2. 程式人生 > >18 基於閘道器服務的請求大小限制(Request Size Limiting)

18 基於閘道器服務的請求大小限制(Request Size Limiting)

阿新 發佈:2019-02-10
Configure a Service in Kong
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=book' \

--data 'url=http://contoso.com/v1/books'

HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:29:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "host": "contoso.com", 
    "created_at": 1526455779, 
    "connect_timeout": 60000, 
    "id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "protocol": "http", 
    "name": "book", 
    "read_timeout": 60000, 
    "port": 80, 
    "path": "/v1/books", 
    "updated_at": 1526455779, 
    "retries": 5, 
    "write_timeout": 60000
}
Add a Route to expose the Service
URL Format http://localhost:8001/services/{name of servie}/routes
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/routes \
--data 'paths[]=/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:30:13 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526455813, 
    "strip_path": true, 
    "hosts": null, 
    "preserve_host": false, 
    "regex_priority": 0, 
    "updated_at": 1526455813, 
    "paths": [
        "/v1/books"
    ], 
    "service": {
        "id": "36eff522-32e0-4544-991f-43212b7a7918"
    }, 
    "methods": null, 
    "protocols": [
        "http", 
        "https"
    ], 
    "id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5"    // {route_id} = id
}
Enabling the CORS plugin for a Service
URL Format http://localhost:8001/services/{name of servie}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:31:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484657000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "357188b7-bb16-45b1-a97e-690bd7420b47", 
    "enabled": true, 
    "service_id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "name": "cors"
}
Enabling the CORS plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:33:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484819000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "1648818d-9415-4962-b5cd-41e398847811", 
    "enabled": true, 
    "route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5", 
    "name": "cors"
}
Enabling the Request Size Limiting plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=request-size-limiting"  \
--data "config.allowed_payload_size=4"   // 128MB太大 不好找大小超過128M檔案來做測試
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:34:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484837000, 
    "config": {
        "allowed_payload_size": 4
    }, 
    "id": "647de075-6bfa-4a0f-9308-ed1656cb6323", 
    "enabled": true, 
    "service_id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "name": "request-size-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
Date: Wed, 16 May 2018 15:34:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 35
X-Kong-Proxy-Latency: 65
Via: kong/0.13.1

[
    {
        "id": 1, 
        "title": "Fashion That Changed the World", 
        "author": "Jennifer Croll"
    }, 
    {
        "id": 2, 
        "title": "Brigitte Bardot - My Life in Fashion", 
        "author": "Henry-Jean Servat and Brigitte Bardot"
    }, 
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Request Size Limiting plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=request-size-limiting"  \
--data "config.allowed_payload_size=4"    // 128MB太大 不好找大小超過128M檔案來做測試
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:36:05 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526484965000, 
    "config": {
        "allowed_payload_size": 4
    }, 
    "id": "6f675eac-d8fe-4f06-8bed-4c259c215f88", 
    "enabled": true, 
    "route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5", 
    "name": "request-size-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
Date: Wed, 16 May 2018 15:36:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 29
X-Kong-Proxy-Latency: 5
Via: kong/0.13.1

[
    {
        "id": 1, 
        "title": "Fashion That Changed the World", 
        "author": "Jennifer Croll"
    }, 
    {
        "id": 2, 
        "title": "Brigitte Bardot - My Life in Fashion", 
        "author": "Henry-Jean Servat and Brigitte Bardot"
    }, 
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Basic Authentication plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:37:47 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485066000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "4e5f9b50-5134-476c-ae38-4320a26d0ea9", 
    "enabled": true, 
    "service_id": "36eff522-32e0-4544-991f-43212b7a7918", 
    "name": "basic-auth"
}
Enabling the Basic Authentication plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/routes/b216b3bb-ae58-452e-82af-cdc288cd7ef5/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:38:18 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485096000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "d8b08b35-ac71-4075-a014-5bd2c822471e", 
    "enabled": true, 
    "route_id": "b216b3bb-ae58-452e-82af-cdc288cd7ef5", 
    "name": "basic-auth"
}
Create a Consumer
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=jack"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:38:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485120000, 
    "username": "jack", 
    "id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"    //{consumer_id} = id
}
Create a Credential
URL Format  http://localhost:8001/consumers/{username or consumer_id}/basic-auth    
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "[email protected]" \
--data "password=123456"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:39:35 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485176000, 
    "id": "cd78e858-cd53-443d-afad-f2933976c4e1", 
    "username": "[email protected]", 
    "password": "9b25ddfc4970ca034238b25f5238d61361230044", 
    "consumer_id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"
}
On line base64 tool address is http://tool.oschina.net/encrypt?type=3    
Key-Value about [email protected]:123456,its base64 value is :    
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=    
for user jack sign in to pass Basic Authenctiaction,we'll get a book record(id = 3)  

