kong nginx 配置文件说明&&借鉴
备注:
只是简单的进行说明配置文件,不会牵扯到源码
1. 配置文件位置
// 通过ps 查找
ps -ef |grep nginx
/usr/local/openresty/nginx/sbin/nginx -p /usr/local/kong -c nginx.conf
可以看到kong 不是直接在依赖的openresty 目录进行配置的,这样可以减少对于原有的污染
在实际项目中还是有比较大的借鉴价值的,类似的有lapis 开发模式2. 配置文件结构
// 包含 nginx.conf nginx-kong.conf
nginx.conf 比较简单,使用的是推荐的include 方式
http {
include 'nginx-kong.conf';
}
nginx-kong.conf kong 主要配置都在里面,包含api 地址 admin 地址,以及框架的初始化3. nginx-kong.conf 说明
http 部分
kong 初始化,主要是框架初始化,以及数据空间配置,动态proxy 配置
如下:
init_by_lua_block {
kong = require 'kong'
kong.init()
}
init_worker_by_lua_block {
kong.init_worker()
}
upstream kong_upstream {
server 0.0.0.1;
balancer_by_lua_block {
kong.balancer()
}
keepalive 60;
}
server 部分, 各阶段插件注入,proxy_pass 配置, api 入口地址 admin 配置 证书配置,目前支持sni ,可以动态添加证书
ssl
ssl_certificate_by_lua_block {
kong.ssl_certificate()
}
rewrite_by_lua_block {
kong.rewrite()
}
access_by_lua_block {
kong.access()
}
header_filter_by_lua_block {
kong.header_filter()
}
body_filter_by_lua_block {
kong.body_filter()
}
log_by_lua_block {
kong.log()
}
proxy_pass
proxy_http_version 1.1;
proxy_set_header Host $upstream_host;
proxy_set_header Upgrade $upstream_upgrade;
proxy_set_header Connection $upstream_connection;
proxy_set_header X-Forwarded-For $upstream_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $upstream_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $upstream_x_forwarded_host;
proxy_set_header X-Forwarded-Port $upstream_x_forwarded_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_header Server;
proxy_pass_header Date;
proxy_ssl_name $upstream_host;
proxy_pass $upstream_scheme://kong_upstream$upstream_uri;
admin api
location / {
default_type application/json;
content_by_lua_block {
kong.serve_admin_api()
}
}
备注:
https 加密套件的配置在实际使用还是比较有价值的,具体nginx https 配置可以参考
ssl_protocols TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
sl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
