├── .gitignore
├── ABOUT.md
├── CHANGELOG.md
├── CONTRIBUTING.md
├── CONTRIBUTORS.md
├── LICENSE.md
├── QA.md
├── README.md
├── READMORE
├── KONG插件开发示例:accesslimiting.md
├── KONG插件开发示例:log2zmq.md
├── image
│ ├── accesslimit.png
│ ├── accesslimitdao.png
│ ├── accesslimithandler.png
│ ├── addfilelog.png
│ ├── addiprestriction.png
│ ├── addnewinfoapi.png
│ ├── addoauth2.png
│ ├── addoauth2consumer.png
│ ├── addoauth2consumercredentials.png
│ ├── addratelimiting.png
│ ├── adduserapi.png
│ ├── baseplugin.png
│ ├── imageold
│ │ ├── accesslimit.png
│ │ ├── accesslimitdao.png
│ │ ├── accesslimithandler.png
│ │ ├── analyticsmonitoring.png
│ │ ├── apiadd.png
│ │ ├── apilist.png
│ │ ├── authentication.png
│ │ ├── baseplugin.png
│ │ ├── intro-illustration.png
│ │ ├── keyauth.png
│ │ ├── keyauthfailed.png
│ │ ├── keyauthsucc.png
│ │ ├── kong-proxynewinfo.png
│ │ ├── kong-proxyperson-filelog.png
│ │ ├── kong-proxyperson-ipfail.png
│ │ ├── kong-proxyperson-oauth2fail.png
│ │ ├── kong-proxyperson-ratefail.png
│ │ ├── kong-proxyperson.png
│ │ ├── kong业务架构.png
│ │ ├── kong组件架构.png
│ │ ├── log2zmq.png
│ │ ├── log2zmqhandler.png
│ │ ├── logging.png
│ │ ├── new-newinfoadd.png
│ │ ├── new-personadd.png
│ │ ├── plugin-person-filelog.png
│ │ ├── plugin-person-ip.png
│ │ ├── plugin-person-oauth2.png
│ │ ├── plugin-person-oauth2user.png
│ │ ├── plugin-person-ratelimiting.png
│ │ ├── pluginadd.png
│ │ ├── pluginshow.png
│ │ ├── security.png
│ │ ├── serverless.png
│ │ ├── supervisord.png
│ │ ├── trafficcontrol.png
│ │ └── transformations.png
│ ├── kongaddapi.png
│ ├── kongaddconsumer.png
│ ├── kongaddplugin.png
│ ├── kongapilist.png
│ ├── kongconsumerkeyauth.png
│ ├── kongeditconsumer.png
│ ├── kongforfirsttime.png
│ ├── kongpluginsmanage.png
│ ├── kongwelcome.png
│ ├── log2zmq.png
│ ├── log2zmqhandler.png
│ └── pluginshow.png
├── install docker.md
├── kongdashboard方法.md
└── 分步快速部署.md
├── docker-compose.yml
└── image
├── kong业务架构.png
└── kong组件架构.png
/.gitignore:
--------------------------------------------------------------------------------
1 | # Created by .ignore support plugin (hsz.mobi)
2 | .idea
3 | custom_plugins
--------------------------------------------------------------------------------
/ABOUT.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 | 云框架(Cloud Frameworks)是即插即用的云端技术框架,通过典型实例梳理知识结构,帮助开发者快速掌握新技术,仅需替换部分业务代码,即可将最佳实践应用于生产环境并立即产生价值。
4 |
5 | ## 特性简介
6 |
7 | ### 实用干货
8 |
9 | 面向实际业务场景,解决真实业务问题;
10 |
11 | ### 快速学习
12 |
13 | 在边学边用的过程中快速掌握技术核心;
14 |
15 | ### 即插即用
16 |
17 | 仅需替换业务代码,即可用于生产环境;
18 |
19 | ### 最佳实践
20 |
21 | 源于实战经验,总结技术落地最优路径;
22 |
23 | ## 快速上手
24 |
25 | ### 目录结构
26 |
27 | ```
28 | Cloud frameworks
29 | |-- user-guide
30 | |--README.md 文档
31 | |--CHANGELOG.md 更新日志
32 | |--LICENSE.md 版权信息
33 | |--CONTRIBUTING.md 参与贡献
34 | |--CONTRIBUTORS.md 贡献者
35 | |--QA.md 常见问题
36 | |--ABOUT.md 关于云框架
37 | |--images
38 | |-- 组件1
39 | |-- 组件2
40 | |-- 组件3
41 | `-- 组件n
42 | ```
43 |
44 | ### user-guide
45 |
46 | 云框架主题展现为Github上的组织(organization),组织中仓库(repository)包括“user-guide-xxx”及一个或多个“组件”。
47 |
48 | 在user-guide仓库中,你可以很方便的找到帮助了解和使用云框架的文档,并根据“[README](README.md)”快速开始。
49 |
50 | ## 参与贡献
51 |
52 | [如何成为云框架贡献者?](CONTRIBUTING.md)
53 |
54 | ## 版权信息
55 |
56 | 云框架遵循APACHE LICENSE 2.0协议发布,并提供免费使用。
57 |
58 | 细节参阅 [LICENSE](LICENSE.md)
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # [云框架]KONG API Gateway
2 |
3 | ## v1.5 (2018.04.11)
4 |
5 | + `UPGRADE` KONG version 0.12.3
6 | + `UPGRADE` A little bit optimization
7 |
8 | ## v1.0 (2017.05.22)
9 |
10 | + `NEW` v1.0 released
11 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # 如何成为云框架贡献者?
2 |
3 | 如果你没有相关经验,建议花几分钟阅读一下[Contributing to Open Source on GitHub](https://guides.github.com/activities/contributing-to-open-source/)。
4 |
5 | ## Bug
6 |
7 | 如果你发现了bug,或是对代码、文档、项目有任何疑问,可以通过Issue系统来提出。
8 |
9 | ## Feature
10 |
11 | 如果你有能力修复bug或是想要为云框架增加feature,可以通过Pull Request来实现。
12 |
13 | 检查其他人的Pull Request,也是非常有益的贡献方式!
