- 简介
- 虚拟机安装
- 依赖安装
- OpenResty安装
- etcd安装
- 安装ApiSix
- 安装ApiSix Dashboard
ApiSix是一款开源API网关,基于Nginx + Lua实现。ApiSix具有路由转发、流量控制、身份验证等能力,ApiSix基于Lua实现路由方式使其很好地支持了动态配置。通过自定义插件,还可以实现定制化的需求。
官方文档推荐的是使用docker Compose安装,这种方式虽然省去了安装相关依赖的麻烦,但对于不熟悉docker的同学来说,搭建docker环境也是一件麻烦事,增长了学习apisix的曲线。下面将分享如何在PC上利用虚拟机搭建ApiSix环境。
已安装虚拟机及Linux系统的可以忽略。
虚拟机使用开源的VirtualBox下载。
虚拟机安装完后下载并安装CentOs8下载(选择合适自己的版本,如CentOS-8.4.2105-x86_64-dvd1.iso)。
由于宿主机与虚拟机需要网络互通,网络连接模式应使用网络桥接模式。
OpenResty是基于Nginx + Lua的web平台,ApiSix依赖于OpenResty,可通过OpenResty工程的方式允许在OpenResty平台。
# 安装yum-utils用于yum管理 $ yum install yum-utils # 配置OpenResty源 $ yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo # 安装OpenResty $ yum install -y openresty
OpenResty安装完后在/usr/local目录下可以看到openresty文件目录。
etcd安装etcd是一款高可用Key-value系统,具备注册中心以及配置中心的能力,ApiSix使用etcd作为统一配置中心,实现动态路由等能力。
# 下载etcd二进制文件压缩包 $ wget https://github.com/coreos/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz # 解压 $ tar xzvf etcd-v3.5.0-linux-amd64.tar.gz # 进入解压后的目录,将etcd、etcdctl、etcdutl移动或复制到/usr/local/bin目录下,方便执行 $ mv etcd /usr/local/bin/ $ mv etcdctl /usr/local/bin/ $ mv etcdutl /usr/local/bin/
启动ectd
# 命令窗口输入etcd即可启动etcd服务 $ etcd
etcd服务默认使用2379端口,如跨机器访问注意开放防火墙端口。
通过etcdctl验证ectd服务是否启动成功
# 使用etcdctl put向etcd服务写入key为hello,value为Hello的键值对 $ etcdctl put hello "Hello" OK # 使用etcdctl get从etcd服务获取value为hello的值 $ etcdctl get hello hello Hello
如有需要,可通过指定配置文件的方式启动etcd
# 将以下配置作为基础配置保存到任意目录 # 创建配置文件目录 $ mkdir /usr/local/etcd # 创建配置文件 $ vim config.yaml
复制以下内容到config.yaml中,并保存。
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'default'
# Path to the data directory.
data-dir:
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://localhost:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://localhost:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://localhost:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://localhost:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Initial cluster configuration for bootstrapping.
initial-cluster:
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Accept etcd V2 client requests
enable-v2: true
# Enable runtime profiling data via HTTP server
enable-pprof: true
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# The validity period of the self-signed certificate, the unit is year.
self-signed-cert-validity: 1
# Enable debug-level logging for etcd.
log-level: debug
logger: zap
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: [stderr]
# Force to create a new one member cluster.
force-new-cluster: false
auto-compaction-mode: periodic
auto-compaction-retention: "1"
安装ApiSix
$ yum install -y https://github.com/apache/apisix/releases/download/2.9/apisix-2.9-0.el7.x86_64.rpm
ApiSix安装完成后位于/usr/local/apisix,配置文件位于conf目录config.yaml。新版本的ApiSix配置文件内容很少,无法得知一些配置项,可将config-default.yaml文件复制一份为config.yaml作为配置文件,在config.yaml内可以配置访问策略(IP过滤)、服务端口等信息。
ApiSix的启动、停止、重启、配置重新加载:
# 启动ApiSix $ apisix start # 停止ApiSix $ apisix stop # 重启apisix $ apisix restart # 重新加载apisix配置,修改了配置执行该命令 $ apisix reload
ApiSix默认访问端口是9080,注意开放防火墙端口。
安装ApiSix DashboardApiSix支持通过Admin Api进行路由管理,同时也提供了单独的项目ApiSix Dashboard,一个简单的仪表板控制台。
$ yum install -y https://github.com/apache/apisix-dashboard/releases/download/v2.8.0/apisix-dashboard-2.8.0-0.x86_64.rpm
ApiSix Dashboard安装完成后,在/usr/local/apisix目录下将会多一个dashboard目录
进入/usr/local/apisix/dashboard/conf目录,修改conf.yaml,在allow_list节点下增加访问机器的ip。默认只有127.0.0.1。
ApiSix Dashboard的停启:
# 启动ApiSix Dashboard $ manager-api start /usr/local/apisix/dashboard/ # 停止ApiSix Dashboard $ manager-api stop /usr/local/apisix/dashboard/
ApiSix Dashboard默认端口是9000,启动后,通过http://ip:9000/访问(注意开放防火墙端口)。
