When it comes to API gateways, we are familiar with Gateway and Zuul in the Spring Cloud system. These gateways basically need to modify configuration files or develop their own functions when they are used. Today I will introduce you a powerful API gateway apisix , with its own visual management function, as many as 30 kinds of plug-in support, I hope to help you!SpringBoot actual combat e-commerce project mall (50k+star) address: https://github.com/macrozheng/mall
Introduction
apisix is a cloud-native microservice API gateway that can provide APIs with ultimate performance, security, open source and extensible platform. Apisix is implemented based on Nginx and etcd. Compared with traditional API gateways, apisix has dynamic routing and hot plug-in loading, which is particularly suitable for API management under microservice systems.
Core idea
Let's first understand some of the core concepts of apisix, which will be very helpful for our next use!
- Upstream: It can be understood as a virtual host, which performs load balancing for a given multiple target services according to configuration rules.
- Route: Define some rules to match the client's request, then execute the configured plug-in for the matched request, and forward the request to the specified upstream.
- Consumer: As an API gateway, sometimes it is necessary to know who the consumer of the API is, and it can usually be used for identity authentication.
- Service: It can be understood as an abstraction of a set of routes. It usually has a one-to-one correspondence with upstream, and there is usually a many-to-one relationship between routing and service.
- Plugin: The API gateway's enhanced operation on requests can add a series of functions such as current limiting, authentication, and blacklisting to requests. Can be configured on consumers, services and routes.
installation
Since the official Docker Compose deployment solution is provided, only a script can be used to install apisix related services, which is very convenient. Here we also use this solution to deploy.
- First download the
apisix-dockerproject. In fact, we only need to use theexampledirectory. Download address: https://github.com/apache/apisix-docker
- Next, we
exampledirectory to the Linux server to understand the contents of this directory;
drwxrwxrwx. 2 root root 25 Jun 19 10:12 apisix_conf # apisix配置文件目录
drwxrwxrwx. 2 root root 71 Jun 24 09:36 apisix_log # apisix日志文件目录
drwxrwxrwx. 2 root root 23 Jun 23 17:10 dashboard_conf # 可视化工具apisix-dashboard配置文件目录
-rwxrwxrwx. 1 root root 1304 Jun 19 10:12 docker-compose-alpine.yml # docker-compose 部署脚本(alpine)版本
-rwxrwxrwx. 1 root root 1453 Jun 19 10:12 docker-compose.yml # docker-compose 部署脚本
drwxrwxrwx. 2 root root 27 Jun 19 10:12 etcd_conf # ectd配置文件目录
drwxrwxrwx. 3 root root 31 Jun 23 17:06 etcd_data # ectd数据目录
drwxrwxrwx. 2 root root 107 Jun 19 10:12 mkcert
drwxrwxrwx. 2 root root 40 Jun 19 10:12 upstream # 两个测试用的Nginx服务配置- From
docker-compose.yml, we can find that the script not only starts the three core services of apisix, apisix-dashboard, etcd, but also starts two Nginx services for testing;
version: "3"
services:
# 可视化管理工具apisix-dashboard
apisix-dashboard:
image: apache/apisix-dashboard:2.7
restart: always
volumes:
- ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
ports:
- "9000:9000"
networks:
apisix:
# 网关apisix
apisix:
image: apache/apisix:2.6-alpine
restart: always
volumes:
- ./apisix_log:/usr/local/apisix/logs
- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
depends_on:
- etcd
##network_mode: host
ports:
- "9080:9080/tcp"
- "9443:9443/tcp"
networks:
apisix:
# apisix配置数据存储etcd
etcd:
image: bitnami/etcd:3.4.15
user: root
restart: always
volumes:
- ./etcd_data:/bitnami/etcd
environment:
ETCD_ENABLE_V2: "true"
ALLOW_NONE_AUTHENTICATION: "yes"
ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ports:
- "2379:2379/tcp"
networks:
apisix:
# 测试用nginx服务web1,调用返回 hello web1
web1:
image: nginx:1.19.0-alpine
restart: always
volumes:
- ./upstream/web1.conf:/etc/nginx/nginx.conf
ports:
- "9081:80/tcp"
environment:
- NGINX_PORT=80
networks:
apisix:
# 测试用nginx服务web2,调用返回 hello web2
web2:
image: nginx:1.19.0-alpine
restart: always
volumes:
- ./upstream/web2.conf:/etc/nginx/nginx.conf
ports:
- "9082:80/tcp"
environment:
- NGINX_PORT=80
networks:
apisix:
networks:
apisix:
driver: bridge- In
docker-compose.ymlfile is located, use the following command to start all services at once;
docker-compose -p apisix-docker up -d- After the startup is successful, use the following command to view the running status of all services;
docker-compose -p apisix-docker ps Name Command State Ports
--------------------------------------------------------------------------------------------------------------------------
apisix-docker_apisix-dashboard_1 /usr/local/apisix-dashboar ... Up 0.0.0.0:9000->9000/tcp
apisix-docker_apisix_1 sh -c /usr/bin/apisix init ... Up 0.0.0.0:9080->9080/tcp, 0.0.0.0:9443->9443/tcp
apisix-docker_etcd_1 /opt/bitnami/scripts/etcd/ ... Up 0.0.0.0:2379->2379/tcp, 2380/tcp
apisix-docker_web1_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:9081->80/tcp
apisix-docker_web2_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:9082->80/tcp - Then you can manage apisix through visual tools, login account password is
admin:admin, access address: http://192.168.5.78:9000/
- After logging in, look at the interface, it is still very beautiful, apisix is very simple to build, basically no pit;
- There are also two test services,
web1access address: http://192.168.5.78:9081/
- Another test service
web2visit address: http://192.168.5.78:9082/
use
As a new generation gateway, apisix not only supports basic routing functions, but also provides a wealth of plug-ins, which are very powerful.
