springcloud实践（二）之api网关：zuul

zuul是什么?

• front door. API Gateway.Zuul is a JVM based router and server side load balancer by Netflix.
• 所有请求的入口。
• As an edge service application, Zuul is built to enable dynamic routing, monitoring, resiliency and security. 作为边界应用服务，zuul能实现动态路由、监控、弹性与安全性。
• 用groovy编写。

Netflix uses Zuul for the following:

Authentication 认证
Insights 洞察力
Stress Testing 压力测试
Canary Testing 金丝雀测试
Dynamic Routing 动态路由
Service Migration 服务迁移
Load Shedding 减载
Security 安全
Static Response handling 静态响应处理
Active/Active traffic management

如果以后想设计网关，可按照上面进行対飚设计。

zuul 请求处理过程：

使用注意事项

1. If you need your routes to have their order preserved you need to use a YAML file as the ordering will be lost using a properties file.如果你希望按照书写顺序来执行路由规则，则必须使用YAML文件，不能使用properties

Embedded Zuul Reverse Proxy

使用代理，方便前端调用后端服务，避免CORS（跨域资源访问）和权限问题，

• @EnableZuulProxy
• The proxy uses Ribbon to locate an instance to forward to via discovery, and all requests are executed in a hystrix command, so failures will show up in Hystrix metrics, and once the circuit is open the proxy will not try to contact the service.代理通过服务发现调用服务，通过ribbon定位实例，所有请求通过hystrix命令模式来执行。失败信息都会在收集在hystrix指标体系中，一旦进入熔断模式，代理将无法访问服务。
• 至少需要集成discovery client，如eureka

Zuul Http Client

The default HTTP client used by zuul is now backed by the Apache HTTP Client instead of the deprecated Ribbon RestClient.

To use RestClient or to use the okhttp3.OkHttpClient set
ribbon.restclient.enabled=true
or
ribbon.okhttp.enabled=true

现在默认使用apache client.

Cookies and Sensitive Headers

对cookie和headers敏感，就是说可以制定headers的规则来过滤请求。Spring Cloud Netflix 1.1 以上版本才有此功能。

 zuul:
  routes:
    users:
      path: /myusers/**
      sensitiveHeaders: Cookie,Set-Cookie,Authorization  # blacklist，如果不过滤，则须显式设为空。
      url: https://downstream

set globally by setting zuul.sensitiveHeaders      

Strangulation Patterns and Local Forwards

应用如何由老版本向新版本？

• 扼杀模式（使其慢慢窒息的方式）：一部分调用老应用，一部分调用新应用。
• hystrix也可以提供控制新老应用的切换

Uploading Files through Zuul

小文件可以通过zuul proxy,大文件通过 Spring DispatcherServlet。

Query String Encoding

The result can be different than the original input if it was encoded using Javascript’s encodeURIComponent() method for example. While this causes no issues in most cases, some web servers can be picky with the encoding of complex query string.

zuul:
  forceOriginalQueryStringEncoding: true

Note: This special flag only works with SimpleHostRoutingFilter and you loose the ability to easily override query parameters with RequestContext.getCurrentContext().setRequestQueryParams(someOverriddenParameters) since the query string is now fetched directly on the original HttpServletRequest.

Disable Zuul Filters

默认会使用很多filters，可采用如下方式禁止

set zuul...disable=true.

zuul.SendResponseFilter.post.disable=true

Zuul Timeouts

• zuul在使用服务发现和路由时，需配置超时参数如下：

• If Zuul is using service discovery than you need to configure these timeouts via Ribbon properties, ribbon.ReadTimeout and ribbon.SocketTimeout.

• If you have configured Zuul routes by specifying URLs than you will need to use zuul.host.connect-timeout-millis and zuul.host.socket-timeout-millis.

Rewriting Location header

If Zuul is fronting a web application then there may be a need to re-write the Location header when the web application redirects through a http status code of 3XX。当通过3XX重定向时，需要重写header,否则会重定向到web url而不是zuul url.

重写 filter

import org.springframework.cloud.netflix.zuul.filters.post.LocationRewriteFilter;
...

@Configuration
@EnableZuulProxy
public class ZuulConfig {
    @Bean
    public LocationRewriteFilter locationRewriteFilter() {
        return new LocationRewriteFilter();
    }
}

Note:不一定适应所有情况，万一就是要重定向到外部url.

Zuul Developer Guide

The Zuul Servlet

Zuul is implemented as a Servlet. For the general cases, Zuul is embedded into the Spring Dispatch mechanism. This allows Spring MVC to be in control of the routing.

zuul是servlet.zuul嵌入springd的请求转发机制，这样spring mvc由它来控制路由。

zuul一般配置缓存请求，当大文件上传时例外。

by default:/zuul. zuul.servlet-path

Zuul RequestContext

RequestContext

• 请求数据保存在ThreadLocal中,Information about where to route requests, errors and the actual HttpServletRequest and HttpServletResponse are stored there.
• RequestContext继承了ConcurrentHashMap

@EnableZuulProxy vs. @EnableZuulServer

@EnableZuulProxy > @EnableZuulServer, 多了路由功能。The additional filters in the "proxy" enable routing functionality.

