{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.Kong介绍","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong是一款基于OpenResty(Nginx + Lua模块)编写的高可用、易扩展的,由Mashape公司开源的API Gateway项目。Kong是基于NGINX和Apache Cassandra或PostgreSQL构建的,能提供易于使用的RESTful API来操作和配置API管理系统,所以它可以水平扩展多个Kong服务器,通过前置的负载均衡配置把请求均匀地分发到各个Server,来应对大批量的网络请求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"官网:","attrs":{}},{"type":"link","attrs":{"href":"https://konghq.com/","title":null,"type":null},"content":[{"type":"text","text":"https://konghq.com/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3d/3dd53d472d62219011debad5abf2c692.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Kong主要有三个组件:","attrs":{}}]},{"type":"numberedlist","attrs":{"start":"","normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"Kong Server :基于nginx的服务器,用来接收API请求。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"Apache Cassandra/PostgreSQL :用来存储操作数据。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"Kong dashboard:官方推荐UI管理工具,当然,也可以使用 restfull 方式 管理admin api。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong采用插件机制进行功能定制,插件集(可以是0或N个)在API请求响应循环的生命周期中被执行。插件使用Lua编写,目前已有几个基础功能:HTTP基本认证、密钥认证、CORS(Cross-Origin Resource Sharing,跨域资源共享)、TCP、UDP、文件日志、API请求限流、请求转发以及Nginx监控。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b6/b61071b2a88fbfcd98ac9c5aaa7ab551.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1 Kong网关的特性","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong网关具有以下的特性:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可扩展性: 通过简单地添加更多的服务器,可以轻松地进行横向扩展,这意味着您的平台可以在一个较低负载的情况下处理任何请求;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"模块化: 可以通过添加新的插件进行扩展,这些插件可以通过RESTful Admin API轻松配置;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在任何基础架构上运行: Kong网关可以在任何地方都能运行。您可以在云或内部网络环境中部署Kong,包括单个或多个数据中心设置,以及public,private 或invite-only APIs。","attrs":{}}]}]}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2 Kong网关架构","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1b/1bd1e9acdb3722fa0c888475c35c2788.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"Kong核心基于OpenResty构建,实现了请求/响应的Lua处理化;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"Kong插件拦截请求/响应;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"Kong Restful 管理API提供了API/API消费者/插件的管理;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"数据中心用于存储Kong集群节点信息、API、消费者、插件等信息,目前提供了PostgreSQL和Cassandra支持,如果需要高可用建议使用Cassandra;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"Kong集群中的节点通过gossip协议自动发现其他节点,当通过一个Kong节点的管理API进行一些变更时也会通知其他节点。每个Kong节点的配置信息是会缓存的,如插件,那么当在某一个Kong节点修改了插件配置时,需要通知其他节点配置的变更。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":6,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"2.Kong环境搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://konghq.com/install/","title":null,"type":null},"content":[{"type":"text","text":"https://konghq.com/install/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d9/d9d71c6eb6f0b80dc7ffddea335b552c.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.1 基于centos7搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"环境: PostgreSQL 9.6 + CentOS 7","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.1.1 PostgreSQL","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下载地址:https://www.postgresql.org/download/linux/redhat/","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"安装命令","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"选择 PostgreSQL 9.6 + CentOS 7 后获得安装方式:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a4/a443b3c41076593a45a248b3099acd1a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"启动postgresql后查看状态:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4e/4e33e4bce54892847c77a39d690fddc6.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"配置postgresql","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为了安全以及满足 Kong 初始化的需求,需要创建一个 Linux 用户 kong,并创建对应的 PostgreSQL 用户 kong 和数据库 kong","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 创建一个 Linux 用户 `kong`\n$ adduser kong\n\n# 切换到 Linux 系统用户 `postgres`,因为它是 PostgreSQL 数据库的系统管理员\n$ su postgres\n\n# 进入 PostgreSQL 控制台\n$ psql\n\n# 设置用户 `postgres` 的密码【仅仅首次需要】\n# 注意开头的 \\ 必须有!\n$ \\password postgres \n\n# 创建一个 PostgreSQL 用户 `kong`,和上面创建的 Linux 用户 `kong` 对应。\n# 密码 '123456' 根据自己需要生成\n$ create user kong with password '123456'; \n# 创建一个 PostgreSQL 数据库 `kong`\n$ create database kong owner kong;\n# 将数据库 `kong` 授权给 PostgreSQL 用户 `kong`\n$ grant all privileges on database kong to kong;\n\n# 退出 PostgreSQL 控制台\n$ \\q","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PostgreSQL 有四种身份认证方式:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"trust:凡是连接到服务器的,都是可信任的。只需要提供 PostgreSQL 用户名,可以没有对应的操作系统同名用户。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"password 和 md5:对于远程访问,需要提供 PostgreSQL 用户名和密码。对于本地连接,提供 PostgreSQL 用户名密码之外,还需要有操作系统访问权(用操作系统同名用户验证)。password 和 md5 的区别,就是远程访问时传输的密码是否用 md5 加密。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ident:对于远程访问,从 ident 服务器获得客户端操作系统用户名,然后把操作系统作为数据库用户名进行登录对于本地连接,实际上使用了 peer。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"peer:对于本地访问,通过客户端操作系统内核来获取当前系统登录的用户名,并作为 PostgreSQL 用户名进行登录。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认配置下,我们无法在本地或者远程使用 PostgreSQL 用户名和密码直接连接,因为本地使用 peer 认证方式,远程使用 ident 认证方式。解决方法比较简单,将本地和远程的认证方式修改成 trust 或者 password 即可。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修改 /var/lib/pgsql/9.6/data/pg_hba.conf 文件,注释掉所有默认配置,并添加一条 host all all 0.0.0.0/0 trust 默认,无论远程还是本地访问,任何 PostgreSQL 用户和数据库,都使用 trust 认证方式。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cd/cd433da8040390f729004a1cdfa01ee2.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认配置下,PostgreSQL 只允许本地连接,所以我们需要修改 /var/lib/pgsql/9.6/data/postgresql.conf 文件,添加 listen_address 配置项为 *,允许远程连接。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fc/fc8a115092ffba1297274380fd63cd96.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修改完成后,执行 sudo systemctl restart postgresql-9.6 命令,重启 PostgreSQL 数据库。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过Navicat可以连接到postgresql数据库:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/88/88f7e572f4d02bf618bf7dea8d372950.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.1.2 安装kong","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"centos7下安装kong:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://download.konghq.com/gateway-1.x-centos-7/Packages/k/","title":null,"type":null},"content":[{"type":"text","text":"https://download.konghq.com/gateway-1.x-centos-7/Packages/k/","attrs":{}}]}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"安装命令","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"wget https://download.konghq.com/gateway-1.x-centos-7/Packages/k/kong-1.5.1.el7.amd64.rpm\nsudo yum install kong-1.5.1.el7.amd64.rpm ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"配置kong","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 的默认配置文件是 /etc/kong/kong.conf.default,使用 cp /etc/kong/kong.conf.default /etc/kong/kong.conf 命令,复制一份新的配置文件。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"复制完成后,修改 /etc/kong/kong.conf 配置文件,设置使用 PostgreSQL 数据库。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2e/2ee8637d0c24ffabd7a4b89bd75fa64b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"执行 kong migrations bootstrap -c /etc/kong/kong.conf 命令,进行 Kong 的 PostgreSQL 数据库的表初始化。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"navicat中可以看到表信息","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9d/9debae986c8a8ae7ffd2c3363ac30a29.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"执行 kong start -c /etc/kong/kong.conf 命令,执行 Kong 的启动。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"#启动命令\nkong start -c /etc/kong/kong.conf \n# 停止命令\nkong stop\n# 重新加载kong\nkong reload","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"启动成功时,会看到 Kong started 日志。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2b/2b82624074c4294ea31c8bb5f5e961af.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认情况下,Kong 绑定 4 个端口:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Proxy 8000:接收客户端的 HTTP 请求,并转发到后端的 Upstream。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Proxy 8443:接收客户端的 HTTPS 请求,并转发到后端的 Upstream。