Orange--------基於nginx/openresty之API網關(Gateway)實戰

Orange 簡介

Orange是一個基於OpenResty的API網關。除Nginx的基本功能外，它還可用於API監控、訪問控制(鑑權、WAF)、流量篩選、訪問限速、AB測試、動態分流等。它有如下特性：

• 提供了一套默認的Dashboard用於動態管理各類功能和配置
• 提供了API接口用於實現第三方服務(如個性化運維需求、第三方Dashboard等)
• 可根據規範編寫自定義插件擴展Orange功能

Orange 實戰

環境

[root@orange ~]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 
[root@orange ~]# uname -a
Linux orange 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@orange ~]# iptables -F
[root@orange ~]# ip addr
[root@orange orange]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:57:b5:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.131/24 brd 192.168.0.255 scope global dynamic eth0
       valid_lft 7081sec preferred_lft 7081sec
    inet6 fe80::3f87:b30b:ff6b:e675/64 scope link 
       valid_lft forever preferred_lft forever

OpenResty下載 [ version > 1.9.7.3 ]

• 下載OpenResty源碼包

[root@orange ~]# cd /usr/local/src/
[root@orange src]# wget https://openresty.org/download/openresty-1.13.6.1.tar.gz
--2018-03-06 15:41:59--  https://openresty.org/download/openresty-1.13.6.1.tar.gz
Resolving openresty.org (openresty.org)... 120.26.162.249
Connecting to openresty.org (openresty.org)|120.26.162.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4581699 (4.4M) [application/x-gzip]
Saving to: ‘openresty-1.13.6.1.tar.gz’

100%[=================================>] 4,581,699   9.08MB/s   in 0.5s   

2018-03-06 15:42:00 (9.08 MB/s) - ‘openresty-1.13.6.1.tar.gz’ saved [4581699/4581699]

• 解壓源碼包並進入包內

[root@orange src]# tar xf openresty-1.13.6.1.tar.gz 
[root@orange src]# cd openresty-1.13.6.1

• 建立openresty系統用戶

[root@orange openresty-1.13.6.1]# useradd -r -s /sbin/nologin -M openresty

• 安裝相關依賴

[root@orange openresty-1.13.6.1]# yum install pcre pcre-devel openssl openssl-devel git -y

• 指定參數生成Makefile文件

[root@orange openresty-1.13.6.1]# ./configure --prefix=/usr/local/openresty-1.13.6.1 --user=openresty --group=openresty --with-http_stub_status_module
……
……
……
Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + using system zlib library

  nginx path prefix: "/usr/local/openresty-1.13.6.1/nginx"
  nginx binary file: "/usr/local/openresty-1.13.6.1/nginx/sbin/nginx"
  nginx modules path: "/usr/local/openresty-1.13.6.1/nginx/modules"
  nginx configuration prefix: "/usr/local/openresty-1.13.6.1/nginx/conf"
  nginx configuration file: "/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/openresty-1.13.6.1/nginx/logs/error.log"
  nginx http access log file: "/usr/local/openresty-1.13.6.1/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

cd ../..
Type the following commands to build and install:
    gmake
    gmake install

• gmake編譯

[root@orange openresty-1.13.6.1]# gmake
……
……
……
sed -e "s|%%PREFIX%%|/usr/local/openresty-1.13.6.1/nginx|" \
    -e "s|%%PID_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid|" \
    -e "s|%%CONF_PATH%%|/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf|" \
    -e "s|%%ERROR_LOG_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/error.log|" \
    < docs/man/nginx.8 > objs/nginx.8
gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'
gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'

• gmake install安裝

[root@orange openresty-1.13.6.1]# gmake install
……
……
……
gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'
gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'
mkdir -p /usr/local/openresty-1.13.6.1/site/lualib /usr/local/openresty-1.13.6.1/site/pod /usr/local/openresty-1.13.6.1/site/manifest
ln -sf /usr/local/openresty-1.13.6.1/nginx/sbin/nginx /usr/local/openresty-1.13.6.1/bin/openresty

• 建立openrestyl目錄軟連接

[root@orange openresty-1.13.6.1]# ln -s /usr/local/openresty-1.13.6.1 /usr/local/openresty
[root@orange openresty-1.13.6.1]# ls -l /usr/local/openresty
lrwxrwxrwx. 1 root root 29 Mar  6 18:06 /usr/local/openresty -> /usr/local/openresty-1.13.6.1

