Orange--------基於nginx/openresty之API網關(Gateway)實戰
阿新 • • 發佈:2018-03-06
orange API 網關 
Orange 簡介
Orange是一個基於OpenResty的API網關。除Nginx的基本功能外,它還可用於API監控、訪問控制(鑒權、WAF)、流量篩選、訪問限速、AB測試、動態分流等。它有以下特性:
- 提供了一套默認的Dashboard用於動態管理各種功能和配置
- 提供了API接口用於實現第三方服務(如個性化運維需求、第三方Dashboard等)
- 可根據規範編寫自定義插件擴展Orange功能
Orange 實戰
環境
[root@orange ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@orange ~]# uname -a Linux orange 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [root@orange ~]# iptables -F [root@orange ~]# ip addr [root@orange orange]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:57:b5:ab brd ff:ff:ff:ff:ff:ff inet 192.168.0.131/24 brd 192.168.0.255 scope global dynamic eth0 valid_lft 7081sec preferred_lft 7081sec inet6 fe80::3f87:b30b:ff6b:e675/64 scope link valid_lft forever preferred_lft forever
OpenResty下載 [ version > 1.9.7.3 ]
- 下載OpenResty源碼包
[root@orange ~]# cd /usr/local/src/ [root@orange src]# wget https://openresty.org/download/openresty-1.13.6.1.tar.gz --2018-03-06 15:41:59-- https://openresty.org/download/openresty-1.13.6.1.tar.gz Resolving openresty.org (openresty.org)... 120.26.162.249 Connecting to openresty.org (openresty.org)|120.26.162.249|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 4581699 (4.4M) [application/x-gzip] Saving to: ‘openresty-1.13.6.1.tar.gz’ 100%[=================================>] 4,581,699 9.08MB/s in 0.5s 2018-03-06 15:42:00 (9.08 MB/s) - ‘openresty-1.13.6.1.tar.gz’ saved [4581699/4581699]
- 解壓源碼包並進入包內
[root@orange src]# tar xf openresty-1.13.6.1.tar.gz
[root@orange src]# cd openresty-1.13.6.1- 創建openresty系統用戶
[root@orange openresty-1.13.6.1]# useradd -r -s /sbin/nologin -M openresty- 安裝相關依賴
[root@orange openresty-1.13.6.1]# yum install pcre pcre-devel openssl openssl-devel git -y- 指定參數生成Makefile文件
[root@orange openresty-1.13.6.1]# ./configure --prefix=/usr/local/openresty-1.13.6.1 --user=openresty --group=openresty --with-http_stub_status_module
……
……
……
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ using system zlib library
nginx path prefix: "/usr/local/openresty-1.13.6.1/nginx"
nginx binary file: "/usr/local/openresty-1.13.6.1/nginx/sbin/nginx"
nginx modules path: "/usr/local/openresty-1.13.6.1/nginx/modules"
nginx configuration prefix: "/usr/local/openresty-1.13.6.1/nginx/conf"
nginx configuration file: "/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/openresty-1.13.6.1/nginx/logs/error.log"
nginx http access log file: "/usr/local/openresty-1.13.6.1/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
cd ../..