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Admin 8001:接收管理员的 HTTP 请求,进行 Kong 的管理。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Admin 8444:接收管理员的 HTTPS 请求,进行 Kong 的管理。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 请求 Proxy 端口\n$ curl http://127.0.0.1:8000\n{\"message\":\"no Route matched with those values\"} \n# 因为我们暂时没配置 Kong 路由。\n\n# 请求 Admin 端口\n# 注意,考虑到安全性,Admin 端口只允许本机访问。\n$ curl http://127.0.0.1:8001\n{\"plugins\":{\"enabled_in_cluster\":[],\"available_on_server\":{... // 省略","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.2 基于docker搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"前提:准备好docker环境","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/e8/e886607ca311c868145f995bf6ab3008.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 安装有两种方式一种是没有数据库依赖的DB-less 模式,另一种是with a Database 模式。我们这里使用第二种带Database的模式,因为这种模式功能更全。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.2.1 docker安装Kong","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"构建Kong的容器网络","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先我们创建一个Docker自定义网络,以允许容器相互发现和通信。在下面的创建命令中","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kong-net","attrs":{}}],"attrs":{}},{"type":"text","text":"是我们创建的Docker网络名称,当然你可以使用你认为合适的名称。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":" docker network create kong-net","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"搭建数据库环境","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 目前使用Cassandra(Facebook开源的分布式的NoSQL数据库) 或者PostgreSql,你可以执行以下命令中的一个来选择你的Database。请注意定义网络 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"--network=kong-net","attrs":{}}],"attrs":{}},{"type":"text","text":" 。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Cassandra容器:","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 9042:9042 \\\n cassandra:3","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PostgreSQL容器:","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 5432:5432 \\\n -e \"POSTGRES_USER=kong\" \\\n -e \"POSTGRES_DB=kong\" \\\n postgres:9.6","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这里有个小问题。如果你使用的是PostgreSQL,想挂载卷持久化数据到宿主机。通过 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"-v","attrs":{}}],"attrs":{}},{"type":"text","text":" 命令是不好用的。这里推荐你使用 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"docker volume create","attrs":{}}],"attrs":{}},{"type":"text","text":" 命令来创建一个挂载。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker volume create kong-volume","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然后上面的PostgreSQL就可以通过","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"- v kong-volume:/var/lib/postgresql/data","attrs":{}}],"attrs":{}},{"type":"text","text":" 进行挂载了。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 5432:5432 \\\n -v kong-volume:/var/lib/postgresql/data \\\n -e \"POSTGRES_USER=kong\" \\\n -e \"POSTGRES_DB=kong\" \\\n -e \"POSTGRES_PASSWORD=kong\" \\\n postgres:9.6","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"初始化或者迁移数据库","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我们使用","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"docker run --rm","attrs":{}}],"attrs":{}},{"type":"text","text":"来初始化数据库,该命令执行后会退出容器而保留内部的数据卷(volume)。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run --rm \\\n --network=kong-net \\\n -e \"KONG_DATABASE=postgres\" \\\n -e \"KONG_PG_HOST=kong-database\" \\\n -e \"KONG_PG_PASSWORD=kong\" \\\n -e \"KONG_CASSANDRA_CONTACT_POINTS=kong-database\" \\\n kong:latest kong migrations bootstrap","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"navicat中可以看到表信息","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cc/ccfb2a98005458faea7f04c138fbd151.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"启动Kong容器","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"完成初始化或者迁移数据库后,我们就可以启动一个连接到数据库容器的Kong容器,请务必保证你的数据库容器启动状态,同时检查所有的环境参数 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"-e","attrs":{}}],"attrs":{}},{"type":"text","text":" 是否是你定义的环境。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong \\\n --network=kong-net \\\n -e \"KONG_DATABASE=postgres\" \\\n -e \"KONG_PG_HOST=kong-database\" \\\n -e \"KONG_PG_PASSWORD=kong\" \\\n -e \"KONG_CASSANDRA_CONTACT_POINTS=kong-database\" \\\n -e \"KONG_PROXY_ACCESS_LOG=/dev/stdout\" \\\n -e \"KONG_ADMIN_ACCESS_LOG=/dev/stdout\" \\\n -e \"KONG_PROXY_ERROR_LOG=/dev/stderr\" \\\n -e \"KONG_ADMIN_ERROR_LOG=/dev/stderr\" \\\n -e \"KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl\" \\\n -p 8000:8000 \\\n -p 8443:8443 \\\n -p 8001:8001 \\\n -p 8444:8444 \\\n kong:latest","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"验证","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可通过 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"curl -i http://192.168.65.200:8001/","attrs":{}}],"attrs":{}},{"type":"text","text":" 或者浏览器调用 ","attrs":{}},{"type":"link","attrs":{"href":"http://192.168.65.200:8001/","title":null,"type":null},"content":[{"type":"text","text":"http://192.168.65.200:8001/","attrs":{}}]},{"type":"text","text":" 来验证Kong Admin 是否联通 。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a6/a6f73465990c52e95fce68ea915624b9.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.3 安装Kong 管理UI","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 企业版提供了管理UI,开源版本是没有的。但是有很多的开源的管理 UI ,其中比较好用的是Konga。项目地址:","attrs":{}},{"type":"link","attrs":{"href":"https://github.com/pantsel/konga","title":null,"type":null},"content":[{"type":"text","text":"https://github.com/pantsel/konga","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b7/b7ebbf8a0312d421f5f66d9de5ef5338.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Konga 主要是用 AngularJS 写的,运行于nodejs服务端。具有以下特性:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理所有Kong Admin API对象。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持从远程源(数据库,文件,API等)导入使用者。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理多个Kong节点。使用快照备份,还原和迁移Kong节点。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用运行状况检查监视节点和API状态。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持电子邮件和闲置通知。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持多用户。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"易于数据库集成(MySQL,postgresSQL,MongoDB,SQL Server)。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker volume create konga-postgresql","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name konga-database \\\n\t --network=kong-net \\\n -p 5433:5432 \\\n -v konga-postgresql:/var/lib/postgresql/data \\\n -e \"POSTGRES_USER=konga\" \\\n -e \"POSTGRES_DB=konga\" \\\n -e \"POSTGRES_PASSWORD=konga\" \\\n postgres:9.6","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/15/1577c2b4ca7480f5e22a08f133fabe26.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"初始化 PostgreSQL 数据库","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run --rm --network=kong-net \\\n pantsel/konga:latest -c prepare -a postgres -u postgres://konga:konga@konga-database:5432/konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相关命令解读:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d6/d632826f1e55eb1f387b4af659907982.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3c/3c215ff6ee135d66c5ddf079bb4d4294.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"到此Konga的数据库环境就搞定了,通过Navicat可以查看到konga数据库及其数据表。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/59/59d9b1c7246653fa31ebc566e8986aca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"环境参数","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Konga 还有一些可配置的环境参数:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/52/524973bd3d914be032a12a7d17cbe1a4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"启动Konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过以下命令就可以启动Konga容器了","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d -p 1337:1337 \\\n --network kong-net \\\n -e \"DB_ADAPTER=postgres\" \\\n -e \"DB_URI=postgres://konga:konga@konga-database:5432/konga\" \\\n -e \"NODE_ENV=production\" \\\n -e \"DB_PASSWORD=konga\" \\\n --name konga \\\n pantsel/konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"运行完后,如果成功可以通过","attrs":{}},{"type":"link","attrs":{"href":"http://192.168.65.200:1337/","title":null,"type":null},"content":[{"type":"text","text":"http://192.168.65.200:1337/","attrs":{}}]},{"type":"text","text":" 链接到控制台。