什麼是網關
API Gateway,是系統的惟一對外的入口,介於客戶端和服務器端之間的中間層,處理非業務功能 提供路由請求、鑑權、監控、緩存、限流等功能
統一接入
* 智能路由
* AB測試、灰度測試
* 負載均衡、容災處理
* 日誌埋點(相似Nignx日誌)
流量監控
* 限流處理
* 服務降級
安全防禦
* 鑑權處理
* 監控
* 機器網絡隔離
主流的網關
zuul:是Netflix開源的微服務網關,和Eureka,Ribbon,Hystrix等組件配合使用,Zuul 2.0比1.0的性能提升不少
kong: 由Mashape公司開源的,基於Nginx的API gateway
nginx+lua:是一個高性能的HTTP和反向代理服務器,lua是腳本語言,讓Nginx執行Lua腳本,而且高併發、非阻塞的處理各類請求java
1. zuul路由案例:
1. 導入依賴nginx
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.0.3.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Finchley.RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <dependencies> <!-- eureka client --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <!-- zuul網關 --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-zuul</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build>
2. 註冊到eurekaspring
server:
port: 9000
#服務的名稱
spring:
application:
name: api_gatway
#指定註冊中心地址ַ
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
3. 主函數開啓zuul註解,而且啓動apache
@SpringBootApplication @EnableZuulProxy// 開啓網關代理 public class ApiGatwayApplication { public static void main(String[] args) { SpringApplication.run(ApiGatwayApplication.class, args); } }
測試:能夠看到服務都已經註冊到eureka上了,咱們不用配置任何路由規則就能夠直接經過註冊的服務名稱來路由api
2. 自定義路由規則:緩存
#自定義路由映射(配置文件加入這段配置就行了) zuul: routes: order-service: /apigateway/order/** #配置後就不能經過serverName訪問了。 product-service: /apigateway/product/** #忽略知足條件的服務(即:忽略全部-service結尾的服務) ignored-patterns: /*-service/** #解決http請求頭爲空的問題 (值爲空就行了) sensitive-headers:
3. 自定義過濾器url校驗 / 限流:安全
import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import com.netflix.zuul.exception.ZuulException; import org.apache.commons.lang.StringUtils; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE; import org.springframework.http.HttpStatus; /** * 攔截指定url, 進行參數校驗 */ @Component public class UrlFilter extends ZuulFilter { // private String pre_filterType = PRE_TYPE; // 前置過濾器(url以前執行) // private String post_filterType = POST_TYPE; // 後置過濾器 // private String error_filterType = ERROR_TYPE;// 異常過濾器 /** * 過濾器類型 * @return */ @Override public String filterType() { return PRE_TYPE; } /** * 過濾器順序(多個過濾器時, 越小的越先執行) * @return */ @Override public int filterOrder() { return 3; } /** * 過濾器是否生效 * 爲false時就不會走run()裏面的業務邏輯 * @return */ @Override public boolean shouldFilter() { RequestContext requestContext = RequestContext.getCurrentContext(); HttpServletRequest request = requestContext.getRequest(); // System.out.println(request.getRequestURI()); // System.out.println(request.getRequestURL()); if ("/apigateway/order/api/v1/order/find".equalsIgnoreCase(request.getRequestURI())){ return true; } return false; } /** * 業務邏輯 * @return * @throws ZuulException */ @Override public Object run() throws ZuulException { System.out.println("攔截邏輯"); RequestContext requestContext = RequestContext.getCurrentContext(); HttpServletRequest request = requestContext.getRequest(); //token對象 String id = request.getHeader("id"); if(StringUtils.isBlank((id))){ id = request.getParameter("id"); } //若是id參數爲null就程序中止, 同時返回 HttpStatus.UNAUTHORIZED 狀態碼 if (StringUtils.isBlank(id)) { requestContext.setSendZuulResponse(false); requestContext.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value()); } return null; } }
import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import com.netflix.zuul.exception.ZuulException; import org.springframework.stereotype.Component; import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE; import org.springframework.http.HttpStatus; import com.google.common.util.concurrent.RateLimiter; /** * 網關限流 */ @Component public class RequestFilter extends ZuulFilter { //每秒產生1000個令牌 private static final RateLimiter RATE_LIMITER = RateLimiter.create(1000); @Override public String filterType() { return PRE_TYPE; } @Override public int filterOrder() { return -4; } @Override public boolean shouldFilter() { return true; } @Override public Object run() throws ZuulException { RequestContext requestContext = RequestContext.getCurrentContext(); System.out.println("獲取令牌"); boolean tryAcquire = RATE_LIMITER.tryAcquire(); // 若是獲取不到就直接中止 if(!tryAcquire){ requestContext.setSendZuulResponse(false); requestContext.setResponseStatusCode(HttpStatus.TOO_MANY_REQUESTS.value()); } return null; } }
解決zuul超時問題, 完整配置文件 (設置ribbon hystrix zuul 超時時間,最好超時時間值比被代理的服務要大。ps: 不須要添加其餘依賴包,就一個zuul依賴就行了)服務器
server:
port: 9000
spring:
application:
name: api_gatway
# eureka註冊地址
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
ribbon:
ReadTimeout: 7000 #超時時間
ConnectTimeout: 2000 #鏈接時間
MaxAutoRetries: 1 #同一臺實例最大重試次數,不包括首次調用
MaxAutoRetriesNextServer: 1 #重試負載均衡其餘的實例最大重試次數,不包括首次調用
OkToRetryOnAllOperations: false #是否全部操做都重試
#解決hystrix+feign超時設置
feign:
hystrix: #開啓feign支持hystrix (注意:必定要開啓,舊版本默認支持,新版本默認關閉)
enabled: true
hystrix:
command:
default:
execution:
isolation:
thread:
timeoutInMilliseconds: 7000
# ========================================================
# 不配置路由規則,默承認以用服務註冊名稱來路由
# 商品服務:http://localhost:9000/product-service/api/v1/product/list
# 訂單服務:http://localhost:9000/order-service/api/v1/order/find?id=3
# 自定義路由規則
zuul:
routes:
order-service: /apigateway/order/**
product-service: /apigateway/product/**
# 禁止對product-service服務路由 (支持多個,逗號隔開就行了)
#ignored-services: product-service
# 禁止對全部-service結尾的服務路由
ignored-patterns: /*-service/**
# 解決http請求頭爲空的問題 (值爲空就行了)
sensitive-headers:
#ignored-headers: accept-language 路由時,不向第三方傳遞請求頭
#sensitive-headers: cookie 路由時,不向第三方傳遞cookie
host:
socket-timeout-millis: 7000
connect-timeout-millis: 7000
# 通過上面的自定義路由以後
# 訪問product-service http://localhost:9000/apigateway/product/api/v1/product/list
# 訪問order-service http://localhost:9000/apigateway/order/api/v1/order/find?id=3