Orange--------基于nginx/openresty之API网关(Gateway)实战
发表于:2025-01-24 作者:千家信息网编辑
千家信息网最后更新 2025年01月24日,Orange 简介Orange是一个基于OpenResty的API网关。除Nginx的基本功能外,它还可用于API监控、访问控制(鉴权、WAF)、流量筛选、访问限速、AB测试、动态分流等。它有以下特性
千家信息网最后更新 2025年01月24日Orange--------基于nginx/openresty之API网关(Gateway)实战
Orange 简介
Orange是一个基于OpenResty的API网关。除Nginx的基本功能外,它还可用于API监控、访问控制(鉴权、WAF)、流量筛选、访问限速、AB测试、动态分流等。它有以下特性:
- 提供了一套默认的Dashboard用于动态管理各种功能和配置
- 提供了API接口用于实现第三方服务(如个性化运维需求、第三方Dashboard等)
- 可根据规范编写自定义插件扩展Orange功能
Orange 实战
环境
[root@orange ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@orange ~]# uname -aLinux orange 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux[root@orange ~]# iptables -F[root@orange ~]# ip addr[root@orange orange]# ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:57:b5:ab brd ff:ff:ff:ff:ff:ff inet 192.168.0.131/24 brd 192.168.0.255 scope global dynamic eth0 valid_lft 7081sec preferred_lft 7081sec inet6 fe80::3f87:b30b:ff6b:e675/64 scope link valid_lft forever preferred_lft forever OpenResty下载 [ version > 1.9.7.3 ]
- 下载OpenResty源码包
[root@orange ~]# cd /usr/local/src/[root@orange src]# wget https://openresty.org/download/openresty-1.13.6.1.tar.gz--2018-03-06 15:41:59-- https://openresty.org/download/openresty-1.13.6.1.tar.gzResolving openresty.org (openresty.org)... 120.26.162.249Connecting to openresty.org (openresty.org)|120.26.162.249|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 4581699 (4.4M) [application/x-gzip]Saving to: 'openresty-1.13.6.1.tar.gz'100%[=================================>] 4,581,699 9.08MB/s in 0.5s 2018-03-06 15:42:00 (9.08 MB/s) - 'openresty-1.13.6.1.tar.gz' saved [4581699/4581699]- 解压源码包并进入包内
[root@orange src]# tar xf openresty-1.13.6.1.tar.gz [root@orange src]# cd openresty-1.13.6.1- 创建openresty系统用户
[root@orange openresty-1.13.6.1]# useradd -r -s /sbin/nologin -M openresty- 安装相关依赖
[root@orange openresty-1.13.6.1]# yum install pcre pcre-devel openssl openssl-devel git -y- 指定参数生成Makefile文件
[root@orange openresty-1.13.6.1]# ./configure --prefix=/usr/local/openresty-1.13.6.1 --user=openresty --group=openresty --with-http_stub_status_module………………Configuration summary + using system PCRE library + using system OpenSSL library + using system zlib library nginx path prefix: "/usr/local/openresty-1.13.6.1/nginx" nginx binary file: "/usr/local/openresty-1.13.6.1/nginx/sbin/nginx" nginx modules path: "/usr/local/openresty-1.13.6.1/nginx/modules" nginx configuration prefix: "/usr/local/openresty-1.13.6.1/nginx/conf" nginx configuration file: "/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf" nginx pid file: "/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid" nginx error log file: "/usr/local/openresty-1.13.6.1/nginx/logs/error.log" nginx http access log file: "/usr/local/openresty-1.13.6.1/nginx/logs/access.log" nginx http client request body temporary files: "client_body_temp" nginx http proxy temporary files: "proxy_temp" nginx http fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp"cd ../..Type the following commands to build and install: gmake gmake install- gmake编译
[root@orange openresty-1.13.6.1]# gmake………………sed -e "s|%%PREFIX%%|/usr/local/openresty-1.13.6.1/nginx|" \ -e "s|%%PID_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid|" \ -e "s|%%CONF_PATH%%|/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf|" \ -e "s|%%ERROR_LOG_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/error.log|" \ < docs/man/nginx.8 > objs/nginx.8gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'- gmake install安装
[root@orange openresty-1.13.6.1]# gmake install………………gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'mkdir -p /usr/local/openresty-1.13.6.1/site/lualib /usr/local/openresty-1.13.6.1/site/pod /usr/local/openresty-1.13.6.1/site/manifestln -sf /usr/local/openresty-1.13.6.1/nginx/sbin/nginx /usr/local/openresty-1.13.6.1/bin/openresty- 创建openrestyl目录软链接
[root@orange openresty-1.13.6.1]# ln -s /usr/local/openresty-1.13.6.1 /usr/local/openresty[root@orange openresty-1.13.6.1]# ls -l /usr/local/openrestylrwxrwxrwx. 1 root root 29 Mar 6 18:06 /usr/local/openresty -> /usr/local/openresty-1.13.6.1- 设置resty和nginx相关环境变量, 并生效
