From 62c24d131a41ee0271a35be3f26d83ed3aa4452d Mon Sep 17 00:00:00 2001
From: cheliequan <liequanche@126.com>
Date: 星期六, 10 六月 2023 12:09:12 +0800
Subject: [PATCH] 更新openresty 安装配置文件
---
install/aps.conf | 71 ++++++++++
install/aps-etcd.lua | 103 ++++++++++++++
install/nginx.conf | 143 ++++++++++++++++++++
install/aps.lua | 52 +++++++
4 files changed, 369 insertions(+), 0 deletions(-)
diff --git a/install/aps-etcd.lua b/install/aps-etcd.lua
new file mode 100644
index 0000000..97ff169
--- /dev/null
+++ b/install/aps-etcd.lua
@@ -0,0 +1,103 @@
+--use coroutine,watch realtime
+local _M = {}
+
+local json = require "cjson"
+local shell = require "resty.shell"
+
+local function print_map_keys()
+ local storage = _M.conf.storage
+
+ local keys = storage:get_keys(1024)
+ if #keys > 0 then
+ ngx.log(ngx.ERR, table.concat(storage:get_keys(1024),","))
+ else
+ ngx.log(ngx.ERR, "storage empty")
+ end
+end
+
+local function clean_keys(keys, storage)
+ for k, v in pairs(keys) do
+ if not v then
+ ngx.log(ngx.ERR, "delete:" .. k)
+ storage:delete(k)
+ end
+ end
+end
+
+local function get_nodes(key, storage)
+ local key_map = {}
+ local stor_keys = storage:get_keys(1024)
+ for k, v in pairs(stor_keys) do
+ key_map[v] = false
+ end
+
+ local status, stdout, err, reason, status = shell.run("docker exec etcd etcdctl get --prefix " .. key .. " -w=json")
+ --ngx.log(ngx.ERR, stdout)
+
+ local resp = json.decode(stdout)
+
+ if not resp then
+ ngx.log(ngx.ERR, "cli:get resp is nil")
+ return
+ end
+
+ local kvs = resp.kvs or {}
+ if not kvs or #kvs == 0 then
+ ngx.log(ngx.ERR, "resp.body.kvs is nil")
+ return
+ end
+
+ for i = 1, #kvs do
+ local kv = kvs[i]
+ if kv.value then
+ local node_key = ngx.decode_base64(kv.key)
+ local node_value = ngx.decode_base64(kv.value)
+
+ storage:set(node_key, node_value)
+ if key_map[node_key] ~= nil then
+ key_map[node_key] = true
+ end
+ end
+ end
+
+ clean_keys(key_map, storage)
+
+ -- 鎵撳嵃娴嬭瘯
+ print_map_keys()
+end
+
+local function watch(premature, tkey, storage)
+ get_nodes(tkey, storage)
+
+ local ok, err = ngx.timer.at(5, watch, tkey, storage)
+ if not ok then
+ ngx.log(ngx.ERR, "Restart watch err:"..err)
+ end
+end
+
+-- 鍦╪ginx.conf涓缃竴涓叏灞�鐨刟ps_nodes_map
+-- 閫氳繃杩炴帴etcd, 骞剁洃鍚�/aps/nodes/ 鍓嶇紑鐨刱ey, 灏嗘敞鍐屽埌etcd鐨刟psServer鑺傜偣娣诲姞鍒癮ps_nodes_map涓�
+function _M.init(conf)
+ -- Only one worker start the syncer, here will use worker_id == 0
+ if ngx.worker.id() ~= 0 then
+ return
+ end
+
+ _M.conf = conf
+
+ local storage = _M.conf.storage
+ local data = storage:get("init")
+ if data then
+ ngx.log(ngx.ERR, "watch etcd already started")
+ return
+ else
+ storage:set("init", true)
+ end
+
+ local ok, err = ngx.timer.at(0, watch, conf.key_node, storage)
+ if not ok then
+ ngx.log(ngx.ERR, "Error start api watch:"..err)
+ end
+end
+
+return _M
diff --git a/install/aps.conf b/install/aps.conf
new file mode 100644
index 0000000..ab65adc
--- /dev/null
+++ b/install/aps.conf
@@ -0,0 +1,71 @@
+upstream aps_server {
+ server 127.0.0.1:80;
+}
+
+upstream aps_user_server {
+ server 127.0.0.1:8001;
+}
+
+server {
+ listen 80;
+ listen 9080;
+ server_name www.fai365.com;
+
+location / {
+ root /data/web/;
+ try_files $uri $uri/ /index.html last;
+ autoindex on;
+ index index.html index.htm;
+ error_page 405 =200 http://$host$request_uri;
+ }
+
+# location ^~/api-s/ {
+# proxy_pass http://aps_server;
+# #rewrite "^/api/(.*)$" $1 break;
+# proxy_set_header X-Forwarded-Host $host;
+# proxy_set_header X-Forwarded-Server $host;
+# proxy_set_header X-Real-IP $remote_addr;
+# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+# proxy_http_version 1.1;
+# }
+ location ^~/api-s/ {
+ lua_code_cache off;
+ set $proxy_aps_server '';
+ access_by_lua '
+ local aps = require "resty.aps"
+ aps.proxy("/aps/apsServer/node/")
+ ';
+ proxy_pass $proxy_aps_server;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ }
+
+ location ^~/api/user/ {
+ proxy_pass http://aps_user_server;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ }
+ location ^~/api/base/ {
+ proxy_pass http://aps_user_server;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ }
+ location ^~/api/menu/ {
+ proxy_pass http://aps_user_server;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ }
