Kong安装教程(v1.0.2)

使用的软件

• Unbuntu 虚拟机（有自己的服务器更好）
• PostgreSQL
• kong
• kong-dashboard
• docker
• spring boot

安装 PostgreSQL

kong 需要使用到数据库，目前支持PostgreSQL和Cassandran ,我选择大象数据库，安装过程省略，可以参考这篇文章。

Ubuntu PostgreSQL安装和配置

安装完后建一个kong的用户、密码为kong、建一个kong 数据库:

sudo -u postgres psql 进入，提示符变成： postgres=#

postgres=# create user kong with password 'kong';
CREATE ROLE
postgres=# CREATE DATABASE kong OWNER kong;
CREATE DATABASE
postgres=# 

至此，PostgreSQL已经安装和配置好了。

安装kong

下载kong的源文件，下载地址：https://getkong.org/install/ubuntu/

下载完成之后会有这样一个文件kong-community-edition-0.11.0.*.deb，cd到这个文件的目录：

$ sudo apt-get update
$ sudo apt-get install openssl libpcre3 procps perl
$ sudo dpkg -i kong-community-edition-1.0.2.*.deb

查看kong的版本:

kong version

配置kong

配置文档在这里：

https://getkong.org/docs/0.9.x/configuration/

复制配置文件：

$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf

配置文件(Kong将使用默认设置进行操作。启动时，Kong会查找可能包含配置文件的几个默认位置)：

cat /etc/kong/kong.conf

cat /etc/kong.conf

打开配置文件，里面可以修改很多配置，修改数据库连接，用户名、密码

pg_host = 127.0.0.1 # The PostgreSQL host to connect to.
pg_port =  # The port to connect to.
pg_user = kong # The username to authenticate if required.
pg_password = kong # The password to authenticate if required.
pg_database = kong

数据库配置(上面已经有了)

kong连数据库，需要我们在pg上建立密码为kong的kong用户，数据库名也为kong

su - postgres//进入数据库
-bash-4.2$ psql
postgres=# CREATE USER kong WITH PASSWORD 'kong'; CREATE DATABASE kong OWNER kong;//建立数据库以及用户

修改kong配置

　　进入/usr/local/share/lua/5.1/kong/templates目录，修改kong_defaults.lua里的pg_password=kong，保存

初始化数据库，执行以下整合命令：

$ kong migrations up -c /etc/kong/kong.conf.default

出错：

Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:28: [postgres error] could not retrieve current migrations: [postgres error] 致命错误: 用户 "kong" Ident 认证失败

解决方法：

vi /var/lib/pgsql/9.6/data/pg_hba.conf

修改

把这个配置文件中的认证 METHOD的ident修改为trust，可以实现用账户和密码来访问数据库，

即解决psql: 致命错误: 用户 "postgres" Ident 认证失败 这个问题）

第五步：重启postgresql服务器使设置生效

#service postgresql-9.6 restart

再重试上面的migrations指令。

好像高版本是使用：

kong migrations bootstrap

执行好后，数据库会生成很多表，这些是默认但kong数据表，后续可以自定义插件，重新migrations，会生成自定义表

启动kong :

kong start -c /etc/kong/kong.conf --vv

默认情况下，KONG监听的端口为：

　　· 8000：此端口是KONG用来监听来自客户端传入的HTTP请求，并将此请求转发到上有服务器；（kong根据配置的规则转发到真实的后台服务地址。）

　　· 8443：此端口是KONG用来监听来自客户端传入的HTTPS请求的。它跟8000端口的功能类似，转发HTTPS请求的。可以通过修改配置文件来禁止它；

　　· 8001：Admin API，通过此端口，管理者可以对KONG的监听服务进行配置，插件设置、API的增删改查、以及负载均衡等一系列的配置都是通过8001端口进行管理；