14 |
15 | ## 文档
16 |
17 | 如果你在文档中发现了笔误或是你有很棒的内容来补充文档,可以编辑并通过Pull Request提交。
18 |
19 | ## 最简单的贡献方式
20 |
21 | 赠人玫瑰,手有余香。
22 |
23 | 帮助他人解决在学习和使用云框架过程中出现的疑问,是云框架最简单的贡献方式。
24 |
25 | 当你在社群中遇到与云框架相关的问题和讨论,请不吝赐教吧!
26 |
27 | ## 成为云框架作者
28 |
29 | 如果你想要成为云框架作者,负责某一技术主题的创作和运营,可以通过[邮件](mailto:info@goodrain.com)联系我们。
30 |
--------------------------------------------------------------------------------
/CONTRIBUTORS.md:
--------------------------------------------------------------------------------
1 | # 贡献者
2 |
3 | [如何成为云框架贡献者?](CONTRIBUTING.md)
4 |
5 | ## 出品人
6 |
7 | **[lucienu2](https://github.com/lucienu2)**
8 |
9 | ## 贡献者
10 |
11 | **[Hello-mango](https://github.com/Hello-Mango)**
12 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | Copyright 2017 Beijing Goodrain Technology Co.,Ltd. All right reserved.
2 |
3 | Licensed under the Apache License, Version 2.0 (the "License");
4 | you may not use this file except in compliance with the License.
5 | You may obtain a copy of the License at
6 |
7 | [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
8 |
9 | Unless required by applicable law or agreed to in writing, software
10 | distributed under the License is distributed on an "AS IS" BASIS,
11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | See the License for the specific language governing permissions and
13 | limitations under the License.
--------------------------------------------------------------------------------
/QA.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/QA.md
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # [云框架]KONG API Gateway v1.5
2 |
3 | 
4 | [](CONTRIBUTORS.md)
5 | 
6 |
7 | 当前版本采用KONG`v0.12.3`
8 |
9 | 当我们决定对应用进行微服务改造时,应用客户端如何与微服务交互的问题也随之而来,毕竟服务数量的增加会直接导致部署授权、负载均衡、通信管理、分析和改变的难度增加。
10 |
11 | 面对以上问题,API GATEWAY是一个不错的解决方案,其所提供的访问限制、安全、流量控制、分析监控、日志、请求转发、合成和协议转换功能,可以解放开发者去把精力集中在具体逻辑的代码,而不是把时间花费在考虑如何解决应用和其他微服务链接的问题上。
12 |
13 | 在众多API GATEWAY框架中,Mashape开源的高性能高可用API网关和API服务管理层——[KONG](https://getkong.org/)(基于NGINX)特点尤为突出,它可以通过插件扩展已有功能,这些插件(使用lua编写)在API请求响应循环的生命周期中被执行。于此同时,KONG本身提供包括HTTP基本认证、密钥认证、CORS、TCP、UDP、文件日志、API请求限流、请求转发及NGINX监控等基本功能。目前,Kong在Mashape管理了超过15,000个API,为200,000开发者提供了每月数十亿的请求支持。
14 |
15 | 本篇[云框架](ABOUT.md)将结合数据查询服务实例介绍KONG API GATEWAY及其最佳实践方法。
16 |
17 | 相关云框架:[[云框架]基于Spring Cloud的微服务架构-用户指南](https://github.com/cloudframeworks-springcloud/user-guide-springcloud)
18 |
19 | # 内容概览
20 |
21 | * [快速部署](#快速部署)
22 | * [一键部署](#一键部署)
23 | * [本地部署](#本地部署)
24 | * [框架说明-业务](#框架说明-业务)
25 | * [框架说明-组件](#框架说明-组件)
26 | * [组件架构](#组件架构)
27 | * [KONG基本使用](#KONG基本使用)
28 | * [ROUTING实现](#ROUTING)
29 | * [AUTHENTICATION实现](#AUTHENTICATION)
30 | * [SECURITY实现](#SECURITY)
31 | * [TRAFFIC CONTROL实现](#TRAFFICCONTROL)
32 | * [LOGGING实现](#LOGGING)
33 | * [KONG插件开发](#KONG插件开发)
34 | * [生产环境](#生产环境)
35 | * [常见问题](#常见问题)
36 | * [更新计划](#更新计划)
37 | * [社群贡献](#社群贡献)
38 |
39 | # 快速部署
40 |
41 | ## 一键部署
42 |
43 | [一键部署至好雨云帮](https://www.goodrain.com/app/detail/122)
44 |
45 | ## 本地部署
46 |
47 | 1. [准备Docker环境](https://github.com/cloudframeworks-apigateway/user-guide-apigateway/blob/master/READMORE/install%20docker.md)
48 |
49 | 2. 克隆仓库
50 |
51 | ```
52 | git clone https://github.com/cloudframeworks-apigateway/user-guide-apigateway
53 | ```
54 |
55 | 3. 基于[docker-compose](https://docs.docker.com/compose/install/)运行命令 ([docker-compose.yml](https://github.com/cloudframeworks-apigateway/user-guide-apigateway/blob/master/docker-compose.yml))
56 |
57 | ```
58 | docker-compose -f docker-compose.yml up -d
59 | ```
60 |
61 | 4. 访问路径
62 |
63 | http://本机IP:8000 - kong url
64 |
65 | http://本机IP:8001 - kong admin url
66 |
67 | https://本机IP:8443 - kong https url
68 |
69 | http://本机IP:8081 - kong dashboard ui
70 |
71 | https://本机IP:8080/api/persons - user api url
72 |
73 | https://本机IP:8080/api/newinfos - newinfo api url
74 |
75 | **[查看分步快速部署](https://github.com/cloudframeworks-apigateway/user-guide-apigateway/blob/master/READMORE/%E5%88%86%E6%AD%A5%E5%BF%AB%E9%80%9F%E9%83%A8%E7%BD%B2.md)**
76 |
77 | # 框架说明-业务
78 |
79 | 数据查询应用,顾名思义提供简单的数据查询服务,应用对外提供两个端口:
80 |
81 | * user:处理敏感数据,如限制访问
82 |
83 | * newinfo:普通数据,对所有人开放
84 |
85 | 对比以上两个端口,我们可以相对清楚的理解KONG及其插件的效果和配置方法。
86 |
87 | 本例数据查询应用业务架构比较简明,如下图所示:
88 |
89 |
90 |
91 | # 框架说明-组件
92 |
93 | 本例使用KONG本身实现ROUTING,并添加了[OAuth 2.0](https://getkong.org/plugins/oauth2-authentication/)(AUTHENTICATION实现)、[IP Restriction](https://getkong.org/plugins/ip-restriction/)(SECURITY实现)、[Rate Limiting](https://getkong.org/plugins/rate-limiting/)(TRAFFIC CONTROL实现)、[File](https://getkong.org/plugins/file-log/)(LOGGING实现)等4个插件。([查看更多官方插件](https://getkong.org/plugins/))
94 |
95 | 以下管理配置通过命令行实现。KONG也可以通过UI管理界面进行管理和配置,方法请参考[KONG DASHBOARD](./READMORE/kongdashboard方法.md)。
96 |
97 | 组件架构如下图所示:
98 |
99 |
100 |
101 | * newinfo端口仅通过KONG实现与user端口的路由,其他插件未使用
102 |
103 | + KONG代理方式包括:1)应用通过携带HOST头部路由到对应的API应用;2)通过不同的uri路由到API应用
104 |
