API網關Kong實戰

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.Kong介紹","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong是一款基於OpenResty（Nginx + Lua模塊）編寫的高可用、易擴展的，由Mashape公司開源的API Gateway項目。Kong是基於NGINX和Apache Cassandra或PostgreSQL構建的，能提供易於使用的RESTful API來操作和配置API管理系統，所以它可以水平擴展多個Kong服務器，通過前置的負載均衡配置把請求均勻地分發到各個Server，來應對大批量的網絡請求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"官網：","attrs":{}},{"type":"link","attrs":{"href":"https://konghq.com/","title":null,"type":null},"content":[{"type":"text","text":"https://konghq.com/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3d/3dd53d472d62219011debad5abf2c692.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Kong主要有三個組件：","attrs":{}}]},{"type":"numberedlist","attrs":{"start":"","normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"Kong Server ：基於nginx的服務器，用來接收API請求。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"Apache Cassandra/PostgreSQL ：用來存儲操作數據。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"Kong dashboard：官方推薦UI管理工具，當然，也可以使用 restfull 方式 管理admin api。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong採用插件機制進行功能定製，插件集（可以是0或N個）在API請求響應循環的生命週期中被執行。插件使用Lua編寫，目前已有幾個基礎功能：HTTP基本認證、密鑰認證、CORS（Cross-Origin Resource Sharing，跨域資源共享）、TCP、UDP、文件日誌、API請求限流、請求轉發以及Nginx監控。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b6/b61071b2a88fbfcd98ac9c5aaa7ab551.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1 Kong網關的特性","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong網關具有以下的特性：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可擴展性: 通過簡單地添加更多的服務器，可以輕鬆地進行橫向擴展，這意味着您的平臺可以在一個較低負載的情況下處理任何請求；","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"模塊化: 可以通過添加新的插件進行擴展，這些插件可以通過RESTful Admin API輕鬆配置；","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在任何基礎架構上運行: Kong網關可以在任何地方都能運行。您可以在雲或內部網絡環境中部署Kong，包括單個或多個數據中心設置，以及public，private 或invite-only APIs。","attrs":{}}]}]}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2 Kong網關架構","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1b/1bd1e9acdb3722fa0c888475c35c2788.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"Kong核心基於OpenResty構建，實現了請求/響應的Lua處理化；","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"Kong插件攔截請求/響應；","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"Kong Restful 管理API提供了API/API消費者/插件的管理；","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"數據中心用於存儲Kong集羣節點信息、API、消費者、插件等信息，目前提供了PostgreSQL和Cassandra支持，如果需要高可用建議使用Cassandra；","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"Kong集羣中的節點通過gossip協議自動發現其他節點，當通過一個Kong節點的管理API進行一些變更時也會通知其他節點。每個Kong節點的配置信息是會緩存的，如插件，那麼當在某一個Kong節點修改了插件配置時，需要通知其他節點配置的變更。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":6,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"2.Kong環境搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://konghq.com/install/","title":null,"type":null},"content":[{"type":"text","text":"https://konghq.com/install/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d9/d9d71c6eb6f0b80dc7ffddea335b552c.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.1 基於centos7搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"環境： PostgreSQL 9.6 + CentOS 7","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.1.1 PostgreSQL","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下載地址：https://www.postgresql.org/download/linux/redhat/","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"安裝命令","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"選擇 PostgreSQL 9.6 + CentOS 7 後獲得安裝方式：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a4/a443b3c41076593a45a248b3099acd1a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"啓動postgresql後查看狀態：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4e/4e33e4bce54892847c77a39d690fddc6.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"配置postgresql","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了安全以及滿足 Kong 初始化的需求，需要創建一個 Linux 用戶 kong，並創建對應的 PostgreSQL 用戶 kong 和數據庫 kong","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 創建一個 Linux 用戶 `kong`\n$ adduser kong\n\n# 切換到 Linux 系統用戶 `postgres`，因爲它是 PostgreSQL 數據庫的系統管理員\n$ su postgres\n\n# 進入 PostgreSQL 控制檯\n$ psql\n\n# 設置用戶 `postgres` 的密碼【僅僅首次需要】\n# 注意開頭的 \\ 必須有！\n$ \\password postgres \n\n# 創建一個 PostgreSQL 用戶 `kong`，和上面創建的 Linux 用戶 `kong` 對應。\n# 密碼 '123456' 根據自己需要生成\n$ create user kong with password '123456'; \n# 創建一個 PostgreSQL 數據庫 `kong`\n$ create database kong owner kong;\n# 將數據庫 `kong` 授權給 PostgreSQL 用戶 `kong`\n$ grant all privileges on database kong to kong;\n\n# 退出 PostgreSQL 控制檯\n$ \\q","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PostgreSQL 有四種身份認證方式：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"trust：凡是連接到服務器的，都是可信任的。