[root@orange openresty-1.13.6.1]# cat /etc/profile.d/openresty.sh export OPENRESTY_HOME=/usr/local/openrestyexport NGINX_HOME=$OPENRESTY_HOME/nginxexport PATH=$OPENRESTY_HOME/bin:$NGINX_HOME/sbin:$PATH[root@orange openresty-1.13.6.1]# source /etc/profile[root@orange openresty-1.13.6.1]# echo $PATH/usr/local/openresty/bin:/usr/local/openresty/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/binlor(lua web框架)安装
- 若使用的Orange版本低于v0.6.2则应安装lor v0.2.*版本
- 若使用的Orange版本高于或等于v0.6.2则应安装lor v0.3.0+版本
- git克隆lor代码库,并进入代码包
[root@orange src]# cd /usr/local/src/[root@orange src]# git clone https://github.com/sumory/lorCloning into 'lor'...remote: Counting objects: 1716, done.remote: Total 1716 (delta 0), reused 0 (delta 0), pack-reused 1716Receiving objects: 100% (1716/1716), 335.55 KiB | 8.00 KiB/s, done.Resolving deltas: 100% (903/903), done.[root@orange src]# cd lor/- 安装lor
[root@orange lor]# make installinstall lor runtime files to /usr/local/lorlor runtime files installed.install lord cli to /usr/local/bin/lord cli installed.lor framework installed successfullyMySQL安装 [此处用yum安装Mariadb,MySQL二进制安装点这里]
- 安装MySQL
[root@orange lor]# yum install mariadb-server -y………………Installed: mariadb-server.x86_64 1:5.5.56-2.el7 Dependency Installed: libaio.x86_64 0:0.3.109-13.el7 mariadb.x86_64 1:5.5.56-2.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 Complete!- 启动mysqld,并查看启动状态
[root@orange lor]# systemctl start mariadb.service[root@orange lor]# systemctl status mariadb.service● mariadb.service - MariaDB database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2018-03-06 16:13:53 CST; 34s ago Process: 11775 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS) Process: 11696 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS) Main PID: 11774 (mysqld_safe) CGroup: /system.slice/mariadb.service ├─11774 /bin/sh /usr/bin/mysqld_safe --basedir=/usr └─11936 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/maria...Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: MySQL manual for more instructions.Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Please report any problems at http://mariadb.org/jiraMar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: The latest information about MariaDB is available at http://mariadb.org/.Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: You can find additional information about the MySQL part at:Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: http://dev.mysql.comMar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Consider joining MariaDB's strong and vibrant community:Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: https://mariadb.org/get-involved/Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysqlMar 06 16:13:53 orange systemd[1]: Started MariaDB database server.- 设置root@localhost密码
[root@orange lor]# mysqlWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 4Server version: 5.5.56-MariaDB MariaDB ServerCopyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> set password = password('123');Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> quitBye安装orange
- 下载orange包
[root@orange lor]# cd /usr/local/src/[root@orange src]# git clone https://github.com/sumory/orange.gitCloning into 'orange'...remote: Counting objects: 3385, done.remote: Compressing objects: 100% (27/27), done.remote: Total 3385 (delta 9), reused 5 (delta 2), pack-reused 3356Receiving objects: 100% (3385/3385), 2.60 MiB | 29.00 KiB/s, done.Resolving deltas: 100% (2151/2151), done.- 安装orange [Orange可选择不"安装"即可使用, 需拿start.sh启动程序]
[root@orange orange]# cd ..[root@orange src]# lslor openresty-1.13.6.1 openresty-1.13.6.1.tar.gz orange[root@orange src]# lltotal 4480drwxr-xr-x. 8 root root 262 Mar 6 16:06 lordrwxrwxr-x. 6 1000 1000 157 Mar 6 15:50 openresty-1.13.6.1-rw-r--r--. 1 root root 4581699 Nov 13 13:53 openresty-1.13.6.1.tar.gzdrwxr-xr-x. 12 root root 4096 Mar 6 18:11 orange[root@orange src]# cd orange/[root@orange orange]# make installcopy nginx.confcopy orange.confOrange installed./usr/local/bin/orange helpOrange v0.6.4, OpenResty/Nginx API Gateway.Usage: orange COMMAND [OPTIONS]The commands are:stop Stop current Orangeversion Show the version of Orangerestart Restart Orangereload Reload the config of Orangestore Init/Update/Backup Orange storehelp Show help tipsstart Start the Orange Gateway配置文件
[Orange有两个配置文件,一个是conf/orange.conf,用于配置插件、存储方式和内部集成的默认Dashboard,另一个是conf/nginx.conf用于配置Nginx(OpenResty).]
