Spring-Cloud-Gateway 基础(一)

介绍

  • 基于 Spring Framework 5,Project Reactor 和 Spring Boot 2.0
  • 集成 Hystrix 断路器(未来要废)
  • 集成 Spring Cloud DiscoveryClient
  • Predicates 和 Filters 作用于特定路由,易于编写的 Predicates 和 Filters
  • 具备一些网关的高级功能:动态路由、限流、路径重写、提供安全、监控、追踪、弹性
  • SCG 只能在 Spring Boot 和 Spring Webflux 环境下运行,不能在 War 包形式下运行。

概念

  • Route:网关的基本构建块。它由ID,目标URI,谓词集合和过滤器集合定义。如果聚合谓词为true,则匹配路由。
  • Predicate:可以匹配 HTTP 中的所有请求。
  • Filter:对于请求的拦截,可以修改请求内容。

请求流程

请求流程

img

  • Filter 通过责任链模式,可以在请求前和请求后添加自己逻辑。
  • 在没有端口的路由中定义的URI,HTTP和HTTPS URI的默认端口值分别为80和443。

Predicates 匹配规则

快捷方式配置

  • 示例

    img

  • 快捷方式配置由过滤器名称识别,后跟等号(=),后跟以逗号(,)分隔的参数值。

全称配置

  • 示例

    img

  • 把 Cookie 的全称都写出来,有 name,有 regexp。

Route 匹配规则

规则(时间)之后匹配

  • 示例:所有请求在 2017-01-20 之后可以访问

    img

规则之前匹配

  • 示例:所有请求在 2017-01-20 之前可以访问

    img

请求两次匹配

  • 示例:两个时间之间可以访问

    img

  • 示例:有对应 Cookie 才可以通过

    img

Header 匹配

  • 示例:请求头里面带有 X-reaquest-Id 才能通过

    img

Host 匹配

  • 示例:允许二级域名通过

    img

方法(GET/POST/PUT/DELETE)匹配

  • 示例:允许 GET 方法通过

    img

路径匹配

  • 示例:允许对应路径通过

    img

请求参数匹配

  • 示例:允许参数通过

    img

远程IP地址匹配

  • 示例:允许指定 IP 段通过

    img

权重路由匹配

  • 示例:两个服务权重分流

    img

网关拦截器工厂

添加请求头

img

img

添加请求参数

img

img

添加返回头

img

img

返回头去重

img

Hystrix 拦截过滤(未来废弃)

img

CiruitBreaker 过滤器

  • 普通拉闸

    img

  • 高阶拉闸

    img

FallbackHeaders 异常转发附加信息

img

请求头参数替换

img

前缀过滤

img

保持 Host 请求头

img

请求限流(Redis 实现)

img

重定向过滤器

img

移除请求头

img

移除返回头

img

移除请求参数

img

context路径修改

img

重新返回头

  • RewriteLocationResponseHeader

    img

替换请求头参数

img

保存 session

img

安全头 SecureHeaders

img

SetPath 替换 context

img

请求头参数全部替换

img

返回头参数全部替换

img

修改返回状态

img

踢出请求前缀

img

重试机制

img

请求大小限制

img

替换源请求地址

img

修改请求体

修改返回体

Global Filter

Filter 排序

Routing 过滤器

负载均衡过滤器

响应时负载均衡

Netty routing 过滤

Netty Routing Filter

Websocket Filter

Metrics Filter

HttpHeadersFilter

RemoveHopByHop

  • 移除一些请求头

XForwarded

  • 添加一些 X-Forwarded-* headers

TLS 和 SSL

服务添加 SSL 认证

img

GateWay 添加认证

img

TLS 握手配置

img

配置

RouteDefinitionLocator 支持多种配置格式

img

Route 元数据配置

元数据配置

img

Http 超时配置

全局配置

img

针对单个配置

img

支持流式配置

img

Netty 访问日志

访问日志配置

img

跨域配置(CORS)

配置

img

网关监控

启动

img

查看网关 routes 配置信息

  • GET /actuator/gateway/routes

  • 对应开关

    img

    返回结果

    img

检索路由过滤器

  • 全局过滤器

    • GET /actuator/gateway/globalfilters

      img

  • 路由过滤器

    • GET /actuator/gateway/routefilters

      img

刷新路由缓存

  • POST /actuator/gateway/refresh

获取 route 列表详情

  • GET /actuator/gateway/routes

获取单个 route 详情

  • GET /actuator/gateway/routes/

新增一个 route

  • POST /gateway/routes/

    img

删除一个 route

  • DELETE /gateway/routes/

获取所有的 endpoint

  • GET /actuator/gateway

常见问题

日志级别

  • org.springframework.cloud.gateway
  • org.springframework.http.server.reactive
  • org.springframework.web.reactive
  • org.springframework.boot.autoconfigure.web
  • reactor.netty
  • redisratelimiter

启动窃听功能

  • reactor.netty DEBUG、TRACE
  • spring.cloud.gateway.httpserver.wiretap=true
  • spring.cloud.gateway.httpclient.wiretap=true

