代码之家 › 专栏 › 技术社区 › Nitishkumar Singh user3744342

Spring Cloud网关+Consul配置

spring-cloud-gateway spring-cloud spring

Nitishkumar Singh user3744342 · 技术社区 · 7 年前

我们在使用Consul作为服务发现的多个微服务之前使用SpringCloudGateway。有几种不同语言开发的微服务。

请找到平地对于应用程序

buildscript {
    ext {
        springBootVersion = '2.1.2.RELEASE'
    }
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
    }
}

apply plugin: 'java'
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

group = 'com.demo'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'

repositories {
    mavenCentral()
    maven { url 'https://repo.spring.io/milestone' }
}

ext {
    set('springCloudVersion', 'Greenwich.RELEASE')
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.springframework.cloud:spring-cloud-starter-consul-config'
    implementation 'org.springframework.cloud:spring-cloud-starter-consul-discovery'
    implementation 'org.springframework.cloud:spring-cloud-starter-gateway'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    // https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static
    compile group: 'io.netty', name: 'netty-tcnative-boringssl-static', version: '2.0.20.Final'
    runtimeOnly 'org.springframework.boot:spring-boot-devtools'
    compileOnly 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

dependencyManagement {
    imports {
        mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
    }
}

下面是API网关配置的示例
应用程序.yaml

server:
  port: 10000
  http:
    port: 9000
  # enable HTTP2
  http2:
    enabled: true
  # enable compression
  compression:
    enabled: true
    mime-types: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json
  ssl:
    enabled: true
    key-store: /var/.conf/self-signed.p12
    key-store-type: PKCS12
    key-store-password: "something"
    key-alias: athenasowl
    trust-store: /var/.conf/self-signe.p12
    trust-store-password: "something"
spring:
  application:
    name: api-gateway
  cloud:
    gateway:
      discovery:
        locator:
          enabled: true
          predicates:
          - Path="'/api/' + serviceId + '/**'"
          filters:
          - RewritePath="'/api/' + serviceId + '/(?<remaining>.*)'", "serviceId + '/${remaining}'"
management:
  security:
    enabled: false
  server:
    port: 10001
    ssl:
      enabled: false
  endpoint:
    gateway:
      enabled: true
  endpoints:
    web:
      exposure:
        include: "*"
    health:
      sensitive: false
logging:
  level:
    root: DEBUG
    org:
      springframework:
        web: INFO
  pattern:
    console: "%-5level %d{dd-MM-yyyy HH:mm:ss,SSS} [%F:%L] VTC : %msg%n"
    file: "%-5level %d{dd-MM-yyyy HH:mm:ss,SSS} [%F:%L] VTC : %msg%n"
  file: /tmp/log_files/apigateway.log
security:
  basic:
    enabled: false

我们面临的配置问题如下:

将前缀为/api/的url重写为在consul上注册的相应serviceid :我们试图将谓词配置为获取前缀为的路径 应用程序编程接口 重写路径并删除 应用程序编程接口 但仍然不起作用。所以还有其他服务 你好服务/ 已在Consul服务器上注册,但我们希望使用 /API/Hello服务/
将不匹配的请求重定向到默认路径 :我们希望将所有不匹配的请求重定向到UI。
将HTTP重定向到Spring Cloud网关上的HTTPS :我们希望强制所有进入Spring网关的请求都是HTTPS
将HTTPS请求转发到向Consul注册的HTTP ServiceID :向Consul注册的服务在HTTP上,API网关除外,我们希望能够向HTTP后端发送HTTPS请求,即仅在API网关终止HTTPS。

有助于解决上述问题

编辑1: 在@spencergibb的帮助下,我们用https设置了SpringCloud网关。但我们还面临一些其他问题

如果在API网关和服务上同时启用了HTTPS,则收到以下错误

javax.net.ssl.sslexception:握手在超时 io.netty.handler.ssl.ssl handler.handshake(…)(未知源) ~[netty-handler-4.1.31.最终.jar:4.1.31.

