Nginx API GW 配置

•curl http://172.16.199.132/plus2api/5/nginx （访问V5 去 B service）

{"version":"5"} •curl -H "Access: deny" （带有Access: deny header的拒绝访问v5 API）http://172.16.199.132/plus2api/5/nginx

{"status":403,"message":"Forbidden"} •curl http://172.16.199.132/plus2api/3/nginx (访问v3 去 A service)

{"version":"1.15.10","build":"nginx-plus-r18","address":"192.168.214.130","generation":1,"load_timestamp":"2019-07-28T10:46:45.350Z","timestamp":"2019-07-28T13:15:06.837Z","pid":1358,"ppid":1356}

• curl http://172.16.199.132/plus2api/2/nginx （未定义的resource）
{"status":404,"message":"Not Found"}

nginx.conf配置文件

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
    worker_connections 1024;
}
http {
    types {
        text/html html htm shtml;
        text/css css;
        text/xml xml;
        image/gif gif;
        image/jpeg jpeg jpg;
        application/javascript js;
        application/atom+xml atom;
        application/rss+xml rss;
        text/mathml mml;
        text/plain txt;
        text/vnd.sun.j2me.app-descriptor jad;
        text/vnd.wap.wml wml;
        text/x-component htc;
        image/png png;
        image/svg+xml svg svgz;
        image/tiff tif tiff;
        image/vnd.wap.wbmp wbmp;
        image/webp webp;
        image/x-icon ico;
        image/x-jng jng;
        image/x-ms-bmp bmp;
        application/font-woff woff;
        application/java-archive jar war ear;
        application/json json;
        application/mac-binhex40 hqx;
        application/msword doc;
        application/pdf pdf;
        application/postscript ps eps ai;
        application/rtf rtf;
        application/vnd.apple.mpegurl m3u8;
        application/vnd.google-earth.kml+xml kml;
        application/vnd.google-earth.kmz kmz;
        application/vnd.ms-excel xls;
        application/vnd.ms-fontobject eot;
        application/vnd.ms-powerpoint ppt;
        application/vnd.oasis.opendocument.graphics odg;
        application/vnd.oasis.opendocument.presentation odp;
        application/vnd.oasis.opendocument.spreadsheet ods;
        application/vnd.oasis.opendocument.text odt;
        application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
        application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
        application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
        application/vnd.wap.wmlc wmlc;
        application/x-7z-compressed 7z;
        application/x-cocoa cco;
        application/x-java-archive-diff jardiff;
        application/x-java-jnlp-file jnlp;
        application/x-makeself run;
        application/x-perl pl pm;
        application/x-pilot prc pdb;
        application/x-rar-compressed rar;
        application/x-redhat-package-manager rpm;
        application/x-sea sea;
        application/x-shockwave-flash swf;
        application/x-stuffit sit;
        application/x-tcl tcl tk;
        application/x-x509-ca-cert der pem crt;
        application/x-xpinstall xpi;
        application/xhtml+xml xhtml;
        application/xspf+xml xspf;
        application/zip zip;
        application/octet-stream bin exe dll;
        application/octet-stream deb;
        application/octet-stream dmg;
        application/octet-stream iso img;
        application/octet-stream msi msp msm;
        audio/midi mid midi kar;
        audio/mpeg mp3;
        audio/ogg ogg;
        audio/x-m4a m4a;
        audio/x-realaudio ra;
        video/3gpp 3gpp 3gp;
        video/mp2t ts;
        video/mp4 mp4;
        video/mpeg mpeg mpg;
        video/quicktime mov;
        video/webm webm;
        video/x-flv flv;
        video/x-m4v m4v;
        video/x-mng mng;
        video/x-ms-asf asx asf;
        video/x-ms-wmv wmv;
        video/x-msvideo avi;
    }
    map_hash_bucket_size 512;
    underscores_in_headers on;
    default_type application/octet-stream;
    log_format main '$remote_addr - "$api_client_name" [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" $apimgmt_environment $apimgmt_definition $apimgmt_entry_point "$apimgmt_environment_name" "$apimgmt_definition_name" $jwt_claim_sub';
    access_log /var/log/nginx/access.log main;
    sendfile on;
    keepalive_timeout 65;
    map $host $api_client_name {
        default -;
    }
    map $host $apimgmt_entry_point {
        default -;
    }
    map $host $apimgmt_environment {
        default -;
    }
    map $host $apimgmt_environment_name {
        default -;
    }
    map $host $apimgmt_definition {
        default -;
    }
    map $host $apimgmt_definition_name {
        default -;
    }
    map $http_access $passes_conditional_policy_4 {
        default 1;
        deny 0;
    }
    upstream api-upstream {
        zone api-upstream 256k;
        server 192.168.214.130:80;
    }
    upstream mock-api-upstream {
        zone mock-api-upstream 256k;
        server 192.168.214.130:8080;
    }
    server {
        listen 80;
        server_name 172.16.199.132;
        status_zone 172.16.199.132;
        set $apimgmt_entry_point 1;
        rewrite '^/plus2api/(.*)$' /api/$1;
        location @400 {
            return 400 '{"status":400,"message":"Bad Request"}\n';
        }
        location @401 {
            return 401 '{"status":401,"message":"Unauthorized"}\n';
        }
        location @402 {
            return 402 '{"status":402,"message":"Payment Required"}\n';
        }
        location @403 {
            return 403 '{"status":403,"message":"Forbidden"}\n';
        }
        location @404 {
            return 404 '{"status":404,"message":"Not Found"}\n';
        }
        location @405 {
            return 405 '{"status":405,"message":"Method Not Allowed"}\n';
        }
        location @406 {
            return 406 '{"status":406,"message":"Not Acceptable"}\n';
        }
        location @407 {
            return 407 '{"status":407,"message":"Proxy Authentication Required"}\n';
        }
