Configure a Service in Kong
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=book' \
--data 'url=http://contoso.com/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:40:36 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"host": "contoso.com",
"created_at": 1526424036,
"connect_timeout": 60000,
"id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646",
"protocol": "http",
"name": "book",
"read_timeout": 60000,
"port": 80,
"path": "/v1/books",
"updated_at": 1526424036,
"retries": 5,
"write_timeout": 60000
}
Add a Route to expose the Service
URL Format http://localhost:8001/services/{name of servie}/routes
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/routes \
--data 'paths[]=/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:41:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526424062,
"strip_path": true,
"hosts": null,
"preserve_host": false,
"regex_priority": 0,
"updated_at": 1526424062,
"paths": [
"/v1/books"
],
"service": {
"id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646"
},
"methods": null,
"protocols": [
"http",
"https"
],
"id": "74a0df39-0b01-43b9-813f-b8f14d096cf8" // {route_id} = id
}
Enabling the CORS plugin for a Service
URL Format http://localhost:8001/services/{name of servie}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=cors" \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:41:37 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526452896000,
"config": {
"methods": [
"GET",
"POST"
],
"exposed_headers": [
"X-Auth-Token"
],
"max_age": 3600,
"headers": [
"Accept",
"Accept-Version",
"Content-Length",
"Content-MD5",
"Content-Type",
"Date",
"X-Auth-Token"
],
"credentials": true,
"origins": [
"http://contoso.com"
],
"preflight_continue": false
},
"id": "1d9dd37a-ea45-4bfd-a3e1-cd12abd83d8a",
"enabled": true,
"service_id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646",
"name": "cors"
}
Enabling the CORS plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/routes/74a0df39-0b01-43b9-813f-b8f14d096cf8/plugins \
--data "name=cors" \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:44:49 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526453089000,
"config": {
"methods": [
"GET",
"POST"
],
"exposed_headers": [
"X-Auth-Token"
],
"max_age": 3600,
"headers": [
"Accept",
"Accept-Version",
"Content-Length",
"Content-MD5",
"Content-Type",
"Date",
"X-Auth-Token"
],
"credentials": true,
"origins": [
"http://contoso.com"
],
"preflight_continue": false
},
"id": "fa6af8d6-8564-4fbf-a62e-7318b69691e8",
"enabled": true,
"route_id": "74a0df39-0b01-43b9-813f-b8f14d096cf8",
"name": "cors"
}
参数说明:
config.second=5 表示服务器1秒钟内只接受5个链接请求,
超过链接个数时kong服务器返回{"message":"API rate limit exceeded"}
config.hour=10000 表示服务器1个小时内只接受1万个链接请求,
超过链接个数时kong服务器返回{"message":"API rate limit exceeded"}
上面的参数配置我们很难直接测试出效果来,不过我们可以定义一个1分钟内只接受2个链接请求的配置
来看看测试效果,命令如下
curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=rate-limiting" \
--data "config.minute=2" // 只允许接受2个链接/分钟,
为了看到返回{"message":"API rate limit exceeded"},下面的命令我们只要在1分钟内一共提交3次就能看到它。
curl -i -X GET \
--url http://localhost:8000/v1/books
尤其要注意GET请求Header头部的这两个参数值的变化X-RateLimit-Limit-minute: 2
和 X-RateLimit-Remaining-minute: 0 ------ 每分钟剩余0次接受请求的许可,过1分钟后GET可以再次正常发出请求,如此往复,周而复始被限制访问,这在官网上是没有说明的,你可能在整个互联网上都很难找到我们应该如何测试返回{"message":"API rate limit exceeded"}这样的返回值的范例啦
为了接着执行下面的命令,你一定会用到删除命令
curl -i -X DELETE http://localhost:8001/plugins/{id of plugin} // 把只允许接受2个链接/分钟范例干掉
Enabling the Rate Limiting plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=rate-limiting" \
--data "config.second=5" \
--data "config.hour=10000"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:46:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526453177000,
"config": {
"redis_database": 0,
"policy": "cluster",
"redis_timeout": 2000,
"hide_client_headers": false,
"second": 5,
"limit_by": "consumer",
"redis_port": 6379,
"hour": 10000,
"fault_tolerant": true
},
"id": "90e44ca4-4f5f-48ad-bd69-4b4f5547e49a",
"enabled": true,
"service_id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646",
"name": "rate-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9999
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 06:47:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 29
X-Kong-Proxy-Latency: 43
Via: kong/0.13.1
[
{
"id": 1,
"title": "Fashion That Changed the World",
"author": "Jennifer Croll"
},
{
"id": 2,
"title": "Brigitte Bardot - My Life in Fashion",
"author": "Henry-Jean Servat and Brigitte Bardot"
},
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]
