CN111221665A - Container remote login method and device based on browser - Google Patents
Container remote login method and device based on browser Download PDFInfo
- Publication number
- CN111221665A CN111221665A CN201911357318.4A CN201911357318A CN111221665A CN 111221665 A CN111221665 A CN 111221665A CN 201911357318 A CN201911357318 A CN 201911357318A CN 111221665 A CN111221665 A CN 111221665A
- Authority
- CN
- China
- Prior art keywords
- link
- container
- browser
- module
- ssh
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/972—Access to data in other repository systems, e.g. legacy data or dynamic Web page generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a container remote login method and a device based on a browser, wherein the method comprises the following steps: the client browser initiates a link request to the management node to establish a WebSocket link, simultaneously establishes an SSH link with the container, binds the session of the WebSocket link and the session of the SSH link, and realizes message forwarding of the client and the container; and the SSH link is closed after the client initiates logout and login, and the WebSocket link bound with the SSH link is closed. The application aims at least to remotely log in a container through a browser and solve the problems of safety of an external network and incapability of automatic login.
Description
Technical Field
The application relates to the technical field of container remote scheduling management, in particular to a container remote login method and device based on a browser.
Background
With the development and wide popularity of the technology of Docker (an open source application Container engine, a developer can pack their applications and rely on the packages to a portable Container, and then release the packages to any popular Linux machine), a Container (Docker Container) scheduling management platform becomes the mainstream direction of the IT field, and the provision of the remote login function of the Container in the Container scheduling management platform can enable a user to more simply and quickly use the Container for production work.
The traditional method for logging in the remote server is to use a desktop application program xshell, push and other SSH (secure Security Shell, a network protocol, which provides a safe way for an administrator to access a remote computer, and is a public key encryption way) connection tool, so that not only is an external network IP (Internet protocol) required to be configured for a generated container, and potential safety hazards are increased, but also a user needs to additionally install applications and start the applications, the use complexity of the user is increased, automatic logging in of a dynamically generated container cannot be achieved in the environment of a container scheduling management platform, and good user experience is not achieved.
The most similar prior art:
GoTTY: web socket allows a connection to be established with a remote server via JavaScript, thereby enabling two-way communication between the client and the server, making the Web more interactive) server, which relays output from TTY to the client, and receives input from the client and forwards it to TTY.
The problems existing in the prior art are as follows:
in the prior art, remote login of containers is realized by issuing Web services, so that the services need to be issued in each container, and the deployment difficulty is increased;
in the prior art, access needs to be realized through an external network, and an external network IP needs to be configured for each container, so that the isolation of the internal network and the external network is broken, and potential safety hazards are caused.
The prior art can not use the system user to carry out identity authentication, and if the identity of the user needs to be authenticated, an authentication flow needs to be established independently, so that the complexity of the user use is increased.
Disclosure of Invention
In order to solve the problems in the related art, the application provides a container remote login method and device based on a browser, which can remotely log in a container through the browser and solve the problems of security of an external network and incapability of automatic login.
The technical scheme of the application is realized as follows:
according to one aspect of the application, a browser-based container remote login method is provided, which comprises the following steps:
the client browser initiates a link request to the management node to establish a WebSocket link, simultaneously establishes an SSH link between the management node and the container, binds the session of the WebSocket link and the session of the SSH link, and realizes message forwarding between the client and the container;
and the SSH link is closed after the client initiates logout and login, and the WebSocket link bound with the SSH link is closed.
According to the embodiment of the application, the management node is a server with an external network IP, and the management node is used as a forwarding node to establish remote link between a client and a container.
According to embodiments of the application, SSH links are implemented using JSch.
According to an embodiment of the application, the client browser is built using xterm.
According to embodiments of the application, cross-host communication of management nodes and containers is achieved through Flannel network deployment.
According to another aspect of the present application, there is also provided a browser-based container telnet apparatus, including:
the system comprises a client module, a management node module and a computing node module, wherein the computing node module comprises a container module;
the client module browser initiates a link request to the management node module to establish a WebSocket link, simultaneously establishes an SSH link between the management node module and the container module, binds the session of the WebSocket link and the session of the SSH link, and realizes message forwarding between the client module and the container module;
and the SSH link is closed after the client module initiates logout and login, and the WebSocket link bound with the SSH link is closed.
According to the embodiment of the application, the client module and the management node module comprise a WebSocket link submodule, and the WebSocket link submodule is responsible for establishing a WebSocket link.
According to the embodiment of the application, the management node module and the container module comprise an SSH link submodule, and the SSH link submodule is responsible for establishing an SSH link.
According to an embodiment of the application, cross-host communication of the management node module and the container module is achieved through Flannel network deployment.