• 設置resty和nginx相關環境變量, 並生效

[root@orange openresty-1.13.6.1]# cat /etc/profile.d/openresty.sh 
export OPENRESTY_HOME=/usr/local/openresty
export NGINX_HOME=$OPENRESTY_HOME/nginx
export PATH=$OPENRESTY_HOME/bin:$NGINX_HOME/sbin:$PATH
[root@orange openresty-1.13.6.1]# source /etc/profile
[root@orange openresty-1.13.6.1]# echo $PATH
/usr/local/openresty/bin:/usr/local/openresty/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

lor(lua web框架)安裝

• 若使用的Orange版本低於v0.6.2則應安裝lor v0.2.*版本
• 若使用的Orange版本高於或等於v0.6.2則應安裝lor v0.3.0+版本
• git克隆lor代碼庫，並進入代碼包

[root@orange src]# cd /usr/local/src/
[root@orange src]# git clone https://github.com/sumory/lor
Cloning into 'lor'...
remote: Counting objects: 1716, done.
remote: Total 1716 (delta 0), reused 0 (delta 0), pack-reused 1716
Receiving objects: 100% (1716/1716), 335.55 KiB | 8.00 KiB/s, done.
Resolving deltas: 100% (903/903), done.
[root@orange src]# cd lor/

• 安裝lor

[root@orange lor]# make install
install lor runtime files to /usr/local/lor
lor runtime files installed.
install lord cli to /usr/local/bin/
lord cli installed.
lor framework installed successfully

MySQL安裝 [此處用yum安裝Mariadb，MySQL二進制安裝點這裏]

• 安裝MySQL

[root@orange lor]# yum install mariadb-server -y
……
……
……
Installed:
  mariadb-server.x86_64 1:5.5.56-2.el7                                                                                                           

Dependency Installed:
  libaio.x86_64 0:0.3.109-13.el7                   mariadb.x86_64 1:5.5.56-2.el7              perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7     
  perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7      perl-DBD-MySQL.x86_64 0:4.023-5.el7        perl-DBI.x86_64 0:1.627-4.el7                    
  perl-Data-Dumper.x86_64 0:2.145-3.el7            perl-IO-Compress.noarch 0:2.061-2.el7      perl-Net-Daemon.noarch 0:0.48-5.el7              
  perl-PlRPC.noarch 0:0.2020-14.el7               

Complete!

• 啓動mysqld，並查看啓動狀態

[root@orange lor]# systemctl start mariadb.service
[root@orange lor]# systemctl status mariadb.service
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-03-06 16:13:53 CST; 34s ago
  Process: 11775 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 11696 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 11774 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─11774 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─11936 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/maria...

Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: MySQL manual for more instructions.
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Please report any problems at http://mariadb.org/jira
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: The latest information about MariaDB is available at http://mariadb.org/.
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: You can find additional information about the MySQL part at:
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: http://dev.mysql.com
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Consider joining MariaDB's strong and vibrant community:
Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: https://mariadb.org/get-involved/
Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 06 16:13:53 orange systemd[1]: Started MariaDB database server.

• 設置root@localhost密碼

[root@orange lor]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> set password = password('123');
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye

安裝orange

• 下載orange包

[root@orange lor]# cd /usr/local/src/
[root@orange src]# git clone https://github.com/sumory/orange.git
Cloning into 'orange'...
remote: Counting objects: 3385, done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 3385 (delta 9), reused 5 (delta 2), pack-reused 3356
Receiving objects: 100% (3385/3385), 2.60 MiB | 29.00 KiB/s, done.
Resolving deltas: 100% (2151/2151), done.

• 安裝orange [Orange可選擇不「安裝」便可使用, 需拿start.sh啓動程序]

[root@orange orange]# cd ..
[root@orange src]# ls
lor  openresty-1.13.6.1  openresty-1.13.6.1.tar.gz  orange
[root@orange src]# ll
total 4480
drwxr-xr-x.  8 root root     262 Mar  6 16:06 lor
drwxrwxr-x.  6 1000 1000     157 Mar  6 15:50 openresty-1.13.6.1
-rw-r--r--.  1 root root 4581699 Nov 13 13:53 openresty-1.13.6.1.tar.gz
drwxr-xr-x. 12 root root    4096 Mar  6 18:11 orange
[root@orange src]# cd orange/
[root@orange orange]# make install
copy nginx.conf
copy orange.conf
Orange installed.
/usr/local/bin/orange help
Orange v0.6.4, OpenResty/Nginx API Gateway.

