Centos搭建Kong API框架完整教程

这篇文章我们讲解KongCentos上的搭建,安装Cassandra数据库.

Kong简介

Kong 是在客户端和(微)服务间转发API通信的API网关,通过插件扩展功能。Kong 有两个主要组件:

Kong Server :基于 nginx 的服务器,用来接收 API 请求。
Apache Cassandra :用来存储操作数据。
你可以通过增加更多 Kong Server 机器对 Kong 服务进行水平扩展,通过前置的负载均衡器向这些机器分发请求。根据文档描述,两个Cassandra节点就足以支撑绝大多数情况,但如果网络非常拥挤,可以考虑适当增加更多节点。

Github: Kong

官网: getkong

Kong安装

  1. 下载kong

    https://getkong.org/install/centos/#packages

    下载的文件kong-0.7.0.el6.noarch.rpm

    执行命令安装

    1
    rpm -ivh kong-0.7.0.el6.noarch.rpm
1
$ sudo yum install epel-release
$ sudo yum install kong-0.7.0.*.noarch.rpm --nogpgcheck
>如果出现 > 错误:Cannot retrieve metalink for repository: epel. Please verify its path and try again > 可以通过执行<font color=“red”>`yum --disablerepo=epel -y update ca-certificates`</font> 完美解决 🍺
  1. 启动

    1
    	[INFO] Kong 0.7.0
    [INFO] Using configuration: /etc/kong/kong.yml
    [INFO] Setting working directory to /usr/local/kong
    [INFO] database...........cassandra keyspace=kong ssl=verify=false enabled=false replication_factor=1 contact_points=ec2-52-5-200-155.compute-1.amazonaws.com:34977 replication_strategy=SimpleStrategy timeout=5000 data_centers=
    [INFO] Database not initialized. Running migrations...
    [INFO] Migrating core on keyspace "kong" (cassandra)
    [INFO] core migrated up to: 2015-01-12-175310_skeleton
    [INFO] core migrated up to: 2015-01-12-175310_init_schema
    [INFO] core migrated up to: 2015-11-23-817313_nodes
    [INFO] Migrating key-auth on keyspace "kong" (cassandra)
    [INFO] key-auth migrated up to: 2015-07-31-172400_init_keyauth
    [INFO] Migrating rate-limiting on keyspace "kong" (cassandra)
    [INFO] rate-limiting migrated up to: 2015-08-03-132400_init_ratelimiting
    [INFO] Migrating mashape-analytics on keyspace "kong" (cassandra)
    [INFO] mashape-analytics migrated up to: 2015-12-03-161400_mashape-analytics-config
    [INFO] Migrating acl on keyspace "kong" (cassandra)
    [INFO] acl migrated up to: 2015-08-25-841841_init_acl
    [INFO] Migrating oauth2 on keyspace "kong" (cassandra)
    [INFO] oauth2 migrated up to: 2015-08-03-132400_init_oauth2
    [INFO] oauth2 migrated up to: 2015-08-24-215800_cascade_delete_index
    [INFO] Migrating jwt on keyspace "kong" (cassandra)
    [INFO] jwt migrated up to: 2015-06-09-jwt-auth
    [INFO] Migrating basic-auth on keyspace "kong" (cassandra)
    [INFO] basic-auth migrated up to: 2015-08-03-132400_init_basicauth
    [INFO] Migrating response-ratelimiting on keyspace "kong" (cassandra)
    [INFO] response-ratelimiting migrated up to: 2015-08-21_init_response-rate-limiting
    [INFO] Migrating hmac-auth on keyspace "kong" (cassandra)
    [INFO] hmac-auth migrated up to: 2015-09-16-132400_init_hmacauth
    [INFO] dnsmasq............address=127.0.0.1:8053 dnsmasq=true port=8053
    [INFO] Leaving cluster..
    [INFO] nginx .............admin_api_listen=0.0.0.0:8001 proxy_listen=0.0.0.0:8000 proxy_listen_ssl=0.0.0.0:8443
    [OK] Started

安装 Cassandra

  1. 下载Cassandra

    1
    wget: http://mirrors.hust.edu.cn/apache/cassandra/3.3/apache-cassandra-3.3-bin.tar.gz
  2. 安装Cassandra

    1
    tar -zxvf apache-cassandra-3.3-bin.tar.gz
    cd bin/
    1
    执行cassandra -f 后台启动
    ./cassandra -f
> 在安装`cassandra`要升级`Python2.7`.