Filters

How to Write a Route Filter

extends ZuulFilter 继承以下三类过滤器：

• Pre Filter
• Route Filter
• Post Fitler

在run()中,对request、OkHttpClient、response做修改。

How Zuul Errors Work

The SendErrorFilter is only run if RequestContext.getThrowable() is not null.

It then sets specific javax.servlet.error.* attributes in the request and forwards the request to the Spring Boot error page. 如何设置该属性？

ajax请求如何处理？

Zuul Eager Application Context Loading

Ribbon clients are by default lazily loaded up by Spring Cloud on first call.Ribbon clients默认为延迟加载

修改配置，让其在应用启动时加载：

zuul:
  ribbon:
    eager-load:
      enabled: true

practice

通过url映射的方式来实现zull的转发有局限性

stripPrefix默认为true。This means that all calls such as "/myusers/101" will be forwarded to "/101" on the "users" service.

spring.application.name=gateway-service-zuul
server.port=8888
#这里的配置表示，访问/it/** 直接重定向到http://www.ityouknow.com/**
zuul.routes.baidu.path=/it/**
zuul.routes.baidu.url=http://www.ityouknow.com/

通过serviceId（即application name）来转发

zuul:
  routes:
    producer:
      path: /wifi/**
      serviceId: wifi-service
  strip-prefix: true

zuul高可用

参数优化

1. 为Spring Cloud Ribbon配置请求重试

zuul.host.connect-timeout-millis
zuul.host.socket-timeout-millis
zuul.eureka.[service id].semaphore.maxSemaphores: 128

spring.cloud.loadbalancer.retry.enabled=true

hystrix.command.default.execution.isolation.thread.timeoutInMilliseconds=10000

hello-service.ribbon.ConnectTimeout=250
hello-service.ribbon.ReadTimeout=1000

zuul存在的问题

在实际使用中我们会发现直接使用Zuul会存在诸多问题，包括：

• 性能问题：当存在大量请求超时后会造成Zuul阻塞，目前只能通过横向扩展Zuul实例实现对高并发的支持；

• WebSocket的支持问题： Zuul中并不直接提供对WebSocket的支持，需要添加额外的过滤器实现对WebSocket的支持；
  
  

• 缺少请求速率限制功能，已有第三方jar包提供：zuul进行rate limit

性能问题解决方案：集群、高可用

Zuul is just a stateless service with an HTTP endpoint, hence, we can have as many Zuul instances as we need.

• zuul多个节点启动，自身也可以作为服务，注册到eureka上。
  
  

High availability when client is not a Eureka Client. The Zuul instances, in this case, will be running behind a load balancer such as HAProxy, or a hardware load balancer like NetScaler:

高可用负载均衡选型haproxy vs nginx

选择haproxy，理由如下：

• 从定位上选择，haproxy组件功能单一，只做LB; nginx重点是web服务器，替换的是apache，同时具备lb的作用
• haproxy有心跳检测，nginx需要集成第三方插件
• haproxy有监控页面
• haproxy负载均衡算法更多、更好。
• 支持虚拟主机

如果担心LB单点问题，可采用keepalived+haproxy.

网站并发达到一定程度之后，为了提高稳定性和转发效率，可以使用LVS、毕竟LVS比Nginx/HAproxy要更稳定，转发效率也更高。不过维护LVS对维护人员的要求也会更高，投入成本也更大。

展望

zuul已经开源几年了，现在已有新的开源项目Spring Cloud Gateway，刚开源不久，还不成熟。从其公布的特性，集成了服务发现、断路器、限流等功能。

Spring Cloud Gateway features:

• Built on Spring Framework 5, Project Reactor and Spring Boot 2.0
• Able to match routes on any request attribute.
• Predicates and filters are specific to routes.
• Hystrix Circuit Breaker integration.
• Spring Cloud DiscoveryClient integration
• Easy to write Predicates and Filters
• Request Rate Limiting
• Path Rewriting

参考文献

1. zull wiki
2. spring-cloud-netflix官网手册
3. springcloud(十)：服务网关zuul初级篇 ----环境搭建入门参考
4. Zuul的高可用
5. API GateWay(网关)那些儿事
6. zuul 参数调优
7. zuul进行rate limit

---

tips:本文属于自己学习和实践过程的记录，很多图和文字都粘贴自网上文章，没有注明引用请包涵！如有任何问题请留言或邮件通知，我会及时回复。