Kong 是在客户端和(微)服务间转发 API 通信的 API 网关,通过插件扩展功能。持久化支持Postgresql和Cassandra。鉴于做测试,使用搭建简便的Postgresql作为DB存储。
IP分配
192.168.0.181:CentOS7 部署Kong服务; 192.168.0.184:CentOS7 部署postgresql 10;
部署postgresql
首先在192.168.0.184上部署postgresql,命令如下:
yum install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-1.noarch.rpm
yum install postgresql10
yum install postgresql10-server
/usr/pgsql-10/bin/postgresql-10-setup initdb
systemctl enable postgresql-10
systemctl start postgresql-10
安装完毕后进入db创建用户;
#首先进入postgres用户
su postgres
#进入sql命令行
/usr/pgsql-10/bin/psql
#创建用户和库
CREATE USER kong; CREATE DATABASE kong OWNER kong;
#修改用户kong的密码
ALTER USER kong WITH PASSWORD 'kong';
安装kong
接下来在192.168.0.181上安装kong,首先下载对应CentOS7的rpm文件:kong-community-edition-0.11.2.el7.noarch.rpm
yum install epel-release
yum install kong-community-edition-0.11.2.*.noarch.rpm --nogpgcheck
然后修改配置文件,默认在/etc/kong/kong.conf.default
database = postgres
pg_host = 192.168.0.184
pg_port = 5432
pg_user = kong
pg_password = kong
pg_database = kong
然后重命名为kong.conf
再初始化db
kong migrations up -c /etc/kong/kong.conf
启动:
kong start -c /etc/kong/kong.conf
kong开放4个端口,分别用途如下:
- 8000: 监听HTTP请求,向后端服务进行转发;
- 8443: 监听HTTPS请求,同8000;
- 8001: 用户管理api访问端口;
- 8444: 监听HTTPS用于管理api端口;
停止和reload命令:
kong stop
kong reload
Kong管理接口
状态相关接口
查看kong信息
GET http://192.168.0.181:8001/
- available_on_server: 查看开启的插件列表
- enabled_in_cluster:查看集群中开启插件的信息
{
"version": "0.11.2",
"plugins": {
"enabled_in_cluster": [ ],
"available_on_server": {
"response-transformer": true,
"correlation-id": true,
"statsd": true,
"jwt": true,
"cors": true,
"basic-auth": true,
"key-auth": true,
"ldap-auth": true,
"oauth2": true,
"http-log": true,
"ip-restriction": true,
"hmac-auth": true,
"request-size-limiting": true,
"datadog": true,
"tcp-log": true,
"request-transformer": true,
"file-log": true,
"acl": true,
"bot-detection": true,
"loggly": true,
"galileo": true,
"syslog": true,
"udp-log": true,
"response-ratelimiting": true,
"aws-lambda": true,
"runscope": true,
"rate-limiting": true,
"request-termination": true
}
},
"tagline": "Welcome to kong",
"configuration": {
"error_default_type": "text/plain",
"admin_listen": "0.0.0.0:8001",
"lua_ssl_verify_depth": 1,
"trusted_ips": { },
"prefix": "/usr/local/kong",
"nginx_conf": "/usr/local/kong/nginx.conf",
"cassandra_username": "kong",
"proxy_ip": "0.0.0.0",
"ssl_cert_key": "/usr/local/kong/ssl/kong-default.key",
"admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key",
"dns_resolver": { },
"pg_user": "kong",
"mem_cache_size": "128m",
"server_tokens": true,
"proxy_ssl_port": 8443,
"admin_ip": "0.0.0.0",
"custom_plugins": { },
"pg_host": "192.168.0.184",
"nginx_acc_logs": "/usr/local/kong/logs/access.log",
"proxy_listen": "0.0.0.0:8000",
"client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
"cassandra_ssl": false,
"dns_no_sync": false,
"db_update_propagation": 0,
"nginx_err_logs": "/usr/local/kong/logs/error.log",
"cassandra_port": 9042,
"dns_order": [
"LAST",
"SRV",
"A",
"CNAME"
],
"admin_ssl_ip": "0.0.0.0",
"dns_stale_ttl": 4,
"nginx_optimizations": true,
"proxy_ssl_ip": "0.0.0.0",
"database": "postgres",
"ssl": true,
"pg_database": "kong",
"nginx_worker_processes": "auto",
"admin_ssl_port": 8444,