如果仅在API网关上启用了HTTPS,则收到以下错误

出现意外错误(类型=未找到,状态=404)。 org.springframework.web.server.responsestatusException:404未找到并收到

对于路径 https://localhost:8443/api/hello-service/hello/message

无法连接

对于路径 http://localhost:8080/hello-service/hello/message

请找到 sample applications

说明:

导航到consul目录并使用命令启动consul服务器 ./consul agent -dev
运行API网关Spring Boot Gradle项目
运行rest demo spring boot gradle项目

编辑2

谢谢您@spencergib,我们成功地在网关上应用了SSL,并在HTTP上调用了注册的服务。自从 Spring Webflux with Netty does not support listening on two ports ,我们创建了一个附加的TCP服务器绑定到HTTP端口 this answer .

我们仍面临一些问题 RewritePath 对于 /api/ 规则

  predicates:
    - name: Path
      args:
        pattern: "'/api/'+serviceId.toLowerCase()+'/**'"
  filters:
    - name: RewritePath
      args:
        regexp: "'/api/' + serviceId.toLowerCase() + '/(?<remaining>.*)'"
        replacement: "'/${remaining}'"

下面是请求的完整跟踪

调试13-02-201903:32∶01 [ FieldWebWebTracel.java:86 ] VTC:排序网关筛选器工厂: [orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.adaptcachedbodglobalfilter@25705fd, 订单号=-2147482648, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.gatewaymetricsfilter@400caab4, 订单号=-2147473648, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.nettyWriteResponseFilter@36e2c50b, 订单=-1 }, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.forwardPathfilter@66f0c6d,order=0, orderedgatewayfilter delegate=org.springframework.cloud.gateway.filter.factory.rewritePathgatewayfilterFactory$$lambda$360/1720581802@5821f2e6, 订单=0 }, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.routetorequesturlfilter@2719239, 订单=10000 }, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.loadbalancerclientfilter@568A9D8F, 订单=10100 }, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.websocketroutingfilter@6ba77da3, 订单号=2147483646, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.nettyroutingfilter@73c24516, 订单号=2147483647, orderedgatewayfilter delegate=gatewayfilteradapter delegate=org.springframework.cloud.gateway.filter.forwardRoutingfilter@461a9938, 顺序=2147483647]跟踪13-02-2019 03:32:01 [例程RealStururLField.java:59 ] VTC:RealTealRealStururLFLASH启动跟踪13-02-201903:32∶02 [ NETTyWrreServsPosiFas.java:68 ] VTC: NettyWriteResponseFilter开始跟踪13-02-2019 03:32:02 [网关度量过滤器.java:101 ] VTC:停止计时器带标记的“gateway.requests” [标记(结果=客户端\错误),标记(routeid=重写\响应\上限),标记(routeuri= http://httpbin.org:80),tag(status=NOT_FOUN

1 回复 | 直到 7 年前

spencergibb 7 年前

需要很多东西

禁用HTTP2
禁用httpclient的ssl配置
更新 locator 谓词和筛选器使用详细配置。

下面是application.yml的结果部分

server:
  port: 8443
  http:
    port: 8080
  servlet:
  # enable HTTP2
#  http2:
#    enabled: true
  # enable compression

# ... removed for brevity

spring:
  application:
    name: api-gateway
  cloud:
    consul:
      enabled: true
    gateway:
#      httpclient:
#        ssl:
#          handshake-timeout-millis: 10000
#          close-notify-flush-timeout-millis: 3000
#          close-notify-read-timeout-millis: 0
#      routes:
      # - id: ui_path_route
      #   predicates:
      #   - Path="'/**'"
      #   filters:
      #   - RewritePath="'/**'", "/ui"
      discovery:
        instanceId: ${spring.application.name}:${vcap.application.instance_id:${spring.application.instance_id:${random.value}}}
        locator:
          enabled: true
          predicates:
          - name: Path
            args:
              pattern: "'/api/' + serviceId + '/**'"
          filters:
          - name: RewritePath
            args:
              regexp: "'/api/' + serviceId + '/(?<remaining>.*)'"
              replacement: "'/${remaining}'"
#... removed for brevity