set api gateway using kong

Posted on   |  

开源软件kong已可实现api gateway,即作为api网关,转发至后端各api,可以减少后端api认证,访问次数限制等的开发,减少端口暴露。该软件主要由Luanginx实现,后端数据库连接可选CassandraPostgreSQL

本文测试环境kong连接的为本机的Cassandra(注:kong版本为0.9.0,Cassandra版本为2.2.7kong目前仅支持2.1,2.2版本的Cassandra,参见issue

kong安装在l10.10.10.52

启动kong后,默认新增两个端口8000(用来转发api)8001(用来设置)
以下示例如何将发送到http://10.10.10.52:8000的api转发至http://10.10.10.37

其中http命令为开源软件httpie用来发送HTTP请求

add api

设置命令如下:

http POST 10.10.10.52:8001/apis name=demo3 request_host=10.10.10.37 upstream_url="http://10.10.10.37"

测试结果(注:root:root123410.10.10.37需要的用户认证)
http 10.10.10.52:8000 Host:10.10.10.37 --auth root:root1234

HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Connection: keep-alive
Content-Type: application/json
Date: Thu, 01 Sep 2016 08:29:49 GMT
Server: gunicorn/17.5
Transfer-Encoding: chunked
Vary: Accept, Cookie
Via: kong/0.9.0
X-Frame-Options: SAMEORIGIN
X-Kong-Proxy-Latency: 0
X-Kong-Upstream-Latency: 472
jjkre: hello
{
    "groups": "http://10.10.10.37/groups/",
    "reports": "http://10.10.10.37/reports/",
    "users": "http://10.10.10.37/users/",
    "zpassword": "http://10.10.10.37/zpassword/"
}

增加用户认证

1.http POST 10.10.10.52:8001/apis/demo3/plugins name=key-auth config.key_names=X-AUTH

通过插件开启认证

2.http 10.10.10.52:8000 Host:10.10.10.37 --auth root:root1234

此时通过之前的方法发送请求,会提示未认证

HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 01 Sep 2016 08:48:19 GMT
Server: kong/0.9.0
Transfer-Encoding: chunked
WWW-Authenticate: Key realm="kong"
{
    "message": "No API key found in headers or querystring"
}

3.新增consumers, http POST 10.10.10.52:8001/consumers username=Lily

4.设置密码, http POST 10.10.10.52:8001/consumers/Lily/key-auth key=Lily1234

5.发送api,http 10.10.10.52:8000 Host:10.10.10.37 X-AUTH:Lily1234 --auth root:root1234

此时可以正常发送请求,并得到返回值,如下所示:

HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Connection: keep-alive
Content-Type: application/json
Date: Thu, 01 Sep 2016 08:56:25 GMT
Server: gunicorn/17.5
Transfer-Encoding: chunked
Vary: Accept, Cookie
Via: kong/0.9.0
X-Frame-Options: SAMEORIGIN
X-Kong-Proxy-Latency: 0
X-Kong-Upstream-Latency: 335
jjkre: hello
{
    "groups": "http://10.10.10.37/groups/",
    "reports": "http://10.10.10.37/reports/",
    "users": "http://10.10.10.37/users/",
    "zpassword": "http://10.10.10.37/zpassword/"
}

此软件还有其它功能,例如限制api请求次数等,请查阅官方文档