Apache Knox代理各个服务组件的UI

参考链接：
https://blog.csdn.net/qq_37865420/article/details/105787160
https://zhuanlan.zhihu.com/p/426251773

一、knox的安装部署

1.解压缩

unzip knox-{
   VERSION}.zip

2.启动嵌入的LDAP

cd {
   GATEWAY_HOME}

bin/ldap.sh start

3.创建Master 密钥

cd {
   GATEWAY_HOME}

bin/knoxcli.sh create-master --master 123456

4.启动和关闭konx

cd {
   GATEWAY_HOME}

bin/gateway.sh start

bin/gateway.sh stop

如果由于某种原因使网关停止运行（而不是使用上述命令），导致knox启动不起来，则可能需要清除跟踪PID：

cd {
   GATEWAY_HOME}
bin/gateway.sh clean
注：此命令同时也会清除所有.out与.err从文件{
   GATEWAY_HOME}/logs目录，以便使用该谨慎。

5.访问Knox webui

https://192.x.x.x:8443/gateway/manager/admin-ui/
		
自带ldap默认用户密码
admin/admin-passwrod
guest/guest-passwrod

二通过knox访问各个服务组件

1.添加白名单

修改knox/conf/gateway-site.xml：
需要将Knox用到的主机和Ip加入到白名单中
<property>
        <name>gateway.dispatch.whitelist</name>
        <value>^https?:\/\/(henghe-039|henghe-040|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
        <description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
        If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
    </property>

白名单正则,代表全部主机
<name>gateway.dispatch.whitelist</name>
<value>^.*$</value>

修改完需要重启服务，才会生效

knox/conf/topologies/sandbox.xml: 支持的服务UI，热部署，更改不需要重启就会生效

2.所有服务的knox的配置

修改knox/conf/topologies/sandbox.xml

<?xml version="1.0" encoding="utf-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<topology>

    <gateway>

        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            <param>
                <!-- 
                session timeout in minutes,  this is really idle timeout,
                defaults to 30mins, if the property value is not defined,, 
                current client authentication would expire if client idles contiuosly for more than this value
                -->
                <name>sessionTimeout</name>
                <value>30</value>
            </param>
            <param