那麼,將視線拉至本系列主題主角:APISIX。要快速體驗APISIX,只需要先安裝好docker和docker-compose。
docker-compose.yaml檔案docker-compose.yaml
services:
etcd:
container_name: etcd
restart: always
image: "quay.io/coreos/etcd:v3.4.33"
environment:
TZ: "Asia/Taipei"
command:
- /usr/local/bin/etcd
- --data-dir=/etcd-data
- --name
- "etcd01"
- --initial-advertise-peer-urls
- "http://etcd:2380"
- --listen-peer-urls
- http://0.0.0.0:2380
- --advertise-client-urls
- "http://etcd:2379"
- --listen-client-urls
- http://0.0.0.0:2379
- --initial-cluster
- "etcd01=http://etcd:2380"
- --initial-cluster-state
- new
apisix:
container_name: apisix
restart: always
image: "apache/apisix:3.2.2-debian"
volumes:
- ./apisix_config/config.yaml:/usr/local/apisix/conf/config.yaml:ro
ports:
- 9180:9180 # admin api
- 9080:9080 # HTTP
- 9091:9091 # prometheus
- 9443:9443 # HTTPS
- 9090:9090 # control api
- 389:389 # Proxy AD Service
environment:
TZ: "Asia/Taipei"
dashboard:
image: "apache/apisix-dashboard:3.0.1-alpine"
volumes:
- ./apisix_dashboard_config/config.yaml:/usr/local/apisix-dashboard/conf/conf.yaml:ro
# - ./apisix_dashboard_config/schema.json:/usr/local/apisix-dashboard/conf/schema.json:ro
ports:
- 9000:9000
environment:
TZ: "Asia/Taipei"
將檔案建立在apisix_config/config.yaml:
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
enable_control: true
control:
ip: "0.0.0.0"
port: 9092
stream_proxy:
tcp:
- 389
ssl:
listen:
- port: 9443
ssl_protocols: TLSv1.2 TLSv1.3 # TLSv1 TLSv1.1
ssl_ciphers: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:AES256-SHA256:CAMELLIA256-SHA256:AES128-SHA256:CAMELLIA128-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA # ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-SHA:CAMELLIA256-SHA:AES128-SHA:CAMELLIA128-SHA
fallback_sni: "example.com"
#ssl_trusted_certificate: /usr/local/apisix/ssl/root04.crt
nginx_config:
http_configuration_snippet: |
proxy_buffer_size 256k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
large_client_header_buffers 4 16k;
deployment:
admin:
allow_admin: # https://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: SaiTJp7TEa9K39oy7D5A4ouXmdqHvL9a
role: admin # admin: manage all configuration data
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
# multiple etcd address
- http://etcd:2379
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
將檔案建立在apisix_dashboard_config/config.yaml:
conf:
listen:
# host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
- 0.0.0.0/0
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- "http://etcd:2379"
# yamllint disable rule:comments-indentation
# etcd basic auth info sign callers' certificates
prefix: /apisix # apisix config's prefix in etcd, /apisix by default
authentication:
secret:
SaiTJp7TEa9K39oy7D5A4ouXmdqHvL9a # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
docker compose up -d 啟動服務透過 docker compose up -d 啟動服務,這個docker-compoes.yaml裡,一共定義了三個服務:
apisix: APISIX服務核心。dashboard: 一個可選的Dashboard管理組件。藉此可以透過Web UI界面建立路由規則。etcd: 儲存APISIX設定的地方。http://localhost:9000
帳號密碼都輸入admin。
雖然可以透過Web UI建立路由規則,但這裡請先嘗試Advanced/Raw Data Editor。
然後貼入以下內容:
{
"uri": "/*",
"name": "httpbin",
"desc": "反向代理httpbin.org",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH",
"HEAD",
"OPTIONS",
"CONNECT",
"TRACE",
"PURGE"
],
"upstream": {
"nodes": [
{
"host": "httpbin.org",
"port": 443,
"weight": 1
}
],
"timeout": {
"connect": 6,
"send": 6,
"read": 6
},
"type": "roundrobin",
"scheme": "https",
"pass_host": "pass",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
},
"status": 1
}
在上述設定路由,反向代理了httpbin的服務。因此我們可以嘗試其提供的API。
像是取得一張圖片:
或是Anything的API:
curl http://localhost:9080/anything |python3 -m json.tool
iThome鐵人賽
看影片追技術