只需要提供 PostgreSQL 用戶名，可以沒有對應的操作系統同名用戶。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"password 和 md5：對於遠程訪問，需要提供 PostgreSQL 用戶名和密碼。對於本地連接，提供 PostgreSQL 用戶名密碼之外，還需要有操作系統訪問權（用操作系統同名用戶驗證）。password 和 md5 的區別，就是遠程訪問時傳輸的密碼是否用 md5 加密。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ident：對於遠程訪問，從 ident 服務器獲得客戶端操作系統用戶名，然後把操作系統作爲數據庫用戶名進行登錄對於本地連接，實際上使用了 peer。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"peer：對於本地訪問，通過客戶端操作系統內核來獲取當前系統登錄的用戶名，並作爲 PostgreSQL 用戶名進行登錄。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默認配置下，我們無法在本地或者遠程使用 PostgreSQL 用戶名和密碼直接連接，因爲本地使用 peer 認證方式，遠程使用 ident 認證方式。解決方法比較簡單，將本地和遠程的認證方式修改成 trust 或者 password 即可。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修改 /var/lib/pgsql/9.6/data/pg_hba.conf 文件，註釋掉所有默認配置，並添加一條 host all all 0.0.0.0/0 trust 默認，無論遠程還是本地訪問，任何 PostgreSQL 用戶和數據庫，都使用 trust 認證方式。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cd/cd433da8040390f729004a1cdfa01ee2.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默認配置下，PostgreSQL 只允許本地連接，所以我們需要修改 /var/lib/pgsql/9.6/data/postgresql.conf 文件，添加 listen_address 配置項爲 *，允許遠程連接。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fc/fc8a115092ffba1297274380fd63cd96.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修改完成後，執行 sudo systemctl restart postgresql-9.6 命令，重啓 PostgreSQL 數據庫。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過Navicat可以連接到postgresql數據庫：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/88/88f7e572f4d02bf618bf7dea8d372950.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.1.2 安裝kong","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"centos7下安裝kong:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://download.konghq.com/gateway-1.x-centos-7/Packages/k/","title":null,"type":null},"content":[{"type":"text","text":"https://download.konghq.com/gateway-1.x-centos-7/Packages/k/","attrs":{}}]}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"安裝命令","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"wget https://download.konghq.com/gateway-1.x-centos-7/Packages/k/kong-1.5.1.el7.amd64.rpm\nsudo yum install kong-1.5.1.el7.amd64.rpm ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"配置kong","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 的默認配置文件是 /etc/kong/kong.conf.default，使用 cp /etc/kong/kong.conf.default /etc/kong/kong.conf 命令，複製一份新的配置文件。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"複製完成後，修改 /etc/kong/kong.conf 配置文件，設置使用 PostgreSQL 數據庫。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2e/2ee8637d0c24ffabd7a4b89bd75fa64b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"執行 kong migrations bootstrap -c /etc/kong/kong.conf 命令，進行 Kong 的 PostgreSQL 數據庫的表初始化。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"navicat中可以看到表信息","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9d/9debae986c8a8ae7ffd2c3363ac30a29.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"執行 kong start -c /etc/kong/kong.conf 命令，執行 Kong 的啓動。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"#啓動命令\nkong start -c /etc/kong/kong.conf \n# 停止命令\nkong stop\n# 重新加載kong\nkong reload","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"啓動成功時，會看到 Kong started 日誌。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2b/2b82624074c4294ea31c8bb5f5e961af.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默認情況下，Kong 綁定 4 個端口：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Proxy 8000：接收客戶端的 HTTP 請求，並轉發到後端的 Upstream。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Proxy 8443：接收客戶端的 HTTPS 請求，並轉發到後端的 Upstream。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Admin 8001：接收管理員的 HTTP 請求，進行 Kong 的管理。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Admin 8444：接收管理員的 HTTPS 請求，進行 Kong 的管理。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 請求 Proxy 端口\n$ curl http://127.0.0.1:8000\n{\"message\":\"no Route matched with those values\"} \n# 因爲我們暫時沒配置 Kong 路由。\n\n# 請求 Admin 端口\n# 注意，考慮到安全性，Admin 端口只允許本機訪問。\n$ curl http://127.0.0.1:8001\n{\"plugins\":{\"enabled_in_cluster\":[],\"available_on_server\":{... // 省略","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.2 基於docker搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"前提：準備好docker環境","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/e8/e886607ca311c868145f995bf6ab3008.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 安裝有兩種方式一種是沒有數據庫依賴的DB-less 模式，另一種是with a Database 模式。我們這裏使用第二種帶Database的模式，因爲這種模式功能更全。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.2.1 docker安裝Kong","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"構建Kong的容器網絡","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先我們創建一個Docker自定義網絡，以允許容器相互發現和通信。