Type the following commands to build and install:
gmake
gmake install- gmake編譯
[root@orange openresty-1.13.6.1]# gmake
……
……
……
sed -e "s|%%PREFIX%%|/usr/local/openresty-1.13.6.1/nginx|" -e "s|%%PID_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid|" -e "s|%%CONF_PATH%%|/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf|" -e "s|%%ERROR_LOG_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/error.log|" < docs/man/nginx.8 > objs/nginx.8
gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6‘
gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6‘- gmake install安裝
[root@orange openresty-1.13.6.1]# gmake install
……
……
……
gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6‘
gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6‘
mkdir -p /usr/local/openresty-1.13.6.1/site/lualib /usr/local/openresty-1.13.6.1/site/pod /usr/local/openresty-1.13.6.1/site/manifest
ln -sf /usr/local/openresty-1.13.6.1/nginx/sbin/nginx /usr/local/openresty-1.13.6.1/bin/openresty- 創建openrestyl目錄軟鏈接
[root@orange openresty-1.13.6.1]# ln -s /usr/local/openresty-1.13.6.1 /usr/local/openresty
[root@orange openresty-1.13.6.1]# ls -l /usr/local/openresty
lrwxrwxrwx. 1 root root 29 Mar 6 18:06 /usr/local/openresty -> /usr/local/openresty-1.13.6.1- 設置resty和nginx相關環境變量, 並生效
[root@orange openresty-1.13.6.1]# cat /etc/profile.d/openresty.sh
export OPENRESTY_HOME=/usr/local/openresty
export NGINX_HOME=$OPENRESTY_HOME/nginx
export PATH=$OPENRESTY_HOME/bin:$NGINX_HOME/sbin:$PATH
[root@orange openresty-1.13.6.1]# source /etc/profile
[root@orange openresty-1.13.6.1]# echo $PATH
/usr/local/openresty/bin:/usr/local/openresty/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
lor(lua web框架)安裝
- 若使用的Orange版本低於v0.6.2則應安裝lor v0.2.*版本
- 若使用的Orange版本高於或等於v0.6.2則應安裝lor v0.3.0+版本
- git克隆lor代碼庫,並進入代碼包
[root@orange src]# cd /usr/local/src/
[root@orange src]# git clone https://github.com/sumory/lor
Cloning into ‘lor‘...
remote: Counting objects: 1716, done.
remote: Total 1716 (delta 0), reused 0 (delta 0), pack-reused 1716
Receiving objects: 100% (1716/1716), 335.55 KiB | 8.00 KiB/s, done.
Resolving deltas: 100% (903/903), done.
[root@orange src]# cd lor/- 安裝lor
[root@orange lor]# make install
install lor runtime files to /usr/local/lor
lor runtime files installed.
install lord cli to /usr/local/bin/
lord cli installed.
lor framework installed successfullyMySQL安裝 [此處用yum安裝Mariadb,MySQL二進制安裝點這裏]
- 安裝MySQL
[root@orange lor]# yum install mariadb-server -y
……
……
……
Installed:
mariadb-server.x86_64 1:5.5.56-2.el7
Dependency Installed:
libaio.x86_64 0:0.3.109-13.el7 mariadb.x86_64 1:5.5.56-2.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7
Complete!- 啟動mysqld,並查看啟動狀態
[root@orange lor]# systemctl start mariadb.service
[root@orange lor]# systemctl status mariadb.service
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2018-03-06 16:13:53 CST; 34s ago
Process: 11775 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 11696 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 11774 (mysqld_safe)
CGroup: /system.slice/mariadb.service
├─11774 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─11936 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/maria...
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: MySQL manual for more instructions.
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Please report any problems at http://mariadb.org/jira
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: The latest information about MariaDB is available at http://mariadb.org/.
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: You can find additional information about the MySQL part at:
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: http://dev.mysql.com
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Consider joining MariaDB‘s strong and vibrant community:
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: https://mariadb.org/get-involved/
Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Logging to ‘/var/log/mariadb/mariadb.log‘.
Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 06 16:13:53 orange systemd[1]: Started MariaDB database server.- 設置root@localhost密碼
[root@orange lor]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> set password = password(‘123‘);
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye安裝orange
- 下載orange包
[root@orange lor]# cd /usr/local/src/
[root@orange src]# git clone https://github.com/sumory/orange.git
Cloning into ‘orange‘...
remote: Counting objects: 3385, done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 3385 (delta 9), reused 5 (delta 2), pack-reused 3356
Receiving objects: 100% (3385/3385), 2.60 MiB | 29.00 KiB/s, done.
Resolving deltas: 100% (2151/2151), done.- 安裝orange [Orange可選擇不“安裝”即可使用, 需拿start.sh啟動程序]
[root@orange orange]# cd ..
[root@orange src]# ls
lor openresty-1.13.6.1 openresty-1.13.6.1.tar.gz orange
[root@orange src]# ll
total 4480
drwxr-xr-x. 8 root root 262 Mar 6 16:06 lor
drwxrwxr-x. 6 1000 1000 157 Mar 6 15:50 openresty-1.13.6.1
-rw-r--r--. 1 root root 4581699 Nov 13 13:53 openresty-1.13.6.1.tar.gz
drwxr-xr-x. 12 root root 4096 Mar 6 18:11 orange
[root@orange src]# cd orange/
[root@orange orange]# make install
copy nginx.conf
copy orange.conf
Orange installed.