        location @408 {
            return 408 '{"status":408,"message":"Request Timeout"}\n';
        }
        location @409 {
            return 409 '{"status":409,"message":"Conflict"}\n';
        }
        location @410 {
            return 410 '{"status":410,"message":"Gone"}\n';
        }
        location @411 {
            return 411 '{"status":411,"message":"Length Required"}\n';
        }
        location @412 {
            return 412 '{"status":412,"message":"Precondition Failed"}\n';
        }
        location @413 {
            return 413 '{"status":413,"message":"Request Entity Too Large"}\n';
        }
        location @414 {
            return 414 '{"status":414,"message":"Request-URI Too Long"}\n';
        }
        location @415 {
            return 415 '{"status":415,"message":"Unsupported Media Type"}\n';
        }
        location @416 {
            return 416 '{"status":416,"message":"Requested Range Not Satisfiable"}\n';
        }
        location @417 {
            return 417 '{"status":417,"message":"Expectation Failed"}\n';
        }
        location @422 {
            return 422 '{"status":422,"message":"Unprocessable Entity"}\n';
        }
        location @423 {
            return 423 '{"status":423,"message":"Locked"}\n';
        }
        location @424 {
            return 424 '{"status":424,"message":"Failed Dependency"}\n';
        }
        location @426 {
            return 426 '{"status":426,"message":"Upgrade Required"}\n';
        }
        location @428 {
            return 428 '{"status":428,"message":"Precondition Required"}\n';
        }
        location @429 {
            return 429 '{"status":429,"message":"Too Many Requests"}\n';
        }
        location @431 {
            return 431 '{"status":431,"message":"Request Header Fields Too Large"}\n';
        }
        location @500 {
            return 500 '{"status":500,"message":"Internal Server Error"}\n';
        }
        location @501 {
            return 501 '{"status":501,"message":"Not Implemented"}\n';
        }
        location @502 {
            return 502 '{"status":502,"message":"Bad Gateway"}\n';
        }
        location @503 {
            return 503 '{"status":503,"message":"Service Unavailable"}\n';
        }
        location @504 {
            return 504 '{"status":504,"message":"Gateway Timeout"}\n';
        }
        location @505 {
            return 505 '{"status":505,"message":"HTTP Version Not Supported"}\n';
        }
        location @506 {
            return 506 '{"status":506,"message":"Variant Also Negotiates"}\n';
        }
        location @507 {
            return 507 '{"status":507,"message":"Insufficient Storage"}\n';
        }
        location @508 {
            return 508 '{"status":508,"message":"Loop Detected"}\n';
        }
        location @510 {
            return 510 '{"status":510,"message":"Not Extended"}\n';
        }
        location @511 {
            return 511 '{"status":511,"message":"Network Authentication Required"}\n';
        }
        location @421 {
            return 421 '{"status":421,"message":"Misdirected Request"}\n';
        }
        error_page 400 = @400;
        error_page 401 = @401;
        error_page 402 = @402;
        error_page 403 = @403;
        error_page 404 = @404;
        error_page 405 = @405;
        error_page 406 = @406;
        error_page 407 = @407;
        error_page 408 = @408;
        error_page 409 = @409;
        error_page 410 = @410;
        error_page 411 = @411;
        error_page 412 = @412;
        error_page 413 = @413;
        error_page 414 = @414;
        error_page 415 = @415;
        error_page 416 = @416;
        error_page 417 = @417;
        error_page 422 = @422;
        error_page 423 = @423;
        error_page 424 = @424;
        error_page 426 = @426;
        error_page 428 = @428;
        error_page 429 = @429;
        error_page 431 = @431;
        error_page 500 = @500;
        error_page 501 = @501;
        error_page 502 = @502;
        error_page 503 = @503;
        error_page 504 = @504;
        error_page 505 = @505;
        error_page 506 = @506;
        error_page 507 = @507;
        error_page 508 = @508;
        error_page 510 = @510;
        error_page 511 = @511;
        error_page 421 = @421;
        location /api/5/nginx {
            set $apimgmt_environment 1;
            set $apimgmt_definition 1;
            if ($passes_conditional_policy_4 = 0) {
                return 403;
            }
            set $upstream mock-api-upstream;
            set $upstream_protocol http;
            rewrite '^(.*)$' /_demo_1$1 last;
        }
        location = /api/3/nginx {
            set $apimgmt_environment 1;
            set $apimgmt_definition 1;
            set $upstream api-upstream;
            set $upstream_protocol http;
            rewrite '^(.*)$' /_demo_1$1 last;
        }
        location / {
            return 404;
        }
        location /_test_3 {
            internal;
            set $apimgmt_definition_name 'F1 API';
            set $apimgmt_environment_name test;
            proxy_intercept_errors on;
            rewrite '^/_test_3/(.*)$' /$1 break;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_pass $upstream_protocol://$upstream;
        }
        location /_demo_1 {
            internal;
            set $apimgmt_definition_name plus2api-demo;
            set $apimgmt_environment_name demo;
            proxy_intercept_errors on;
            rewrite '^/_demo_1/(.*)$' /$1 break;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_pass $upstream_protocol://$upstream;
        }
        default_type application/json;
    }
    server {
        server_name 127.0.0.1;
        listen 127.0.0.1:49151;
        set $apimgmt_entry_point -;
        location /api {
            api;
        }
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log notice;