定制网关

自定义 Route

  • 需要实现 RoutePredicateFactory 接口,一般继承 AbstractRoutePredicateFactory 类即可

  • 栗子

    img

自定义 GatewayFilter

  • 实现 GatewayFilterFactory 接口,一般继承 AbstractGatewayFilterFactory 类即可。

  • PreGatewayFilterFactory

    img

    PostGatewayFilterFactory

    img

自定义 Global Filter

  • 实现 GlobalFilter 接口

  • 栗子

    img

gateway 网关参数

  • spring.cloud.gateway.default-filters
    • List of filter definitions that are applied to every route.
  • spring.cloud.gateway.discovery.locator.enabled
    • false
    • Flag that enables DiscoveryClient gateway integration.
  • spring.cloud.gateway.discovery.locator.filters
  • spring.cloud.gateway.discovery.locator.include-expression
    • true
    • SpEL expression that will evaluate whether to include a service in gateway integration or not, defaults to: true.
  • spring.cloud.gateway.discovery.locator.lower-case-service-id false
    • Option to lower case serviceId in predicates and filters, defaults to false. Useful with eureka when it automatically uppercases serviceId. so MYSERIVCE, would match /myservice/**
  • spring.cloud.gateway.discovery.locator.predicates
  • spring.cloud.gateway.discovery.locator.route-id-prefix
    • The prefix for the routeId, defaults to discoveryClient.getClass().getSimpleName() + "_". Service Id will be appended to create the routeId.
  • spring.cloud.gateway.discovery.locator.url-expression
  • spring.cloud.gateway.enabled true
    • Enables gateway functionality.
  • spring.cloud.gateway.fail-on-route-definition-error
    • true
    • Option to fail on route definition errors, defaults to true. Otherwise, a warning is logged.
  • spring.cloud.gateway.filter.remove-hop-by-hop.headers
  • spring.cloud.gateway.filter.remove-hop-by-hop.order
  • spring.cloud.gateway.filter.request-rate-limiter.deny-empty-key
    • true
    • Switch to deny requests if the Key Resolver returns an empty key, defaults to true.
  • spring.cloud.gateway.filter.request-rate-limiter.empty-key-status-code
    • HttpStatus to return when denyEmptyKey is true, defaults to FORBIDDEN.
  • spring.cloud.gateway.filter.secure-headers.content-security-policy
    • default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
  • spring.cloud.gateway.filter.secure-headers.content-type-options
    • nosniff
  • spring.cloud.gateway.filter.secure-headers.disable
  • spring.cloud.gateway.filter.secure-headers.download-options
    • noopen
  • spring.cloud.gateway.filter.secure-headers.frame-options
    • DENY
  • spring.cloud.gateway.filter.secure-headers.permitted-cross-domain-policies
    • none
  • spring.cloud.gateway.filter.secure-headers.referrer-policy
    • no-referrer
  • spring.cloud.gateway.filter.secure-headers.strict-transport-security
    • max-age=631138519
  • spring.cloud.gateway.filter.secure-headers.xss-protection-header
    • 1 ; mode=block
  • spring.cloud.gateway.forwarded.enabled
    • true
    • Enables the ForwardedHeadersFilter.
  • spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping false
    • If global CORS config should be added to the URL handler.
  • spring.cloud.gateway.globalcors.cors-configurations
  • spring.cloud.gateway.httpclient.connect-timeout
    • The connect timeout in millis, the default is 45s.
  • spring.cloud.gateway.httpclient.max-header-size
    • The max response header size.
  • spring.cloud.gateway.httpclient.max-initial-line-length
    • The max initial line length.
  • spring.cloud.gateway.httpclient.pool.acquire-timeout
    • Only for type FIXED, the maximum time in millis to wait for aquiring.
  • spring.cloud.gateway.httpclient.pool.max-connections
    • Only for type FIXED, the maximum number of connections before starting pending acquisition on existing ones.
  • spring.cloud.gateway.httpclient.pool.max-idle-time
    • Time in millis after which the channel will be closed. If NULL, there is no max idle time.
  • spring.cloud.gateway.httpclient.pool.max-life-time
    • Duration after which the channel will be closed. If NULL, there is no max life time.
  • spring.cloud.gateway.httpclient.pool.name
    • proxy
    • The channel pool map name, defaults to proxy.
  • spring.cloud.gateway.httpclient.pool.type
    • Type of pool for HttpClient to use, defaults to ELASTIC.
  • spring.cloud.gateway.httpclient.proxy.host
    • Hostname for proxy configuration of Netty HttpClient.
  • spring.cloud.gateway.httpclient.proxy.non-proxy-hosts-pattern
    • Regular expression (Java) for a configured list of hosts. that should be reached directly, bypassing the proxy
  • spring.cloud.gateway.httpclient.proxy.password
    • Password for proxy configuration of Netty HttpClient.
  • spring.cloud.gateway.httpclient.proxy.port
    • Port for proxy configuration of Netty HttpClient.
  • spring.cloud.gateway.httpclient.proxy.username
    • Username for proxy configuration of Netty HttpClient.
