由于众所周知的原因,架设在 HK 服务没法使用 https 访问了,故搭建一套私有API 网关。
1 . Kong
The open-source API Gateway and Microservices Management Layer, delivering high performance and reliability.
Backed by the battle-testedNGINXwith a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.
技术层面的东西,想了解童鞋可以自行搜索或点击文末的链接,这里不再废话了~
简单说下使用场景:
总的来说,就是让 nginx 拥有了编程能力,做什么,看需求吧~
2 . Install
- version: '2'
- services:
- pg:
- image: postgres:9.4
- ports:
- - 5432:5432
- environment:
- - POSTGRES_USER=kong
- - POSTGRES_DB=kong
- - POSTGRES_PASSWORD=suyi
- volumes:
- - kong-pg:/var/lib/postgresql/data
- networks:
- - docker_kong
- kong:
- image: kong:latest
- # command: kong migrations up
- ports:
- - 9000:8000
- ## - 9001:8001
- - 9443:8443
- # - 9444:8444
- environment:
- - KONG_DATABASE=postgres
- - KONG_PG_HOST=pg
- - KONG_PG_USER=kong
- - KONG_PG_PASSWORD=suyi
- - KONG_PG_DATABASE=kong
- depends_on:
- - pg
- networks:
- - docker_kong
- dashboard:
- image: pgbi/kong-dashboard:v2
- ports:
- - 9080:8080
- networks:
- - docker_kong
- networks:
- docker_kong:
- driver: bridge
- volumes:
- kong-pg:
其实官方的文档写的已经很完整了,我这里只是贴一下自己的配置~
3. Setup
浏览器打开 Dashboard,填写下面的地址即可使用了
- http://kong:8001
3.1 安全配置
3.1.1 添加一条新的API
- - name: kong-admin
- - uris: /admin-api
- - upstream url: http://kong:8001
3.1.2 给这个 API 配置一个 plugin , 简单起见,我们就只配 basic-auth 即可
3.1.3 Consumers 下添加一个用户
3.1.4 点右下角编辑,重新地址如下即可
- http://kong:8000/admin-api
3.1.5 重新配置一下docker,隐藏 8001/8444 的端口吧,如果有空闲的端口,在物理机上应该配置成 80:8000/443:8443(当然,有lb在前面的话,只对外保留:8000 就够了)
4 . More
集群啊,负载均衡,高可用什么的,看文档吧~
Kong 插件很多,按需使用吧,不满足需求的,用LUA开撸呗~
来源: https://juejin.im/entry/5a01a11951882572503bf931