105 | + 以上两种方式均为基于Openresty动态增加upstream以及对upstream的DNS resolver来实现
106 |
107 | + 客户端将先请求KONG服务器,并被代理到最终的API应用,而插件在API响应循环的生命周期中被执行
108 |
109 | * user端口信息敏感,限制访问用户;newinfo端口信息不敏感,无需限制访问用户(AUTHENTICATION实现)
110 |
111 | * user端口控制访问地址,仅规定IP可访问;newinfo端口无此限制(SECURITY实现)
112 |
113 | * user端口控制访问频率,newinfo端口可无限制访问(TRAFFIC CONTROL实现)
114 |
115 | * user端口可获取每次访问日志(LOGGING实现)
116 |
117 | ## KONG基本使用
118 |
119 | ### 注册API
120 |
121 | 使用Kong代理API,首先需要把API注册到Kong,并通过返回数据查看注册是否成功,如:
122 |
123 | ```
124 | curl -i -X POST \
125 | --url http://127.0.0.1:8001/apis/ \
126 | --data 'name=personapi' \
127 | --data 'hosts=personapi' \
128 | --data 'upstream_url=https://本机IP:8080/api/persons' # 本机IP通过ifconfig查看
129 | ```
130 |
131 | ### 添加用户
132 |
133 | API可能没有用户概念,会出现随意调用的情况。为此Kong提供了一种consumer对象(全局共用),如某API启用了key-auth,没有身份的访问者将无法调用该API,
134 |
135 | 命令如下:
136 |
137 | 1. 创建一个consumer
138 |
139 | ```
140 | curl -X POST \
141 | --data "username=oauthadmin" \
142 | --data "custom_id=personapi" \
143 | http://127.0.0.1:8001/consumers/
144 | ```
145 |
146 | 2. 在key-auth插件中为此consumer生成key
147 |
148 | ```
149 | curl -X POST \
150 | http://127.0.0.1:8001/consumers/oauthadmin/key-auth \
151 | ```
152 |
153 | 此时即可使用key来通过权限验证访问API了,需要注意的是:
154 |
155 | * 若另一API也开通了key-auth插件,那么这个consumer也是可以通过key-auth验证访问这个API的,想要控制这种情况,需借助Kong的[ACL插件](https://getkong.org/plugins/acl/)
156 |
157 | * 对于Kong来讲,认证与权限是两个不同的概念
158 |
159 | ### API添加插件
160 |
161 | 目前,Kong默认提供了31种插件,插件独立作用于每一个API,不同的API可以使用完全不同的插件。
162 |
163 | 这是一种非常科学的设计,因为在实际情况中很可能会出现有的API完全开放,不需要任何认证,有的API会涉及敏感数据,权限控制需要非常严格;有的API完全不在乎调用频次或者日志,有的API则严格限制调用频次或者日志等类似情况。
164 |
165 | 命令如下:
166 |
167 | 1. 添加插件:
168 |
169 | ```
170 | curl -i -X POST \
171 | --url http://127.0.0.1:8001/apis/personapi/plugins/ \
172 | --data 'name=key-auth'
173 | ```
174 |
175 | 2. 访问验证:
176 |
177 | ```
178 | curl -H 'Host: personapi' -H 'TT: {KEY}' http://127.0.0.1:8000
179 | ```
180 |
181 | ```
182 | curl -H 'Host: personapi' http://127.0.0.1:8000/
183 | ```
184 |
185 | ## ROUTING实现
186 |
187 | user端口和newinfo端口之间实现路由,需先将服务注册到Kong,外部访问将统一走api gateway代理。
188 |
189 | 命令如下:
190 |
191 | 1. 注册user api
192 |
193 | ```
194 | curl -i -X POST \
195 | --url http://127.0.0.1:8001/apis/ \
196 | --data 'name=personapi' \
197 | --data 'hosts=personapi' \
198 | --data 'upstream_url=https://本机IP:8080/api/persons'
199 | ```
200 |
201 | 2. 注册newinfo api
202 |
203 | ```
204 | curl -i -X POST \
205 | --url http://127.0.0.1:8001/apis/ \
206 | --data 'name=newinfoapi' \
207 | --data 'hosts=newinfoapi' \
208 | --data 'upstream_url=https://本机IP:8080/api/newinfos'
209 | ```
210 |
211 | 3. 注册成功后即可通过Kong代理访问
212 |
213 | * 用户信息(user端口)
214 |
215 | 命令:
216 |
217 | ```
218 | curl -H 'Host: personapi' http://127.0.0.1:8000
219 | ```
220 |
221 | 返回:
222 |
223 | ```JSON
224 | [
225 | {"pid":1,"name":"lucien","age":30},
226 | {"pid":2,"name":"Joe","age":28},
227 | {"pid":3,"name":"smith","age":32},
228 | {"pid":4,"name":"Tod","age":56},
229 | {"pid":5,"name":"linken","age":34},
230 | {"pid":6,"name":"truple","age":23},
231 | {"pid":7,"name":"tdt","age":20}
232 | ]
233 | ```
234 |
235 | * 新闻信息(newinfo端口)
236 |
237 | 命令:
238 |
239 | ```
240 | curl -H 'Host: newinfoapi' http://127.0.0.1:8000
241 | ```
242 |
243 | 返回:
244 |
245 | ```JSON
246 | [
247 | {"nid":1,"title":"一路一代代","content":"what happending...."},
248 | {"nid":2,"title":"雪中悍刀行","content":"人生三不朽,立功立德立言"}
249 | ]
250 | ```
251 |
252 | 此时,可以将用户信息、新闻通知对外访问控制限制为只有Kong可以访问,外部请求全部通过Kong进行代理。
253 |
254 | ## AUTHENTICATION实现
255 |
256 | 通过[OAuth 2.0 Authentication](https://github.com/cloudframeworks-apigateway/kongplugin/tree/master/kong/plugins/oauth2)插件实现user端口的用户访问限制,
257 |
258 | 1. 注册Oauth2插件,详情参见[配置说明](https://getkong.org/plugins/oauth2-authentication/#configuration)
259 |
260 | ```
261 | curl -X POST \
262 | --data 'name=oauth2' \
263 | --data 'config.enable_password_grant=true' \
264 | --data 'config.provision_key=qwe1238amsdh23' \
265 | http://127.0.0.1:8001/apis/personapi/plugins
266 | ```
267 |
268 | 2. 添加Consumer及Consumer对应的credentials
269 |
270 | ```
271 | curl -X POST \
272 | --data "username=oauthadmin" \
273 | --data "custom_id=personapi" \
274 | http://127.0.0.1:8001/consumers/
275 | ```
276 |
277 | ```
278 | curl -X POST \
279 | --data "name=oauthadmin" \
280 | --data "client_id=personapi" \
281 | --data "redirect_uri=https://本机IP:8080/api/persons" \
282 | http://127.0.0.1:8001/consumers/oauthadmin/oauth2
283 | ```
284 |
285 | 3. 申请accesstoken并访问
286 |
287 | 命令:
288 |
289 | ```
290 | curl -k -H 'Host: personapi' \
291 | --data "client_id=5bee1b6679e5463599d7ce64b14c2795" \
292 | --data "client_secret=54f2a058f30f46e8b5ccc8d6788eb081" \
293 | --data "provision_key=qwe1238amsdh23" \
294 | --data "authenticated_userid=b48bf407-c2b7-41a9-8e0f-43eead2fc60f" \
295 | --data "grant_type=password" \
296 | https://127.0.0.1:8443/oauth2/token
297 | ```
298 |
299 | 返回:
300 |
301 | ```JSON
