mkdir -p /root/source/kong
cd /root/source/kong
wget http://www.onexsoft.cn/software/onepgsql-9.4.11-rhel5-linux64.tar.gz
安裝PostgreSQL
tar zxf onepgsql-9.4.11-rhel5-linux64.tar.gz -C /opt/websuite/
mv /opt/websuite/pgsql9411 /opt/websuite/pgsql
#創建PGSQL用戶及用戶組
groupadd -g 26 -o -r postgres
useradd -M -g postgres -o -r -d /database/pgsql -s /bin/bash -N -u 26 postgres
#創建pgsql數據目錄及日誌目錄
mkdir -p /database/pgsql/{data,logs}
chown -R postgres /database/pgsql
#添加環境變量
vi /etc/profile.d/pgsql.sh
export PATH=$PATH:/opt/websuite/pgsql/bin
export PG_HOME=/opt/websuite/pgsql
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${PG_HOME}/lib
export PGDATA=/database/pgsql/data
export PGLOG=/database/pgsql/log/pgsql.log
#切換用戶初始化PGSQL
su postgres
initdb -E utf8 -D /database/pgsql/data -W -U postgres
注:以下操作均在postgres環境下操作
#增加PGSQL訪問權限,修改/database/pgsql/data/pg_hba.conf
host??? kong??????????? kong??????????? 172.16.4.0/23?????????? trust
新增的內容意思是允許172.16.4.0/23網段的機器可以使用用戶kong訪問數據庫kong
#調整PGSQL的監聽地址
sed -i "/#listen_addresses/c listen_addresses='172.16.5.160'" /database/pgsql/data/postgresql.conf
#啓動PGSQL
pg_ctl start -D /database/pgsql/data -l /database/pgsql/log/pgsql.log
#創建用戶kong,根據提示設置用戶kong的密碼
createuser -l -E kong -P
#創建數據庫kong
createdb -E utf8 -O kong kong
?
172.16.5.3上的操作
安裝依賴軟件包
rpm –ivh http://mirrors.163.com/centos/6/extras/x86_64/Packages/centos-release-scl-rh-2-3.el6.centos.noarch.rpm
yum check-update
yum install devtoolset-3-gcc devtoolset-3-gcc-c++ devtoolset-3-libstdc++-devel gperftools-devel gperftools-libs
下載源碼包
mkdir -p /root/source/kong
cd /root/source/kong
wget https://openresty.org/download/openresty-1.11.2.2.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
wget http://luarocks.github.io/luarocks/releases/luarocks-2.4.2.tar.gz
git clone https://github.com/cloudflare/sslconfig.git
wget https://github.com/Mashape/kong/archive/0.10.3.tar.gz -O kong-0.10.3.tar.gz
安裝OpenSSL
tar zxf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
patch -p1 < /root/source/kong/sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
./config threads shared no-zlib no-comp no-ssl2 no-ssl3 no-ssl3-method --prefix=/opt/websuite/kong/openssl
make depend
make && make install
安裝OpenResty
#創建用戶及用戶組
groupadd websuite
useradd -g websuite -M -s /sbin/nologin websuite
#編譯安裝openresty
mkdir -p /root/source/tengine/module/
cd /root/source/tengine/module/
git clone git://github.com/vozlt/nginx-module-vts.git
cd /root/source/kong
tar zxf openresty-1.11.2.2.tar.gz
tar zxf pcre-8.40.tar.gz
cd openresty-1.11.2.2
./configure --prefix=/opt/websuite/kong -j24 --without-http_xss_module --without-http_form_input_module --without-http_encrypted_session_module --without-http_srcache_module --without-http_memc_module --without-http_redis2_module --without-http_redis_module --without-http_lua_upstream_module --without-http_rds_json_module --without-http_rds_json_module --with-http_iconv_module --without-lua_resty_mysql --without-lua_resty_upload --without-lua_rds_parser --without-lua51 --with-luajit --without-luajit-lua52 --sbin-path=/opt/websuite/kong/sbin/nginx --conf-path=/opt/config/kong/nginx.conf --error-log-path=/opt/logs/kong/error.log --http-log-path=/opt/logs/kong/access.log --pid-path=/opt/run/kong --user=websuite --group=websuite --without-select_module --without-poll_module --with-threads --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_auth_request_module --with-http_random_index_module --with-http_slice_module --with-http_stub_status_module --with-http_ssl_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --without-http_ssi_module --http-client-body-temp-path=/opt/websuite/kong/temp/client --http-proxy-temp-path=/opt/websuite/kong/temp/proxy --without-http_fastcgi_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-google_perftools_module --modules-path=/opt/websuite/kong/modules --with-http_v2_module --without-http_upstream_least_conn_module --without-http_upstream_ip_hash_module --with-cc-opt='-w -pipe -march=native -mtune=native -m128bit-long-double -m64 -fno-builtin-malloc -I/opt/websuite/kong/openssl/include' --with-ld-opt='-L/opt/websuite/kong/openssl/lib' --with-pcre=../pcre-8.40 --with-pcre-opt=-fPIC --with-pcre-jit --add-dynamic-module=/root/source/tengine/module/nginx-module-vts
gmake -j8 && make install
(如報錯checking for Google perftools in /usr/local/ ... not found執行以下副操作)
副操作:
上傳準備好的libunwind-1.0.tar.gz到/usr/local/src
cd /usr/local/src
tar zxvf libunwind-1.0.tar.gz
cd libunwind-1.0
./configure --prefix=/usr/local/libunwind && make && make install
如果報錯/usr/bin/ld: cannot find -lunwind-x86_64 則問題原因實際就是autotools兼容性的問題,運行命令autoreconf -i -f ,在重新編譯安裝下
上傳 gperftools-2.5.91.tar.gz至/usr/local/src
tar zxvf gperftools-2.5.91.tar.gz
cd gperftools-2.5.91
vi src/sampler.cc
#在 #include <stdint.h> 後添加
#ifndef SIZE_MAX
#define SIZE_MAX (4294967295U)
#endif
./configure -prefix=/usr/local/gperftools -enable-frame-pointers && make && make install
cd /root/source/kong/openresty-1.11.2.2
vi ./bundle/nginx-1.11.2/auto/lib/google-perftools/conf 修改相關/usr/local/lib目錄爲/usr/local/gperftools/lib
副操作完成
#創建OpenResty所需目錄
mkdir -p /opt/{run,logs}/kong
mkdir -p /opt/websuite/kong/temp/{client,proxy}
chown -R websuite.websuite /opt/{run,logs}/kong
chown -R websuite.websuite /opt/websuite/kong/temp
安裝luarocks
cd ..
tar zxf luarocks-2.4.2.tar.gz
cd luarocks-2.4.2
./configure --prefix=/opt/websuite/kong --rocks-tree=/opt/websuite/kong/luajit --sysconfdir=/opt/config/kong/luarocks --lua-suffix=jit --with-lua=/opt/websuite/kong/luajit --with-lua-include=/opt/websuite/kong/luajit/include/luajit-2.1
(如果報錯Lua interpreter not found in /opt/websuite/kong/luajit/bin)則安裝一下luajit
make buildmake install
echo 'export PATH="${PATH}:/opt/websuite/kong/bin:/opt/websuite/kong/sbin:/opt/websuite/kong/luajit/bin"' > /etc/profile.d/kong.sh source /etc/profile.d/kong.sh
luarocks install luarocks
安裝Kong
tar zxf kong-0.10.3.tar.gz
cd kong-0.10.3
sed -i '/OPENSSL_DIR ?=/c OPENSSL_DIR ?= /opt/websuite/kong/openssl' Makefile
vi kong-0.10.3-0.rockspec
修改luasocket的版本爲3.0rc1-2
make install
cp -r bin/* /opt/websuite/kong/bin/
安裝Serf
上傳serf_0.8.1_linux_amd64.zip
unzip serf_0.8.1_linux_amd64.zip
mv serf /opt/websuite/kong/bin/
調整Kong的配置
---/opt/websuite/kong/luajit/share/lua/5.1/kong/conf_loader.lua
將
local DEFAULT_PATHS = {
"/etc/kong/kong.conf",
"/etc/kong.conf"
}
local PREFIX_PATHS = {
serf_pid = {"pids", "serf.pid"},
serf_log = {"logs", "serf.log"},
serf_event = {"serf", "serf_event.sh"},
serf_node_id = {"serf", "serf.id"}
;
nginx_pid = {"pids", "nginx.pid"},
nginx_err_logs = {"logs", "error.log"},
nginx_acc_logs = {"logs", "access.log"},
nginx_admin_acc_logs = {"logs", "admin_access.log"},
nginx_conf = {"nginx.conf"},
nginx_kong_conf = {"nginx-kong.conf"}
;
修改爲(紅色字體爲修改部分)
local DEFAULT_PATHS = {
"/opt/config/kong/kong.conf" //此處
}
?
