Spring-Cloud-Gateway-基础篇（二）

1. 项目地址

https://github.com/HoldDie/spring-cloud-gateway

1. 基本概念

   介绍

• 基于 Spring Framework 5，Project Reactor 和 Spring Boot 2.0
• 集成 Hystrix 断路器（未来要废）
• 集成 Spring Cloud DiscoveryClient
• Predicates 和 Filters 作用于特定路由，易于编写的 Predicates 和 Filters
• 具备一些网关的高级功能：动态路由、限流、路径重写、提供安全、监控、追踪、弹性

• SCG 只能在 Spring Boot 和 Spring Webflux 环境下运行，不能在 War 包形式下运行。

  概念

• Route：网关的基本构建块。它由ID，目标URI，谓词集合和过滤器集合定义。如果聚合谓词为true，则匹配路由。

• Predicate：可以匹配 HTTP 中的所有请求。

• Filter：对于请求的拦截，可以修改请求内容。

  请求流程

请求流程

• Filter 通过责任链模式，可以在请求前和请求后添加自己逻辑。
• 在没有端口的路由中定义的URI，HTTP和HTTPS URI的默认端口值分别为80和443。
  ## Predicates 匹配规则

快捷方式配置

示例

• 快捷方式配置由过滤器名称识别，后跟等号（=），后跟以逗号（，）分隔的参数值。
  ### 全称配置

示例

• 把 Cookie 的全称都写出来，有 name，有 regexp。
  ## Route 匹配规则

规则（时间）之后匹配

示例：所有请求在 2017-01-20 之后可以访问

规则之前匹配

示例：所有请求在 2017-01-20 之前可以访问

区间匹配

示例：两个时间之间可以访问

Cookie 匹配

示例：有对应 Cookie 才可以通过

Header 匹配

示例：请求头里面带有 X-reaquest-Id 才能通过

Host 匹配

示例：允许二级域名通过

方法（GET/POST/PUT/DELETE）匹配

示例：允许 GET 方法通过

路径匹配

示例：允许对应路径通过

请求参数匹配

示例：允许参数通过

远程IP地址匹配

示例：允许指定 IP 段通过

权重路由匹配

示例：两个服务权重分流

网关拦截器工厂

添加请求头

添加请求参数

添加返回头

返回头去重

Hystrix 拦截过滤（未来废弃）

CiruitBreaker 过滤器

普通拉闸

高阶拉闸

FallbackHeaders 异常转发附加信息

请求头参数替换

前缀过滤

保持 Host 请求头

请求限流（Redis 实现）

重定向过滤器

移除请求头

移除返回头

移除请求参数

context路径修改

重新返回头

RewriteLocationResponseHeader

替换请求头参数

保存 session

安全头 SecureHeaders

SetPath 替换 context

请求头参数全部替换

返回头参数全部替换

修改返回状态

踢出请求前缀

重试机制

请求大小限制

替换源请求地址

修改请求体

修改返回体

Global Filter

Filter 排序

Routing 过滤器

负载均衡过滤器

响应时负载均衡

Netty routing 过滤

Netty Routing Filter

Websocket Filter

Metrics Filter

HttpHeadersFilter

RemoveHopByHop

• 移除一些请求头

  XForwarded

• 添加一些 X-Forwarded-* headers

  TLS 和 SSL

服务添加 SSL 认证

GateWay 添加认证

TLS 握手配置

配置

RouteDefinitionLocator 支持多种配置格式

Route 元数据配置

元数据配置

Http 超时配置

全局配置

针对单个配置

支持流式配置

Netty 访问日志

访问日志配置

跨域配置（CORS）

配置

网关监控

启动

查看网关 routes 配置信息

• GET /actuator/gateway/routes

对应开关

返回结果

检索路由过滤器

• 全局过滤器

GET /actuator/gateway/globalfilters

• 路由过滤器

GET /actuator/gateway/routefilters

刷新路由缓存

• POST /actuator/gateway/refresh

  获取 route 列表详情

• GET /actuator/gateway/routes

  获取单个 route 详情

• GET /actuator/gateway/routes/{id}

  新增一个 route

POST /gateway/routes/{id_route_to_create}

删除一个 route

• DELETE /gateway/routes/{id_route_to_delete}

  获取所有的 endpoint

• GET /actuator/gateway

  常见问题

日志级别

• org.springframework.cloud.gateway
• org.springframework.http.server.reactive
• org.springframework.web.reactive
• org.springframework.boot.autoconfigure.web
• reactor.netty