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/36/3617ac043e3e12cb6a7d0945f6722b4f.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过注册后进入,然后在dashboard面板里面添加Kong的管理Api路径 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"http://ip:8001","attrs":{}}],"attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6f/6fd121ab8a4e77fc78a31c5f4c30b6a2.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/44/447ca2ff5a4e2708ac43d1968735ddc3.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"3. Kong快速开始","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.1 动态负载均衡实现","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"nginx下负载均衡配置","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"upstream tulingmall-product-upstream {\n\tserver 192.168.65.190:8866 weight=100;\n\tserver 192.168.65.190:8867 weight=100;\n}\n\nserver {\n\tlisten\t80;\n\tlocation /pms/ {\n\t\tproxy_pass http://tulingmall-product-upstream;\n\t}\n}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Kong Admin API","attrs":{}},{"type":"text","text":" 进行上述的负载均衡的配置","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://docs.konghq.com/enterprise/2.4.x/admin-api/","title":null,"type":null},"content":[{"type":"text","text":"https://docs.konghq.com/enterprise/2.4.x/admin-api/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/71/7144e6aed20e7f75a514a0811c1a6a2a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/62/62ef8064d00006958ad9f81b70b99ee7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建 upstream 和 target","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/upstreams","attrs":{}}],"attrs":{}},{"type":"text","text":",创建名字为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"demo-upstream","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"upstream","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -X POST http://127.0.0.1:8001/upstreams --data \"name=tulingmall-product-upstream\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/5b/5bd91cf3a43071ff8f1e21b1e182d80a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/upstreams/{upstream}/targets","attrs":{}}],"attrs":{}},{"type":"text","text":",创建 tulingmall-product服务对应的 2 个 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"target","attrs":{}},{"type":"text","text":"。注意,","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"{upstream}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数为 upstream 的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 192.168.65.190:8866 对应的 target\n$ curl -X POST http://127.0.0.1:8001/upstreams/tulingmall-product-upstream/targets --data \"target=192.168.65.190:8866\" --data \"weight=100\"\n# 192.168.65.190:8867 对应的 target\n$ curl -X POST http://127.0.0.1:8001/upstreams/tulingmall-product-upstream/targets --data \"target=192.168.65.190:8867\" --data \"weight=100\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1f/1f3b08b142afb1ffc7a0e6112bfd6d86.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建 service 和 route","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/services","attrs":{}}],"attrs":{}},{"type":"text","text":",创建名字为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"tulingmall-product","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"service","attrs":{}},{"type":"text","text":"。host 参数,用于设置对应的 upstream 的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/services --data \"name=tulingmall-product\" --data \"host=tulingmall-product-upstream\" --data \"path=/pms\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/51/5108531bc02fa6e0e316c7b5d94d21f4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/routes","attrs":{}}],"attrs":{}},{"type":"text","text":",创建一个请求路径为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"path","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"route","attrs":{}},{"type":"text","text":"。注意,","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"{service}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数,为 service的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://localhost:8001/services/tulingmall-product/routes --data \"name=tulingmall-product-route\" --data \"paths[]=/pms\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/73/73fef88ffe8f519c008d6ef414d3988d.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl http://127.0.0.1:8000/pms/productInfo/42","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.2 kong限流配置","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 提供了 ","attrs":{}},{"type":"link","attrs":{"href":"https://docs.konghq.com/hub/kong-inc/rate-limiting","title":"","type":null},"content":[{"type":"text","text":"Rate Limiting","attrs":{}}]},{"type":"text","text":" 插件,实现对请求的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"限流","attrs":{}},{"type":"text","text":"功能,避免过大的请求量过大,将后端服务打挂。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 支持秒/分/小时/日/月/年多种","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"时间维度","attrs":{}},{"type":"text","text":"的限流,并且可以组合使用。例如说:限制每秒最多 100 次请求,并且每分钟最多 1000 次请求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 支持 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumer","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"credential","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ip","attrs":{}}],"attrs":{}},{"type":"text","text":" 三种","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"基础维度","attrs":{}},{"type":"text","text":"的限流,默认为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumer","attrs":{}}],"attrs":{}},{"type":"text","text":"。例如说:设置每个 IP 允许每秒请求的次数。计数的存储,支持使用 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"local","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"redis","attrs":{}}],"attrs":{}},{"type":"text","text":" 三种方式进行存储,默认为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":":","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"local","attrs":{}}],"attrs":{}},{"type":"text","text":":存储在 Nginx 本地,实现单实例限流。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":":存储在 Cassandra 或 PostgreSQL 数据库,实现集群限流。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"redis","attrs":{}}],"attrs":{}},{"type":"text","text":":存储在 Redis 数据库,实现集群限流。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 采用的限流算法是","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"计数器","attrs":{}},{"type":"text","text":"的方式,所以无法提供类似令牌桶算法的平滑限流能力。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置 Rate Limiting 插件","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/plugins","attrs":{}}],"attrs":{}},{"type":"text","text":",创建 Rate Limiting 插件的配置:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 服务上启用插件\n$ curl -X POST http://127.0.0.1:8001/services/tulingmall-product/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"config.second=1\" \\\n --data \"config.limit_by=ip\"\n \n# 路由上启用插件\n$ curl -X POST http://127.0.0.1:8001/routes/{route_id}/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"config.second=5\" \\\n --data \"config.hour=10000\"\n\n# consumer上启用插件\n$ curl -X POST http://127.0.0.1:8001/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"consumer_id={consumer_id}\" \\\n --data \"config.second=5\" \\\n --data \"config.hour=10000\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"name","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"rate-limiting","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 Rate Limiting 插件。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"config.second","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 1 表示每秒允许 1 次请求。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"config.limit_by","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ip","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 IP 基础维度的限流。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"也可以通过konga UI操作添加rate-limiting插件","attrs":{}}]}]}],"attrs":{}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a5/a51b24cd64637770aa96a9027ad358e5.