1. 简介
APISIX 是一个云原生、高性能、可扩展的微服务 API 开源网关,基于OpenResty(Nginx+Lua)和etcd来实现,对比传统的API网关,具有动态路由和热插件加载的特点。系统本身自带前端,可以手动配置路由、负载均衡、限速限流、身份验证等插件,操作方便。APISIX是用Lua语言开发,语言相对简单,容易上手,同时可以按自己的需求进行系统的二次开发以及开发自己的插件。
2. 安装
Apache APISIX 运行时环境需要依赖 NGINX 和 etcd。
本文apache apisix 安装未docker 安装,请确保本机以安装docker,并确保宿主机能正常访问互联网。
2.1 安装etcd 依赖
运行命令:
docker run -d --name etcd-server \
--publish 2379:2379 \
--publish 2380:2380 \
--env ALLOW_NONE_AUTHENTICATION=yes \
--env ETCD_ADVERTISE_CLIENT_URLS=http://etcd-server:2379 \
bitnami/etcd:latest
如果本地镜像不存在,docker会拉取最新 etcd镜像。拉取成功后,会运行 etcd镜像。可通过dockers ps -a 查看是否启动成功。
注意,最新版的 etcd 默认情况 enable-v2 不启动,需要手动配置 enable-v2 为启动状态。
查询命令:
docker exec -it etcd-server bash
etcd --help |grep enable-v2
手动配置 enable-v2
etcd --enable-v2=true
2.2 apache-apisix 安装
创建宿主机配置文件:config.yaml,用于apisix 配位文件挂在
创建宿主机日志目录: 用于备份apisix 日志
config.yaml 路径: /home/apisix-docker/example/apisix_conf/config.yaml
config.yaml 文件内容:
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
node_listen: 9080 # APISIX listening port
enable_ipv6: false
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
# We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://172.30.129.22:2379" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
plugin_attr:
prometheus:
export_addr:
ip: "0.0.0.0"
port: 9091
home/apisix-docker/example 路径下 创建 apisix_log 目录。
运行docker 命令录取apisix 镜像:
最新版的 apache-apisix-dashboard 为 v2.7 ,对应的 apache-apisix 版本为 2.6
docker pull apache/apisix:2.6-centos
运行命令启动 apache-apisix 镜像
docker run --name apache-apisix \
-v /home/apisix-docker/example/apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml \
-v /home/apisix-docker/example/apisix_log:/usr/local/apisix/logs \
-p 9080:9080 \
-p 9443:9443 \
-d apache/apisix:2.6-centos
2.3 apache-apisix-dashboard 安装
拉取镜像:
docker pull apache/apisix-dashboard:2.7
配置文件路径:/home/apisix-docker/example/dashboard_conf(可自定义路径)
配置文件名称:conf.yaml
配置文件内容:
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- "http://etcd:2379"
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard output
# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
plugins: # plugin list (sorted in alphabetical order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
# - skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
修改
etcd:
endpoints:
- “http://etcd:2379”
endpoints 配置为宿主机IP+2379(http://192.168.1.119:2379)
运行命令启动 apache-apisix-dashboard.
docker run --name apisix-dashboard \
-p 9000:9000 \
-v /home/apisix-docker/example/dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml \
-d apache/apisix-dashboard:2.7
2.4 查看启动情况
运行命令:docker ps -a
访问dashborad 界面: http://宿主机ip:9000/apisix/dashboard
用户名和密码 都是 admin