Centos搭建Kong API框架完整教程
来自: http://itjhdev.github.io/2016/03/09/centos-kong-api/
这篇文章我们讲解 Kong 在 Centos 上的搭建,安装 Cassandra 数据库.
Kong简介
Kong 是在客户端和(微)服务间转发API通信的API网关,通过插件扩展功能。Kong 有两个主要组件:
Kong Server :基于 nginx 的服务器,用来接收 API 请求。
Apache Cassandra :用来存储操作数据。
你可以通过增加更多 Kong Server 机器对 Kong 服务进行水平扩展,通过前置的负载均衡器向这些机器分发请求。根据文档描述,两个Cassandra节点就足以支撑绝大多数情况,但如果网络非常拥挤,可以考虑适当增加更多节点。
Github: Kong
官网: getkong
</div>Kong安装
-
下载kong
https://getkong.org/install/centos/#packages
下载的文件 kong-0.7.0.el6.noarch.rpm
执行命令安装
rpm -ivh kong-0.7.0.el6.noarch.rpm
$ sudo yum install epel-release $ sudo yum install kong-0.7.0.*.noarch.rpm --nogpgcheck
yum --disablerepo=epel -y update ca-certificates
</font> 完美解决 :beer: -
启动
[INFO] Kong 0.7.0 [INFO] Using configuration: /etc/kong/kong.yml [INFO] Setting working directory to /usr/local/kong [INFO] database...........cassandra keyspace=kong ssl=verify=false enabled=false replication_factor=1 contact_points=ec2-52-5-200-155.compute-1.amazonaws.com:34977 replication_strategy=SimpleStrategy timeout=5000 data_centers= [INFO] Database not initialized. Running migrations... [INFO] Migrating core on keyspace "kong" (cassandra) [INFO] core migrated up to: 2015-01-12-175310_skeleton [INFO] core migrated up to: 2015-01-12-175310_init_schema [INFO] core migrated up to: 2015-11-23-817313_nodes [INFO] Migrating key-auth on keyspace "kong" (cassandra) [INFO] key-auth migrated up to: 2015-07-31-172400_init_keyauth [INFO] Migrating rate-limiting on keyspace "kong" (cassandra) [INFO] rate-limiting migrated up to: 2015-08-03-132400_init_ratelimiting [INFO] Migrating mashape-analytics on keyspace "kong" (cassandra) [INFO] mashape-analytics migrated up to: 2015-12-03-161400_mashape-analytics-config [INFO] Migrating acl on keyspace "kong" (cassandra) [INFO] acl migrated up to: 2015-08-25-841841_init_acl [INFO] Migrating oauth2 on keyspace "kong" (cassandra) [INFO] oauth2 migrated up to: 2015-08-03-132400_init_oauth2 [INFO] oauth2 migrated up to: 2015-08-24-215800_cascade_delete_index [INFO] Migrating jwt on keyspace "kong" (cassandra) [INFO] jwt migrated up to: 2015-06-09-jwt-auth [INFO] Migrating basic-auth on keyspace "kong" (cassandra) [INFO] basic-auth migrated up to: 2015-08-03-132400_init_basicauth [INFO] Migrating response-ratelimiting on keyspace "kong" (cassandra) [INFO] response-ratelimiting migrated up to: 2015-08-21_init_response-rate-limiting [INFO] Migrating hmac-auth on keyspace "kong" (cassandra) [INFO] hmac-auth migrated up to: 2015-09-16-132400_init_hmacauth [INFO] dnsmasq............address=127.0.0.1:8053 dnsmasq=true port=8053 [INFO] Leaving cluster.. [INFO] nginx .............admin_api_listen=0.0.0.0:8001 proxy_listen=0.0.0.0:8000 proxy_listen_ssl=0.0.0.0:8443 [OK] Started
安装 Cassandra
-
下载 Cassandra
wget: http://mirrors.hust.edu.cn/apache/cassandra/3.3/apache-cassandra-3.3-bin.tar.gz
-
安装 Cassandra
tar -zxvf apache-cassandra-3.3-bin.tar.gz cd bin/
执行cassandra -f 后台启动 ./cassandra -f