A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="  
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
Date: Wed, 16 May 2018 15:40:00 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 31
X-Kong-Proxy-Latency: 56
Via: kong/0.13.1

[
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Request Size Limiting plugin for a Consumer
consumer_id={consumer_id}
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=request-size-limiting" \
--data "consumer_id=9f27da39-c03e-411d-8c7e-3400b2ed2098"  \
--data "config.allowed_payload_size=4"    // 128MB太大 不好找大小超過128M檔案來做測試
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 15:41:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526485277000, 
    "config": {
        "allowed_payload_size": 4
    }, 
    "id": "2a5b4e15-3b87-45b0-92f2-713af13ca5a6", 
    "name": "request-size-limiting", 
    "enabled": true, 
    "consumer_id": "9f27da39-c03e-411d-8c7e-3400b2ed2098"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
Date: Wed, 16 May 2018 15:41:40 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 30
X-Kong-Proxy-Latency: 3
Via: kong/0.13.1

[
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]

上述過程用命令終端演示正確的Request Size Limiting配置啟用和訪問過程,我們還一直沒有測試它是否真的配置正確,是否真的能正常工作生效,我們應該如何測試返回 {"message":"Request size limit exceeded"}這樣的資訊呢?同樣,你搜遍整個網際網路,也沒人告訴你怎麼測試返回{"message":"Request size limit exceeded"}這樣的結果來印證我們關於Request Size Limiting實驗的整個操作過程是完美正確的。

a). 我們會使用上一篇文章中編寫的addCountry方法,用return 'ok' 取代它的整個新增實現程式碼

/home/myth/www/bookstore/application/api/controller/v1/Country.php

   public function addCountry(Request $request) {
        return 'ok';

    }

b). 我們將使用上一篇文章中下載的GeoIPCountryWhois.csv檔案來作上傳測試資料,我們的目的是要看返回結果:

{"message":"Request size limit exceeded"},注意狀態碼這行Header資訊 HTTP/1.1 417

終端命令執行過程如下:

[[email protected] ~]# du -sh /root/GeoIPCountryWhois.csv
13M     /root/GeoIPCountryWhois.csv
[[email protected] ~]# INPUT=`cat /root/GeoIPCountryWhois.csv`  // 這個變數值太長無法提交,只能使用檔案的形式上傳測試資料

[[email protected] ~]# curl -i -X POST \
--url http://contoso.org:8000/v1/countries \
--header 'authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY=' \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--form '[email protected]"/root/GeoIPCountryWhois.csv"'

HTTP/1.1 417
Date: Sun, 20 May 2018 02:05:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: kong/0.13.1
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token

{"message":"Request size limit exceeded"}


相關推薦

18 基於服務請求大小限制Request Size Limiting

Configure a Service in Kong[[email protected] ~]# curl -i -X POST \--url http://localhost:8001/services/ \--data 'name=book' \--data

03 基於服務的OAuth2驗證OAuth2 Authentication Code Grant 授權碼模式

https://getkong.org/plugins/oauth2-authentication 我們演示還是用books 的Restful api資料介面,把Kong Gateway - 01範例中PostgresSQL中的kong資料庫刪掉, 匯入一個已經配置好

Spring Cloud系列二十三 API服務Spring Cloud ZuulFinchley.RC2版本

為什麼使用Spring Cloud Zuul? 通過前幾章的介紹,我們對於Spring Cloud Netflix 下的核心元件已經瞭解了大半,利用這些元件我們已經可以構建一個簡單的微服務架構系統,比如通過使用Spring Cloud Eureka實現高可用的服務註冊中

13 基於服務的IP白名單限制訪問Whitelist IP Restriction

用Kong配置一個book服務在安裝並啟動Kong之後,使用Kong的管理API埠8001新增一個名稱為book的服務[[email protected] ~]# curl -i -X POST \--url http://localhost:8001/servic

12 基於服務的跨源資源共享(CORS)

如果在前面11篇Kong Gateway系列的文章中,你親自動手實驗過用瀏覽器訪問以下地址:http://localhost:8000/v1/books你將無法獲得書籍介面返回的書籍記錄,本篇blog能讓你在瀏覽器中用8000埠或者8443埠能直接訪問書籍的Restful A

Http API服務模組設計方案服務

Http  API閘道器服務模組設計方案1. 概述                           閘道器作為服務生產者和服務消費者之間的介面,一方面通過“服務路由”為服務消費找到所需服務的具體位置並呼叫;另一方面為後臺伺服器提供負載均衡、安全、流量控制、身份認證等相關功