pid /var/run/nginx.pid;

events {

worker_connections 1024;

}

http {

types {

text/html html htm shtml;

text/css css;

text/xml xml;

image/gif gif;

image/jpeg jpeg jpg;

application/javascript js;

application/atom+xml atom;

application/rss+xml rss;

text/mathml mml;

text/plain txt;

text/vnd.sun.j2me.app-descriptor jad;

text/vnd.wap.wml wml;

text/x-component htc;

image/png png;

image/svg+xml svg svgz;

image/tiff tif tiff;

image/vnd.wap.wbmp wbmp;

image/webp webp;

image/x-icon ico;

image/x-jng jng;

image/x-ms-bmp bmp;

application/font-woff woff;

application/java-archive jar war ear;

application/json json;

application/mac-binhex40 hqx;

application/msword doc;

application/pdf pdf;

application/postscript ps eps ai;

application/rtf rtf;

application/vnd.apple.mpegurl m3u8;

application/vnd.google-earth.kml+xml kml;

application/vnd.google-earth.kmz kmz;

application/vnd.ms-excel xls;

application/vnd.ms-fontobject eot;

application/vnd.ms-powerpoint ppt;

application/vnd.oasis.opendocument.graphics odg;

application/vnd.oasis.opendocument.presentation odp;

application/vnd.oasis.opendocument.spreadsheet ods;