The beneficial technical effect of this application lies in:
the problem that an external network is safe and a remote container cannot be automatically logged in is solved by logging in the container through the webpage, and the transportability is good and the performance is high;
the portability is good, and the container management platform can be embedded into any container management platform;
the use is simple and convenient, and a user can directly log in a remote container in a webpage without a secret;
the safety is high, and the container is prevented from exposing an external network IP;
the performance is higher, connects stably and builds with low costsly.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a flow chart of a browser-based container telnet method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a connection process using a browser-based container telnet apparatus according to an embodiment of the present application;
fig. 3 is a schematic diagram of a network structure to which a method and an apparatus for remote login based on a browser according to an embodiment of the present application are applied.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by a person having ordinary skill in the art, including a method of using Ganymed to implement SSH connection and a method of using a set of public key and private key in the whole cluster and encapsulating the public key in a mirror image, so that a user can directly log in using a preset private key (there is a certain security risk), all belong to the protection scope of the present application.
According to the embodiment of the application, a container remote login method and device based on a browser are provided. FIG. 1 shows a flow chart of a browser-based container telnet method according to an embodiment of the application. Fig. 2 is a schematic diagram of a connection process of a remote login device using a browser-based container according to an embodiment of the application. Referring to fig. 1 and 2, the method for remotely logging on a browser-based container according to the present invention may include the following steps:
s1, the client browser sends a link request to the management node to establish a WebSocket link, and simultaneously the management node and the container establish an SSH link;
s2, binding the session of the WebSocket link and the SSH link to realize the message forwarding of the client and the container;
and S3, the SSH link is closed after the client initiates logout and login, and the WebSocket link bound with the SSH link is closed.
According to the technical scheme, the problem that an external network is safe and cannot automatically log in a remote container is solved by logging in the container through the webpage, and the remote container is good in transportability and high in performance.
As shown in fig. 3, in order to make the remote container accessible without exposing the external network IP to the outside, the management node 22 having the external network IP is used as a forwarding node, the client 21 initiates a link request to the management node 22, and establishes a remote link with the container 231 through the management node 22. Cross-host communication between the container 231 and the management node 22 is accomplished through Flannel232 network deployment. The computing node 23 is a container running node and a deep learning task running node, and is mainly responsible for receiving and executing computations.
As shown in fig. 2, after the client 11 initiates a link request, a WebSocket 111 link between the client 11 and the server (management node 12) is established, and at the same time, an SSH 121 link between the server (management node 12) and the container 13 is established, where the SSH 121 link is implemented by JSch 121(JSch is a pure Java implementation of SSH2, and JSch allows connecting with an SSHD server and uses port forwarding, X11 forwarding, file transfer, and the like). The session of the WebSocket 111 link and the SSH 121 link is bound to realize message forwarding, so that the purpose of logging in the remote host by the client 11 is achieved, and the interaction window after successful logging in is established in a client browser by using xterm.js 112(xterm.js is a front-end component of a terminal written in JavaScript, can run in the browser, and enables an application program to provide a terminal with complete functions for a user).
In order to avoid the link abnormal problem caused by the unstable internet environment, the state of the SSH link is used as the basis for logging out, the SSH link closes the link after the client initiates logging out, and then closes the SSH link bound with the SSH link; when the WebSocket link is abnormally closed (the network is unstable, or the network is disconnected, and the like), a reconnection mechanism is used for reestablishing the link, and the reconnection times can be set as required.
And the SSH performs identity verification through a private key during linkage. When the public key and the private key are generated for creating the container, the container is simultaneously mounted with the family directory of the user, the private key is sent to the user to which the container belongs after the generation is completed, and the private key can be automatically read when the link is established.
Referring to fig. 3, the browser-based container telnet apparatus of the present invention includes: a client module 21, a management node module 22, and a compute node module 23, wherein the compute node module 23 includes a container module 231; the browser of the client module 21 initiates a link request to the management node module 22 to establish a WebSocket link, and meanwhile, the management node module 22 and the container module 231 establish an SSH link, and binds a session of the WebSocket link and the SSH link, so as to realize message forwarding between the client module 21 and the container module 231; the SSH link is closed after the client module 21 initiates logout and login, and the WebSocket link bound to the SSH link is closed.
The client module 21 and the management node module 22 include a WebSocket link submodule, and the WebSocket link submodule is responsible for establishing a WebSocket link.
The management node module 22 and the container module 231 contain SSH link submodules, which are responsible for establishing SSH links.