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"请求超过阈值,会被kong限流","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/f1/f17e87bee111118e457cc5bae35a05ab.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.3 Basic Auth身份认证","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置Basic Auth插件","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 在服务上配置插件\ncurl -X POST http://127.0.0.1:8001/services/{service}/plugins \\\n --data \"name=basic-auth\" \\\n --data \"config.hide_credentials=true\"\n\n#在路由上配置插件\ncurl -X POST http://127.0.0.1:8001/routes/{route_id}/plugins \\\n --data \"name=basic-auth\" \\\n --data \"config.hide_credentials=true\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过konga UI为路由添加basic-auth插件","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/53/53bdbe5e479855c0041b17238bcbefd7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"创建用户并添加Basic凭证","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d6/d681ff2747a6e38f0547799ba9cf1726.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9e/9e413c75e191966ada465208e880056a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9e/9e413c75e191966ada465208e880056a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.4 JWT身份认证","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置 JWT 插件","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/plugins","attrs":{}}],"attrs":{}},{"type":"text","text":",创建 JWT 插件的配置:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/services/tulingmall-product/plugins \\\n --data \"name=jwt\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"name","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 JWT 插件。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 查看插件列表\ncurl -X GET localhost:8001/services/tulingmall-product/plugins\n\n#查看jwt插件\ncurl -X GET localhost:8001/services/tulingmall-product/plugins/jwt\n\n#删除jwt插件\ncurl -X DELETE localhost:8001/services/tulingmall-product/plugins/{jwt.id}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过konga UI操作添加","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":" 插件","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/52/5234f712e7a31ef181a20162d5e951ae.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"请求被kong安全拦截","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/29/29be322b4aa97f0c2795b1ac07d5f1b9.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建Consumer","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumers","attrs":{}}],"attrs":{}},{"type":"text","text":",创建一个 Consumer 消费者:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -i -X POST http://localhost:8001/consumers/ \\\n --data \"username=fox\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/80/80a853e0033f8ef66715859a0dae2e48.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建 consumer 的 jwt 凭证","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumers/{username}/{plugin}","attrs":{}}],"attrs":{}},{"type":"text","text":",","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"生成","attrs":{}},{"type":"text","text":"该消费者的 JWT 信息:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"{username}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数,为 Consumer 的用户名。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"{plugin}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数,为 Plugin 的插件名。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可以指定算法","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"algorithm","attrs":{}}],"attrs":{}},{"type":"text","text":",","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"iss","attrs":{}}],"attrs":{}},{"type":"text","text":"签发者","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"key","attrs":{}}],"attrs":{}},{"type":"text","text":",密钥","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"secret","attrs":{}}],"attrs":{}},{"type":"text","text":",也可以省略,会自动生成。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -i -X POST http://localhost:8001/consumers/fox/jwt/ \\\n-d \"algorithm=HS256\" \\\n-d \"key=fox123\" \\\n-d \"secret=uFLMFeKPPL525ppKrqmUiT2rlvkpLc9u\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0f/0f40ed747bb11530807cccc83af9a737.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"{\n \"rsa_public_key\":null,\n \"algorithm\":\"HS256\",\n \"id\":\"3dc4d177-8a7a-4edc-bc88-ee7aa2447fc7\",\n \"tags\":null,\n \"consumer\":{\n \"id\":\"8e7fb82d-68ef-4f2b-a30c-613866378525\"\n },\n \"secret\":\"uFLMFeKPPL525ppKrqmUiT2rlvkpLc9u\",\n \"created_at\":1625803149,\n \"key\":\"fox123\"\n}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/bd/bd61e2aa97872c2cf8964bc32d61596f.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"查看fox的jwt凭证","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X GET localhost:8001/consumers/fox/jwt","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fa/fac614ab116dd1f25e45c65ffea84626.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"生成jwt token","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"业务服务器根据","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kong","attrs":{}}],"attrs":{}},{"type":"text","text":"生成的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":"凭证中的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"algorithm、key(iss)、secret","attrs":{}}],"attrs":{}},{"type":"text","text":"进行","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"token","attrs":{}}],"attrs":{}},{"type":"text","text":"的演算和下发。请求","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"鉴权接口","attrs":{}}],"attrs":{}},{"type":"text","text":"需携带","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Authorization: Bearer jwt","attrs":{}}],"attrs":{}},{"type":"text","text":"进行请求。测试可以在","attrs":{}},{"type":"link","attrs":{"href":"https://jwt.io/","title":null,"type":null},"content":[{"type":"text","text":"https://jwt.io/","attrs":{}}]},{"type":"text","text":"中通过Debugger生成jwt token","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/767211998bb02e198d4790c41eb8d4dd.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"获取到jwt token令牌:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJmb3gxMjMifQ.hqHGVujYheALxXpEVtgisA5pPTGfQYet0IKadnYPtj8","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl http://192.168.65.200:8000/pms/productInfo/42 \\\n -H \"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJmb3gxMjMifQ.hqHGVujYheALxXpEVtgisA5pPTGfQYet0IKadnYPtj8\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cd/cd32b56c21433c479ed1e79fa92910ae.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.5 黑白名单配置","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置插件","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 在服务上启用插件\n$ curl -X POST http://kong:8001/services/{service}/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=54.13.21.1, 143.1.0.0/24\"\n\n# 在路由上启用插件\n$ curl -X POST http://kong:8001/routes/{route_id}/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=54.13.21.1, 143.1.0.0/24\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"config.whitelist :白名单,逗号分隔的IPs或CIDR范围。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"config.blacklist :白名单,逗号分隔的IPs或CIDR范围。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/routes/ad515a07-bae4-4b54-a927-35bc6c85565b/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=192.168.65.200\"","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"当前本机器IP地址为: 192.168.65.103","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1e/1e6f29f528fc658d38180d2f0f4eca4e.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"将本机ip加入到白名单","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/90/90af2f36022f1b7d4e51d9df9728a095.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/76772eea5d2789ae1ab69ba0b294d585.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
API网关Kong实战