application/vnd.oasis.opendocument.text odt;

application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;

application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;

application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;

application/vnd.wap.wmlc wmlc;

application/x-7z-compressed 7z;

application/x-cocoa cco;

application/x-java-archive-diff jardiff;

application/x-java-jnlp-file jnlp;

application/x-makeself run;

application/x-perl pl pm;

application/x-pilot prc pdb;

application/x-rar-compressed rar;

application/x-redhat-package-manager rpm;

application/x-sea sea;

application/x-shockwave-flash swf;

application/x-stuffit sit;

application/x-tcl tcl tk;

application/x-x509-ca-cert der pem crt;

application/x-xpinstall xpi;

application/xhtml+xml xhtml;

application/xspf+xml xspf;

application/zip zip;

application/octet-stream bin exe dll;

application/octet-stream deb;

application/octet-stream dmg;

application/octet-stream iso img;

application/octet-stream msi msp msm;

audio/midi mid midi kar;

audio/mpeg mp3;

audio/ogg ogg;

audio/x-m4a m4a;

audio/x-realaudio ra;

video/3gpp 3gpp 3gp;

video/mp2t ts;

video/mp4 mp4;

video/mpeg mpeg mpg;

video/quicktime mov;

video/webm webm;

video/x-flv flv;

video/x-m4v m4v;

video/x-mng mng;

video/x-ms-asf asx asf;

video/x-ms-wmv wmv;

video/x-msvideo avi;

}

map_hash_bucket_size 512;

underscores_in_headers on;

default_type application/octet-stream;

log_format main '$remote_addr - "$api_client_name" [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" $apimgmt_environment $apimgmt_definition $apimgmt_entry_point "$apimgmt_environment_name" "$apimgmt_definition_name" $jwt_claim_sub';

access_log /var/log/nginx/access.log main;

sendfile on;

keepalive_timeout 65;

map $host $api_client_name {

default -;

}

map $host $apimgmt_entry_point {

default -;

}

map $host $apimgmt_environment {

default -;

}

map $host $apimgmt_environment_name {

default -;

}

map $host $apimgmt_definition {

default -;

}

map $host $apimgmt_definition_name {

default -;

}

map $http_access $passes_conditional_policy_4 {

default 1;

deny 0;

}

upstream api-upstream {

zone api-upstream 256k;

server 192.168.214.130:80;

}

upstream mock-api-upstream {

zone mock-api-upstream 256k;

server 192.168.214.130:8080;

}

server {

listen 80;

server_name 172.16.199.132;

status_zone 172.16.199.132;

set $apimgmt_entry_point 1;

rewrite '^/plus2api/(.*)$' /api/$1;

location @400 {

return 400 '{"status":400,"message":"Bad Request"}\n';

}

location @401 {

return 401 '{"status":401,"message":"Unauthorized"}\n';

}

location @402 {

return 402 '{"status":402,"message":"Payment Required"}\n';

}

location @403 {

return 403 '{"status":403,"message":"Forbidden"}\n';

}

location @404 {

return 404 '{"status":404,"message":"Not Found"}\n';

}

location @405 {

return 405 '{"status":405,"message":"Method Not Allowed"}\n';

}

location @406 {

return 406 '{"status":406,"message":"Not Acceptable"}\n';

}

location @407 {

return 407 '{"status":407,"message":"Proxy Authentication Required"}\n';

}

location @408 {

return 408 '{"status":408,"message":"Request Timeout"}\n';

}

location @409 {

return 409 '{"status":409,"message":"Conflict"}\n';

}

location @410 {

return 410 '{"status":410,"message":"Gone"}\n';

}

location @411 {

return 411 '{"status":411,"message":"Length Required"}\n';

}

location @412 {

return 412 '{"status":412,"message":"Precondition Failed"}\n';

}

location @413 {

return 413 '{"status":413,"message":"Request Entity Too Large"}\n';

}

location @414 {

return 414 '{"status":414,"message":"Request-URI Too Long"}\n';

}

location @415 {

return 415 '{"status":415,"message":"Unsupported Media Type"}\n';

}

location @416 {

return 416 '{"status":416,"message":"Requested Range Not Satisfiable"}\n';

