docker部署toughradius服务器

2022/03/14 linux 共 6174 字,约 18 分钟

由于需要测试基本radius认证的wifi和pppoe拨号需要先搭建radius服务器,找了一圈开源的radius服务器,toughradius感觉比较适合

toughradius主页 “https://www.toughradius.net” github地址: https://github.com/talkincode/ToughRADIUS

2024-02-23更新

首先,创建一个名为docker-compose.yml的文件,并将以下内容复制到该文件中:

version: "3"
services:
  pgdb:
    image: timescale/timescaledb:latest-pg14
    container_name: "pgdb"
    ports:
      - "127.0.0.1:5432:5432"
    environment:
      POSTGRES_DB: toughradius
      POSTGRES_USER: toughradius
      POSTGRES_PASSWORD: toughradius
    volumes:
      - pgdb-volume:/var/lib/postgresql/data
    networks:
      toughradius_network:

  toughradius:
    depends_on:
      - 'pgdb'
    image: talkincode/toughradius:latest
    container_name: "toughradius"
    restart: always
    ports:
      - "1816:1816"
      - "1818:1818"
      - "1819:1819"
      - "2083:2083"
      - "1812:1812/udp"
      - "1813:1813/udp"
      - "1914:1914/udp"
    volumes:
      - toughradius-volume:/var/toughradius
    environment:
      - GODEBUG=x509ignoreCN=0
      - TOUGHRADIUS_SYSTEM_DEBUG=off
      - TOUGHRADIUS_DB_HOST=pgdb
      - TOUGHRADIUS_DB_NAME=toughradius
      - TOUGHRADIUS_DB_USER=toughradius
      - TOUGHRADIUS_DB_PWD=toughradius
      - TOUGHRADIUS_RADIUS_DEBUG=off
      - TOUGHRADIUS_RADIUS_ENABLED=on
      - TOUGHRADIUS_TR069_WEB_TLS=on
      - TOUGHRADIUS_LOKI_ENABLE=false
      - TOUGHRADIUS_LOGGER_MODE=production
      - TOUGHRADIUS_LOGGER_FILE_ENABLE=true
    networks:
      toughradius_network:

networks:
  toughradius_network:

volumes:
  pgdb-volume:
  toughradius-volume:

文件中,我们定义了两个服务:pgdb和toughradius。pgdb是PostgreSQL数据库的服务定义,使用TimescaleDB镜像。toughradius是ToughRADIUS的服务定义,依赖于pgdb服务。

接下来,您可以在包含docker-compose.yml文件的目录中运行以下命令来启动服务:

docker-compose up -d

该命令将在后台启动所有服务。您可以通过运行docker-compose logs命令来查看服务的日志输出。

如果您遇到无法登录ToughRADIUS管理后台的问题,请尝试重启ToughRADIUS服务,或者进入容器内部手动初始化数据库:

docker exec -it toughradius toughradius -initdb

用户名admin 密码toughradius


首先安装好docker和docker compose

 

新建好tradiusdata目录

 

在tradiusdata新建docker-compose.yml文件,文件内容如下:

version: "3"
services:
  mysql:
    image: mysql
    container_name: "mysql"
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: myroot
    command:
      --default-authentication-plugin=mysql_native_password
      --character-set-server=utf8mb4
      --collation-server=utf8mb4_unicode_ci
      --explicit_defaults_for_timestamp=true
      --lower_case_table_names=1
      --max_allowed_packet=128M;
    volumes:
      - /root/tradiusdata/mysql_data:/var/lib/mysql
      - /root/tradiusdata/vardata/mysql:/var/log/mysql
    ports:
      - 127.0.0.1:3306:3306
    expose:
      - 3306
    networks:
      tradius_network:

  toughradius:
    depends_on:
      - 'mysql'
    image: talkincode/toughradius:latest
    container_name: "toughradius"
    restart: always
    ports:
      - "1816:1816"
      - "1812:1812/udp"
      - "1813:1813/udp"
    expose:
      - 1816
      - 1812/udp
      - 1813/udp
    volumes:
      - /root/tradiusdata/vardata:/var/toughradius
    environment:
      - RADIUS_DBURL=jdbc:mysql://mysql:3306/toughradius?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true
      - RADIUS_DBUSER=root
      - RADIUS_DBPWD=myroot
      - RADIUS_DBPOOL=120
      - RADIUSD_AUTH_ENABLED=true
      - RADIUSD_ACCT_ENABLED=true
      - RADIUSD_AUTH_PORT=1812
      - RADIUSD_ACCT_PORT=1813
      - RADIUSD_DEBUG=true
      - RADIUSD_AUTH_POOL=32
      - RADIUSD_ACCT_POOL=32
      - RADIUSD_MAC_AUTH_EXPIRE=86400
      - RADIUSD_TICKET_DIR=/var/toughradius/data/ticket
      - RADIUSD_STAT_DIR=/var/toughradius/data/stat
      - RADIUSD_ALLOW_NAGATIVE=false
      - RADSEC_ENABLED=true
      - RADSEC_PORT=2083
      - RADSEC_POOL=32
      - PORTAL_ENABLED=true
      - PORTAL_LISTEN=50100
      - PORTAL_DEBUG=true
      - PORTAL_PAPCHAP=1
      - PORTAL_TIMEOUT=30
      - PORTAL_POOL=32
      - PORTAL_TEMPLATE_DIR=classpath:/portal/
    networks:
      tradius_network:

networks:
  tradius_network:

这个文件主要是mysql和toughradius两个docker镜像的配置信息,其中需要注意的是

MYSQL_ROOT_PASSWORD: myroot

这一行中,myroot为mysql root的密码,等会需要用到


保存docker-compose.yml文件后,在tradiusdata目录下执行命令:
docker-compose up -d

执行完毕后docker ps查看两个docker镜像的部署情况
两个容器正常运行后就可以打开http://ip:1816访问toughradius,但此时发现只可以打开登陆界面,输入密码后并不能登陆


下一步进入mysql容器导入初始数据:
docker exec -it mysql bash

进入mysql窗口后进入mysql
mysql -u root -p

输入密码后进入mysql

首先创建数据库
create database toughradius DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
FLUSH PRIVILEGES;
use
toughradius;

 

建表:

create table if not exists tr_bras
(
    id bigint auto_increment primary key,
    identifier varchar(128) null,
    name varchar(64) not null,
    ipaddr varchar(32) null,
    vendor_id varchar(32) not null,
    portal_vendor varchar(32) not null,
    secret varchar(64) not null,
    coa_port int not null,
    ac_port int not null,
    auth_limit int null,
    acct_limit int null,
    status enum('enabled', 'disabled') null,
    remark varchar(512) null,
    create_time datetime not null
);

create index ix_tr_bras_identifier on tr_bras (identifier);

create index ix_tr_bras_ipaddr on tr_bras (ipaddr);

create table if not exists tr_config
(
    id bigint auto_increment primary key,
    type varchar(32) not null,
    name varchar(128) not null,
    value varchar(255) null,
    remark varchar(255) null
);

create table if not exists tr_subscribe
(
    id bigint auto_increment primary key,
    node_id bigint default 0 not null,
    subscriber varchar(32) null,
    realname varchar(32) null,
    password varchar(128) not null,
    domain varchar(128) null,
    addr_pool varchar(128) null,
    policy varchar(512) null,
    is_online int null,
    active_num int null,
    bind_mac tinyint(1) null,
    bind_vlan tinyint(1) null,
    ip_addr varchar(32) null,
    mac_addr varchar(32) null,
    in_vlan int null,
    out_vlan int null,
    up_rate bigint null,
    down_rate bigint null,
    up_peak_rate bigint null,
    down_peak_rate bigint null,
    up_rate_code varchar(32) null,
    down_rate_code varchar(32) null,
    status enum('enabled', 'disabled') null,
    remark varchar(512) null,
    begin_time datetime not null,
    expire_time datetime not null,
    create_time datetime not null,
    update_time datetime null
);

create index ix_tr_subscribe_create_time
    on tr_subscribe (create_time);

create index ix_tr_subscribe_expire_time
    on tr_subscribe (expire_time);

create index ix_tr_subscribe_status
    on tr_subscribe (status);

create index ix_tr_subscribe_subscriber
    on tr_subscribe (subscriber);

create index ix_tr_subscribe_update_time
    on tr_subscribe (update_time);

导入数据

INSERT INTO toughradius.tr_bras
(identifier, name, ipaddr, vendor_id, portal_vendor,secret, coa_port,ac_port, auth_limit, acct_limit, STATUS, remark, create_time)
VALUES ('radius-tester', 'radius-tester', '127.0.0.1', '14988',"cmccv1", 'secret', 3799,2000, 1000, 1000, NULL, '0', '2019-03-01 14:07:46');

INSERT INTO toughradius.tr_subscribe
(node_id,  subscriber, realname, password, domain, addr_pool, policy, is_online, active_num,
 bind_mac, bind_vlan, ip_addr, mac_addr, in_vlan, out_vlan, up_rate, down_rate, up_peak_rate, 
 down_peak_rate, up_rate_code,down_rate_code, status, remark, begin_time, expire_time, create_time, update_time)
VALUES (0, 'test01', '', '888888',  null, null, null, null, 10, 0, 0, '', '', 0, 0, 10.000, 10.000, 100.000, 100.000,
        '10', '10', 'enabled', '', '2019-03-01 14:13:02', '2019-03-01 14:13:00', '2019-03-01 14:12:59', '2019-03-01 14:12:56');

导入完毕即可登陆toughradius

通过浏览器打开 http://ip:1816

用户名admin

 

Search

    Table of Contents