| install/aps-etcd.lua | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| install/aps.conf | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| install/aps.lua | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| install/nginx.conf | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 |
install/aps-etcd.lua
New file @@ -0,0 +1,103 @@ --use coroutine,watch realtime local _M = {} local json = require "cjson" local shell = require "resty.shell" local function print_map_keys() local storage = _M.conf.storage local keys = storage:get_keys(1024) if #keys > 0 then ngx.log(ngx.ERR, table.concat(storage:get_keys(1024),",")) else ngx.log(ngx.ERR, "storage empty") end end local function clean_keys(keys, storage) for k, v in pairs(keys) do if not v then ngx.log(ngx.ERR, "delete:" .. k) storage:delete(k) end end end local function get_nodes(key, storage) local key_map = {} local stor_keys = storage:get_keys(1024) for k, v in pairs(stor_keys) do key_map[v] = false end local status, stdout, err, reason, status = shell.run("docker exec etcd etcdctl get --prefix " .. key .. " -w=json") --ngx.log(ngx.ERR, stdout) local resp = json.decode(stdout) if not resp then ngx.log(ngx.ERR, "cli:get resp is nil") return end local kvs = resp.kvs or {} if not kvs or #kvs == 0 then ngx.log(ngx.ERR, "resp.body.kvs is nil") return end for i = 1, #kvs do local kv = kvs[i] if kv.value then local node_key = ngx.decode_base64(kv.key) local node_value = ngx.decode_base64(kv.value) storage:set(node_key, node_value) if key_map[node_key] ~= nil then key_map[node_key] = true end end end clean_keys(key_map, storage) -- 打印测试 print_map_keys() end local function watch(premature, tkey, storage) get_nodes(tkey, storage) local ok, err = ngx.timer.at(5, watch, tkey, storage) if not ok then ngx.log(ngx.ERR, "Restart watch err:"..err) end end -- 在nginx.conf中设置一个全局的aps_nodes_map -- 通过连接etcd, 并监听/aps/nodes/ 前缀的key, 将注册到etcd的apsServer节点添加到aps_nodes_map中 function _M.init(conf) -- Only one worker start the syncer, here will use worker_id == 0 if ngx.worker.id() ~= 0 then return end _M.conf = conf local storage = _M.conf.storage local data = storage:get("init") if data then ngx.log(ngx.ERR, "watch etcd already started") return else storage:set("init", true) end local ok, err = ngx.timer.at(0, watch, conf.key_node, storage) if not ok then ngx.log(ngx.ERR, "Error start api watch:"..err) end end return _M install/aps.conf
New file @@ -0,0 +1,71 @@ upstream aps_server { server 127.0.0.1:80; } upstream aps_user_server { server 127.0.0.1:8001; } server { listen 80; listen 9080; server_name www.fai365.com; location / { root /data/web/; try_files $uri $uri/ /index.html last; autoindex on; index index.html index.htm; error_page 405 =200 http://$host$request_uri; } # location ^~/api-s/ { # proxy_pass http://aps_server; # #rewrite "^/api/(.*)$" $1 break; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Server $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_http_version 1.1; # } location ^~/api-s/ { lua_code_cache off; set $proxy_aps_server ''; access_by_lua ' local aps = require "resty.aps" aps.proxy("/aps/apsServer/node/") '; proxy_pass $proxy_aps_server; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; } location ^~/api/user/ { proxy_pass http://aps_user_server; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; } location ^~/api/base/ { proxy_pass http://aps_user_server; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; } location ^~/api/menu/ { proxy_pass http://aps_user_server; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; } error_page 404 /index.html; } install/aps.lua
New file @@ -0,0 +1,52 @@ local jwt = require "resty.jwt" local secret = "327a9457-899a-481e-8b30-58cc97e5b808" local M = {} function logPrint(msg) ngx.log(ngx.ERR, msg) end function M.proxy(key_prefix) local aps_nodes = ngx.shared.aps_nodes_map -- 读取header local auth_header = ngx.var.http_Authorization if auth_header == nil then ngx.exit(ngx.HTTP_UNAUTHORIZED) end if auth_header .. "" == "" then ngx.exit(ngx.HTTP_UNAUTHORIZED) end -- 获取jwt token local _, _, token = string.find(auth_header, "Bearer%s+(.+)") if token .. "" == "" then ngx.exit(ngx.HTTP_UNAUTHORIZED) end -- 验证token local jwt_obj = jwt:verify(secret, token) if jwt_obj.verified == false then ngx.exit(ngx.HTTP_UNAUTHORIZED) end local parent_id = jwt_obj["payload"]["ParentId"] if parent_id == nil then logPrint("ParentId in token is nil") ngx.exit(ngx.HTTP_UNAUTHORIZED) end --search real ip and port to redirect to by parent_id local node_addr = aps_nodes:get(key_prefix .. parent_id) if not node_addr then ngx.exit(ngx.HTTP_BAD_GATEWAY) end logPrint("aps current parentid is "..parent_id.." key_prefix:"..key_prefix.. " node_addr:"..node_addr) ngx.var.proxy_aps_server = "http://" .. node_addr end return M install/nginx.conf
New file @@ -0,0 +1,143 @@ user root; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { server_names_hash_bucket_size 128; client_header_buffer_size 64k; large_client_header_buffers 8 64k; client_max_body_size 300m; include mime.types; default_type application/octet-stream; lua_socket_log_errors off; lua_package_path "/usr/local/lib/lua/?.lua;/usr/local/openresty/lualib/?.lua;"; #lua模块 #lua_package_path "/usr/local/openresty/lualib/?.lua;;"; #lua模块 lua_package_cpath "/usr/local/openresty/lualib/?.so;;"; #c模块 lua_shared_dict aps_nodes_map 10m; #记录saas用户和ip:port的映射关系 init_worker_by_lua_block { local se = require "resty.aps-etcd" se.init({ protocol = "v3", http_host = "https://172.20.11.127:2379", api_prefix = "/v3", ssl_verify = true, storage = ngx.shared.aps_nodes_map, key_node = "/aps/apsServer/node", timeout = 50, }) } include conf.d/*.conf; #单独lua配置 lua_shared_dict server_ip 10m; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #server { # listen 80; # server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; # location / { # root html; # index index.html index.htm; # } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # root html; # } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} # } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