}

location @417 {

return 417 '{"status":417,"message":"Expectation Failed"}\n';

}

location @422 {

return 422 '{"status":422,"message":"Unprocessable Entity"}\n';

}

location @423 {

return 423 '{"status":423,"message":"Locked"}\n';

}

location @424 {

return 424 '{"status":424,"message":"Failed Dependency"}\n';

}

location @426 {

return 426 '{"status":426,"message":"Upgrade Required"}\n';

}

location @428 {

return 428 '{"status":428,"message":"Precondition Required"}\n';

}

location @429 {

return 429 '{"status":429,"message":"Too Many Requests"}\n';

}

location @431 {

return 431 '{"status":431,"message":"Request Header Fields Too Large"}\n';

}

location @500 {

return 500 '{"status":500,"message":"Internal Server Error"}\n';

}

location @501 {

return 501 '{"status":501,"message":"Not Implemented"}\n';

}

location @502 {

return 502 '{"status":502,"message":"Bad Gateway"}\n';

}

location @503 {

return 503 '{"status":503,"message":"Service Unavailable"}\n';

}

location @504 {

return 504 '{"status":504,"message":"Gateway Timeout"}\n';

}

location @505 {

return 505 '{"status":505,"message":"HTTP Version Not Supported"}\n';

}

location @506 {

return 506 '{"status":506,"message":"Variant Also Negotiates"}\n';

}

location @507 {

return 507 '{"status":507,"message":"Insufficient Storage"}\n';

}

location @508 {

return 508 '{"status":508,"message":"Loop Detected"}\n';

}

location @510 {

return 510 '{"status":510,"message":"Not Extended"}\n';

}

location @511 {

return 511 '{"status":511,"message":"Network Authentication Required"}\n';

}

location @421 {

return 421 '{"status":421,"message":"Misdirected Request"}\n';

}

error_page 400 = @400;

error_page 401 = @401;

error_page 402 = @402;

error_page 403 = @403;

error_page 404 = @404;

error_page 405 = @405;

error_page 406 = @406;

error_page 407 = @407;

error_page 408 = @408;

error_page 409 = @409;

error_page 410 = @410;

error_page 411 = @411;

error_page 412 = @412;

error_page 413 = @413;

error_page 414 = @414;

error_page 415 = @415;

error_page 416 = @416;

error_page 417 = @417;

error_page 422 = @422;

error_page 423 = @423;

error_page 424 = @424;

error_page 426 = @426;

error_page 428 = @428;

error_page 429 = @429;

error_page 431 = @431;

error_page 500 = @500;

error_page 501 = @501;

error_page 502 = @502;

error_page 503 = @503;

error_page 504 = @504;

error_page 505 = @505;

error_page 506 = @506;

error_page 507 = @507;

error_page 508 = @508;

error_page 510 = @510;

error_page 511 = @511;

error_page 421 = @421;

location /api/5/nginx {

set $apimgmt_environment 1;

set $apimgmt_definition 1;

if ($passes_conditional_policy_4 = 0) {

return 403;

}

set $upstream mock-api-upstream;

set $upstream_protocol http;

rewrite '^(.*)$' /_demo_1$1 last;

}

location = /api/3/nginx {

set $apimgmt_environment 1;

set $apimgmt_definition 1;

set $upstream api-upstream;

set $upstream_protocol http;

rewrite '^(.*)$' /_demo_1$1 last;

}

location / {

return 404;

}

location /_test_3 {

internal;

set $apimgmt_definition_name 'F1 API';

set $apimgmt_environment_name test;

proxy_intercept_errors on;

rewrite '^/_test_3/(.*)$' /$1 break;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_pass $upstream_protocol://$upstream;

}

location /_demo_1 {

internal;

set $apimgmt_definition_name plus2api-demo;

set $apimgmt_environment_name demo;

proxy_intercept_errors on;

rewrite '^/_demo_1/(.*)$' /$1 break;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_pass $upstream_protocol://$upstream;

}

default_type application/json;

}

server {

server_name 127.0.0.1;

listen 127.0.0.1:49151;

set $apimgmt_entry_point -;

location /api {

api;

}

本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

Nginx API GW 配置

相关文章

文章评论