• redisratelimiter

  启动窃听功能

• reactor.netty DEBUG、TRACE

• spring.cloud.gateway.httpserver.wiretap=true

• spring.cloud.gateway.httpclient.wiretap=true

  定制网关

自定义 Route

• 需要实现 RoutePredicateFactory 接口，一般继承 AbstractRoutePredicateFactory 类即可

栗子

自定义 GatewayFilter

• 实现 GatewayFilterFactory 接口，一般继承 AbstractGatewayFilterFactory 类即可。

PreGatewayFilterFactory

PostGatewayFilterFactory

自定义 Global Filter

• 实现 GlobalFilter 接口

栗子

gateway 网关参数

• spring.cloud.gateway.default-filters
  • List of filter definitions that are applied to every route.
• spring.cloud.gateway.discovery.locator.enabled
  • false
  • Flag that enables DiscoveryClient gateway integration.
• spring.cloud.gateway.discovery.locator.filters
• spring.cloud.gateway.discovery.locator.include-expression
  • true
  • SpEL expression that will evaluate whether to include a service in gateway integration or not, defaults to: true.
• spring.cloud.gateway.discovery.locator.lower-case-service-id false
  • Option to lower case serviceId in predicates and filters, defaults to false. Useful with eureka when it automatically uppercases serviceId. so MYSERIVCE, would match /myservice/**
• spring.cloud.gateway.discovery.locator.predicates
• spring.cloud.gateway.discovery.locator.route-id-prefix
  • The prefix for the routeId, defaults to discoveryClient.getClass().getSimpleName() + "_". Service Id will be appended to create the routeId.
• spring.cloud.gateway.discovery.locator.url-expression
  • 'lb://'+serviceId
  • SpEL expression that create the uri for each route, defaults to: 'lb://'+serviceId.
• spring.cloud.gateway.enabled true
  • Enables gateway functionality.
• spring.cloud.gateway.fail-on-route-definition-error
  • true
  • Option to fail on route definition errors, defaults to true. Otherwise, a warning is logged.
• spring.cloud.gateway.filter.remove-hop-by-hop.headers
• spring.cloud.gateway.filter.remove-hop-by-hop.order
• spring.cloud.gateway.filter.request-rate-limiter.deny-empty-key
  • true
  • Switch to deny requests if the Key Resolver returns an empty key, defaults to true.
• spring.cloud.gateway.filter.request-rate-limiter.empty-key-status-code
  • HttpStatus to return when denyEmptyKey is true, defaults to FORBIDDEN.
• spring.cloud.gateway.filter.secure-headers.content-security-policy
  • default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
• spring.cloud.gateway.filter.secure-headers.content-type-options
  • nosniff
• spring.cloud.gateway.filter.secure-headers.disable
• spring.cloud.gateway.filter.secure-headers.download-options
  • noopen
• spring.cloud.gateway.filter.secure-headers.frame-options
  • DENY
• spring.cloud.gateway.filter.secure-headers.permitted-cross-domain-policies
  • none
• spring.cloud.gateway.filter.secure-headers.referrer-policy
  • no-referrer
• spring.cloud.gateway.filter.secure-headers.strict-transport-security
  • max-age=631138519
• spring.cloud.gateway.filter.secure-headers.xss-protection-header
  • 1 ; mode=block
• spring.cloud.gateway.forwarded.enabled
  • true
  • Enables the ForwardedHeadersFilter.
• spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping false
  • If global CORS config should be added to the URL handler.
• spring.cloud.gateway.globalcors.cors-configurations
• spring.cloud.gateway.httpclient.connect-timeout
  • The connect timeout in millis, the default is 45s.
• spring.cloud.gateway.httpclient.max-header-size
  • The max response header size.
• spring.cloud.gateway.httpclient.max-initial-line-length
  • The max initial line length.
• spring.cloud.gateway.httpclient.pool.acquire-timeout
  • Only for type FIXED, the maximum time in millis to wait for aquiring.
• spring.cloud.gateway.httpclient.pool.max-connections
  • Only for type FIXED, the maximum number of connections before starting pending acquisition on existing ones.
• spring.cloud.gateway.httpclient.pool.max-idle-time
  • Time in millis after which the channel will be closed. If NULL, there is no max idle time.
• spring.cloud.gateway.httpclient.pool.max-life-time
  • Duration after which the channel will be closed. If NULL, there is no max life time.
• spring.cloud.gateway.httpclient.pool.name
  • proxy
  • The channel pool map name, defaults to proxy.
• spring.cloud.gateway.httpclient.pool.type
  • Type of pool for HttpClient to use, defaults to ELASTIC.
• spring.cloud.gateway.httpclient.proxy.host
  • Hostname for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.non-proxy-hosts-pattern
  • Regular expression (Java) for a configured list of hosts. that should be reached directly, bypassing the proxy
• spring.cloud.gateway.httpclient.proxy.password
  • Password for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.port
