什么是网关
API Gateway,是系统的唯一对外的入口,介于客户端和服务器端之间的中间层,处理非业务功能 提供路由请求、鉴权、监控、缓存、限流等功能
统一接入
* 智能路由
* AB测试、灰度测试
* 负载均衡、容灾处理
* 日志埋点(类似Nignx日志)
流量监控
* 限流处理
* 服务降级
安全防护
* 鉴权处理
* 监控
* 机器网络隔离
主流的网关
zuul:是Netflix开源的微服务网关,和Eureka,Ribbon,Hystrix等组件配合使用,Zuul 2.0比1.0的性能提高很多
kong: 由Mashape公司开源的,基于Nginx的API gateway
nginx+lua:是一个高性能的HTTP和反向代理服务器,lua是脚本语言,让Nginx执行Lua脚本,并且高并发、非阻塞的处理各种请求
1. zuul路由案例:
1. 导入依赖
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Finchley.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties> <dependencies>
<!-- eureka client -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<!-- zuul网关 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-zuul</artifactId>
</dependency>
</dependencies> <build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
2. 注册到eureka
server:
port: 9000 #服务的名称
spring:
application:
name: api_gatway #指定注册中心地址ַ
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/
3. 主函数开启zuul注解,并且启动
@SpringBootApplication
@EnableZuulProxy// 开启网关代理
public class ApiGatwayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatwayApplication.class, args);
}
}
测试:可以看到服务都已经注册到eureka上了,我们不用配置任何路由规则就可以直接通过注册的服务名称来路由
2. 自定义路由规则:
#自定义路由映射(配置文件加入这段配置就好了)
zuul:
routes:
order-service: /apigateway/order/** #配置后就不能通过serverName访问了。
product-service: /apigateway/product/**
#忽略满足条件的服务(即:忽略所有-service结尾的服务)
ignored-patterns: /*-service/**
#解决http请求头为空的问题 (值为空就好了)
sensitive-headers:
3. 自定义过滤器url校验 / 限流:
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.apache.commons.lang.StringUtils;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
import org.springframework.http.HttpStatus;
/**
* 拦截指定url, 进行参数校验
*/
@Component
public class UrlFilter extends ZuulFilter { // private String pre_filterType = PRE_TYPE; // 前置过滤器(url之前执行)
// private String post_filterType = POST_TYPE; // 后置过滤器
// private String error_filterType = ERROR_TYPE;// 异常过滤器
/**
* 过滤器类型
* @return
*/
@Override
public String filterType() {
return PRE_TYPE;
}
/**
* 过滤器顺序(多个过滤器时, 越小的越先执行)
* @return
*/
@Override
public int filterOrder() { return 3;
} /**
* 过滤器是否生效
* 为false时就不会走run()里面的业务逻辑
* @return
*/
@Override
public boolean shouldFilter() {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest(); // System.out.println(request.getRequestURI());
// System.out.println(request.getRequestURL()); if ("/apigateway/order/api/v1/order/find".equalsIgnoreCase(request.getRequestURI())){
return true;
}
return false;
} /**
* 业务逻辑
* @return
* @throws ZuulException
*/
@Override
public Object run() throws ZuulException {
System.out.println("拦截逻辑");
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest(); //token对象
String id = request.getHeader("id"); if(StringUtils.isBlank((id))){
id = request.getParameter("id");
} //如果id参数为null就程序停止, 同时返回 HttpStatus.UNAUTHORIZED 状态码
if (StringUtils.isBlank(id)) {
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value());
}
return null;
}
}
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.springframework.stereotype.Component;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
import org.springframework.http.HttpStatus;
import com.google.common.util.concurrent.RateLimiter;
/**
* 网关限流
*/
@Component
public class RequestFilter extends ZuulFilter { //每秒产生1000个令牌
private static final RateLimiter RATE_LIMITER = RateLimiter.create(1000); @Override
public String filterType() {
return PRE_TYPE;
} @Override
public int filterOrder() {
return -4;
} @Override
public boolean shouldFilter() {
return true;
} @Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
System.out.println("获取令牌");
boolean tryAcquire = RATE_LIMITER.tryAcquire();
// 如果获取不到就直接停止
if(!tryAcquire){
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(HttpStatus.TOO_MANY_REQUESTS.value());
}
return null;
}
}
解决zuul超时问题, 完整配置文件 (设置ribbon hystrix zuul 超时时间,最好超时时间值比被代理的服务要大。ps: 不需要添加其他依赖包,就一个zuul依赖就好了)
server:
port: 9000 spring:
application:
name: api_gatway # eureka注册地址
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/ ribbon:
ReadTimeout: 7000 #超时时间
ConnectTimeout: 2000 #连接时间
MaxAutoRetries: 1 #同一台实例最大重试次数,不包括首次调用
MaxAutoRetriesNextServer: 1 #重试负载均衡其他的实例最大重试次数,不包括首次调用
OkToRetryOnAllOperations: false #是否所有操作都重试 #解决hystrix+feign超时设置
feign:
hystrix: #开启feign支持hystrix (注意:一定要开启,旧版本默认支持,新版本默认关闭)
enabled: true hystrix:
command:
default:
execution:
isolation:
thread:
timeoutInMilliseconds: 7000 # ========================================================
# 不配置路由规则,默认可以用服务注册名称来路由
# 商品服务:http://localhost:9000/product-service/api/v1/product/list
# 订单服务:http://localhost:9000/order-service/api/v1/order/find?id=3 # 自定义路由规则
zuul:
routes:
order-service: /apigateway/order/**
product-service: /apigateway/product/**
# 禁止对product-service服务路由 (支持多个,逗号隔开就好了)
#ignored-services: product-service
# 禁止对所有-service结尾的服务路由
ignored-patterns: /*-service/**
# 解决http请求头为空的问题 (值为空就好了)
sensitive-headers:
#ignored-headers: accept-language 路由时,不向第三方传递请求头
#sensitive-headers: cookie 路由时,不向第三方传递cookie
host:
socket-timeout-millis: 7000
connect-timeout-millis: 7000 # 经过上面的自定义路由之后
# 访问product-service http://localhost:9000/apigateway/product/api/v1/product/list
# 访问order-service http://localhost:9000/apigateway/order/api/v1/order/find?id=3