The cross-host communication of the management node module 22 and the container module 21 is achieved through a Flannel232 network deployment.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (9)
1. A remote container login method based on a browser is characterized by comprising the following steps:
a client browser initiates a link request to a management node to establish a WebSocket link, and simultaneously the management node and a container establish an SSH link;
binding the session of the WebSocket link and the SSH link to realize message forwarding between the client and the container;
and the SSH link is closed after the client initiates logout and login, and the WebSocket link bound with the SSH link is closed.
2. A method for a browser-based telnet of containers according to claim 1, wherein said management node is a server with an external IP network, said management node acts as a forwarding node and establishes a remote link between said client and said container.
3. A browser-based container telnet method according to claim 1, wherein the SSH link is implemented using JSch.
4. A browser-based container telnet method according to claim 1, wherein said client browser is built using xterm.
5. A browser-based container telnet method according to claim 1, characterized in that the cross-host communication of said management node and said container is implemented through a Flannel network deployment.
6. A browser-based container telnet apparatus, comprising:
the system comprises a client module, a management node module and a computing node module, wherein the computing node module comprises a container module;
the client module browser initiates a link request to the management node module to establish a WebSocket link, simultaneously establishes an SSH link between the management node module and the container module, and binds the session between the WebSocket link and the SSH link to realize message forwarding between the client module and the container module;
and the SSH link is closed after the client module initiates logout and login, and the WebSocket link bound with the SSH link is closed.
7. The browser-based container telnet apparatus of claim 6, wherein the client module and the management node module comprise a WebSocket link submodule, the WebSocket link submodule being responsible for establishing the WebSocket link.
8. A browser-based container telnet apparatus, according to claim 6, wherein said management node module and said container module include an SSH link submodule, said SSH link submodule being responsible for establishing said SSH link.
9. A browser-based container telnet apparatus according to claim 6, wherein cross-host communication of said management node module and said container module is achieved through a Flannel network deployment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911357318.4A CN111221665A (en) | 2019-12-25 | 2019-12-25 | Container remote login method and device based on browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911357318.4A CN111221665A (en) | 2019-12-25 | 2019-12-25 | Container remote login method and device based on browser |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111221665A true CN111221665A (en) | 2020-06-02 |
Family
ID=70832219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911357318.4A Pending CN111221665A (en) | 2019-12-25 | 2019-12-25 | Container remote login method and device based on browser |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111221665A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112286526A (en) * | 2020-10-16 | 2021-01-29 | 科大国创云网科技有限公司 | Gotty-based Docker container console access method and system |
| CN112579076A (en) * | 2020-12-14 | 2021-03-30 | 浪潮云信息技术股份公司 | Method and system for separating front end and rear end of gotty |
| CN112711463A (en) * | 2020-12-31 | 2021-04-27 | 浪潮云信息技术股份公司 | Method for regularly cleaning gotty dead process |
| CN113067834A (en) * | 2021-04-09 | 2021-07-02 | 上海新炬网络信息技术股份有限公司 | Method for remotely controlling server based on Web browser |
| CN116055483A (en) * | 2023-02-03 | 2023-05-02 | 深圳市瑞云科技股份有限公司 | Remote desktop websocket cluster gray level publishing method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105228080A (en) * | 2014-06-27 | 2016-01-06 | 上海视九信息科技有限公司 | Multi-screen interaction method, system and browser |
| CN105812406A (en) * | 2014-12-29 | 2016-07-27 | 北京神州泰岳软件股份有限公司 | Information transmission method and device based on WEB simulation terminal system |
| CN106534052A (en) * | 2015-09-15 | 2017-03-22 | 中移(杭州)信息技术有限公司 | Communication processing method and electronic device |
| CN107608763A (en) * | 2017-09-26 | 2018-01-19 | 中国科学院声学研究所 | A kind of method for entering Docker container operations by Web browser |
| CN207442903U (en) * | 2017-05-03 | 2018-06-01 | 迅驰(北京)视讯科技有限公司 | Data processing and banister control system based on WebSocket |
| CN108762893A (en) * | 2018-06-07 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method, apparatus and storage medium of browser connection Docker containers |
| CN109495530A (en) * | 2017-09-13 | 2019-03-19 | 杭州海康威视系统技术有限公司 | A kind of real time traffic data transmission method, transmitting device and Transmission system |