  • spring.cloud.gateway.httpclient.response-timeout
    • The response timeout.
  • spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout
    • 3000ms
    • SSL close_notify flush timeout. Default to 3000 ms.
  • spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout-millis
  • spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout
    • SSL close_notify read timeout. Default to 0 ms.
  • spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout-millis
  • spring.cloud.gateway.httpclient.ssl.default-configuration-type
    • The default ssl configuration type. Defaults to TCP.
  • spring.cloud.gateway.httpclient.ssl.handshake-timeout
    • 10000ms
    • SSL handshake timeout. Default to 10000 ms
  • spring.cloud.gateway.httpclient.ssl.handshake-timeout-millis
  • spring.cloud.gateway.httpclient.ssl.key-password
    • Key password, default is same as keyStorePassword.
  • spring.cloud.gateway.httpclient.ssl.key-store
    • Keystore path for Netty HttpClient.
  • spring.cloud.gateway.httpclient.ssl.key-store-password
    • Keystore password.
  • spring.cloud.gateway.httpclient.ssl.key-store-provider
    • Keystore provider for Netty HttpClient, optional field.
  • spring.cloud.gateway.httpclient.ssl.key-store-type
    • JKS
    • Keystore type for Netty HttpClient, default is JKS.
  • spring.cloud.gateway.httpclient.ssl.trusted-x509-certificates
    • Trusted certificates for verifying the remote endpoint’s certificate.
  • spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager
    • false
    • Installs the netty InsecureTrustManagerFactory. This is insecure and not suitable for production.
  • spring.cloud.gateway.httpclient.websocket.max-frame-payload-length
    • Max frame payload length.
  • spring.cloud.gateway.httpclient.websocket.proxy-ping
    • true
    • Proxy ping frames to downstream services, defaults to true.
  • spring.cloud.gateway.httpclient.wiretap
    • false
    • Enables wiretap debugging for Netty HttpClient.
  • spring.cloud.gateway.httpserver.wiretap
    • false
    • Enables wiretap debugging for Netty HttpServer.
  • spring.cloud.gateway.loadbalancer.use404
    • false
  • spring.cloud.gateway.metrics.enabled
    • true
    • Enables the collection of metrics data.
  • spring.cloud.gateway.metrics.tags
    • Tags map that added to metrics.
  • spring.cloud.gateway.redis-rate-limiter.burst-capacity-header
    • X-RateLimit-Burst-Capacity
    • The name of the header that returns the burst capacity configuration.
  • spring.cloud.gateway.redis-rate-limiter.config
  • spring.cloud.gateway.redis-rate-limiter.include-headers
    • true
    • Whether or not to include headers containing rate limiter information, defaults to true.
  • spring.cloud.gateway.redis-rate-limiter.remaining-header
    • X-RateLimit-Remaining
    • The name of the header that returns number of remaining requests during the current second.
  • spring.cloud.gateway.redis-rate-limiter.replenish-rate-header
    • X-RateLimit-Replenish-Rate
    • The name of the header that returns the replenish rate configuration.
  • spring.cloud.gateway.redis-rate-limiter.requested-tokens-header
    • X-RateLimit-Requested-Tokens
  • The name of the header that returns the requested tokens configuration.
    • spring.cloud.gateway.routes
    • List of Routes.
  • spring.cloud.gateway.set-status.original-status-header-name
    • The name of the header which contains http code of the proxied request.
  • spring.cloud.gateway.streaming-media-types
  • spring.cloud.gateway.x-forwarded.enabled
    • true
    • If the XForwardedHeadersFilter is enabled.
  • spring.cloud.gateway.x-forwarded.for-append
    • true
    • If appending X-Forwarded-For as a list is enabled.
  • spring.cloud.gateway.x-forwarded.for-enabled
    • true
    • If X-Forwarded-For is enabled.
  • spring.cloud.gateway.x-forwarded.host-append
    • true
    • If appending X-Forwarded-Host as a list is enabled.
  • spring.cloud.gateway.x-forwarded.host-enabled
    • true
    • If X-Forwarded-Host is enabled.
  • spring.cloud.gateway.x-forwarded.order
    • 0
    • The order of the XForwardedHeadersFilter.
  • spring.cloud.gateway.x-forwarded.port-append
    • true
    • If appending X-Forwarded-Port as a list is enabled.
  • spring.cloud.gateway.x-forwarded.port-enabled
    • true
    • If X-Forwarded-Port is enabled.
  • spring.cloud.gateway.x-forwarded.prefix-append
    • true
    • If appending X-Forwarded-Prefix as a list is enabled.
  • spring.cloud.gateway.x-forwarded.prefix-enabled
    • true
    • If X-Forwarded-Prefix is enabled.
  • spring.cloud.gateway.x-forwarded.proto-append
    • true
    • If appending X-Forwarded-Proto as a list is enabled.
  • spring.cloud.gateway.x-forwarded.proto-enabled
    • true
    • If X-Forwarded-Proto is enabled.
posted @ 2020-12-28 16:01  吼怠  阅读(2313)  评论(1编辑  收藏  举报