302 | {
303 | "refresh_token":"e87d871957eb4717bb0002054ae8c9a3",
304 | "token_type":"bearer",
305 | "access_token":"bad2a7ee579e4389880ae29b3610c639",
306 | "expires_in":7200
307 | }
308 | ```
309 |
310 | 4. 访问
311 |
312 | * 使用token访问user api
313 |
314 | 命令:
315 |
316 | ```
317 | curl -H 'Host: personapi' \
318 | -H 'Authorization: bearer bad2a7ee579e4389880ae29b3610c639' \
319 | http://127.0.0.1:8000
320 | ```
321 |
322 | 返回:
323 |
324 | ```JSON
325 | [
326 | {"pid":1,"name":"lucien","age":30},
327 | {"pid":2,"name":"Joe","age":28},
328 | {"pid":3,"name":"smith","age":32},
329 | {"pid":4,"name":"Tod","age":56},
330 | {"pid":5,"name":"linken","age":34},
331 | {"pid":6,"name":"truple","age":23},
332 | {"pid":7,"name":"tdt","age":20}
333 | ]
334 | ```
335 |
336 | * 不使用token访问user api
337 |
338 | 命令:
339 |
340 | ```
341 | curl -H 'Host: personapi' http://127.0.0.1:8000
342 | ```
343 |
344 | 返回:
345 |
346 | ```
347 | {
348 | "error_description":"The access token is missing",
349 | "error":"invalid_request"
350 | }
351 | ```
352 |
353 | newinfo端口由于数据不敏感,无需特殊配置。
354 |
355 | ## SECURITY实现
356 |
357 | 通过添加[IP Restriction](https://github.com/cloudframeworks-apigateway/kongplugin/tree/master/kong/plugins/ip-restriction)插件,实现对user端口的访问限制,即仅规定IP可访问。
358 |
359 | 1. 为user端口添加IP Restriction插件扩展,并设置白名单(只有名单内的IP可以访问API)
360 |
361 | ```
362 | curl -X POST \
363 | --data 'name=ip-restriction' \
364 | --data 'config.whitelist=172.17.0.1' \
365 | http://127.0.0.1:8001/apis/personapi/plugins
366 | ```
367 |
368 | 2. 访问效果:
369 |
370 | * 白名单内IP访问:
371 |
372 | 命令:
373 |
374 | ```
375 | curl -H 'Host: personapi' http://127.0.0.1:8000
376 | ```
377 |
378 | 返回:
379 |
380 | ```JSON
381 | [
382 | {"pid":1,"name":"lucien","age":30},
383 | {"pid":2,"name":"Joe","age":28},
384 | {"pid":3,"name":"smith","age":32},
385 | {"pid":4,"name":"Tod","age":56},
386 | {"pid":5,"name":"linken","age":34},
387 | {"pid":6,"name":"truple","age":23},
388 | {"pid":7,"name":"tdt","age":20}
389 | ]
390 | ```
391 |
392 | * 其他IP访问:
393 |
394 | 命令:
395 |
396 | ```
397 | curl -H 'Host: personapi' http://172.17.0.1:8000
398 | ```
399 |
400 | 返回:
401 |
402 | ```JSON
403 | {
404 | "message":"Your IP address is not allowed"
405 | }
406 | ```
407 |
408 | newinfo端口无需配置此插件。
409 |
410 | ## TRAFFIC CONTROL实现
411 |
412 | user端口通过[Rate Limiting](https://github.com/cloudframeworks-apigateway/kongplugin/tree/master/kong/plugins/rate-limiting)插件控制用户访问频率,避免无限制访问。
413 |
414 | 1. 为user端口添加Rate Limiting插件扩展(此处设置1分钟内只能访问1次)
415 |
416 | ```
417 | curl -X POST \
418 | --data 'name=rate-limiting' \
419 | --data 'config.minute=1' \
420 | http://127.0.0.1:8001/apis/personapi/plugins
421 | ```
422 |
423 | 2. 访问效果:
424 |
425 | * 正常访问展示:
426 |
427 | 命令:
428 |
429 | ```
430 | curl -H 'Host: personapi' http://127.0.0.1:8000
431 | ```
432 |
433 | 返回:
434 |
435 | ```JSON
436 | [
437 | {"pid":1,"name":"lucien","age":30},
438 | {"pid":2,"name":"Joe","age":28},
439 | {"pid":3,"name":"smith","age":32},
440 | {"pid":4,"name":"Tod","age":56},
441 | {"pid":5,"name":"linken","age":34},
442 | {"pid":6,"name":"truple","age":23},
443 | {"pid":7,"name":"tdt","age":20}
444 | ]
445 | ```
446 |
447 | * 超出次数的访问展示:
448 |
449 | 命令:
450 |
451 | ```
452 | curl -H 'Host: personapi' http://127.0.0.1:8000
453 | ```
454 |
455 | 返回:
456 |
457 | ```JSON
458 | {
459 | "message":"API rate limit exceeded"
460 | }
461 | ```
462 |
463 | newinfo端口无需配置此插件。
464 |
465 | ## LOGGING实现
466 |
467 | user端口通过[File-log](https://github.com/cloudframeworks-apigateway/kongplugin/tree/master/kong/plugins/file-log)插件实现对于每次访问日志的获取,需要注意为日志文件写权限,日志格式参考[Log Format](https://getkong.org/plugins/file-log/#log-format)。
468 |
469 | 1. 为user端口添加File-log插件,并设置为日志文件路径设为:/tmp/file.log
470 |
471 | ```
472 | curl -X POST \
473 | --data 'name=file-log' \
474 | --data 'config.path=/tmp/file.log' \
475 | http://127.0.0.1:8001/apis/personapi/plugins
476 | ```
477 |
478 | 2. 添加日志插件后,每次访问都会被记录
479 |
480 | newinfo端口无需配置此插件。
481 |
482 | # KONG插件开发
483 |
484 | 1. git clone Kong到本地
485 |
486 | ```
487 | git clone git@github.com:Mashape/kong.git
488 | ```
489 |
490 | 2. 创建自定义插件目录
491 |
492 | ```
493 | cd ${KONG_DIR}
494 | cd kong
495 | mkdir custom_plugins
496 | ```
497 |
498 | 3. 新增插件
499 |
500 | ```
501 | cd ${KONG_DIR}
502 | cd kong
503 | mkdir custom_plugins
504 | cd custom_plugins
505 | mkdir xxx
506 | ```
507 |
508 | 4. 编辑插件的schema.lua、handler.lua, 根据实际情况完成插件逻辑([lua教程](http://www.runoob.com/lua/lua-tutorial.html))
509 |
510 | 5. 修改`${KONG_DIR}/templates/kong_defaults.lua`,配置custom_plugins=xxx
511 |
512 | 6. 执行luaracks make安装插件到本地进行测试
513 |
514 | 7. 制作kong镜像,并[快速部署](#快速部署)
515 |
516 | [KONG插件开发示例:log2zmq](https://github.com/cloudframeworks-apigateway/user-guide-apigateway/blob/master/READMORE/KONG%E6%8F%92%E4%BB%B6%E5%BC%80%E5%8F%91%E7%A4%BA%E4%BE%8B%EF%BC%9Alog2zmq.md)
517 |