local PREFIX_PATHS = {
serf_pid = {"/opt/run/kong", "serf.pid"}, //此處
serf_log = {"/opt/logs/kong", "serf.log"}, //此處
? serf_event = {"serf", "serf_event.sh"},
? serf_node_id = {"serf", "serf.id"}
? ;
nginx_pid = {"/opt/run/kong", "nginx.pid"},//此處
nginx_err_logs = {"/opt/logs/kong", "error.log"},//此處
nginx_acc_logs = {"/opt/logs/kong", "access.log"},//此處
nginx_admin_acc_logs = {"/opt/logs/kong", "admin_access.log"},//此處
nginx_conf = {"nginx.conf"},
nginx_kong_conf = {"nginx-kong.conf"}
;
---/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/kong_defaults.lua
將
return [[
prefix = /usr/local/kong/
log_level = notice
proxy_access_log = logs/access.log
proxy_error_log = logs/error.log
admin_access_log = logs/admin_access.log
admin_error_log = logs/error.log
custom_plugins = NONE
anonymous_reports = on
proxy_listen = 0.0.0.0:8000
proxy_listen_ssl = 0.0.0.0:8443
admin_listen = 0.0.0.0:8001
admin_listen_ssl = 0.0.0.0:8444
nginx_worker_processes = auto
nginx_optimizations = on
nginx_daemon = on
mem_cache_size = 128m
ssl = on
ssl_cert = NONE
ssl_cert_key = NONE
client_ssl = off
client_ssl_cert = NONE
client_ssl_cert_key = NONE
ssl_cipher_suite = modern
ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
admin_ssl = on
admin_ssl_cert = NONE
admin_ssl_cert_key = NONE
upstream_keepalive = 60
server_tokens = on
latency_tokens = on
error_default_type = text/plain
client_max_body_size = 0
client_body_buffer_size = 8k
database = postgres
pg_host = 127.0.0.1
pg_port = 5432
pg_database = kong
pg_user = kong
pg_password = NONE
pg_ssl = off
pg_ssl_verify = off
cassandra_contact_points = 127.0.0.1
cassandra_port = 9042
cassandra_keyspace = kong
cassandra_timeout = 5000
cassandra_ssl = off
cassandra_ssl_verify = off
cassandra_username = kong
cassandra_password = NONE
cassandra_consistency = ONE
cassandra_lb_policy = RoundRobin
cassandra_local_datacenter = NONE
cassandra_repl_strategy = SimpleStrategy
cassandra_repl_factor = 1
cassandra_data_centers = dc1:2,dc2:3
cassandra_schema_consensus_timeout = 10000
cluster_listen = 0.0.0.0:7946
cluster_listen_rpc = 127.0.0.1:7373
cluster_advertise = NONE
cluster_encrypt_key = NONE
cluster_keyring_file = NONE
cluster_profile = wan
cluster_ttl_on_failure = 3600
dns_resolver = NONE
dns_hostsfile = /etc/hosts
lua_code_cache = on
lua_socket_pool_size = 30
lua_ssl_trusted_certificate = NONE
lua_ssl_verify_depth = 1
lua_package_path = ?/init.lua;./kong/?.lua
lua_package_cpath = NONE
serf_path = serf
]]
修改爲(紅色字體部分可根據自己的實際情況修改)
return [[
prefix = /opt/config/kong/ //此處
log_level = notice
proxy_access_log = /opt/logs/kong/access.log //此處
proxy_error_log = /opt/logs/kong/error.log //此處
admin_access_log = /opt/logs/kong/admin_access.log //此處
admin_error_log = /opt/logs/kong/error.log //此處
custom_plugins = NONE
anonymous_reports = on
proxy_listen = 0.0.0.0:80 //此處
proxy_listen_ssl = 0.0.0.0:443 //此處
admin_listen = 0.0.0.0:8001 //此處
admin_listen_ssl = 0.0.0.0:8444 //此處
nginx_worker_processes = auto
nginx_optimizations = on
nginx_daemon = on
mem_cache_size = 128m
ssl = on
ssl_cert = NONE
ssl_cert_key = NONE
client_ssl = off
client_ssl_cert = NONE
client_ssl_cert_key = NONE
ssl_cipher_suite = modern
ssl_ciphers=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
admin_ssl = on
admin_ssl_cert = NONE
admin_ssl_cert_key = NONE
upstream_keepalive = 60
server_tokens = on
latency_tokens = on