> 在安装`cassandra`要升级`Python2.7`. > 执行`./cqlsh` 测试是否安装成功 >
Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 2.2.5 | CQL spec 3.3.1 | Native protocol v4] Use HELP for help. cqlsh>
9042
端口 > 执行./cqlsh
出现下面的错误,需要安装python ssl
模块 > [root@host-133-130-99-25 bin]# ./cqlsh Traceback (most recent call last): File "./cqlsh.py", line 152, in <module> from cqlshlib import cql3handling, cqlhandling, pylexotron, sslhandling File "/home/soft/apache-cassandra-2.2.5/bin/../pylib/cqlshlib/sslhandling.py", line 20, in <module> import ssl File "/usr/local/lib/python2.7/ssl.py", line 60, in <module> import _ssl # if we can't import it, let the error propagate ImportError: No module named _ssl ``` 参考: [python安装完毕后,提示找不到ssl模块的解决步骤](http://www.cnblogs.com/yuechaotian/archive/2013/06/03/3115472.html) [CentOS yum安装或升级Python到2.7.5教程](http://www.111cn.net/sys/CentOS/53297.htm) #### 配置Configure Cassandra 编辑`/etc/kong/kong.yml`文件 ```shell Replace this in /etc/kong/kong.yml and continue installing Kong or onto the quickstart guide! database: cassandra cassandra: contact_points: - "127.0.0.1:9042"
Kong添加Rest Api
-
添加api
$ curl -i -X POST \ --url http://localhost:8001/apis/ \ --data 'name=mockbin' \ //自己的api name --data 'upstream_url=http://mockbin.com/' \ //API地址 --data 'request_host=mockbin.com' //API地址
成功 显示
HTTP/1.1 201 Created Content-Type: application/json Connection: keep-alive { “request_host”: “mockbin.com”, “upstream_url”: “http://mockbin.com/“, “id”: “2eec1cb2-7093-411a-c14e-42e67142d2c4”, “created_at”: 1428456369000, “name”: “mockbin” }
使用`kong`作为代理请求API
$ curl -i -X GET \ --url http://localhost:8000/ \ --header 'Host: mockbin.com'
:8000
</font> 端口代理 -
测试
访问 http://localhost:8000/ 就可以访问到自己的API了。
-
Nginx配置SSL
ssl on; ssl_certificate /*.crt; ssl_certificate_key /*.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP; ssl_prefer_server_ciphers on;
Kong API添加插件
-
添加 key-auth 插件 配置apikey
执行命令: mockbin -> api 名称
curl -i -X POST \ --url http://localhost:8001/apis/mockbin/plugins/ \ --data 'name=key-auth'
添加成功显示:
HTTP/1.1 201 Created Date: Tue, 08 Mar 2016 08:07:51 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/0.7.0 {"api_id":"413fc8b3-4c45-43eb-a3c1-17f9325d5527","id":"4706cc84- b97a-48c4-90eb-e8ec8491d3d7","created_at": 1457424471000,"enabled":true,"name":"key-auth","config":{"key_names": ["apikey"],"hide_credentials" ``` OK,成功添加`key-auth`插件 2. API 配置访问权限 执行命令: `username=Slj` -> `Slj`用户 ```shell --接口添加用户控制 curl -i -X POST \ --url http://localhost:8001/consumers/ \ --data "username=Slj"
Slj
用户配置apikey curl -i -X POST \ --url http://localhost:8001/consumers/Slj/key-auth/ \ --data 'key=9eGpzqh4U3qMMuSk'
-
测试API 访问权限
在 Headers 中添加 apikey 值
apikey 是我们上面添加的值,:beer:我们愉快的获得到了数据。
改变一下`apikey`值,看看什么效果 ![](https://dn-itjhcdn.qbox.me/kong%202.jpg) :joy:出错了,那么恭喜你,`Kong`的插件起效果了。</div>
本文由用户 zgvfreirup 自行上传分享,仅供网友学习交流。所有权归原作者,若您的权利被侵害,请联系管理员。
转载本站原创文章,请注明出处,并保留原始链接、图片水印。
本站是一个以用户分享为主的开源技术平台,欢迎各类分享!