518 | [KONG插件开发示例:accesslimiting](https://github.com/cloudframeworks-apigateway/user-guide-apigateway/blob/master/READMORE/KONG%E6%8F%92%E4%BB%B6%E5%BC%80%E5%8F%91%E7%A4%BA%E4%BE%8B%EF%BC%9Aaccesslimiting.md)
519 |
520 | # 生产环境
521 |
522 | `TODO`
523 |
524 | # 常见问题
525 |
526 | `TODO`
527 |
528 | # 更新计划
529 |
530 | * `组件` 增加SERVERLESS实现
531 | * `组件` 增加ANALYTICS&MONITORING实现
532 | * `组件` 增加TRANSFORMATIONS实现
533 |
534 | # 社群贡献
535 |
536 | + QQ群: 117317266
537 | + [参与贡献](CONTRIBUTING.md)
538 | + [联系我们](mailto:info@goodrain.com)
539 |
540 | -------
541 |
542 | [云框架](ABOUT.md)系列主题,遵循[APACHE LICENSE 2.0](LICENSE.md)协议发布。
543 |
544 |
545 |
--------------------------------------------------------------------------------
/READMORE/KONG插件开发示例:accesslimiting.md:
--------------------------------------------------------------------------------
1 | # KONG插件开发示例:accesslimiting
2 |
3 | accesslimiting插件用于定义过去`period`分钟内,每个ip限制访问`limit`次
4 |
5 | 1. 确认插件注册时需要的参数信息:
6 |
7 | * 时间间隔`period`
8 |
9 | * ip访问次数限制`limit`
10 |
11 | 2. 在custom_plugins中创建accesslimiting目录,添加schmea.lua,添加对应的逻辑用于处理API注册
12 |
13 |
14 |
15 | 3. 处理请求处理过程中插件的逻辑,需要handler.lua脚本完成
16 |
17 | accesslimiting插件需要存储访问数据,因此这里演示使用数据库进行存储(推荐redis等nosql)。存储数据除了handler.lua外,还需要定义插件的数据结构、数据库访问方法,而Kong支持2种数据结构: cassandra\postgres,这里使用postgres。
18 |
19 | 3.1 定义表结构,在插件目录下创建migrations/postgres.lua,完成插件的初始化和清理逻辑,如下所示:
20 |
21 | ```
22 | mkdir -p ${KONG_DIR}/custom_plugins/xxx/migrations
23 | touch postgres.lua
24 | return {
25 | {
26 | name = "xxxxxxxxx",
27 | up = [[
28 | CREATE TABLE IF NOT EXISTS ${TABLENAME}(
29 | xx
30 | );
31 | ]],
32 | down = [[
33 | DROP TABLE ${TABLENAME};
34 | ]]
35 | }
36 | }
37 | ```
38 |
39 | 3.2 完成数据的访问,并在插件目录下创建dao/postgres.lua
40 |
41 |
42 |
43 | 3.3 本插件在请求访问前确认是访问,因此复写access方法完成访问校验
44 |
45 |
46 |
47 | 4. 之后修改kong_default.lua的custom_plugins数据:
48 |
49 | ```
50 | custom_plugins = log2zmq, accesslimit
51 | ```
52 |
53 | 5. 本地测试插件功能
54 |
55 | ```
56 | luarocks make
57 | ```
58 |
59 | 6. 制作KONG的镜像,将自定义的插件打包到镜像中,并[快速部署](#快速部署)自定义KONG
60 |
--------------------------------------------------------------------------------
/READMORE/KONG插件开发示例:log2zmq.md:
--------------------------------------------------------------------------------
1 | # KONG插件开发示例:log2zmq
2 |
3 | log2zmq插件用于获取请求的日志并将日志数据发送到zeromq。
4 |
5 | 1. 确认插件助恶时所需参数信息
6 |
7 | * zeromq服务器IP地址
8 |
9 | * zeromq服务器端口
10 |
11 | * zeromq的topic
12 |
13 | 2. 在custom_plugins中创建log2zmq目录,添加schmea.lua,并添加对应的逻辑用于处理API注册
14 |
15 |
16 |
17 |
18 |
19 | 3. 处理请求处理过程中插件的逻辑,通过handler.lua脚本完成。
20 |
21 | handler.lua需要扩展Kong的BasePlugin,这个是Kong插件的基础类,所有的插件都需要继承BasePlugin。在BasePlugin中定义了请求处理的几个过程,自定义插件可以通过复写这些方法完成对应的逻辑。
22 |
23 |
24 |
25 | 这个插件需要收集日志,因此复写log方法完成日志收集、发送。
26 |
27 |
28 |
29 | 4. 修改kong_default.lua的custom_plugins数据
30 |
31 | ```
32 | custom_plugins = log2zmq
33 | ```
34 |
35 | 5. 本地测试插件功能
36 |
37 | ```
38 | luarocks make
39 | ```
40 |
41 | 6. 制作KONG的镜像,将自定义的插件打包到镜像中,并[快速部署](#快速部署)自定义KONG
42 |
--------------------------------------------------------------------------------
/READMORE/image/accesslimit.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/accesslimit.png
--------------------------------------------------------------------------------
/READMORE/image/accesslimitdao.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/accesslimitdao.png
--------------------------------------------------------------------------------
/READMORE/image/accesslimithandler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/accesslimithandler.png
--------------------------------------------------------------------------------
/READMORE/image/addfilelog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addfilelog.png
--------------------------------------------------------------------------------
/READMORE/image/addiprestriction.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addiprestriction.png
--------------------------------------------------------------------------------
/READMORE/image/addnewinfoapi.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addnewinfoapi.png
--------------------------------------------------------------------------------
/READMORE/image/addoauth2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addoauth2.png
--------------------------------------------------------------------------------
/READMORE/image/addoauth2consumer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addoauth2consumer.png
--------------------------------------------------------------------------------
/READMORE/image/addoauth2consumercredentials.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addoauth2consumercredentials.png
--------------------------------------------------------------------------------
/READMORE/image/addratelimiting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/addratelimiting.png
--------------------------------------------------------------------------------