Basic use
Let's first experience the basic functions of apisix. Two Nginx test servicesweb1andweb2have been started before. Next, we will access them through the routing function of apisix.
- First, we need to create an upstream (Upstream), which is equivalent to the concept of a virtual host, which can provide load balancing functions for real services;
- Create
web1, set the name, load balancing algorithm and target node information;
web2according to the above method. After the creation is completed, the upstream list is displayed as follows;
- Create a
web1route (Route), the route can be used to match the client's request, and then forwarded to the upstream;
- Then choose the upstream of the route to
web1;
- Next, select the plug-ins that need to be applied to the router. The plug-ins of apisix are very rich, as many as thirty kinds. For basic use, we will not choose plug-ins temporarily;
- Then create
web2, and the route list will be displayed as follows after the creation is complete;
- Next, we access the
web1service http://192.168.5.78:9080/web1/
- Next, we access the
web2service http://192.168.5.78:9080/web2/
Advanced use
Apisix can realize a series of rich functions by enabling plug-ins. Let's introduce a few useful functions below.
Authentication
Using JWT for identity authentication is a very popular way, which is also supported in apisix, and can be achieved by enabling the jwt-auth plug-in.- First, we need to create a consumer object (Consumer);
jwt-authplug-in in the plug-in configuration;
keyandsecretplug-in when enabling the plug-in;
- After the creation is successful, the consumer list will be displayed as follows;
- Then create a route, the route access path matches
/auth/*, only need to enable thejwt-authplug-in;
- To access the interface to obtain the generated JWT Token, you need to add two parameters,
keyis the key configured in the JWT plugin,payloadis the custom load data stored in the JWT, and the JWT Token generation address: http://192.168.5.78:9080 /apisix/plugin/jwt/sign
- Do not add JWT Token to access the routing interface, it will return 401, interface address: http://192.168.5.78:9080/auth/
- After adding JWT Token in the request header
Authorization, it can be accessed normally;
- Of course, apisix supports not only this kind of authentication, but also the following.
Current limiting function
Sometimes we need to limit the flow of the gateway. For example, each client IP can only access the interface twice within 30 seconds. This can be achieved by enabling the limit-count plug-in.- When we create a route, we can choose to configure the
limit-countplug-in;
- Then
limit-countplug-in, and limit the currentremote_addr
- When we call the interface for the third time within 30 seconds, apisix will return 503 to limit our calls.
Cross-domain support
If you want the gateway to support cross-domain access, you can do so by enabling the cors plug-in.- When we create a route, we can choose to configure the
corsplug-in;
- Then
corsplug-in and configure the cross-domain access policy;
- Calling the interface test can find that the interface has returned CORS-related request headers.
to sum up
I have experienced a new generation of API gateways called apisix. The gateways with visual management are really different, simple and easy to use, and powerful! If your microservice is cloud-native, you can try to use it as a gateway.
In fact, apisix is not a niche framework. Many major domestic and foreign manufacturers are using it. If you want to know which companies are using it, you can refer to the link below.
https://github.com/apache/apisix/blob/master/powered-by.md
Reference
The official documentation of apisix is very friendly and supports Chinese, which is simply the conscience of the industry! You can basically master apisix after going through the official documents.
Official document: https://apisix.apache.org/zh/docs/apisix/getting-started
Project source code address
https://github.com/apache/apisix-docker
This article GitHub https://github.com/macrozheng/mall-learning has been included, welcome to Star!
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。