Enabling the Rate Limiting plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/routes/74a0df39-0b01-43b9-813f-b8f14d096cf8/plugins \
--data "name=rate-limiting" \
--data "config.second=5" \
--data "config.hour=10000"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:09:24 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526454564000,
"config": {
"redis_database": 0,
"policy": "cluster",
"redis_timeout": 2000,
"hide_client_headers": false,
"second": 5,
"limit_by": "consumer",
"redis_port": 6379,
"hour": 10000,
"fault_tolerant": true
},
"id": "df247ebf-35e9-488c-b393-3829786a5616",
"enabled": true,
"route_id": "74a0df39-0b01-43b9-813f-b8f14d096cf8",
"name": "rate-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9999
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 07:12:19 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 27
X-Kong-Proxy-Latency: 2
Via: kong/0.13.1
[
{
"id": 1,
"title": "Fashion That Changed the World",
"author": "Jennifer Croll"
},
{
"id": 2,
"title": "Brigitte Bardot - My Life in Fashion",
"author": "Henry-Jean Servat and Brigitte Bardot"
},
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]
Enabling the Basic Authentication plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 12:01:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526472103000,
"config": {
"hide_credentials": true,
"anonymous": ""
},
"id": "abd20a18-126f-4509-9399-df9384d4bb86",
"enabled": true,
"service_id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646",
"name": "basic-auth"
}
Enabling the Basic Authentication plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/routes/74a0df39-0b01-43b9-813f-b8f14d096cf8/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 12:02:20 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526472140000,
"config": {
"hide_credentials": true,
"anonymous": ""
},
"id": "13f1f891-9f2d-414d-a179-26728abbd00f",
"enabled": true,
"route_id": "74a0df39-0b01-43b9-813f-b8f14d096cf8",
"name": "basic-auth"
}
Create a Consumer
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/consumers/ \
--data "username=jack"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:16:47 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526455008000,
"username": "jack",
"id": "7b07ebe0-c53b-409b-a19b-be64aed6cae0" //{consumer_id} = id
}
Create a Credential
URL Format http://localhost:8001/consumers/{username or consumer_id}/basic-auth
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "[email protected]" \
--data "password=123456"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:21:58 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526455319000,
"id": "f6baffc8-14e6-4c43-bd18-0556b4901448",
"username": "[email protected]",
"password": "5652766f4dde3989b9168eef8679f8004a5c8633",
"consumer_id": "7b07ebe0-c53b-409b-a19b-be64aed6cae0"
}
On line base64 tool address is http://tool.oschina.net/encrypt?type=3
Key-Value about [email protected]:123456,its base64 value is :
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=
for user jack sign in to pass Basic Authenctiaction,we'll get a book record(id = 3)
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9998
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 07:23:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 30
X-Kong-Proxy-Latency: 8
Via: kong/0.13.1
[
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]
Enabling the plugin for a Consumer
consumer_id={consumer_id}
[[email protected] ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=rate-limiting" \
--data "consumer_id=7b07ebe0-c53b-409b-a19b-be64aed6cae0" \
--data "config.second=5" \
--data "config.hour=10000"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:25:36 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1
{
"created_at": 1526455536000,
"config": {
"redis_database": 0,
"policy": "cluster",
"redis_timeout": 2000,
"hide_client_headers": false,
"hour": 10000,
"limit_by": "consumer",
"redis_port": 6379,
"second": 5,
"fault_tolerant": true
},
"id": "28c944be-24e1-41ad-86cd-476f84f1a779",
"name": "rate-limiting",
"enabled": true,
"consumer_id": "7b07ebe0-c53b-409b-a19b-be64aed6cae0"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[[email protected] ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9997
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 07:27:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 25
X-Kong-Proxy-Latency: 5
Via: kong/0.13.1
[
{
"id": 3,
"title": "The Fashion Image",
"author": "Thomas Werner"
}
]
![SpringCloud之微服务网关什么是微服务网关Spring Cloud 体系内的网关技术ZuulSpring Cloud GateWaySpring Cloud Gateway vs Zull总结[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)