> 执行`./cqlsh` 测试是否安装成功
> 
  
1
Connected to Test Cluster at 127.0.0.1:9042.
  [cqlsh 5.0.1 | Cassandra 2.2.5 | CQL spec 3.3.1 | Native protocol v4]
  Use HELP for help.
  cqlsh>
恭喜你🍺 安装成功了 `9042`端口 > 执行`./cqlsh` 出现下面的错误,需要安装`python ssl`模块 >
1
	  [root@host-133-130-99-25 bin]# ./cqlsh
Traceback (most recent call last):
  File "./cqlsh.py", line 152, in <module>
    from cqlshlib import cql3handling, cqlhandling, pylexotron, sslhandling
  File "/home/soft/apache-cassandra-2.2.5/bin/../pylib/cqlshlib/sslhandling.py", line 20, in <module>
    import ssl
  File "/usr/local/lib/python2.7/ssl.py", line 60, in <module>
    import _ssl             # if we can't import it, let the error propagate
ImportError: No module named _ssl
	  ``` 
	  
	参考: 
	
	  [python安装完毕后,提示找不到ssl模块的解决步骤](http://www.cnblogs.com/yuechaotian/archive/2013/06/03/3115472.html)
	  
	  [CentOS yum安装或升级Python到2.7.5教程](http://www.111cn.net/sys/CentOS/53297.htm)
	
	
		
#### 配置Configure Cassandra

编辑`/etc/kong/kong.yml`文件

```shell
Replace this in /etc/kong/kong.yml and continue installing Kong or onto the quickstart guide!

database: cassandra
cassandra:
  contact_points:
    - "127.0.0.1:9042"

Kong添加Rest Api

  1. 添加api

    1
    $ curl -i -X POST \
     --url http://localhost:8001/apis/ \
     --data 'name=mockbin' \ //自己的api name
     --data 'upstream_url=http://mockbin.com/' \ //API地址
     --data 'request_host=mockbin.com'  //API地址

    成功 显示

    1
    HTTP/1.1 201 Created
    Content-Type: application/json
    Connection: keep-alive
    
    {
      “request_host”: “mockbin.com”,
      “upstream_url”: “http://mockbin.com/“,
      “id”: “2eec1cb2-7093-411a-c14e-42e67142d2c4”,
      “created_at”: 1428456369000,
      “name”: “mockbin”
    }
使用`kong`作为代理请求API

1
$ curl -i -X GET \
 	--url http://localhost:8000/ \
	--header 'Host: mockbin.com'
<font color=“red”>`:8000`</font> 端口代理
  1. 测试

    访问http://localhost:8000/就可以访问到自己的API了。

  2. Nginx配置SSL

    1
    	ssl on;
    ssl_certificate  /*.crt;
    ssl_certificate_key /*.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP; ssl_prefer_server_ciphers on;

Kong API添加插件

  1. 添加 key-auth 插件 配置apikey

    执行命令: mockbin -> api名称

    1
    curl -i -X POST \
     	--url http://localhost:8001/apis/mockbin/plugins/ \
     	--data 'name=key-auth'
添加成功显示:

1
	HTTP/1.1 201 Created
	Date: Tue, 08 Mar 2016 08:07:51 GMT
	Content-Type: application/json; charset=utf-8
	Transfer-Encoding: chunked
	Connection: keep-alive
	Access-Control-Allow-Origin: *
	Server: kong/0.7.0

	{"api_id":"413fc8b3-4c45-43eb-a3c1-17f9325d5527","id":"4706cc84-	b97a-48c4-90eb-e8ec8491d3d7","created_at":	1457424471000,"enabled":true,"name":"key-auth","config":{"key_names":	["apikey"],"hide_credentials"
	```	
	🍺OK,成功添加`key-auth`插件
	
2. API 配置访问权限 

	执行命令: `username=Slj` -> `Slj`用户
	
	```shell
	--接口添加用户控制
	curl -i -X POST \
  	--url http://localhost:8001/consumers/ \
 	--data "username=Slj"
`Slj`用户配置apikey
1
curl -i -X POST \
 	--url http://localhost:8001/consumers/Slj/key-auth/ \
 	--data 'key=9eGpzqh4U3qMMuSk'
🍺第一个插件安装成功了, 我们测试一下吧
  1. 测试API 访问权限

    Headers中添加 apikey

    apikey是我们上面添加的值,🍺我们愉快的获得到了数据。

改变一下`apikey`值,看看什么效果
![](https://dn-itjhcdn.qbox.me/kong%202.jpg)

😂出错了,那么恭喜你,`Kong`的插件起效果了。
LijunSong wechat
欢迎您扫一扫上面的微信公众号,订阅IT江湖!