在下面的創建命令中","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kong-net","attrs":{}}],"attrs":{}},{"type":"text","text":"是我們創建的Docker網絡名稱，當然你可以使用你認爲合適的名稱。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":" docker network create kong-net","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"搭建數據庫環境","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 目前使用Cassandra(Facebook開源的分佈式的NoSQL數據庫) 或者PostgreSql,你可以執行以下命令中的一個來選擇你的Database。請注意定義網絡 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"--network=kong-net","attrs":{}}],"attrs":{}},{"type":"text","text":" 。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Cassandra容器：","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 9042:9042 \\\n cassandra:3","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PostgreSQL容器：","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 5432:5432 \\\n -e \"POSTGRES_USER=kong\" \\\n -e \"POSTGRES_DB=kong\" \\\n postgres:9.6","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這裏有個小問題。如果你使用的是PostgreSQL，想掛載卷持久化數據到宿主機。通過 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"-v","attrs":{}}],"attrs":{}},{"type":"text","text":" 命令是不好用的。這裏推薦你使用 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"docker volume create","attrs":{}}],"attrs":{}},{"type":"text","text":" 命令來創建一個掛載。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker volume create kong-volume","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然後上面的PostgreSQL就可以通過","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"- v kong-volume:/var/lib/postgresql/data","attrs":{}}],"attrs":{}},{"type":"text","text":" 進行掛載了。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 5432:5432 \\\n -v kong-volume:/var/lib/postgresql/data \\\n -e \"POSTGRES_USER=kong\" \\\n -e \"POSTGRES_DB=kong\" \\\n -e \"POSTGRES_PASSWORD=kong\" \\\n postgres:9.6","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"初始化或者遷移數據庫","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們使用","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"docker run --rm","attrs":{}}],"attrs":{}},{"type":"text","text":"來初始化數據庫，該命令執行後會退出容器而保留內部的數據卷（volume）。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run --rm \\\n --network=kong-net \\\n -e \"KONG_DATABASE=postgres\" \\\n -e \"KONG_PG_HOST=kong-database\" \\\n -e \"KONG_PG_PASSWORD=kong\" \\\n -e \"KONG_CASSANDRA_CONTACT_POINTS=kong-database\" \\\n kong:latest kong migrations bootstrap","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"navicat中可以看到表信息","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cc/ccfb2a98005458faea7f04c138fbd151.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"啓動Kong容器","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"完成初始化或者遷移數據庫後，我們就可以啓動一個連接到數據庫容器的Kong容器，請務必保證你的數據庫容器啓動狀態，同時檢查所有的環境參數 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"-e","attrs":{}}],"attrs":{}},{"type":"text","text":" 是否是你定義的環境。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong \\\n --network=kong-net \\\n -e \"KONG_DATABASE=postgres\" \\\n -e \"KONG_PG_HOST=kong-database\" \\\n -e \"KONG_PG_PASSWORD=kong\" \\\n -e \"KONG_CASSANDRA_CONTACT_POINTS=kong-database\" \\\n -e \"KONG_PROXY_ACCESS_LOG=/dev/stdout\" \\\n -e \"KONG_ADMIN_ACCESS_LOG=/dev/stdout\" \\\n -e \"KONG_PROXY_ERROR_LOG=/dev/stderr\" \\\n -e \"KONG_ADMIN_ERROR_LOG=/dev/stderr\" \\\n -e \"KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl\" \\\n -p 8000:8000 \\\n -p 8443:8443 \\\n -p 8001:8001 \\\n -p 8444:8444 \\\n kong:latest","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"驗證","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可通過 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"curl -i http://192.168.65.200:8001/","attrs":{}}],"attrs":{}},{"type":"text","text":" 或者瀏覽器調用 ","attrs":{}},{"type":"link","attrs":{"href":"http://192.168.65.200:8001/","title":null,"type":null},"content":[{"type":"text","text":"http://192.168.65.200:8001/","attrs":{}}]},{"type":"text","text":" 來驗證Kong Admin 是否聯通 。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a6/a6f73465990c52e95fce68ea915624b9.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.3 安裝Kong 管理UI","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 企業版提供了管理UI，開源版本是沒有的。但是有很多的開源的管理 UI ，其中比較好用的是Konga。項目地址：","attrs":{}},{"type":"link","attrs":{"href":"https://github.com/pantsel/konga","title":null,"type":null},"content":[{"type":"text","text":"https://github.com/pantsel/konga","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b7/b7ebbf8a0312d421f5f66d9de5ef5338.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Konga 主要是用 AngularJS 寫的，運行於nodejs服務端。具有以下特性：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理所有Kong Admin API對象。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持從遠程源（數據庫，文件，API等）導入使用者。