　　· 8444：通过此端口，管理者可以对HTTPS请求进行监控；

最后、浏览器访问IP:8000，如果出现{"message":"no API found with those values"}

注意点：如果有防火墙的话，最好先关掉防火墙。

kong的日志

[root@localhost logs]# pwd
/usr/local/kong/logs
[root@localhost logs]# ll
总用量
-rw-r--r--.  root root  2月   : access.log
-rw-r--r--.  root root  2月   : admin_access.log
-rw-r--r--.  root root  2月   : error.log
[root@localhost logs]# tail -50f error.log 

示例：

打开浏览器访问：localhost:8001，浏览器显示了一大串关于kong的json字符串，则启动成功。

curl -i http://localhost:8001/

管理端口用rest api对api进行操作，文档地址:https://getkong.org/docs/0.8.x/admin-api

接口接入kong测试

下面的所有admin api操作，如果成功会写入postgreSQL中，下面是按照官方的demo操作的，所有操作都是成功的。数据落地到数据库的，查询见《Ubuntu PostgreSQL安装和配置》的第七章节。

示例1：服务转发

1. Add your Service using the Admin API

Issue the following cURL request to add your first Service (pointing to the baidu) to Kong:

curl -i -X POST \
  --url http://localhost:8001/services/ \
  --data 'name=baidu-service' \
  --data 'url=http://www.baidu.com'

You should receive a response similar to:

HTTP/1.1  Created
Date: Wed,  Feb  :: GMT
Content-Type: application/json; charset=utf-
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/1.0.
Content-Length:
{
    "host": "www.baidu.com",
    "created_at": ,
    "connect_timeout": ,
    "id": "be1ea866-c4b4-46ac-9c92-ff821fb317ab",
    "protocol": "http",
    "name": "baidu-service",
    "read_timeout": ,
    "port": ,
    "path": null,
    "updated_at": ,
    "retries": ,
    "write_timeout":
}

2. Add a Route for the Service

curl -i -X POST \
  --url http://localhost:8001/services/baidu-service/routes \
  --data 'hosts[]=baidu.com'

The answer should be similar to:

HTTP/1.1  Created
Date: Wed,  Feb  :: GMT
Content-Type: application/json; charset=utf-
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/1.0.
Content-Length:
{
    "created_at": ,
    "methods": null,
    "id": "d813af89-13fe-4d94-945f-d5bbf4c56a28",
    "service": {
        "id": "be1ea866-c4b4-46ac-9c92-ff821fb317ab"
    },
    "name": null,
    "hosts": ["baidu.com"],
    "updated_at": ,
    "preserve_host": false,
    "regex_priority": ,
    "paths": null,
    "sources": null,
    "destinations": null,
    "snis": null,
    "protocols": ["http",
    "https"],
    "strip_path": true
}

Kong is now aware of your Service and ready to proxy requests.

3. Forward your requests through Kong

Issue the following cURL request to verify that Kong is properly forwarding requests to your Service. Note that by default Kong handles proxy requests on port :8000:

curl -i -X GET \
  --url http://localhost:8000/ \
  --header 'Host: baidu.com'

A successful response means Kong is now forwarding requests made to http://localhost:8000 to the url we configured in step #1, and is forwarding the response back to us. Kong knows to do this through the header defined in the above cURL request:

kong完美的实现了接口转发～

注意注册时，'hosts', 'uris' or 'methods'三个参数至少有一个必须指定。

示例2：Enabling Plugins

1. Configure the key-auth plugin

To configure the key-auth plugin for the Service you configured in Kong, issue the following cURL request:

curl -i -X POST \
  --url http://localhost:8001/services/example-service/plugins/ \
  --data 'name=key-auth'

Note: This plugin also accepts a config.key_names parameter, which defaults to ['apikey']. It is a list of headers and parameters names (both are supported) that are supposed to contain the apikey during a request.

2. Verify that the plugin is properly configured

Issue the following cURL request to verify that the key-auth plugin was properly configured on the Service:

curl -i -X GET \
  --url http://localhost:8000/ \
  --header 'Host: example.com'

Since you did not specify the required apikey header or parameter, the response should be 401 Unauthorized:

duanxz@ubuntu18:~/kong$ curl -i -X GET \
>   --url http://localhost:8000/ \
>   --header 'Host: example.com'
HTTP/1.1  Unauthorized
Date: Wed,  Feb  :: GMT
Content-Type: application/json; charset=utf-
Connection: keep-alive
WWW-Authenticate: Key realm="kong"
Content-Length:
Server: kong/1.0.

