLF_CRYPT_KEY
: A key used to encrypt the application secret and OAuth2 login user ID keys.RBAC_TOKEN_EXPIRE_TIME
: The expiration time of the token returned by theAgent
login interface. The default is 30 days and the unit is seconds.CONSOLE_TOKEN_EXPIRE_TIME
: The expiration time of the token returned by theConsole
login interface. The default is 30 days and the unit is seconds.CONSOLE_LOGIN_WITH_CAPTCHA
: Controls whether Captcha verification is used forConsole
login. If the console is deployed on a public network, it is recommended to enable this feature to improve security. The environment variable can be set toyes
orno
, with a default value ofno
.RBAC_SQL_URL
: The link to the database. The default value ispostgres://wolfroot:[email protected]:5432/wolf
.RBAC_REDIS_URL
: The link to the redis cache. The default value isredis://127.0.0.1:6379/0
.MEM_CACHE_BY_REDIS
: Use redis as the object cache. The default is no. When deploying a multi-node wolf service, you can use redis as the object cache to resolve cache inconsistency issues.RBAC_USE_RADIX_TREE_ROUTING
: When set toyes
, it uses radixtree for RBAC access route matching. The default isno
.radixtree
is a more complex routing matching method that supports various complex wildcard matches.
Please install node and npm yourself.
- Starting the Service
# Set the initial password for wolf's root and admin accounts.
export RBAC_ROOT_PASSWORD=123456
# Set the Token encryption key, for system security, it is highly recommended that you change this value.
export RBAC_TOKEN_KEY=THE-NEW-TOKEN-KEY
# Set the Secret encryption key, for system security, it is highly recommended that you change this value.
export WOLF_CRYPT_KEY=THE-NEW-CRYPT-KEY
# Please make the changes according to the user and database you have created.
export RBAC_SQL_URL=postgres://wolfroot:[email protected]:5432/wolf
# Please modify it according to the actual configuration of redis.
export RBAC_REDIS_URL=redis://127.0.0.1:6379/0
cd path/to/wolf/server
# Installation dependencies (executed on first boot)
npm install
# Initiate service procedures.
npm run start
If the service starts successfully, you should see output similar to the following:
listen at 0.0.0.0:12180 success!
The following are some initialized system account output information
cd path/to/wolf/console
# Installation dependencies (executed on first boot)
npm install
# Start the console.
cnpm run dev
After compiling the Console, if it starts successfully, you should see an output similar to the following:
DONE Compiled successfully in 1000ms
App running at:
- Local: http://localhost:12188/
- Network: http://192.168.x.x:12188/
You can now access the Console using the root account. The password is 123456
or the one you specified when starting the server with the RBAC_ROOT_PASSWORD
environment variable.
Note: If you are using the apisix
gateway, you may prefer to use the wolf-rbac
plugin for apisix instead of using an Agent. This plugin also acts as an Agent.
- Installing OpenResty
Please search for the installation method yourself.
-
Create applications in the Console, along with corresponding users, roles, permissions, resources, etc.
-
Add the Agent configuration to nginx.conf (or the sub-configurations that it contains). The following configuration assumes that the Wolf code is located in the
/opt
directory:
# The following configuration is within the HTTP node.
lua_code_cache on;
client_max_body_size 5m;
client_body_buffer_size 256k;
lua_package_path "/opt/wolf/agent/lua/?.lua;;";
server {
# Apply external address, port. If you need to configure the domain name, you need to configure it here as well.
listen 12182;
server_name localhost;
# If it is a restful interface, you need to customize the json format that is returned without permissions. This needs to be coordinated with the front-end.
location = /wolf/rbac/no_permission {
content_by_lua_block {
ngx.status = 200;
ngx.header["Content-Type"] = "application/json; charset=utf-8";
local args, err = ngx.req.get_uri_args()
local reason = args.reason or "unknown reason"
ngx.say(string.format([[ {"ok": false, "reason": "%s"} ]], reason))
}
}
location /wolf/rbac {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# rbac server address. If the server is not local, please change the IP address to the actual address.
proxy_pass http://127.0.0.1:12180;
}
# Clear the content-length of response
header_filter_by_lua_file /opt/wolf/agent/lua/header_filter.lua;
# filter, add infobar to the page
body_filter_by_lua_file /opt/wolf/agent/lua/body_filter.lua;
# proxy for application
location / {
# $appID,You need to set an application ID that is already configured in Wolf-Server.
set $appID appIDInWolfServer;
# access check
access_by_lua_file /opt/wolf/agent/lua/access_check.lua;
#proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# The real address and port of the APP that requires privileged access control
proxy_pass http://127.0.0.1:12184;
}
}
# Test.
path/to/nginx/sbin/nginx -t
# Startup
path/to/nginx/sbin/nginx
Once started, you can access the application at http://127.0.0.1:12182
. You will need to enter a username and password to access the application.