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理多個Kong節點。使用快照備份，還原和遷移Kong節點。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用運行狀況檢查監視節點和API狀態。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持電子郵件和閒置通知。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持多用戶。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"易於數據庫集成（MySQL，postgresSQL，MongoDB，SQL Server）。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker volume create konga-postgresql","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name konga-database \\\n\t --network=kong-net \\\n -p 5433:5432 \\\n -v konga-postgresql:/var/lib/postgresql/data \\\n -e \"POSTGRES_USER=konga\" \\\n -e \"POSTGRES_DB=konga\" \\\n -e \"POSTGRES_PASSWORD=konga\" \\\n postgres:9.6","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/15/1577c2b4ca7480f5e22a08f133fabe26.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"初始化 PostgreSQL 數據庫","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run --rm --network=kong-net \\\n pantsel/konga:latest -c prepare -a postgres -u postgres://konga:konga@konga-database:5432/konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相關命令解讀：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d6/d632826f1e55eb1f387b4af659907982.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3c/3c215ff6ee135d66c5ddf079bb4d4294.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"到此Konga的數據庫環境就搞定了，通過Navicat可以查看到konga數據庫及其數據表。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/59/59d9b1c7246653fa31ebc566e8986aca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"環境參數","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Konga 還有一些可配置的環境參數：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/52/524973bd3d914be032a12a7d17cbe1a4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"啓動Konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過以下命令就可以啓動Konga容器了","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d -p 1337:1337 \\\n --network kong-net \\\n -e \"DB_ADAPTER=postgres\" \\\n -e \"DB_URI=postgres://konga:konga@konga-database:5432/konga\" \\\n -e \"NODE_ENV=production\" \\\n -e \"DB_PASSWORD=konga\" \\\n --name konga \\\n pantsel/konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"運行完後，如果成功可以通過","attrs":{}},{"type":"link","attrs":{"href":"http://192.168.65.200:1337/","title":null,"type":null},"content":[{"type":"text","text":"http://192.168.65.200:1337/","attrs":{}}]},{"type":"text","text":" 鏈接到控制檯。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/36/3617ac043e3e12cb6a7d0945f6722b4f.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過註冊後進入，然後在dashboard面板裏面添加Kong的管理Api路徑 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"http://ip:8001","attrs":{}}],"attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6f/6fd121ab8a4e77fc78a31c5f4c30b6a2.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/44/447ca2ff5a4e2708ac43d1968735ddc3.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"3. Kong快速開始","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.1 動態負載均衡實現","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"nginx下負載均衡配置","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"upstream tulingmall-product-upstream {\n\tserver 192.168.65.190:8866 weight=100;\n\tserver 192.168.65.190:8867 weight=100;\n}\n\nserver {\n\tlisten\t80;\n\tlocation /pms/ {\n\t\tproxy_pass http://tulingmall-product-upstream;\n\t}\n}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Kong Admin API","attrs":{}},{"type":"text","text":" 進行上述的負載均衡的配置","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://docs.konghq.com/enterprise/2.4.x/admin-api/","title":null,"type":null},"content":[{"type":"text","text":"https://docs.konghq.com/enterprise/2.4.x/admin-api/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/71/7144e6aed20e7f75a514a0811c1a6a2a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/62/62ef8064d00006958ad9f81b70b99ee7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"創建 upstream 和 target","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/upstreams","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建名字爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"demo-upstream","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"upstream","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -X POST http://127.0.0.1:8001/upstreams --data \"name=tulingmall-product-upstream\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/5b/5bd91cf3a43071ff8f1e21b1e182d80a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/upstreams/{upstream}/targets","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建 tulingmall-product服務對應的 2 個 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"target","attrs":{}},{"type":"text","text":"。