- orange.conf的配置如下,请按需修改:
{ "plugins": [ //可用的插件列表,若不需要可从中删除,系统将自动加载这些插件的开放API并在7777端口暴露 "stat", "monitor", "redirect", "rewrite", "rate_limiting", "property_rate_limiting", "basic_auth", "key_auth", "signature_auth", "waf", "divide", "kvstore" ], "store": "mysql",//目前仅支持mysql存储 "store_mysql": { //MySQL配置 "timeout": 5000, "connect_config": {//连接信息,请修改为需要的配置 "host": "localhost", // 注意修改修改为本地数据库信息 "port": 3306, // 注意修改修改为本地数据库信息 "database": "orange", // 注意修改修改为本地数据库信息 "user": "root", // 注意修改修改为本地数据库信息 "password": "123", // 注意修改修改为本地数据库信息 "max_packet_size": 1048576 }, "pool_config": { "max_idle_timeout": 10000, "pool_size": 3 }, "desc": "mysql configuration" }, "dashboard": {//默认的Dashboard配置. "auth": false, //设为true,则需用户名、密码才能登录Dashboard,默认的用户名和密码为admin/orange_admin "session_secret": "y0ji4pdj61aaf3f11c2e65cd2263d3e7e5", //加密cookie用的盐,自行修改即可 "whitelist": [//不需要鉴权的uri,如登录页面,无需修改此值 "^/auth/login$", "^/error/$" ] }, "api": {//API server配置 "auth_enable": true,//访问API时是否需要授权 "credentials": [//HTTP Basic Auth配置,仅在开启auth_enable时有效,自行添加或修改即可 { "username":"api_username", "password":"api_password" } ] }}- conf/nginx.conf里是一些nginx相关配置,请自行检查并按照实际需要更改或添加配置,特别注意以下几个配置:
- lua_package_path:需要根据本地环境配置适当修改,如lor框架的安装路径
- resolver:DNS解析
- 各个server或是location的权限,如是否需要通过allow/deny指定配置黑白名单ip
数据表导入MySQL
- 在MySQL中创建数据库,名为orange
[root@orange lor]# mysql -uroot -p123Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 7Server version: 5.5.56-MariaDB MariaDB ServerCopyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database orange character set utf8mb4;Query OK, 1 row affected (0.00 sec)- SQL脚本(如install/orange-v0.6.4.sql)导入到orange库中
[root@orange lor]# mysql -uroot -p123Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 9Server version: 5.5.56-MariaDB MariaDB ServerCopyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> use orangeDatabase changedMariaDB [orange]> source /usr/local/orange/install/orange-v0.6.4.sqlQuery OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)MariaDB [orange]> quitBye启动orange
[root@orange lor]# orange start[INFO] Orange: 0.6.4[INFO] ngx_lua: 10011[INFO] nginx: 1013006[INFO] Lua: LuaJIT 2.1.0-beta3[INFO] args:[INFO] ngx_conf:/usr/local/orange/conf/nginx.conf[INFO] orange_conf:/usr/local/orange/conf/orange.conf[INFO] prefix:/usr/local/orange[INFO] args end.[INFO] Start orange command execute.[INFO] ORANGE_CONF=/usr/local/orange/conf/orange.conf nginx -p /usr/local/orange -c /usr/local/orange/conf/nginx.confweb访问orange dashboard [192.168.0.131为测试主机]
配置
数据
信息
数据库
插件
版本
功能
密码
文件
环境
代码
动态
框架
源码
用户
第三方
系统
存储
测试
登录
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
泰州网络营销软件开发值多少钱
百官小学网络安全
华为云终端服务器配置
松江区手机软件开发项目
有道云笔记 数据库
数据库软件连接不上去
2020服务器处理器排名天梯图
网络技术基础03944
计算机网络技术授课技巧
哈哈网络技术有限公司
徐州有软件开发企业吗
郑州软件开发人员绩效工资
网络安全第一条是什么
网络技术的利与弊作文
云桌面网络安全制度
廊坊分布式服务器排名
数据库 预警
志恒网络技术工作室图片
dz怎么找到插件的数据库
linux smb服务器
dell服务器进管理口
思科网络技术学院帐号注册
有道云笔记 数据库
花好月圆服务器
维护网络安全关键在人
电子网络技术赚钱吗
数据库 预警
添加web服务器
网络安全资质执业范围
魔兽世界九城有哪个服务器