database = postgres
pg_host = 172.16.5.160 //此處根據實際的情況配置
pg_port = 5432 //此處根據實際的情況配置
pg_database = kong //此處根據實際的情況配置
pg_user = kong //此處根據實際的情況配置
pg_password = ttpai //此處根據實際的情況配置
pg_ssl = off
pg_ssl_verify = off
cassandra_contact_points = 127.0.0.1?? (如果不使用cassandra,請保留這一行cassandra的配置,否則在目前的版本之間升級會報錯)
cluster_listen = 0.0.0.0:7946
cluster_listen_rpc = 127.0.0.1:7373
cluster_advertise = NONE
cluster_encrypt_key = NONE
cluster_keyring_file = NONE
cluster_profile = wan
cluster_ttl_on_failure = 3600
dns_resolver = 119.29.29.29 //此處根據實際的dns
dns_hostsfile = /etc/hosts
lua_code_cache = on
lua_socket_pool_size = 30
lua_ssl_trusted_certificate = NONE
lua_ssl_verify_depth = 1
lua_package_path = ?/init.lua;./kong/?.lua
lua_package_cpath = NONE
serf_path = /opt/websuite/kong/bin/serf //此處
]]
?
---/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/nginx.lua
將
return [[
worker_processes ${{NGINX_WORKER_PROCESSES}};
daemon ${{NGINX_DAEMON}};
pid pids/nginx.pid;
error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
> if nginx_optimizations then
worker_rlimit_nofile ${{WORKER_RLIMIT}};
> end
events {
> if nginx_optimizations then
worker_connections ${{WORKER_CONNECTIONS}};
multi_accept on;
> end
}
http {
??? include 'nginx-kong.conf';
}
]]
修改爲(紅色字體爲修改部分)
return [[
worker_processes ${{NGINX_WORKER_PROCESSES}};
daemon ${{NGINX_DAEMON}};
pid /opt/run/kong/nginx.pid; //此處
error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
> if nginx_optimizations then
worker_rlimit_nofile ${{WORKER_RLIMIT}};
> end
events {
> if nginx_optimizations then
worker_connections ${{WORKER_CONNECTIONS}};
multi_accept on;
> end
}
http {
include 'nginx-kong.conf';
}
]]
修改Kong個別腳本適配自定義安裝的OpenResty
---/opt/websuite/kong/luajit/share/lua/5.1/lapis/cmd/nginx.lua
將
nginx_search_paths = {
"/opt/openresty/nginx/sbin/",
"/usr/local/openresty/nginx/sbin/",
"/usr/local/opt/openresty/bin/",
"/usr/sbin/",
""
},
修改爲
nginx_search_paths = {
"/opt/websuite/kong/sbin/"
},
---/opt/websuite/kong/luajit/share/lua/5.1/kong/cmd/utils/serf_signals.lua
將
local serf_search_paths = {
"serf",
"/usr/local/bin/serf"
}
修改爲
local serf_search_paths = {
"/opt/websuite/kong/bin/serf"
}
ln -s /opt/websuite/kong/openssl/lib/libssl.so /usr/lib64/libssl.so
ln -s /opt/websuite/kong/openssl/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.1.0.0
ln -s /opt/websuite/kong/openssl/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0
ln -s /usr/local/gperftools/lib/libprofiler.so.0 /usr/lib64/libprofiler.so.0
啓動Kong
kong start or kong start -vv(如果執行kong start報錯,可以使用kong start -vv來進行調試)
安裝admin ui
上傳node-v6.0.0-linux-x64.tar.gz
解壓後
tar zxf node-v6.0.0-linux-x64.tar.gz
然後 製作軟連接
ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/npm /usr/local/sbin
ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/node /usr/local/sbin
npm install -g kong-dashboard
ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/kong-dashboard /usr/local/sbin
# Start Kong Dashboard
kong-dashboard start --kong-url http://0.0.0.0:8001
# Start Kong Dashboard on a custom port
kong-dashboard start --kong-url http://0.0.0.0:8001 --basic-auth callcent=callcent admin=admin
--port [port]
# Start Kong Dashboard with basic auth
kong-dashboard start --kong-url http://0.0.0.0:8001 --p 8002 --basic-auth callcent=callcent admin=admin
# See full list of start options
kong-dashboard start --help