基於.NET CORE微服務框架 -Api服務管理

最近也更新了surging新的版本 更新內容: 1. 擴充套件Zookeeper封裝 2. 增加服務元資料 3. 增加API閘道器 開源地址:https://github.com/dotnetcore/surging 2.軟體環境 IDE:Visual Studio 2017 1

spring cloud zuul服務重試請求配置

我們一般部署服務的時候,都會部署一個閘道器服務,內部所有的其他微服務的呼叫,都將通過閘道器路由過去,不對外直接暴露,對外只暴露閘道器服務。而且一般內部服務會部署多個例項,zuul集成了ribbon,會自動負載均衡的方式去呼叫內部服務。 當內部服務滾動重啟的時候,通過閘道

.NET Core微服務基於Ocelot實現API服務

一、啥是API閘道器?   API 閘道器一般放到微服務的最前端,並且要讓API 閘道器變成由應用所發起的每個請求的入口。這樣就可以明顯的簡化客戶端實現和微服務應用程式之間的溝通方式。以前的話,客戶端不得不去請求微服務A(假設為Customers),然後再到微服務B(假設為Orders),然後是微服

.NET Core微服務基於Ocelot實現API服務

一、負載均衡與請求快取 1.1 負載均衡   為了驗證負載均衡,這裡我們配置了兩個Consul Client節點,其中ClientService分別部署於這兩個節點內(192.168.80.70與192.168.80.71)。   為了更好的展示API Repsonse來自哪個節點,我們更改一下

Spring Cloud Zuul API服務請求路由

目錄 一、Zuul 介紹 二、構建Spring Cloud Zuul閘道器 構建閘道器 請求路由 請求過濾 三、路由詳解

Bumblebee微服務請求統一驗證

對於微服務閘道器來說,統一請求驗證是一個比較重要和常用的功能,通過閘道器驗證後臺服務就無須關注請求驗證;對於多語言平臺的服務而言制

springcloud之Zuul服務

Zuul是Netflix開源的微服務閘道器,它的核心是一系列的過濾器,這些過濾器可以完成以下功能: 身份認證與安全:識別每個資源的驗證要求,並拒絕那些與要求不符的請求。 審查與監控:在邊緣位置追蹤有意義的資料和統計結果,從而帶來精確的生產檢視。 動態路由:動態的請求路由到不同的後端叢集。

Spring Cloud ZuulAPI服務3

過濾器 在Spring Cloud Zuul中實現的過濾器必須包含4個基本特徵:過濾型別,執行順序,執行條件,具體操作。這就是ZuulFilter介面中定義的4個抽象方法: public abstract String filterType(); public abst

Spring Cloud ZuulAPI服務2

路由詳情 傳統路由配置 傳統路由配置方式就是在不依賴與服務發現機制的情況下,通過在配置檔案中具體指定每個路由表示式與服務例項的對映關係來實現API閘道器對外部請求的路由。 單例項配置:通過zuul.routes.<route>.path與zuul.routes.<r

Spring Cloud ZuulAPI服務1

API閘道器是一個智慧的應用伺服器,它的定義類似於面向物件設計模式中的Facade模式,它的存在就像是整個微服務架構系統的門面一樣,所有的外部客戶端訪問都需要經過他來進行排程和過濾。它除了要實現請求路由,負載均衡,校驗過濾等功能之外,還需要更多能力,比如與服務治理框架的結合,請求轉發時的熔斷機制

Spring Cloud學習筆記18——API

API 閘道器是一套主要用於統一API入口的應用元件,可以管理所有的API,形成一個API的入口 API閘道器的意義 集合多個API 統一API入口 API閘道器所帶來的好處 避免將內部資訊洩露給外部 為微服務新增額外的安全層 支

zuul配置請求併發以及重試

介紹 Zuul預設整合hystrix, 同時,和hystrix一樣採用執行緒隔離技術 zuul預設使用:訊號量(semaphore) hystrix預設使用:執行緒池 (thread) 配置訊號量 屬性 值

SpringCloud之服務(gateway)

前言 閘道器服務在SpringCloud中有很重要的作用。 可以將服務跟外網進行隔離起到一定的保護作用,同時服務間區域網通訊更加快捷。而且在閘道器中可以做限流、許可權校驗,使得服務更加專注自身業務。比如說下訂單需要登入許可權,限流,我們在本篇將介紹如何使用。 搭建閘道器專案 注意:需要新增Eureka

api服務 zuul-路由

路由是微服務架構中必須的一部分,比如,“/” 可能對映到你的WEB程式上,”/api/users “可能對映到你的使用者服務上,“/api/shop”可能對映到你的商品服務商。(註解:我理解這裡的這幾個對映就是說通過Zuul這個閘道器把服務對映到不同的服務商去處理,從而變成了微服務!) 通過Zuu