  • Port for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.username
  • Username for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.response-timeout
  • The response timeout.
• spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout
  • 3000ms
  • SSL close_notify flush timeout. Default to 3000 ms.
• spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout-millis
• spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout
  • SSL close_notify read timeout. Default to 0 ms.
• spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout-millis
• spring.cloud.gateway.httpclient.ssl.default-configuration-type
  • The default ssl configuration type. Defaults to TCP.
• spring.cloud.gateway.httpclient.ssl.handshake-timeout
  • 10000ms
  • SSL handshake timeout. Default to 10000 ms
• spring.cloud.gateway.httpclient.ssl.handshake-timeout-millis
• spring.cloud.gateway.httpclient.ssl.key-password
  • Key password, default is same as keyStorePassword.
• spring.cloud.gateway.httpclient.ssl.key-store
  • Keystore path for Netty HttpClient.
• spring.cloud.gateway.httpclient.ssl.key-store-password
  • Keystore password.
• spring.cloud.gateway.httpclient.ssl.key-store-provider
  • Keystore provider for Netty HttpClient, optional field.
• spring.cloud.gateway.httpclient.ssl.key-store-type
  • JKS
  • Keystore type for Netty HttpClient, default is JKS.
• spring.cloud.gateway.httpclient.ssl.trusted-x509-certificates
  • Trusted certificates for verifying the remote endpoint’s certificate.
• spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager
  • false
  • Installs the netty InsecureTrustManagerFactory. This is insecure and not suitable for production.
• spring.cloud.gateway.httpclient.websocket.max-frame-payload-length
  • Max frame payload length.
• spring.cloud.gateway.httpclient.websocket.proxy-ping
  • true
  • Proxy ping frames to downstream services, defaults to true.
• spring.cloud.gateway.httpclient.wiretap
  • false
  • Enables wiretap debugging for Netty HttpClient.
• spring.cloud.gateway.httpserver.wiretap
  • false
  • Enables wiretap debugging for Netty HttpServer.
• spring.cloud.gateway.loadbalancer.use404
  • false
• spring.cloud.gateway.metrics.enabled
  • true
  • Enables the collection of metrics data.
• spring.cloud.gateway.metrics.tags
  • Tags map that added to metrics.
• spring.cloud.gateway.redis-rate-limiter.burst-capacity-header
  • X-RateLimit-Burst-Capacity
  • The name of the header that returns the burst capacity configuration.
• spring.cloud.gateway.redis-rate-limiter.config
• spring.cloud.gateway.redis-rate-limiter.include-headers
  • true
  • Whether or not to include headers containing rate limiter information, defaults to true.
• spring.cloud.gateway.redis-rate-limiter.remaining-header
  • X-RateLimit-Remaining
  • The name of the header that returns number of remaining requests during the current second.
• spring.cloud.gateway.redis-rate-limiter.replenish-rate-header
  • X-RateLimit-Replenish-Rate
  • The name of the header that returns the replenish rate configuration.
• spring.cloud.gateway.redis-rate-limiter.requested-tokens-header
  • X-RateLimit-Requested-Tokens
• The name of the header that returns the requested tokens configuration.
  • spring.cloud.gateway.routes
  • List of Routes.
• spring.cloud.gateway.set-status.original-status-header-name
  • The name of the header which contains http code of the proxied request.
• spring.cloud.gateway.streaming-media-types
• spring.cloud.gateway.x-forwarded.enabled
  • true
  • If the XForwardedHeadersFilter is enabled.
• spring.cloud.gateway.x-forwarded.for-append
  • true
  • If appending X-Forwarded-For as a list is enabled.
• spring.cloud.gateway.x-forwarded.for-enabled
  • true
  • If X-Forwarded-For is enabled.
• spring.cloud.gateway.x-forwarded.host-append
  • true
  • If appending X-Forwarded-Host as a list is enabled.
• spring.cloud.gateway.x-forwarded.host-enabled
  • true
  • If X-Forwarded-Host is enabled.
• spring.cloud.gateway.x-forwarded.order
  • 0
  • The order of the XForwardedHeadersFilter.
• spring.cloud.gateway.x-forwarded.port-append
  • true
  • If appending X-Forwarded-Port as a list is enabled.
• spring.cloud.gateway.x-forwarded.port-enabled
  • true
  • If X-Forwarded-Port is enabled.
• spring.cloud.gateway.x-forwarded.prefix-append
  • true
  • If appending X-Forwarded-Prefix as a list is enabled.
• spring.cloud.gateway.x-forwarded.prefix-enabled
  • true
  • If X-Forwarded-Prefix is enabled.
• spring.cloud.gateway.x-forwarded.proto-append
  • true
  • If appending X-Forwarded-Proto as a list is enabled.
• spring.cloud.gateway.x-forwarded.proto-enabled
  • true
  • If X-Forwarded-Proto is enabled.
• 运行栗子
  ### 正常接口代理