{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.Kong介绍","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong是一款基于OpenResty(Nginx + Lua模块)编写的高可用、易扩展的,由Mashape公司开源的API Gateway项目。Kong是基于NGINX和Apache Cassandra或PostgreSQL构建的,能提供易于使用的RESTful API来操作和配置API管理系统,所以它可以水平扩展多个Kong服务器,通过前置的负载均衡配置把请求均匀地分发到各个Server,来应对大批量的网络请求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"官网:","attrs":{}},{"type":"link","attrs":{"href":"https://konghq.com/","title":null,"type":null},"content":[{"type":"text","text":"https://konghq.com/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3d/3dd53d472d62219011debad5abf2c692.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Kong主要有三个组件:","attrs":{}}]},{"type":"numberedlist","attrs":{"start":"","normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"Kong Server :基于nginx的服务器,用来接收API请求。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"Apache Cassandra/PostgreSQL :用来存储操作数据。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"Kong dashboard:官方推荐UI管理工具,当然,也可以使用 restfull 方式 管理admin api。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong采用插件机制进行功能定制,插件集(可以是0或N个)在API请求响应循环的生命周期中被执行。插件使用Lua编写,目前已有几个基础功能:HTTP基本认证、密钥认证、CORS(Cross-Origin Resource Sharing,跨域资源共享)、TCP、UDP、文件日志、API请求限流、请求转发以及Nginx监控。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b6/b61071b2a88fbfcd98ac9c5aaa7ab551.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1 Kong网关的特性","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong网关具有以下的特性:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可扩展性: 通过简单地添加更多的服务器,可以轻松地进行横向扩展,这意味着您的平台可以在一个较低负载的情况下处理任何请求;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"模块化: 可以通过添加新的插件进行扩展,这些插件可以通过RESTful Admin API轻松配置;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在任何基础架构上运行: Kong网关可以在任何地方都能运行。您可以在云或内部网络环境中部署Kong,包括单个或多个数据中心设置,以及public,private 或invite-only APIs。","attrs":{}}]}]}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2 Kong网关架构","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1b/1bd1e9acdb3722fa0c888475c35c2788.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":1,"normalizeStart":1},"content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"Kong核心基于OpenResty构建,实现了请求/响应的Lua处理化;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"Kong插件拦截请求/响应;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"Kong Restful 管理API提供了API/API消费者/插件的管理;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":4,"align":null,"origin":null},"content":[{"type":"text","text":"数据中心用于存储Kong集群节点信息、API、消费者、插件等信息,目前提供了PostgreSQL和Cassandra支持,如果需要高可用建议使用Cassandra;","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":5,"align":null,"origin":null},"content":[{"type":"text","text":"Kong集群中的节点通过gossip协议自动发现其他节点,当通过一个Kong节点的管理API进行一些变更时也会通知其他节点。每个Kong节点的配置信息是会缓存的,如插件,那么当在某一个Kong节点修改了插件配置时,需要通知其他节点配置的变更。","attrs":{}}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":6,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"2.Kong环境搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://konghq.com/install/","title":null,"type":null},"content":[{"type":"text","text":"https://konghq.com/install/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d9/d9d71c6eb6f0b80dc7ffddea335b552c.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.1 基于centos7搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"环境: PostgreSQL 9.6 + CentOS 7","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.1.1 PostgreSQL","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下载地址:https://www.postgresql.org/download/linux/redhat/","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"安装命令","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"选择 PostgreSQL 9.6 + CentOS 7 后获得安装方式:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a4/a443b3c41076593a45a248b3099acd1a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"启动postgresql后查看状态:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4e/4e33e4bce54892847c77a39d690fddc6.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"配置postgresql","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为了安全以及满足 Kong 初始化的需求,需要创建一个 Linux 用户 kong,并创建对应的 PostgreSQL 用户 kong 和数据库 kong","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 创建一个 Linux 用户 `kong`\n$ adduser kong\n\n# 切换到 Linux 系统用户 `postgres`,因为它是 PostgreSQL 数据库的系统管理员\n$ su postgres\n\n# 进入 PostgreSQL 控制台\n$ psql\n\n# 设置用户 `postgres` 的密码【仅仅首次需要】\n# 注意开头的 \\ 必须有!\n$ \\password postgres \n\n# 创建一个 PostgreSQL 用户 `kong`,和上面创建的 Linux 用户 `kong` 对应。\n# 密码 '123456' 根据自己需要生成\n$ create user kong with password '123456'; \n# 创建一个 PostgreSQL 数据库 `kong`\n$ create database kong owner kong;\n# 将数据库 `kong` 授权给 PostgreSQL 用户 `kong`\n$ grant all privileges on database kong to kong;\n\n# 退出 PostgreSQL 控制台\n$ \\q","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PostgreSQL 有四种身份认证方式:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"trust:凡是连接到服务器的,都是可信任的。只需要提供 PostgreSQL 用户名,可以没有对应的操作系统同名用户。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"password 和 md5:对于远程访问,需要提供 PostgreSQL 用户名和密码。对于本地连接,提供 PostgreSQL 用户名密码之外,还需要有操作系统访问权(用操作系统同名用户验证)。password 和 md5 的区别,就是远程访问时传输的密码是否用 md5 加密。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"ident:对于远程访问,从 ident 服务器获得客户端操作系统用户名,然后把操作系统作为数据库用户名进行登录对于本地连接,实际上使用了 peer。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"peer:对于本地访问,通过客户端操作系统内核来获取当前系统登录的用户名,并作为 PostgreSQL 用户名进行登录。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认配置下,我们无法在本地或者远程使用 PostgreSQL 用户名和密码直接连接,因为本地使用 peer 认证方式,远程使用 ident 认证方式。解决方法比较简单,将本地和远程的认证方式修改成 trust 或者 password 即可。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修改 /var/lib/pgsql/9.6/data/pg_hba.conf 文件,注释掉所有默认配置,并添加一条 host all all 0.0.0.0/0 trust 默认,无论远程还是本地访问,任何 PostgreSQL 用户和数据库,都使用 trust 认证方式。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cd/cd433da8040390f729004a1cdfa01ee2.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认配置下,PostgreSQL 只允许本地连接,所以我们需要修改 /var/lib/pgsql/9.6/data/postgresql.conf 文件,添加 listen_address 配置项为 *,允许远程连接。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fc/fc8a115092ffba1297274380fd63cd96.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"修改完成后,执行 sudo systemctl restart postgresql-9.6 命令,重启 PostgreSQL 数据库。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过Navicat可以连接到postgresql数据库:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/88/88f7e572f4d02bf618bf7dea8d372950.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.1.2 安装kong","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"centos7下安装kong:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://download.konghq.com/gateway-1.x-centos-7/Packages/k/","title":null,"type":null},"content":[{"type":"text","text":"https://download.konghq.com/gateway-1.x-centos-7/Packages/k/","attrs":{}}]}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"安装命令","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"wget https://download.konghq.com/gateway-1.x-centos-7/Packages/k/kong-1.5.1.el7.amd64.rpm\nsudo yum install kong-1.5.1.el7.amd64.rpm ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"配置kong","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 的默认配置文件是 /etc/kong/kong.conf.default,使用 cp /etc/kong/kong.conf.default /etc/kong/kong.conf 命令,复制一份新的配置文件。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"复制完成后,修改 /etc/kong/kong.conf 配置文件,设置使用 PostgreSQL 数据库。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2e/2ee8637d0c24ffabd7a4b89bd75fa64b.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"执行 kong migrations bootstrap -c /etc/kong/kong.conf 命令,进行 Kong 的 PostgreSQL 数据库的表初始化。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"navicat中可以看到表信息","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9d/9debae986c8a8ae7ffd2c3363ac30a29.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"执行 kong start -c /etc/kong/kong.conf 命令,执行 Kong 的启动。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"#启动命令\nkong start -c /etc/kong/kong.conf \n# 停止命令\nkong stop\n# 重新加载kong\nkong reload","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"启动成功时,会看到 Kong started 日志。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2b/2b82624074c4294ea31c8bb5f5e961af.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"默认情况下,Kong 绑定 4 个端口:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Proxy 8000:接收客户端的 HTTP 请求,并转发到后端的 Upstream。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Proxy 8443:接收客户端的 HTTPS 请求,并转发到后端的 Upstream。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Admin 8001:接收管理员的 HTTP 请求,进行 Kong 的管理。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Admin 8444:接收管理员的 HTTPS 请求,进行 Kong 的管理。