目录
目录1. ETCD启动2. 编辑APISIX的config.yaml文件3. 编辑DashBoard的dashboard_conf.yaml配置文件4. 编辑docker-compose的配置文件5. 启动docker-compose及一些说明仪表板路由上游服务消费者Proto Buffers插件证书
1. ETCD启动
因为APISIX常用的存储数据的方式是使用ETCD, 所以首先需要一个ETCD服务
因为我的环境上已经存在了一个ETCD服务, 它可以直接docker运行, 别的APISIX服务和Dashboard可以直接使用docker-compose编排
使用下面命令创建一个docker网络
docker network create cy --driver bridge编写ETCD的docker启动脚本
run.sh 注意我这里用的是zsh#!/usr/bin/env zsh #2379进行http通信 #2380与etcd其他节点进行通信 # ETCD_ADVERTISE_CLIENT_URLS 广播给集群中其他成员自己的客户端地址列表 # ETCD_LISTEN_CLIENT_URLS 该节点与客户端通信时监听的地址列表 docker run -d --name etcd \ -p 2379:2379 \ -p 2380:2380 \ --network cy \ --env ETCD_ENABLE_V2=true \ --env ALLOW_NONE_AUTHENTICATION=yes \ --env ETCD_ADVERTISE_CLIENT_URLS=http://0.0.0.0:2379 \ --env ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 \ bitnami/etcd:latest
使用
chmod +x run.sh 增加运行权限使用
./run.sh 启动ETCD服务2. 编辑APISIX的config.yaml文件
注意编辑完成之后要修改权限
chmod 666 config.yaml 不然在外面修改之后docker内部不会同步apisix: # apisix监听的端口, 注意apisix不支持动态监听, 所以修改之后需要apisix reload刷新配置 node_listen: - port: 9080 #enable_http2: true - port: 9443 #enable_http2: true # APISIX listening port enable_ipv6: false # 配置哪些ip可以管理apisix allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test. # apisix的用户列表, 以及密码和角色 admin_key: - name: "admin" key: admin role: admin # admin: manage all configuration data # viewer: only can view configuration data - name: "viewer" key: viewer role: viewer enable_control: true control: ip: "0.0.0.0" port: 9092 # 因为都在同一个docker网络中, 所以直接使用name就可以访问etcd etcd: host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - "http://etcd:2379" # multiple etcd address prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds # 配置插件属性, prometheus是一个流量监控插件 plugin_attr: prometheus: export_addr: ip: "0.0.0.0" port: 9091 # 因为有部署静态文件的需求, 所以需要在nginx.conf中额外增加配置片段 # 注意这里面listen的端口和server_name不要与node_listen冲突 nginx_config: http_configuration_snippet: | server { listen 8001; server_name _; location /app { alias /usr/local/apisix/static; try_files $uri $uri/ /index.html?$query_string; index index.html; } }
3. 编辑DashBoard的dashboard_conf.yaml配置文件
在config.yaml的同级目录下新建文件dashboard_conf.yaml
需要注意的就是对外提供的端口, 以及etcd的url, 还有访问用户的用户名和密码
conf: listen: host: 0.0.0.0 # `manager api` listening ip or host name port: 9000 # `manager api` listening port allow_list: # If we don't set any IP list, then any IP access is allowed by default. - 0.0.0.0/0 etcd: endpoints: # supports defining multiple etcd host addresses for an etcd cluster - "http://etcd:2379" # yamllint disable rule:comments-indentation # etcd basic auth info # username: "root" # ignore etcd username if not enable etcd auth # password: "123456" # ignore etcd password if not enable etcd auth mtls: key_file: "" # Path of your self-signed client side key cert_file: "" # Path of your self-signed client side cert ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates # prefix: /apisix # apisix config's prefix in etcd, /apisix by default log: error_log: level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal file_path: logs/error.log # supports relative path, absolute path, standard output # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr access_log: file_path: logs/access.log # supports relative path, absolute path, standard output # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} authentication: secret: secret # secret for jwt token generation. # NOTE: Highly recommended to modify this value to protect `manager api`. # if it's default value, when `manager api` start, it will generate a random string to replace it. expire_time: 3600 # jwt token expire time, in second users: # yamllint enable rule:comments-indentation - username: admin # username and password for login `manager api` password: admin - username: user password: user plugins: # plugin list (sorted in alphabetical order) - api-breaker - authz-keycloak - basic-auth - batch-requests - consumer-restriction - cors # - dubbo-proxy - echo # - error-log-logger # - example-plugin - fault-injection - grpc-transcode - hmac-auth - http-logger - ip-restriction - jwt-auth - kafka-logger - key-auth - limit-conn - limit-count - limit-req # - log-rotate # - node-status - openid-connect - prometheus - proxy-cache - proxy-mirror - proxy-rewrite - redirect - referer-restriction - request-id - request-validation - response-rewrite - serverless-post-function - serverless-pre-function # - skywalking - sls-logger - syslog - tcp-logger - udp-logger - uri-blocker - wolf-rbac - zipkin - server-info - traffic-split
4. 编辑docker-compose的配置文件
在config.yaml的同级目录下新建文件docker-compose.yml
注意声明networks, 并且声明为外部网络
注意config.yaml要给到rw权限
version: "3" services: apisix-dashboard: image: apache/apisix-dashboard:2.13-alpine restart: always volumes: - ./dashboard_conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml ports: - "9000:9000" networks: - cy apisix: image: apache/apisix restart: always volumes: - ./apisix_log:/usr/local/apisix/logs - ./config.yaml:/usr/local/apisix/conf/config.yaml:rw - ./static:/usr/local/apisix/static depends_on: - etcd ##network_mode: host ports: - "9080:9080/tcp" - "9091:9091/tcp" - "9443:9443/tcp" - "9092:9092/tcp" - "8001:8001/tcp" networks: - cy networks: cy: external: true
5. 启动docker-compose及一些说明
使用
docker-compose up -d 启动编排打开 ip:9000 , 查看dashboard
仪表板
仪表板需要启动Grafana, 使用浏览器 localStorage 存储监控页访问地址,仅作用于本地。
路由
流量入口, 所有请求都需要配置路由转发到服务或者上游
上游
上游服务即后端服务,可以对上游服务的多个目标节点进行负载均衡和健康检查。
服务
服务除了包含上游, 还可以包含插件, 一个服务可对应一组上游节点、可被多条路由绑定。
消费者
供认证类插件使用, 包括开发者、最终用户、API 调用等
Proto Buffers
用来创建Proto Buffers数据结构类型
插件
全局启用的插件列表
证书
证书被网关用于处理加密请求,它将与 SNI 关联,并与路由中主机名绑定。
上传完证书之后不用做任何操作,就可以使用该域名的https了,因为apisix 自动匹配了域名和证书