"lua_package_cpath": "",
"admin_port": 8001,
"nginx_pid": "/usr/local/kong/pids/nginx.pid",
"upstream_keepalive": 60,
"proxy_access_log": "logs/access.log",
"ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
"admin_access_log": "logs/admin_access.log",
"dns_error_ttl": 1,
"client_ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
"pg_password": "******",
"client_ssl": false,
"cassandra_contact_points": [
"127.0.0.1"
],
"admin_ssl_cert_csr_default": "/usr/local/kong/ssl/admin-kong-default.csr",
"lua_socket_pool_size": 30,
"real_ip_header": "X-Real-IP",
"ssl_cipher_suite": "modern",
"cassandra_consistency": "ONE",
"http2": false,
"proxy_listen_ssl": "0.0.0.0:8443",
"client_max_body_size": "0",
"admin_error_log": "logs/error.log",
"pg_ssl_verify": false,
"dns_not_found_ttl": 30,
"pg_ssl": false,
"proxy_error_log": "logs/error.log",
"proxy_port": 8000,
"cassandra_repl_strategy": "SimpleStrategy",
"latency_tokens": true,
"admin_listen_ssl": "0.0.0.0:8444",
"admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt",
"admin_http2": false,
"nginx_kong_conf": "/usr/local/kong/nginx-kong.conf",
"cassandra_schema_consensus_timeout": 10000,
"dns_hostsfile": "/etc/hosts",
"log_level": "notice",
"cassandra_timeout": 5000,
"ssl_cert": "/usr/local/kong/ssl/kong-default.crt",
"admin_ssl": true,
"admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key",
"cassandra_ssl_verify": false,
"db_cache_ttl": 3600,
"cassandra_lb_policy": "RoundRobin",
"real_ip_recursive": "off",
"cassandra_repl_factor": 1,
"client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
"nginx_daemon": "on",
"anonymous_reports": true,
"kong_env": "/usr/local/kong/.kong_env",
"cassandra_data_centers": [
"dc1:2",
"dc2:3"
],
"pg_port": 5432,
"plugins": {
"response-transformer": true,
"correlation-id": true,
"statsd": true,
"jwt": true,
"cors": true,
"basic-auth": true,
"key-auth": true,
"ldap-auth": true,
"request-termination": true,
"http-log": true,
"rate-limiting": true,
"hmac-auth": true,
"runscope": true,
"datadog": true,
"tcp-log": true,
"aws-lambda": true,
"response-ratelimiting": true,
"bot-detection": true,
"request-size-limiting": true,
"syslog": true,
"galileo": true,
"loggly": true,
"udp-log": true,
"file-log": true,
"request-transformer": true,
"acl": true,
"ip-restriction": true,
"oauth2": true
},
"client_body_buffer_size": "8k",
"nginx_admin_acc_logs": "/usr/local/kong/logs/admin_access.log",
"admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt",
"db_update_frequency": 5,
"cassandra_keyspace": "kong",
"ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
"ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
"lua_package_path": "./?.lua;./?/init.lua;"
},
"lua_version": "LuaJIT 2.1.0-beta2",
"prng_seeds": {
"pid: 15093": 961939718379
},
"timers": {
"pending": 5,
"running": 0
},
"hostname": "tree81"
}
获取kong状态
GET http://192.168.0.181:8001/status
{
"database": {
"reachable": true #数据库的连接状态
},
"server": {
"connections_writing": 1, #正在响应的请求数
"total_requests": 8, #总请求数
"connections_handled": 7, #处理连接总数
"connections_accepted": 7, #客户端连接总数
"connections_reading": 0, #正在读取请求头的连接数
"connections_active": 1, #活动连接数,含等待
"connections_waiting": 0 #正在等待请求的连接数
}
}