Usage: orange COMMAND [OPTIONS]

The commands are:

stop    Stop current Orange
version Show the version of Orange
restart Restart Orange
reload  Reload the config of Orange
store   Init/Update/Backup Orange store
help    Show help tips
start   Start the Orange Gateway

配置文件

[Orange有兩個配置文件，一個是conf/orange.conf，用於配置插件、存儲方式和內部集成的默認Dashboard，另外一個是conf/nginx.conf用於配置Nginx(OpenResty).]

• orange.conf的配置以下，請按需修改:

{
    "plugins": [ //可用的插件列表，若不須要可從中刪除，系統將自動加載這些插件的開放API並在7777端口暴露
        "stat",
        "monitor",
        "redirect",
        "rewrite",
        "rate_limiting",
        "property_rate_limiting",
        "basic_auth",
        "key_auth",
        "signature_auth",
        "waf",
        "divide",
        "kvstore"
    ],

    "store": "mysql",//目前僅支持mysql存儲
    "store_mysql": { //MySQL配置
        "timeout": 5000,
        "connect_config": {//鏈接信息，請修改成須要的配置
            "host": "localhost",       // 注意修改修改成本地數據庫信息
            "port": 3306,                // 注意修改修改成本地數據庫信息
            "database": "orange", // 注意修改修改成本地數據庫信息
            "user": "root",              // 注意修改修改成本地數據庫信息
            "password": "123",      // 注意修改修改成本地數據庫信息
            "max_packet_size": 1048576
        },
        "pool_config": {
            "max_idle_timeout": 10000,
            "pool_size": 3
        },
        "desc": "mysql configuration"
    },

    "dashboard": {//默認的Dashboard配置.
        "auth": false, //設爲true，則需用戶名、密碼才能登陸Dashboard,默認的用戶名和密碼爲admin/orange_admin
        "session_secret": "y0ji4pdj61aaf3f11c2e65cd2263d3e7e5", //加密cookie用的鹽，自行修改便可
        "whitelist": [//不須要鑑權的uri，如登陸頁面，無需修改此值
            "^/auth/login$",
            "^/error/$"
        ]
    },

    "api": {//API server配置
        "auth_enable": true,//訪問API時是否須要受權
        "credentials": [//HTTP Basic Auth配置，僅在開啓auth_enable時有效，自行添加或修改便可
            {
                "username":"api_username",
                "password":"api_password"
            }
        ]
    }
}

• conf/nginx.conf裏是一些nginx相關配置，請自行檢查並按照實際須要更改或添加配置，特別注意如下幾個配置：
• lua_package_path：須要根據本地環境配置適當修改，如lor框架的安裝路徑
• resolver：DNS解析
• 各個server或是location的權限，如是否須要經過allow/deny指定配置黑白名單ip

數據表導入MySQL

• 在MySQL中建立數據庫，名爲orange

[root@orange lor]# mysql -uroot -p123
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database orange character set utf8mb4;
Query OK, 1 row affected (0.00 sec)

• SQL腳本(如install/orange-v0.6.4.sql)導入到orange庫中

[root@orange lor]# mysql -uroot -p123
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use orange
Database changed
MariaDB [orange]> source /usr/local/orange/install/orange-v0.6.4.sql
Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 1 row affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

MariaDB [orange]> quit
Bye

啓動orange

[root@orange lor]# orange start
[INFO] Orange: 0.6.4
[INFO] ngx_lua: 10011
[INFO] nginx: 1013006
[INFO] Lua: LuaJIT 2.1.0-beta3
[INFO] args:
[INFO]  ngx_conf:/usr/local/orange/conf/nginx.conf
[INFO]  orange_conf:/usr/local/orange/conf/orange.conf
[INFO]  prefix:/usr/local/orange
[INFO] args end.
[INFO] Start orange command execute.
[INFO] ORANGE_CONF=/usr/local/orange/conf/orange.conf nginx -p /usr/local/orange -c /usr/local/orange/conf/nginx.conf

web訪問orange dashboard [192.168.0.131爲測試主機]