curl http://localhost:8080/get
{
"args": {},
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Forwarded": "proto=http;host=\"localhost:8080\";for=\"0:0:0:0:0:0:0:1:58265\"",
"Host": "httpbin.org",
"User-Agent": "curl/7.64.1",
"X--------------": "1.1.1.1",
"X-Amzn-Trace-Id": "Root=1-5fea8da1-49ecda5f16a83c4225d66956",
"X-Forwarded-Host": "localhost:8080"
},
"origin": "203.90.236.199",
"url": "http://localhost:8080/get"
}

使用 Hystrix

curl --dump-header - --header 'Host: www.hystrix.com'
http://localhost:8080/get
HTTP/1.1 200 OK
Date: Tue, 29 Dec 2020 03:07:11 GMT
Content-Type: application/json
Content-Length: 472
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
{
"args": {},
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Forwarded": "proto=http;host=www.hystrix.com;for=\"0:0:0:0:0:0:0:1:60205\"",
"Hello": "World",
"Host": "httpbin.org",
"User-Agent": "curl/7.64.1",
"X--------------": "1.1.1.1",
"X-Amzn-Trace-Id": "Root=1-5fea9d5f-621231a47d809f3718c485f4",
"X-Forwarded-Host": "www.hystrix.com"
},
"origin": "203.90.236.199",
"url": "http://www.hystrix.com/get"
}

压测结果

wrk -t8 -c40 -d60s --latency http://localhost:8080/get
Running 1m test @ http://localhost:8080/get
8 threads and 40 connections
Thread Stats   Avg      Stdev     Max   +/- Stdev
Latency   294.07ms   65.96ms   1.61s    96.86%
Req/Sec    17.46      8.40    40.00     52.41%
Latency Distribution
50%  285.59ms
75%  288.15ms
90%  289.87ms
99%  601.29ms
8215 requests in 1.00m, 5.26MB read
Socket errors: connect 0, read 0, write 0, timeout 1
Requests/sec:    136.69
Transfer/sec:     89.71KB