注意，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"{upstream}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路徑參數爲 upstream 的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 192.168.65.190:8866 對應的 target\n$ curl -X POST http://127.0.0.1:8001/upstreams/tulingmall-product-upstream/targets --data \"target=192.168.65.190:8866\" --data \"weight=100\"\n# 192.168.65.190:8867 對應的 target\n$ curl -X POST http://127.0.0.1:8001/upstreams/tulingmall-product-upstream/targets --data \"target=192.168.65.190:8867\" --data \"weight=100\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1f/1f3b08b142afb1ffc7a0e6112bfd6d86.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"創建 service 和 route","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/services","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建名字爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"tulingmall-product","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"service","attrs":{}},{"type":"text","text":"。host 參數，用於設置對應的 upstream 的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/services --data \"name=tulingmall-product\" --data \"host=tulingmall-product-upstream\" --data \"path=/pms\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/51/5108531bc02fa6e0e316c7b5d94d21f4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/routes","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建一個請求路徑爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"path","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"route","attrs":{}},{"type":"text","text":"。注意，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"{service}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路徑參數，爲 service的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://localhost:8001/services/tulingmall-product/routes --data \"name=tulingmall-product-route\" --data \"paths[]=/pms\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/73/73fef88ffe8f519c008d6ef414d3988d.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"測試","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl http://127.0.0.1:8000/pms/productInfo/42","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.2 kong限流配置","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 提供了 ","attrs":{}},{"type":"link","attrs":{"href":"https://docs.konghq.com/hub/kong-inc/rate-limiting","title":"","type":null},"content":[{"type":"text","text":"Rate Limiting","attrs":{}}]},{"type":"text","text":" 插件，實現對請求的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"限流","attrs":{}},{"type":"text","text":"功能，避免過大的請求量過大，將後端服務打掛。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 支持秒/分/小時/日/月/年多種","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"時間維度","attrs":{}},{"type":"text","text":"的限流，並且可以組合使用。例如說：限制每秒最多 100 次請求，並且每分鐘最多 1000 次請求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 支持 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumer","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"credential","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ip","attrs":{}}],"attrs":{}},{"type":"text","text":" 三種","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"基礎維度","attrs":{}},{"type":"text","text":"的限流，默認爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumer","attrs":{}}],"attrs":{}},{"type":"text","text":"。例如說：設置每個 IP 允許每秒請求的次數。計數的存儲，支持使用 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"local","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"redis","attrs":{}}],"attrs":{}},{"type":"text","text":" 三種方式進行存儲，默認爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":"：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"local","attrs":{}}],"attrs":{}},{"type":"text","text":"：存儲在 Nginx 本地，實現單實例限流。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":"：存儲在 Cassandra 或 PostgreSQL 數據庫，實現集羣限流。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"redis","attrs":{}}],"attrs":{}},{"type":"text","text":"：存儲在 Redis 數據庫，實現集羣限流。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 採用的限流算法是","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"計數器","attrs":{}},{"type":"text","text":"的方式，所以無法提供類似令牌桶算法的平滑限流能力。