/READMORE/image/adduserapi.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/adduserapi.png
--------------------------------------------------------------------------------
/READMORE/image/baseplugin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/baseplugin.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/accesslimit.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/accesslimit.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/accesslimitdao.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/accesslimitdao.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/accesslimithandler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/accesslimithandler.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/analyticsmonitoring.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/analyticsmonitoring.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/apiadd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/apiadd.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/apilist.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/apilist.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/authentication.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/authentication.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/baseplugin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/baseplugin.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/intro-illustration.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/intro-illustration.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/keyauth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/keyauth.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/keyauthfailed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/keyauthfailed.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/keyauthsucc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/keyauthsucc.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong-proxynewinfo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong-proxynewinfo.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong-proxyperson-filelog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong-proxyperson-filelog.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong-proxyperson-ipfail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong-proxyperson-ipfail.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong-proxyperson-oauth2fail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong-proxyperson-oauth2fail.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong-proxyperson-ratefail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong-proxyperson-ratefail.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong-proxyperson.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong-proxyperson.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong业务架构.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong业务架构.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/kong组件架构.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/kong组件架构.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/log2zmq.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/log2zmq.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/log2zmqhandler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/log2zmqhandler.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/logging.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/logging.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/new-newinfoadd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/new-newinfoadd.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/new-personadd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/new-personadd.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/plugin-person-filelog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/plugin-person-filelog.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/plugin-person-ip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/plugin-person-ip.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/plugin-person-oauth2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/plugin-person-oauth2.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/plugin-person-oauth2user.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/plugin-person-oauth2user.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/plugin-person-ratelimiting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/plugin-person-ratelimiting.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/pluginadd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/pluginadd.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/pluginshow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/pluginshow.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/security.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/security.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/serverless.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/serverless.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/supervisord.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/supervisord.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/trafficcontrol.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/trafficcontrol.png