{"message":"No API key found in request"}

配置好了 key-auth plugin。

示例3：Consumer

配置好了 key-auth plugin后，lets learn how to add consumers to your Service so we can continue proxying requests through Kong。

1. Create a Consumer through the RESTful API

Lets create a user named Jason by issuing the following request:

curl -i -X POST \
  --url http://localhost:8001/consumers/ \
  --data "username=Jason"

You should see a response similar to the one below:

HTTP/1.1  Created
Content-Type: application/json
Connection: keep-alive
{
"custom_id": null,
"created_at": ,
"username": "Jason",
"id": "f23dfd0f-6a43-444d-b628-6137cbdb1e6e"
}

Congratulations! You’ve just added your first consumer to Kong.

Note: Kong also accepts a custom_id parameter when creating consumers to associate a consumer with your existing user database.

2. Provision key credentials for your Consumer

Now, we can create a key for our recently created consumer Jason by issuing the following request:

curl -i -X POST \
  --url http://localhost:8001/consumers/Jason/key-auth/ \
  --data 'key=ENTER_KEY_HERE'

返回：

HTTP/1.1  Created
Date: Wed,  Feb  :: GMT
Content-Type: application/json; charset=utf-
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/1.0.
Content-Length: 

{
    "key": "ENTER_KEY_HERE",
    "created_at": ,
    "consumer": {
        "id": "f23dfd0f-6a43-444d-b628-6137cbdb1e6e"
    },
    "id": "6d6c4792-f295-4f2a-9941-9357d17240d1"
}

3. Verify that your Consumer credentials are valid

We can now issue the following request to verify that the credentials of our Jason Consumer is valid:

curl -i -X GET \
  --url http://localhost:8000 \
  --header "Host: example.com" \
  --header "apikey: ENTER_KEY_HERE"

或者用HTTP模拟器 

Next Steps

Now that we’ve covered the basics of adding Services, Routes, Consumers and enabling Plugins, feel free to read more on Kong in one of the following documents:

• Configuration file Reference
• CLI Reference
• Proxy Reference
• Admin API Reference
• Clustering Reference

Questions? Issues? Contact us on one of the Community Channels for help!

遇到的问题

如果本机可以访问8000端口，远程机器无法通过ip:8000访问kong，估计是防火墙的问题

CentOS7使用firewalld打开关闭防火墙与端口
、firewalld的基本使用
启动： systemctl start firewalld
关闭： systemctl stop firewalld
查看状态： systemctl status firewalld
开机禁用  ： systemctl disable firewalld
开机启用  ： systemctl enable firewalld

ERROR: module ‘socket’ not found:No LuaRocks module found for socket

启动的时候：

# ./bin/kong start -c ./kong.conf
...
ERROR: ./kong/globalpatches.lua:63: module 'socket' not found:No LuaRocks module found for socket
...

这是因为编译kong之后，重新编译了luarocks，并且将luarocks安装在了其它位置。重新编译kong之后解决。

ERROR: function to_regclass(unknown) does not exist (8)

创建数据库的时候：

# kong migrations up -c ./kong.conf
...
[postgres error] could not retrieve current migrations: [postgres error] ERROR: function to_regclass(unknown) does not exist (8)
...

这是因为PostgreSQL的版本太低了，to_regclass在PostgreSQL 9.4及以上的版本中才存在。

yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
yum install postgresql96
yum install postgresql96-server

nginx: [emerg] unknown directive “real_ip_header” in /usr/local/kong/nginx-kong.conf:73

nginx: [emerg] unknown directive "real_ip_header" in /usr/local/kong/nginx-kong.conf:73

这是因为编译的openresty的时候，没有指定--with-http_realip_module，重新编译安装：

./configure --with-pcre-jit --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_v2_module
make -j2
make install     //默认安装在/usr/local/bin/openresty
export PATH=/usr/local/openresty/bin:$PATH