+ error_page 404 /index.html;
+}
diff --git a/install/aps.lua b/install/aps.lua
new file mode 100644
index 0000000..ead40b2
--- /dev/null
+++ b/install/aps.lua
@@ -0,0 +1,52 @@
+local jwt = require "resty.jwt"
+local secret = "327a9457-899a-481e-8b30-58cc97e5b808"
+
+local M = {}
+
+function logPrint(msg)
+ ngx.log(ngx.ERR, msg)
+end
+
+function M.proxy(key_prefix)
+ local aps_nodes = ngx.shared.aps_nodes_map
+
+ -- 璇诲彇header
+ local auth_header = ngx.var.http_Authorization
+ if auth_header == nil then
+ ngx.exit(ngx.HTTP_UNAUTHORIZED)
+ end
+
+ if auth_header .. "" == "" then
+ ngx.exit(ngx.HTTP_UNAUTHORIZED)
+ end
+
+ -- 鑾峰彇jwt token
+ local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+ if token .. "" == "" then
+ ngx.exit(ngx.HTTP_UNAUTHORIZED)
+ end
+
+ -- 楠岃瘉token
+ local jwt_obj = jwt:verify(secret, token)
+ if jwt_obj.verified == false then
+ ngx.exit(ngx.HTTP_UNAUTHORIZED)
+ end
+
+ local parent_id = jwt_obj["payload"]["ParentId"]
+ if parent_id == nil then
+ logPrint("ParentId in token is nil")
+ ngx.exit(ngx.HTTP_UNAUTHORIZED)
+ end
+
+
+ --search real ip and port to redirect to by parent_id
+ local node_addr = aps_nodes:get(key_prefix .. parent_id)
+ if not node_addr then
+ ngx.exit(ngx.HTTP_BAD_GATEWAY)
+ end
+
+ logPrint("aps current parentid is "..parent_id.." key_prefix:"..key_prefix.. " node_addr:"..node_addr)
+ ngx.var.proxy_aps_server = "http://" .. node_addr
+end
+
+return M
diff --git a/install/nginx.conf b/install/nginx.conf
new file mode 100644
index 0000000..1fc4124
--- /dev/null
+++ b/install/nginx.conf
@@ -0,0 +1,143 @@
+
+user root;
+worker_processes 1;
+
+#error_log logs/error.log;
+#error_log logs/error.log notice;
+#error_log logs/error.log info;
+
+#pid logs/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ server_names_hash_bucket_size 128;
+ client_header_buffer_size 64k;
+ large_client_header_buffers 8 64k;
+ client_max_body_size 300m;
+ include mime.types;
+ default_type application/octet-stream;
+
+ lua_socket_log_errors off;
+ lua_package_path "/usr/local/lib/lua/?.lua;/usr/local/openresty/lualib/?.lua;"; #lua妯″潡
+ #lua_package_path "/usr/local/openresty/lualib/?.lua;;"; #lua妯″潡
+ lua_package_cpath "/usr/local/openresty/lualib/?.so;;"; #c妯″潡
+
+ lua_shared_dict aps_nodes_map 10m; #璁板綍saas鐢ㄦ埛鍜宨p:port鐨勬槧灏勫叧绯�
+ init_worker_by_lua_block {
+ local se = require "resty.aps-etcd"
+ se.init({
+ protocol = "v3",
+ http_host = "https://172.20.11.127:2379",
+ api_prefix = "/v3",
+ ssl_verify = true,
+ storage = ngx.shared.aps_nodes_map,
+ key_node = "/aps/apsServer/node",
+ timeout = 50,
+ })
+ }
+
+ include conf.d/*.conf; #鍗曠嫭lua閰嶇疆
+ lua_shared_dict server_ip 10m;
+
+ #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ # '$status $body_bytes_sent "$http_referer" '
+ # '"$http_user_agent" "$http_x_forwarded_for"';
+
+ #access_log logs/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ #keepalive_timeout 0;
+ keepalive_timeout 65;
+
+ #gzip on;
+
+#server {
+# listen 80;
+# server_name localhost;
+
+ #charset koi8-r;
+
+ #access_log logs/host.access.log main;
+
+# location / {
+# root html;
+# index index.html index.htm;
+# }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+# error_page 500 502 503 504 /50x.html;
+# location = /50x.html {
+# root html;
+# }
+
+ # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+ #
+ #location ~ \.php$ {
+ # proxy_pass http://127.0.0.1;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # root html;
+ # fastcgi_pass 127.0.0.1:9000;
+ # fastcgi_index index.php;
+ # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+# }
+
+
+ # another virtual host using mix of IP-, name-, and port-based configuration
+ #
+ #server {
+ # listen 8000;
+ # listen somename:8080;
+ # server_name somename alias another.alias;
+
+ # location / {
+ # root html;
+ # index index.html index.htm;
+ # }
+ #}
+
+
+ # HTTPS server
+ #
+ #server {
+ # listen 443 ssl;
+ # server_name localhost;
+
+ # ssl_certificate cert.pem;
+ # ssl_certificate_key cert.key;
+
+ # ssl_session_cache shared:SSL:1m;
+ # ssl_session_timeout 5m;
+
+ # ssl_ciphers HIGH:!aNULL:!MD5;
+ # ssl_prefer_server_ciphers on;
+
+ # location / {
+ # root html;
+ # index index.html index.htm;
+ # }
+ #}
+
+}
--
Gitblit v1.8.0