--------------------------------------------------------------------------------
/READMORE/image/imageold/transformations.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/imageold/transformations.png
--------------------------------------------------------------------------------
/READMORE/image/kongaddapi.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongaddapi.png
--------------------------------------------------------------------------------
/READMORE/image/kongaddconsumer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongaddconsumer.png
--------------------------------------------------------------------------------
/READMORE/image/kongaddplugin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongaddplugin.png
--------------------------------------------------------------------------------
/READMORE/image/kongapilist.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongapilist.png
--------------------------------------------------------------------------------
/READMORE/image/kongconsumerkeyauth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongconsumerkeyauth.png
--------------------------------------------------------------------------------
/READMORE/image/kongeditconsumer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongeditconsumer.png
--------------------------------------------------------------------------------
/READMORE/image/kongforfirsttime.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongforfirsttime.png
--------------------------------------------------------------------------------
/READMORE/image/kongpluginsmanage.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongpluginsmanage.png
--------------------------------------------------------------------------------
/READMORE/image/kongwelcome.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/kongwelcome.png
--------------------------------------------------------------------------------
/READMORE/image/log2zmq.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/log2zmq.png
--------------------------------------------------------------------------------
/READMORE/image/log2zmqhandler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/log2zmqhandler.png
--------------------------------------------------------------------------------
/READMORE/image/pluginshow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/READMORE/image/pluginshow.png
--------------------------------------------------------------------------------
/READMORE/install docker.md:
--------------------------------------------------------------------------------
1 | ## install docker
2 |
3 | #### centos
4 |
5 | ```
6 | 1.清除docker 旧版本
7 |
8 | rpm -qa |grep docker
9 | yum -y remove docker*
10 |
11 | 2.安装新的docker
12 |
13 | yum install -y docker-engine
14 |
15 | 3.systemctl start docker
16 |
17 | 4.docker info 查看docker状态
18 | ```
19 |
20 | #### ubuntu
21 |
22 | ```
23 | 1.更新apt包
24 |
25 | sudo apt-get update
26 |
27 | 2.安装 Docker
28 |
29 | sudo apt-get install docker-engine
30 |
31 | 3.sudo service docker start
32 |
33 | 4.docker info 查看docker状态
34 | ```
35 |
36 | #### mac
37 |
38 | 请参考[https://docs.docker.com/docker-for-mac/](https://docs.docker.com/docker-for-mac/)
39 |
--------------------------------------------------------------------------------
/READMORE/kongdashboard方法.md:
--------------------------------------------------------------------------------
1 | # KONG DASHBOARD方法
2 |
3 | KONG代理方式包括:1)应用通过携带HOST头部路由到对应的API应用;2)通过不同的uri路由到API应用
4 |
5 | 这里采用前者,因此通过DASHBOARD管理配置KONG,新增API或使用API可以为浏览器安装Modify Header插件以便访问。
6 |
7 | 如访问personapi(即实例中user端口),插件参数设置为:
8 |
9 | * name:HOST
10 |
11 | * value:personapi
12 |
13 | ## KONG基本使用
14 |
15 | ### 首次使用
16 |
17 | 首次访问 http://127.0.0.1:5000 ,将出现Kong node configuration页面。
18 |
19 |
20 |
21 | 需要我们填写Kong node URL,注意此处应填写 http://172.17.0.1:8001 (docker0 interface ip)或 http://192.168.x.x:8001 (LAN ip) ,否则将显示`can't connect to Kong server`。AUTHENTICATION及Gelato links for consumer选项一般情况下无需配置。
22 |
23 | 成功后即可进入欢迎页面:
24 |
25 |
26 |
27 | ### 注册API
28 |
29 | 点击欢迎页面右上角`API`,并在页面中点击`ADD API`,进入API注册页面:
30 |
31 |
32 |
33 | 例如我们想要将user端口注册到kong,只需填写`Name`、`Hosts`、`Upstream uri`三项并点击`CREATE`即可,其他选项无需特意配置或使用默认即可。
34 |
35 | 添加后可在API页面查看已注册API:
36 |
37 |
38 |
39 | ### 添加用户
40 |
41 | 点击欢迎页面右上角`Consumers`,并在页面中点击`ADD CONSUMER`,进入用户添加页面填写`Username`及`Custom id`并点击`CREATE`即可完成添加
42 |
43 |
44 |
45 | 我们可以在consumer列表中管理用户,并为用户添加KEY AUTH(可以自己定义key或不填写使用kong自动生成的key)
46 |
47 |
48 |
49 | ### API添加插件
50 |