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 请求 Proxy 端口\n$ curl http://127.0.0.1:8000\n{\"message\":\"no Route matched with those values\"} \n# 因为我们暂时没配置 Kong 路由。\n\n# 请求 Admin 端口\n# 注意,考虑到安全性,Admin 端口只允许本机访问。\n$ curl http://127.0.0.1:8001\n{\"plugins\":{\"enabled_in_cluster\":[],\"available_on_server\":{... // 省略","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.2 基于docker搭建","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"前提:准备好docker环境","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/e8/e886607ca311c868145f995bf6ab3008.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 安装有两种方式一种是没有数据库依赖的DB-less 模式,另一种是with a Database 模式。我们这里使用第二种带Database的模式,因为这种模式功能更全。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"2.2.1 docker安装Kong","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"构建Kong的容器网络","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先我们创建一个Docker自定义网络,以允许容器相互发现和通信。在下面的创建命令中","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kong-net","attrs":{}}],"attrs":{}},{"type":"text","text":"是我们创建的Docker网络名称,当然你可以使用你认为合适的名称。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":" docker network create kong-net","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"搭建数据库环境","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 目前使用Cassandra(Facebook开源的分布式的NoSQL数据库) 或者PostgreSql,你可以执行以下命令中的一个来选择你的Database。请注意定义网络 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"--network=kong-net","attrs":{}}],"attrs":{}},{"type":"text","text":" 。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Cassandra容器:","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 9042:9042 \\\n cassandra:3","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PostgreSQL容器:","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 5432:5432 \\\n -e \"POSTGRES_USER=kong\" \\\n -e \"POSTGRES_DB=kong\" \\\n postgres:9.6","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这里有个小问题。如果你使用的是PostgreSQL,想挂载卷持久化数据到宿主机。通过 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"-v","attrs":{}}],"attrs":{}},{"type":"text","text":" 命令是不好用的。这里推荐你使用 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"docker volume create","attrs":{}}],"attrs":{}},{"type":"text","text":" 命令来创建一个挂载。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker volume create kong-volume","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然后上面的PostgreSQL就可以通过","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"- v kong-volume:/var/lib/postgresql/data","attrs":{}}],"attrs":{}},{"type":"text","text":" 进行挂载了。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong-database \\\n --network=kong-net \\\n -p 5432:5432 \\\n -v kong-volume:/var/lib/postgresql/data \\\n -e \"POSTGRES_USER=kong\" \\\n -e \"POSTGRES_DB=kong\" \\\n -e \"POSTGRES_PASSWORD=kong\" \\\n postgres:9.6","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"初始化或者迁移数据库","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我们使用","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"docker run --rm","attrs":{}}],"attrs":{}},{"type":"text","text":"来初始化数据库,该命令执行后会退出容器而保留内部的数据卷(volume)。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run --rm \\\n --network=kong-net \\\n -e \"KONG_DATABASE=postgres\" \\\n -e \"KONG_PG_HOST=kong-database\" \\\n -e \"KONG_PG_PASSWORD=kong\" \\\n -e \"KONG_CASSANDRA_CONTACT_POINTS=kong-database\" \\\n kong:latest kong migrations bootstrap","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"navicat中可以看到表信息","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cc/ccfb2a98005458faea7f04c138fbd151.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"启动Kong容器","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"完成初始化或者迁移数据库后,我们就可以启动一个连接到数据库容器的Kong容器,请务必保证你的数据库容器启动状态,同时检查所有的环境参数 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"-e","attrs":{}}],"attrs":{}},{"type":"text","text":" 是否是你定义的环境。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name kong \\\n --network=kong-net \\\n -e \"KONG_DATABASE=postgres\" \\\n -e \"KONG_PG_HOST=kong-database\" \\\n -e \"KONG_PG_PASSWORD=kong\" \\\n -e \"KONG_CASSANDRA_CONTACT_POINTS=kong-database\" \\\n -e \"KONG_PROXY_ACCESS_LOG=/dev/stdout\" \\\n -e \"KONG_ADMIN_ACCESS_LOG=/dev/stdout\" \\\n -e \"KONG_PROXY_ERROR_LOG=/dev/stderr\" \\\n -e \"KONG_ADMIN_ERROR_LOG=/dev/stderr\" \\\n -e \"KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl\" \\\n -p 8000:8000 \\\n -p 8443:8443 \\\n -p 8001:8001 \\\n -p 8444:8444 \\\n kong:latest","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"验证","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可通过 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"curl -i http://192.168.65.200:8001/","attrs":{}}],"attrs":{}},{"type":"text","text":" 或者浏览器调用 ","attrs":{}},{"type":"link","attrs":{"href":"http://192.168.65.200:8001/","title":null,"type":null},"content":[{"type":"text","text":"http://192.168.65.200:8001/","attrs":{}}]},{"type":"text","text":" 来验证Kong Admin 是否联通 。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a6/a6f73465990c52e95fce68ea915624b9.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2.3 安装Kong 管理UI","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 企业版提供了管理UI,开源版本是没有的。但是有很多的开源的管理 UI ,其中比较好用的是Konga。项目地址:","attrs":{}},{"type":"link","attrs":{"href":"https://github.com/pantsel/konga","title":null,"type":null},"content":[{"type":"text","text":"https://github.com/pantsel/konga","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/b7/b7ebbf8a0312d421f5f66d9de5ef5338.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Konga 主要是用 AngularJS 写的,运行于nodejs服务端。具有以下特性:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理所有Kong Admin API对象。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持从远程源(数据库,文件,API等)导入使用者。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"管理多个Kong节点。使用快照备份,还原和迁移Kong节点。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用运行状况检查监视节点和API状态。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持电子邮件和闲置通知。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支持多用户。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"易于数据库集成(MySQL,postgresSQL,MongoDB,SQL Server)。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker volume create konga-postgresql","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d --name konga-database \\\n\t --network=kong-net \\\n -p 5433:5432 \\\n -v konga-postgresql:/var/lib/postgresql/data \\\n -e \"POSTGRES_USER=konga\" \\\n -e \"POSTGRES_DB=konga\" \\\n -e \"POSTGRES_PASSWORD=konga\" \\\n postgres:9.6","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/15/1577c2b4ca7480f5e22a08f133fabe26.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"初始化 PostgreSQL 数据库","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run --rm --network=kong-net \\\n pantsel/konga:latest -c prepare -a postgres -u postgres://konga:konga@konga-database:5432/konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相关命令解读:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d6/d632826f1e55eb1f387b4af659907982.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3c/3c215ff6ee135d66c5ddf079bb4d4294.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"到此Konga的数据库环境就搞定了,通过Navicat可以查看到konga数据库及其数据表。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/59/59d9b1c7246653fa31ebc566e8986aca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"环境参数","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Konga 还有一些可配置的环境参数:","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/52/524973bd3d914be032a12a7d17cbe1a4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":5},"content":[{"type":"text","text":"启动Konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过以下命令就可以启动Konga容器了","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"docker run -d -p 1337:1337 \\\n --network kong-net \\\n -e \"DB_ADAPTER=postgres\" \\\n -e \"DB_URI=postgres://konga:konga@konga-database:5432/konga\" \\\n -e \"NODE_ENV=production\" \\\n -e \"DB_PASSWORD=konga\" \\\n --name konga \\\n pantsel/konga","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"运行完后,如果成功可以通过","attrs":{}},{"type":"link","attrs":{"href":"http://192.168.65.200:1337/","title":null,"type":null},"content":[{"type":"text","text":"http://192.168.65.200:1337/","attrs":{}}]},{"type":"text","text":" 链接到控制台。