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置 Rate Limiting 插件","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/plugins","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建 Rate Limiting 插件的配置：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 服務上啓用插件\n$ curl -X POST http://127.0.0.1:8001/services/tulingmall-product/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"config.second=1\" \\\n --data \"config.limit_by=ip\"\n \n# 路由上啓用插件\n$ curl -X POST http://127.0.0.1:8001/routes/{route_id}/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"config.second=5\" \\\n --data \"config.hour=10000\"\n\n# consumer上啓用插件\n$ curl -X POST http://127.0.0.1:8001/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"consumer_id={consumer_id}\" \\\n --data \"config.second=5\" \\\n --data \"config.hour=10000\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"name","attrs":{}}],"attrs":{}},{"type":"text","text":" 參數，設置爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"rate-limiting","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 Rate Limiting 插件。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"config.second","attrs":{}}],"attrs":{}},{"type":"text","text":" 參數，設置爲 1 表示每秒允許 1 次請求。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"config.limit_by","attrs":{}}],"attrs":{}},{"type":"text","text":" 參數，設置爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ip","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 IP 基礎維度的限流。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"也可以通過konga UI操作添加rate-limiting插件","attrs":{}}]}]}],"attrs":{}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a5/a51b24cd64637770aa96a9027ad358e5.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"測試","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"請求超過閾值，會被kong限流","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/f1/f17e87bee111118e457cc5bae35a05ab.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.3 Basic Auth身份認證","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置Basic Auth插件","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 在服務上配置插件\ncurl -X POST http://127.0.0.1:8001/services/{service}/plugins \\\n --data \"name=basic-auth\" \\\n --data \"config.hide_credentials=true\"\n\n#在路由上配置插件\ncurl -X POST http://127.0.0.1:8001/routes/{route_id}/plugins \\\n --data \"name=basic-auth\" \\\n --data \"config.hide_credentials=true\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過konga UI爲路由添加basic-auth插件","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/53/53bdbe5e479855c0041b17238bcbefd7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"創建用戶並添加Basic憑證","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d6/d681ff2747a6e38f0547799ba9cf1726.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"測試","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9e/9e413c75e191966ada465208e880056a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9e/9e413c75e191966ada465208e880056a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.4 JWT身份認證","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置 JWT 插件","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/plugins","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建 JWT 插件的配置：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/services/tulingmall-product/plugins \\\n --data \"name=jwt\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"name","attrs":{}}],"attrs":{}},{"type":"text","text":" 參數，設置爲 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 JWT 插件。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 查看插件列表\ncurl -X GET localhost:8001/services/tulingmall-product/plugins\n\n#查看jwt插件\ncurl -X GET localhost:8001/services/tulingmall-product/plugins/jwt\n\n#刪除jwt插件\ncurl -X DELETE localhost:8001/services/tulingmall-product/plugins/{jwt.id}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過konga UI操作添加","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":" 插件","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/52/5234f712e7a31ef181a20162d5e951ae.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"測試","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"請求被kong安全攔截","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/29/29be322b4aa97f0c2795b1ac07d5f1b9.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"創建Consumer","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumers","attrs":{}}],"attrs":{}},{"type":"text","text":"，創建一個 Consumer 消費者：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -i -X POST http://localhost:8001/consumers/ \\\n --data \"username=fox\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/80/80a853e0033f8ef66715859a0dae2e48.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"創建 consumer 的 jwt 憑證","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"調用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumers/{username}/{plugin}","attrs":{}}],"attrs":{}},{"type":"text","text":"，","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"生成","attrs":{}},{"type":"text","text":"該消費者的 JWT 信息：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"{username}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路徑參數，爲 Consumer 的用戶名。