51 | 点击欢迎页面右上角`Plugins`,并在页面中点击`ADD PLUGIN`进入API添加插件页面,只需在下拉菜单中选择api及插件,并按照喜好定义key name、Anonymous及credentials是否隐藏即可。
52 |
53 |
54 |
55 | 已添加插件可在Plugins列表中查看并随时修改。
56 |
57 |
58 |
59 | ## ROUTING实现
60 |
61 | **注册user端口api**
62 |
63 | Name:personapi
64 |
65 | Hosts:personapi
66 |
67 | Upstream url:https://本机IP:8080/api/persons
68 |
69 |
70 |
71 | **注册newinfo端口api**
72 |
73 | Name:newinfoapi
74 |
75 | Hosts:newinfoapi
76 |
77 | Upstream url:https://本机IP:8080/api/newinfos
78 |
79 |
80 |
81 | ## AUTHENTICATION实现
82 |
83 | **user端口添加Oauth2插件**
84 |
85 | API:personapi
86 |
87 | Plugin:oauth2
88 |
89 | Provision key:PASSWORD (按需填写)
90 |
91 | 勾选:Enable password grant (按需选择)
92 |
93 |
94 |
95 | **添加Consumer**
96 |
97 | Username:oauthadmin
98 |
99 | Custom id:personapi
100 |
101 |
102 |
103 | **添加对应Credentials**
104 |
105 | Username:oauthadmin
106 |
107 | Redirecting url:https://本机IP:8080/api/persons
108 |
109 |
110 |
111 | ## SECURITY实现
112 |
113 | **user端口添加IP Restriction插件扩展,并设置白名单**
114 |
115 | API:personapi
116 |
117 | Plugin:ip-restriction
118 |
119 | Apply to:All Consumers
120 |
121 | Whitelist:172.17.0.1 (可按需要修改)
122 |
123 |
124 |
125 | ## TRAFFIC CONTROL实现
126 |
127 | **user端口添加Rate limiting插件扩展,并设置1分中内只能访问1次**
128 |
129 | API:personapi
130 |
131 | Minute:1
132 |
133 |
134 |
135 | ## LOGGING实现
136 |
137 | **为user端口添加File-log插件,并设置为日志文件路径设为:/tmp/file.log**
138 |
139 | API:personapi
140 |
141 | Path:/tmp/file.log
142 |
143 | Reopen:YES
144 |
145 |
146 |
147 |
148 |
--------------------------------------------------------------------------------
/READMORE/分步快速部署.md:
--------------------------------------------------------------------------------
1 | ## 快速部署
2 |
3 | 1. [准备Docker环境](https://github.com/cloudframeworks-apigateway/user-guide-apigateway/blob/master/READMORE/install%20docker.md)
4 |
5 | 2. 启动两个web站点用于测试
6 |
7 | ```
8 | docker pull goodraincloudframeworks/springdata
9 | docker run -d -p 8080:8080 goodraincloudframeworks/springdata
10 | ```
11 |
12 | 3. 启动kong
13 |
14 | ```
15 | docker pull goodraincloudframeworks/kong
16 | docker pull postgres:9.5
17 | docker run -d --name kong-database \
18 | -p 5432:5432 \
19 | -v `pwd`/kongdata:/var/lib/postgresql/data \
20 | -e POSTGRES_USER=kong \
21 | -e POSTGRES_PAASWORD=kong \
22 | -e POSTGRES_DB=kong \
23 | postgres:9.5
24 | docker run -d --name kong \
25 | --link kong-database:kong-database \
26 | -e KONG_DATABASE=postgres \
27 | -e KONG_PG_HOST=kong-database \
28 | -e KONG_PG_DATABASE=kong \
29 | -e KONG_PG_USER=kong \
30 | -e KONG_PG_PAASWORD=kong \
31 | -p 8000:8000 \
32 | -p 8443:8443 \
33 | -p 8001:8001 \
34 | goodraincloudframeworks/kong
35 | ```
36 | 4. 启动kong-dashboard(optional)
37 |
38 | ```
39 | docker pull goodraincloudframeworks/kong-dashboard
40 | docker run --link kong:kongadmin -d -p 8081:8080 \
41 | -e KONGADMIN_HOST=kongadmin \
42 | -e KONGADMIN_PORT=8001 \
43 | goodraincloudframeworks/kong-dashboard
44 | ```
45 |
46 | 5. 访问DashBoard添加API信息
47 |
48 |
49 | 6. 访问路径
50 |
51 | http://本机IP:8000 - kong url
52 |
53 | http://本机IP:8001 - kong admin url
54 |
55 | https://本机IP:8443 - kong https url
56 |
57 | http://本机IP:8081 - kong dashboard ui
58 |
59 | https://本机IP:8080/api/persons - user api url
60 |
61 | https://本机IP:8080/api/newinfos - newinfo api url
62 |
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
1 | springdata:
2 | image: goodraincloudframeworks/springdata
3 | ports:
4 | - 8080:8080
5 | container_name: springdata
6 |
7 | kong-database:
8 | image: postgres:9.5
9 | ports:
10 | - 5432:5432
11 | environment:
12 | - POSTGRES_USER=kong
13 | - POSTGRES_DB=kong
14 | - POSTGRES_PASSWORD=kong
15 | volumes:
16 | - ~/kongdata:/var/lib/postgresql/data
17 | container_name: kong-database
18 |
19 | kong:
20 | image: goodraincloudframeworks/kong
21 | restart: always
22 | links:
23 | - kong-database:kong-database
24 | ports:
25 | - 8000:8000
26 | - 8443:8443
27 | - 8001:8001
28 | environment:
29 | - KONG_DATABASE=postgres
30 | - KONG_PG_HOST=kong-database
31 | - KONG_PG_USER=kong
32 | - KONG_PG_DATABASE=kong
33 | - KONG_PG_PASSWORD=kong
34 | container_name: kong
35 |
36 | kong-dashboard:
37 | image: goodraincloudframeworks/kong-dashboard
38 | links:
39 | - kong:kongadmin
40 | environment:
41 | - KONGADMIN_HOST=kongadmin
42 | - KONGADMIN_PORT=8001
43 | ports:
44 | - 8081:8080
45 | container_name: kong-dashboard
46 |
47 |
48 |
--------------------------------------------------------------------------------
/image/kong业务架构.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/image/kong业务架构.png
--------------------------------------------------------------------------------
/image/kong组件架构.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudframeworks-apigateway/user-guide-apigateway/6e59659cc9801de82202513750aa64a432cfcd67/image/kong组件架构.png
--------------------------------------------------------------------------------