/usr/local/bin/orange help
Orange v0.6.4, OpenResty/Nginx API Gateway.
Usage: orange COMMAND [OPTIONS]
The commands are:
stop Stop current Orange
version Show the version of Orange
restart Restart Orange
reload Reload the config of Orange
store Init/Update/Backup Orange store
help Show help tips
start Start the Orange Gateway
配置文件
[Orange有兩個配置文件,一個是conf/orange.conf,用於配置插件、存儲方式和內部集成的默認Dashboard,另一個是conf/nginx.conf用於配置Nginx(OpenResty).]
- orange.conf的配置如下,請按需修改:
{
"plugins": [ //可用的插件列表,若不需要可從中刪除,系統將自動加載這些插件的開放API並在7777端口暴露
"stat",
"monitor",
"redirect",
"rewrite",
"rate_limiting",
"property_rate_limiting",
"basic_auth",
"key_auth",
"signature_auth",
"waf",
"divide",
"kvstore"
],
"store": "mysql",//目前僅支持mysql存儲
"store_mysql": { //MySQL配置
"timeout": 5000,
"connect_config": {//連接信息,請修改為需要的配置
"host": "localhost", // 註意修改修改為本地數據庫信息
"port": 3306, // 註意修改修改為本地數據庫信息
"database": "orange", // 註意修改修改為本地數據庫信息
"user": "root", // 註意修改修改為本地數據庫信息
"password": "123", // 註意修改修改為本地數據庫信息
"max_packet_size": 1048576
},
"pool_config": {
"max_idle_timeout": 10000,
"pool_size": 3
},
"desc": "mysql configuration"
},
"dashboard": {//默認的Dashboard配置.
"auth": false, //設為true,則需用戶名、密碼才能登錄Dashboard,默認的用戶名和密碼為admin/orange_admin
"session_secret": "y0ji4pdj61aaf3f11c2e65cd2263d3e7e5", //加密cookie用的鹽,自行修改即可
"whitelist": [//不需要鑒權的uri,如登錄頁面,無需修改此值
"^/auth/login$",
"^/error/$"
]
},
"api": {//API server配置
"auth_enable": true,//訪問API時是否需要授權
"credentials": [//HTTP Basic Auth配置,僅在開啟auth_enable時有效,自行添加或修改即可
{
"username":"api_username",
"password":"api_password"
}
]
}
}- conf/nginx.conf裏是一些nginx相關配置,請自行檢查並按照實際需要更改或添加配置,特別註意以下幾個配置:
- lua_package_path:需要根據本地環境配置適當修改,如lor框架的安裝路徑
- resolver:DNS解析
- 各個server或是location的權限,如是否需要通過allow/deny指定配置黑白名單ip
數據表導入MySQL
- 在MySQL中創建數據庫,名為orange
[root@orange lor]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> create database orange character set utf8mb4;
Query OK, 1 row affected (0.00 sec)- SQL腳本(如install/orange-v0.6.4.sql)導入到orange庫中
[root@orange lor]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> use orange
Database changed
MariaDB [orange]> source /usr/local/orange/install/orange-v0.6.4.sql
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 1 row affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
MariaDB [orange]> quit
Bye啟動orange
[root@orange lor]# orange start
[INFO] Orange: 0.6.4
[INFO] ngx_lua: 10011
[INFO] nginx: 1013006
[INFO] Lua: LuaJIT 2.1.0-beta3
[INFO] args:
[INFO] ngx_conf:/usr/local/orange/conf/nginx.conf
[INFO] orange_conf:/usr/local/orange/conf/orange.conf
[INFO] prefix:/usr/local/orange
[INFO] args end.
[INFO] Start orange command execute.
[INFO] ORANGE_CONF=/usr/local/orange/conf/orange.conf nginx -p /usr/local/orange -c /usr/local/orange/conf/nginx.confweb訪問orange dashboard [192.168.0.131為測試主機]
Orange--------基於nginx/openresty之API網關(Gateway)實戰