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/36/3617ac043e3e12cb6a7d0945f6722b4f.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过注册后进入,然后在dashboard面板里面添加Kong的管理Api路径 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"http://ip:8001","attrs":{}}],"attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6f/6fd121ab8a4e77fc78a31c5f4c30b6a2.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/44/447ca2ff5a4e2708ac43d1968735ddc3.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"3. Kong快速开始","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.1 动态负载均衡实现","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"nginx下负载均衡配置","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"upstream tulingmall-product-upstream {\n\tserver 192.168.65.190:8866 weight=100;\n\tserver 192.168.65.190:8867 weight=100;\n}\n\nserver {\n\tlisten\t80;\n\tlocation /pms/ {\n\t\tproxy_pass http://tulingmall-product-upstream;\n\t}\n}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Kong Admin API","attrs":{}},{"type":"text","text":" 进行上述的负载均衡的配置","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://docs.konghq.com/enterprise/2.4.x/admin-api/","title":null,"type":null},"content":[{"type":"text","text":"https://docs.konghq.com/enterprise/2.4.x/admin-api/","attrs":{}}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/71/7144e6aed20e7f75a514a0811c1a6a2a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/62/62ef8064d00006958ad9f81b70b99ee7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建 upstream 和 target","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/upstreams","attrs":{}}],"attrs":{}},{"type":"text","text":",创建名字为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"demo-upstream","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"upstream","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -X POST http://127.0.0.1:8001/upstreams --data \"name=tulingmall-product-upstream\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/5b/5bd91cf3a43071ff8f1e21b1e182d80a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/upstreams/{upstream}/targets","attrs":{}}],"attrs":{}},{"type":"text","text":",创建 tulingmall-product服务对应的 2 个 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"target","attrs":{}},{"type":"text","text":"。注意,","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"{upstream}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数为 upstream 的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 192.168.65.190:8866 对应的 target\n$ curl -X POST http://127.0.0.1:8001/upstreams/tulingmall-product-upstream/targets --data \"target=192.168.65.190:8866\" --data \"weight=100\"\n# 192.168.65.190:8867 对应的 target\n$ curl -X POST http://127.0.0.1:8001/upstreams/tulingmall-product-upstream/targets --data \"target=192.168.65.190:8867\" --data \"weight=100\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1f/1f3b08b142afb1ffc7a0e6112bfd6d86.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建 service 和 route","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"/services","attrs":{}}],"attrs":{}},{"type":"text","text":",创建名字为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"tulingmall-product","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"service","attrs":{}},{"type":"text","text":"。host 参数,用于设置对应的 upstream 的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/services --data \"name=tulingmall-product\" --data \"host=tulingmall-product-upstream\" --data \"path=/pms\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/51/5108531bc02fa6e0e316c7b5d94d21f4.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/routes","attrs":{}}],"attrs":{}},{"type":"text","text":",创建一个请求路径为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"path","attrs":{}}],"attrs":{}},{"type":"text","text":" 的 ","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"route","attrs":{}},{"type":"text","text":"。注意,","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"{service}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数,为 service的名字。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://localhost:8001/services/tulingmall-product/routes --data \"name=tulingmall-product-route\" --data \"paths[]=/pms\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/73/73fef88ffe8f519c008d6ef414d3988d.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl http://127.0.0.1:8000/pms/productInfo/42","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.2 kong限流配置","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 提供了 ","attrs":{}},{"type":"link","attrs":{"href":"https://docs.konghq.com/hub/kong-inc/rate-limiting","title":"","type":null},"content":[{"type":"text","text":"Rate Limiting","attrs":{}}]},{"type":"text","text":" 插件,实现对请求的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"限流","attrs":{}},{"type":"text","text":"功能,避免过大的请求量过大,将后端服务打挂。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 支持秒/分/小时/日/月/年多种","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"时间维度","attrs":{}},{"type":"text","text":"的限流,并且可以组合使用。例如说:限制每秒最多 100 次请求,并且每分钟最多 1000 次请求。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 支持 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumer","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"credential","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ip","attrs":{}}],"attrs":{}},{"type":"text","text":" 三种","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"基础维度","attrs":{}},{"type":"text","text":"的限流,默认为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumer","attrs":{}}],"attrs":{}},{"type":"text","text":"。例如说:设置每个 IP 允许每秒请求的次数。计数的存储,支持使用 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"local","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"redis","attrs":{}}],"attrs":{}},{"type":"text","text":" 三种方式进行存储,默认为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":":","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"local","attrs":{}}],"attrs":{}},{"type":"text","text":":存储在 Nginx 本地,实现单实例限流。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"cluster","attrs":{}}],"attrs":{}},{"type":"text","text":":存储在 Cassandra 或 PostgreSQL 数据库,实现集群限流。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"redis","attrs":{}}],"attrs":{}},{"type":"text","text":":存储在 Redis 数据库,实现集群限流。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Rate Limiting 采用的限流算法是","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"计数器","attrs":{}},{"type":"text","text":"的方式,所以无法提供类似令牌桶算法的平滑限流能力。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置 Rate Limiting 插件","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/plugins","attrs":{}}],"attrs":{}},{"type":"text","text":",创建 Rate Limiting 插件的配置:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 服务上启用插件\n$ curl -X POST http://127.0.0.1:8001/services/tulingmall-product/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"config.second=1\" \\\n --data \"config.limit_by=ip\"\n \n# 路由上启用插件\n$ curl -X POST http://127.0.0.1:8001/routes/{route_id}/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"config.second=5\" \\\n --data \"config.hour=10000\"\n\n# consumer上启用插件\n$ curl -X POST http://127.0.0.1:8001/plugins \\\n --data \"name=rate-limiting\" \\\n --data \"consumer_id={consumer_id}\" \\\n --data \"config.second=5\" \\\n --data \"config.hour=10000\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"name","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"rate-limiting","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 Rate Limiting 插件。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"config.second","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 1 表示每秒允许 1 次请求。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"config.limit_by","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ip","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 IP 基础维度的限流。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"也可以通过konga UI操作添加rate-limiting插件","attrs":{}}]}]}],"attrs":{}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a5/a51b24cd64637770aa96a9027ad358e5.