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"{plugin}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路徑參數，爲 Plugin 的插件名。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可以指定算法","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"algorithm","attrs":{}}],"attrs":{}},{"type":"text","text":"，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"iss","attrs":{}}],"attrs":{}},{"type":"text","text":"簽發者","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"key","attrs":{}}],"attrs":{}},{"type":"text","text":"，密鑰","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"secret","attrs":{}}],"attrs":{}},{"type":"text","text":"，也可以省略，會自動生成。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -i -X POST http://localhost:8001/consumers/fox/jwt/ \\\n-d \"algorithm=HS256\" \\\n-d \"key=fox123\" \\\n-d \"secret=uFLMFeKPPL525ppKrqmUiT2rlvkpLc9u\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0f/0f40ed747bb11530807cccc83af9a737.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"{\n \"rsa_public_key\":null,\n \"algorithm\":\"HS256\",\n \"id\":\"3dc4d177-8a7a-4edc-bc88-ee7aa2447fc7\",\n \"tags\":null,\n \"consumer\":{\n \"id\":\"8e7fb82d-68ef-4f2b-a30c-613866378525\"\n },\n \"secret\":\"uFLMFeKPPL525ppKrqmUiT2rlvkpLc9u\",\n \"created_at\":1625803149,\n \"key\":\"fox123\"\n}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/bd/bd61e2aa97872c2cf8964bc32d61596f.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"查看fox的jwt憑證","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X GET localhost:8001/consumers/fox/jwt","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fa/fac614ab116dd1f25e45c65ffea84626.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"生成jwt token","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"業務服務器根據","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kong","attrs":{}}],"attrs":{}},{"type":"text","text":"生成的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":"憑證中的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"algorithm、key（iss）、secret","attrs":{}}],"attrs":{}},{"type":"text","text":"進行","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"token","attrs":{}}],"attrs":{}},{"type":"text","text":"的演算和下發。請求","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"鑑權接口","attrs":{}}],"attrs":{}},{"type":"text","text":"需攜帶","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Authorization: Bearer jwt","attrs":{}}],"attrs":{}},{"type":"text","text":"進行請求。測試可以在","attrs":{}},{"type":"link","attrs":{"href":"https://jwt.io/","title":null,"type":null},"content":[{"type":"text","text":"https://jwt.io/","attrs":{}}]},{"type":"text","text":"中通過Debugger生成jwt token","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/767211998bb02e198d4790c41eb8d4dd.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"獲取到jwt token令牌：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJmb3gxMjMifQ.hqHGVujYheALxXpEVtgisA5pPTGfQYet0IKadnYPtj8","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"測試","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl http://192.168.65.200:8000/pms/productInfo/42 \\\n -H \"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJmb3gxMjMifQ.hqHGVujYheALxXpEVtgisA5pPTGfQYet0IKadnYPtj8\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cd/cd32b56c21433c479ed1e79fa92910ae.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.5 黑白名單配置","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置插件","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 在服務上啓用插件\n$ curl -X POST http://kong:8001/services/{service}/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=54.13.21.1, 143.1.0.0/24\"\n\n# 在路由上啓用插件\n$ curl -X POST http://kong:8001/routes/{route_id}/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=54.13.21.1, 143.1.0.0/24\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"config.whitelist ：白名單，逗號分隔的IPs或CIDR範圍。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"config.blacklist ：白名單，逗號分隔的IPs或CIDR範圍。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/routes/ad515a07-bae4-4b54-a927-35bc6c85565b/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=192.168.65.200\"","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"測試","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當前本機器IP地址爲: 192.168.65.103","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1e/1e6f29f528fc658d38180d2f0f4eca4e.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"將本機ip加入到白名單","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/90/90af2f36022f1b7d4e51d9df9728a095.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/76772eea5d2789ae1ab69ba0b294d585.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}