| US20190342314A1 (en) * | 2018-05-04 | 2019-11-07 | Citrix Systems, Inc. | Systems and methods for an embedded browser |
-
2019
- 2019-12-25 CN CN201911357318.4A patent/CN111221665A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105228080A (en) * | 2014-06-27 | 2016-01-06 | 上海视九信息科技有限公司 | Multi-screen interaction method, system and browser |
| CN105812406A (en) * | 2014-12-29 | 2016-07-27 | 北京神州泰岳软件股份有限公司 | Information transmission method and device based on WEB simulation terminal system |
| CN106534052A (en) * | 2015-09-15 | 2017-03-22 | 中移(杭州)信息技术有限公司 | Communication processing method and electronic device |
| CN207442903U (en) * | 2017-05-03 | 2018-06-01 | 迅驰(北京)视讯科技有限公司 | Data processing and banister control system based on WebSocket |
| CN109495530A (en) * | 2017-09-13 | 2019-03-19 | 杭州海康威视系统技术有限公司 | A kind of real time traffic data transmission method, transmitting device and Transmission system |
| CN107608763A (en) * | 2017-09-26 | 2018-01-19 | 中国科学院声学研究所 | A kind of method for entering Docker container operations by Web browser |
| US20190342314A1 (en) * | 2018-05-04 | 2019-11-07 | Citrix Systems, Inc. | Systems and methods for an embedded browser |
| CN108762893A (en) * | 2018-06-07 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method, apparatus and storage medium of browser connection Docker containers |
Non-Patent Citations (2)
| Title |
|---|
| 陈霄: "基于Web 浏览器的远程容器登录系统设计", 《网络新媒体技术》 * |
| 陈霄: "基于Web 浏览器的远程容器登录系统设计", 《网络新媒体技术》, 30 November 2017 (2017-11-30), pages 1 - 3 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112286526A (en) * | 2020-10-16 | 2021-01-29 | 科大国创云网科技有限公司 | Gotty-based Docker container console access method and system |
| CN112286526B (en) * | 2020-10-16 | 2023-06-23 | 科大国创云网科技有限公司 | A Gotty-based Docker container console access method and system |
| CN112579076A (en) * | 2020-12-14 | 2021-03-30 | 浪潮云信息技术股份公司 | Method and system for separating front end and rear end of gotty |
| CN112579076B (en) * | 2020-12-14 | 2024-09-10 | 浪潮云信息技术股份公司 | Gotty front end and rear end separation method and system |
| CN112711463A (en) * | 2020-12-31 | 2021-04-27 | 浪潮云信息技术股份公司 | Method for regularly cleaning gotty dead process |
| CN113067834A (en) * | 2021-04-09 | 2021-07-02 | 上海新炬网络信息技术股份有限公司 | Method for remotely controlling server based on Web browser |
| CN116055483A (en) * | 2023-02-03 | 2023-05-02 | 深圳市瑞云科技股份有限公司 | Remote desktop websocket cluster gray level publishing method |
| CN116055483B (en) * | 2023-02-03 | 2025-08-05 | 深圳市瑞云科技股份有限公司 | A method for grayscale release of remote desktop websocket cluster |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111221665A (en) | Container remote login method and device based on browser | |
| US20250112820A1 (en) | Managing network connected devices | |
| CN107018134B (en) | A security access platform for power distribution terminal and its realization method | |
| US10637724B2 (en) | Managing network connected devices | |
| US9479496B2 (en) | Communication terminal and secure log-in method acquiring password from server using user ID and sensor data | |
| US9712486B2 (en) | Techniques for the deployment and management of network connected devices | |
| CN107113319B (en) | A method, device, system and proxy server for response in virtual network computing authentication | |
| CN109768965A (en) | A kind of login method of server, equipment and storage device | |
| WO2022206349A1 (en) | Information verification method, related apparatus, device, and storage medium | |
| CN101729543B (en) | Method for improving performance of mobile SSL VPN by utilizing remote Socks5 technology | |
| CN104967590B (en) | A kind of methods, devices and systems for transmitting communication information | |
| CN102035904A (en) | Method for converting TCP network communication server into client | |
| CN104010001B (en) | In mobile terminal, the method and system connecting communication is carried out in similar networking request | |
| CN110401641A (en) | User authen method, device, electronic equipment | |
| TW201635164A (en) | Method for use with a public cloud network, private cloud routing server and smart device client | |
| US11057430B2 (en) | Server-initiated secure sessions | |
| CN113328980A (en) | TLS authentication method, device and system, electronic equipment and readable medium | |
| Oliveira et al. | Improving security on IoT applications based on the FIWARE platform | |
| CN105471963B (en) | A kind of mobile device management method and system based on cloud platform | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN105959278B (en) | A kind of method, apparatus and system for calling VPN | |
| US8972543B1 (en) | Managing clients utilizing reverse transactions | |
| CN115037588A (en) | Network management method, network management device, electronic equipment and storage medium | |
| TWI537744B (en) | Private cloud routing server, private network service, and smart device client architecture that do not utilize a public cloud-based routing server | |
| CN103384246A (en) | Safety supervision system login assistant method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200602 |