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"请求超过阈值,会被kong限流","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/f1/f17e87bee111118e457cc5bae35a05ab.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.3 Basic Auth身份认证","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置Basic Auth插件","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 在服务上配置插件\ncurl -X POST http://127.0.0.1:8001/services/{service}/plugins \\\n --data \"name=basic-auth\" \\\n --data \"config.hide_credentials=true\"\n\n#在路由上配置插件\ncurl -X POST http://127.0.0.1:8001/routes/{route_id}/plugins \\\n --data \"name=basic-auth\" \\\n --data \"config.hide_credentials=true\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过konga UI为路由添加basic-auth插件","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/53/53bdbe5e479855c0041b17238bcbefd7.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"创建用户并添加Basic凭证","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d6/d681ff2747a6e38f0547799ba9cf1726.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9e/9e413c75e191966ada465208e880056a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/9e/9e413c75e191966ada465208e880056a.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.4 JWT身份认证","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置 JWT 插件","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"services/${service}/plugins","attrs":{}}],"attrs":{}},{"type":"text","text":",创建 JWT 插件的配置:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/services/tulingmall-product/plugins \\\n --data \"name=jwt\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"name","attrs":{}}],"attrs":{}},{"type":"text","text":" 参数,设置为 ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":" 表示使用 JWT 插件。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 查看插件列表\ncurl -X GET localhost:8001/services/tulingmall-product/plugins\n\n#查看jwt插件\ncurl -X GET localhost:8001/services/tulingmall-product/plugins/jwt\n\n#删除jwt插件\ncurl -X DELETE localhost:8001/services/tulingmall-product/plugins/{jwt.id}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过konga UI操作添加","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":" 插件","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/52/5234f712e7a31ef181a20162d5e951ae.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"请求被kong安全拦截","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/29/29be322b4aa97f0c2795b1ac07d5f1b9.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建Consumer","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumers","attrs":{}}],"attrs":{}},{"type":"text","text":",创建一个 Consumer 消费者:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -i -X POST http://localhost:8001/consumers/ \\\n --data \"username=fox\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/80/80a853e0033f8ef66715859a0dae2e48.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"创建 consumer 的 jwt 凭证","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"调用 Kong Admin API ","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"consumers/{username}/{plugin}","attrs":{}}],"attrs":{}},{"type":"text","text":",","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"生成","attrs":{}},{"type":"text","text":"该消费者的 JWT 信息:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"{username}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数,为 Consumer 的用户名。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"{plugin}","attrs":{}}],"attrs":{}},{"type":"text","text":" 路径参数,为 Plugin 的插件名。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可以指定算法","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"algorithm","attrs":{}}],"attrs":{}},{"type":"text","text":",","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"iss","attrs":{}}],"attrs":{}},{"type":"text","text":"签发者","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"key","attrs":{}}],"attrs":{}},{"type":"text","text":",密钥","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"secret","attrs":{}}],"attrs":{}},{"type":"text","text":",也可以省略,会自动生成。","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"$ curl -i -X POST http://localhost:8001/consumers/fox/jwt/ \\\n-d \"algorithm=HS256\" \\\n-d \"key=fox123\" \\\n-d \"secret=uFLMFeKPPL525ppKrqmUiT2rlvkpLc9u\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0f/0f40ed747bb11530807cccc83af9a737.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"{\n \"rsa_public_key\":null,\n \"algorithm\":\"HS256\",\n \"id\":\"3dc4d177-8a7a-4edc-bc88-ee7aa2447fc7\",\n \"tags\":null,\n \"consumer\":{\n \"id\":\"8e7fb82d-68ef-4f2b-a30c-613866378525\"\n },\n \"secret\":\"uFLMFeKPPL525ppKrqmUiT2rlvkpLc9u\",\n \"created_at\":1625803149,\n \"key\":\"fox123\"\n}","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/bd/bd61e2aa97872c2cf8964bc32d61596f.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"查看fox的jwt凭证","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X GET localhost:8001/consumers/fox/jwt","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fa/fac614ab116dd1f25e45c65ffea84626.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"生成jwt token","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"业务服务器根据","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kong","attrs":{}}],"attrs":{}},{"type":"text","text":"生成的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"jwt","attrs":{}}],"attrs":{}},{"type":"text","text":"凭证中的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"algorithm、key(iss)、secret","attrs":{}}],"attrs":{}},{"type":"text","text":"进行","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"token","attrs":{}}],"attrs":{}},{"type":"text","text":"的演算和下发。请求","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"鉴权接口","attrs":{}}],"attrs":{}},{"type":"text","text":"需携带","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Authorization: Bearer jwt","attrs":{}}],"attrs":{}},{"type":"text","text":"进行请求。测试可以在","attrs":{}},{"type":"link","attrs":{"href":"https://jwt.io/","title":null,"type":null},"content":[{"type":"text","text":"https://jwt.io/","attrs":{}}]},{"type":"text","text":"中通过Debugger生成jwt token","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/767211998bb02e198d4790c41eb8d4dd.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"获取到jwt token令牌:","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJmb3gxMjMifQ.hqHGVujYheALxXpEVtgisA5pPTGfQYet0IKadnYPtj8","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl http://192.168.65.200:8000/pms/productInfo/42 \\\n -H \"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJmb3gxMjMifQ.hqHGVujYheALxXpEVtgisA5pPTGfQYet0IKadnYPtj8\"","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/cd/cd32b56c21433c479ed1e79fa92910ae.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3.5 黑白名单配置","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"配置插件","attrs":{}}]},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"# 在服务上启用插件\n$ curl -X POST http://kong:8001/services/{service}/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=54.13.21.1, 143.1.0.0/24\"\n\n# 在路由上启用插件\n$ curl -X POST http://kong:8001/routes/{route_id}/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=54.13.21.1, 143.1.0.0/24\"","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"config.whitelist :白名单,逗号分隔的IPs或CIDR范围。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"config.blacklist :白名单,逗号分隔的IPs或CIDR范围。","attrs":{}}]}]}],"attrs":{}},{"type":"codeblock","attrs":{"lang":"text"},"content":[{"type":"text","text":"curl -X POST http://127.0.0.1:8001/routes/ad515a07-bae4-4b54-a927-35bc6c85565b/plugins \\\n --data \"name=ip-restriction\" \\\n --data \"config.whitelist=192.168.65.200\"","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"测试","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"当前本机器IP地址为: 192.168.65.103","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1e/1e6f29f528fc658d38180d2f0f4eca4e.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"将本机ip加入到白名单","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/90/90af2f36022f1b7d4e51d9df9728a095.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/76/76772eea5d2789ae1ab69ba0b294d585.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章