一、相关软件清单
etcd,版本3.4.9,提供存储服务
apisix,版本2.10.2-centos,提供api网关服务
apisix-dashboard,版本2.9.0,提供api网关操作界面
二、进入服务器并切换到工作目录
cd /mysoft/apisix
注意,如果目录不存在,请执行一下命令新建目录:
mkdir -p /mysoft/apisix
三、下载并导入镜像到docker
1、使用官方的方式:
docker pull bitnami/etcd:3.4.9
docker pull apache/apisix:2.10.2-centos
docker pull apache/apisix-dashboard:2.9.0
四、安装etdc存储服务
4.1 使用镜像创建etcd容器实例
cd /mysoft/apisix
mkdir -p `pwd`/example/etcd_conf
#以下脚本会自动创建空文件
touch `pwd`/example/etcd_conf/etcd.conf.ym
docker run -it --name etcd-server_ys_ywzx -v `pwd`/example/etcd_conf/etcd.conf.yml:/opt/bitnami/etcd/conf/etcd.conf.yml -v /etc/localtime:/etc/localtime:ro -p 2379:2379 -p 2380:2380 --network host --env ALLOW_NONE_AUTHENTICATION=yes -d bitnami/etcd:3.4.9
4.2 查看是否创建成功
docker ps -a
4.4 进入容器查看是否etdc实例是否启动成功
docker exec -it etcd-server_my_soft /bin/sh
etcdctl member list
exit
五、安装apisix网关服务
5.1 创建apisix的配置文件,用于挂载到apisix容器
cd /mysoft/apisix
mkdir -p `pwd`/example/apisix_conf
#apisix_conf的文件内容参考如下:
apisix:
port_admin: 9180
node_listen:
- 9080
- 9081
- 9082
ssl:
listen_port:
- 9443
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
- 192.168.1.123/24
admin_key:
-
name: "admin"
key: 自定义密钥#一定要自定义该值
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: "adminTest"
key: 自定义密钥 #一定要自定义该值
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: "viewer"
key: 自定义密钥 #一定要自定义该值
role: viewer
将apisix的config.yaml配置文件上传到`pwd`/example/apisix_conf,注意,'pwd'指当前工作目录,即/mysoft/apisix
注意:一定要在config.yaml设置allow_admin和admin_key,结束时按Ctrl+d退出并保存文件。
5.2 使用镜像创建apisix容器实例
docker run --name apisix_my_soft -v `pwd`/example/apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml -v `pwd`/example/apisix_log:/usr/local/apisix/logs -v /etc/localtime:/etc/localtime:ro -p 9080:9080 -p 9443:9443 -p 9181:9181 -p 9182:9182 --network host -d apache/apisix:2.10.2-centos
5.3 启动apisix实例
docker start apisix_my_soft
5.4 检查apisix是否正常提供服务
curl http://127.0.0.1:9080/apisix/admin/routes/ -H 'X-API-KEY:这里要输入config.yaml配置的密钥'
六、安装apisix-dashboard服务
6.1 创建apisix-dashboard的配置文件,用于挂载到apisix容器
cd /mysoft/apisix
mkdir -p `pwd`/path/to
将apisix-dashboard的config.yaml配置文件上传到`pwd`/path/to,注意,'pwd'指当前工作目录,即/mysoft/apisix
注意:在config.yaml重点配置allow_list,用于配置哪些ip可以访问apisix-dashboard服务。
#config.yaml文件的参考内容如下:
conf:
listen:
# host: 127.0.0.1 # the address on which the `Manager API` should listen.
# The default value is 0.0.0.0, if want to specify, please enable it.
# This value accepts IPv4, IPv6, and hostname.
port: 9000 # The port on which the `Manager API` should listen.
# ssl:
# host: 127.0.0.1 # the address on which the `Manager API` should listen for HTTPS.
# The default value is 0.0.0.0, if want to specify, please enable it.
# port: 9001 # The port on which the `Manager API` should listen for HTTPS.
# cert: "/tmp/cert/example.crt" # Path of your SSL cert.
# key: "/tmp/cert/example.key" # Path of your SSL key.
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
- 127.0.0.1 # The rules are checked in sequence until the first match is found.
- 192.168.1.0/24
- 192.168.11.123/24
- ::1 # In this example, access is allowed only for IPv4 network 127.0.0.1, and for IPv6 network ::1.
# It also support CIDR like 192.168.1.0/24 and 2001:0db8::/32
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- 127.0.0.1:2379
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard output
# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
max_cpu: 0 # supports tweaking with the number of OS threads are going to be used for parallelism. Default value: 0 [will use max number of available cpu cores considering hyperthreading (if any)]. If the value is negative, is will not touch the existing parallelism profile.
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: 自定义用户名 # username and password for login `manager api`
password: 自定义密码
- username: 自定义用户名
password: 自定义密码
plugins: # plugin list (sorted in alphabetical order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
# - skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
6.2 使用镜像创建apisix-dashboard容器实例
docker run -d -p 9000:9000 --network host -v `pwd`/path/to/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml -v /etc/localtime:/etc/localtime:ro --name apisix-dashboard_my_soft apache/apisix-dashboard:2.9.0
6.3 启动apisix-dashboard实例
docker start apisix-dashboard_my_soft
6.4 检查apisix dashboard是否正常提供服务
curl http://127.0.0.1:9000
七、开通网络策略(如果需要apisix的管理api提供外部使用时才开通)
firewall-cmd --zone=public --add-port=9080/tcp --permanent
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --reload