Wso2 如何使用apache前端在分布式设置中正确设置APIM存储?
WSO2 APIM 2.6.0的场景:Wso2 如何使用apache前端在分布式设置中正确设置APIM存储?,wso2,reverse-proxy,distributed,apim,Wso2,Reverse Proxy,Distributed,Apim,WSO2 APIM 2.6.0的场景: 1个用于API发布者的虚拟机->前端:(网关工作人员经理) 1个虚拟机用于API存储->前端: 流量管理器的1个虚拟机->前端: 2个虚拟机用于网关群集->LB:(网关工作者) 2个虚拟机作为KM集群->LB: 商店中的carbon.xml: store.mydomain store.mydomain 商店中的apimager.xml: 我的网关 https://api.mydomain:443/services/ ${admin.username}
1个用于API发布者的虚拟机->前端:(网关工作人员经理)
1个虚拟机用于API存储->前端:
流量管理器的1个虚拟机->前端:
2个虚拟机用于网关群集->LB:(网关工作者)
2个虚拟机作为KM集群->LB:
商店中的carbon.xml:
store.mydomain
store.mydomain
商店中的apimager.xml:
我的网关
https://api.mydomain:443/services/
${admin.username}
${admin.password}
http://api.mydomain:80,https://api.mydomain:443
ws://${carbon.local.ip}:9099
发布测试API后,当我尝试测试它时,存储将其用作请求URI:请求URL:
来自API应用商店的样本请求:
curl-k-X GET“-H”接受:应用程序/json“-H”授权:承载1fcf7e3f-8292-3110-8cff-27226caa59a8“
直接发送到网关LB的请求正常
样本请求:
curl-k-X GET“-H”接受:应用程序/json“-H”授权:承载1fcf7e3f-8292-3110-8cff-27226caa59a8“
响应:{“版本”:“1.0.0”,“nome”:“测试api”}
其他信息:在网关工作人员之间安装了NFS
is KMs之间安装了NFS
发布者应该是网关管理器
附加信息 可以观察到,在API发布后,APIM发布者和APIM商店中的概述没有显示端点:
但是Publisher Server中的my apimager.xml看起来像是正确的配置,如下所示:
发布服务器中的apimager.xml:
生产和沙箱
这是一个混合网关,处理生产和沙箱令牌流量。
https://api.mydomain:443/services/
${admin.username}
${admin.password}
http://api.mydomain:80,https://api.mydomain:443
ws://${carbon.local.ip}:9099
新更新
对于VirtualServer api.mydomain:443 InsideAppache,我的配置为:
<VirtualHost api.mydomain:443>
SSLEngine on
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
...
ServerName api.mydomain
CustomLog /var/log/httpd/api.log combined
ErrorLog /var/log/httpd/api.error.log
LogLevel debug
# disable forward proxy requests
ProxyRequests off
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPreserveHost On
UseCanonicalName On
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://apissl_nio>
# Add a member to the load balancing group
BalancerMember https://gtw01.mydomain:8243 route=1
BalancerMember https://gtw02.mydomain:8243 route=2
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
</Proxy>
ProxyPass /revoke balancer://apissl_nio/revoke
ProxyPassReverse /revoke balancer://apissl_nio/revoke
ProxyPass /token balancer://apissl_nio/token
ProxyPassReverse /token balancer://apissl_nio/token
<Proxy balancer://apissl_mgt>
# Add a member to the load balancing group
BalancerMember https://gtw01.mydomain:9443 route=3
BalancerMember https://gtw02.mydomain:9443 route=4
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
</Proxy>
ProxyPass /services balancer://apissl_mgt/services
ProxyPassReverse /services balancer://apissl_mgt/services
</VirtualHost>
斯伦金安
SSLCipherSuite高:!阿努尔:!MD5
SSLHonorCipherOrder开启
...
ServerName api.mydomain
CustomLog/var/log/httpd/api.log组合
ErrorLog/var/log/httpd/api.error.log
日志级调试
#禁用转发代理请求
代理请求关闭
SSLProxyEngine打开
SSLProxyCheckPeerCN关闭
SSLProxyCheckPeerName关闭
SSLProxycheckpeer关闭
代理主机
在上使用CanonicalName
标头添加集Cookie“ROUTEID=。%{BALANCER\u WORKER\u ROUTE}e;path=/”env=BALANCER\u ROUTE\u已更改
#向负载平衡组添加成员
平衡员https://gtw01.mydomain:8243 路线=1
平衡员https://gtw02.mydomain:8243 路线=2
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
代理通过/撤销balancer://apissl_nio/revoke
ProxyPassReverse/revokebalancer://apissl_nio/revoke
代理通行证/代币balancer://apissl_nio/token
ProxyPassReverse/令牌balancer://apissl_nio/token
#向负载平衡组添加成员
平衡员https://gtw01.mydomain:9443 路线=3
平衡员https://gtw02.mydomain:9443 路线=4
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
代理通行证/服务balancer://apissl_mgt/services
ProxyPassReverse/servicesbalancer://apissl_mgt/services
服务器URL用于网关的管理服务,而不是NIO。
您应该启用对9443/9763端口的访问,或者创建一个新的虚拟主机来平衡网关实例的9443和/或9763端口
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://gwmng:9443${carbon.context}services/</ServerURL>
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<GatewayEndpoint>http://gw:80,https://gw:443</GatewayEndpoint>
<!-- Endpoint of the Websocket APIs hosted in this API Gateway -->
<GatewayWSEndpoint>ws://gw:9099</GatewayWSEndpoint>
生产和沙箱
这是一个混合网关,处理生产和沙箱令牌流量。
https://gwmng:9443${carbon.context}服务/
${admin.username}
${admin.password}
http://gw:80,https://gw:443
ws://gw:9099
首先,感谢您的评论和回答。我在<APIGateway>
<Environments>
<Environment>
<Name>****</Name>
****
我使用与其他组件不同的环境名称部署了存储。由于发布者使用该名称选择正确的网关来部署API,因此存储区找不到端点,即使您的ServerURL和GatewayEndpoint填写正确 真奇怪。它应该使用您在
中设置的URL。你还有其他的吗?没有。只有这一个。嗨,猎鹰!谢谢您的回答,但是我的负载平衡器正在为网关工作程序中的9443端口映射。我已经升级了我的问题,以明确这一点…正是。但是我发现了问题,你可以从我的回答中看到。谢谢
<VirtualHost api.mydomain:443>
SSLEngine on
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
...
ServerName api.mydomain
CustomLog /var/log/httpd/api.log combined
ErrorLog /var/log/httpd/api.error.log
LogLevel debug
# disable forward proxy requests
ProxyRequests off
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPreserveHost On
UseCanonicalName On
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://apissl_nio>
# Add a member to the load balancing group
BalancerMember https://gtw01.mydomain:8243 route=1
BalancerMember https://gtw02.mydomain:8243 route=2
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
</Proxy>
ProxyPass /revoke balancer://apissl_nio/revoke
ProxyPassReverse /revoke balancer://apissl_nio/revoke
ProxyPass /token balancer://apissl_nio/token
ProxyPassReverse /token balancer://apissl_nio/token
<Proxy balancer://apissl_mgt>
# Add a member to the load balancing group
BalancerMember https://gtw01.mydomain:9443 route=3
BalancerMember https://gtw02.mydomain:9443 route=4
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
</Proxy>
ProxyPass /services balancer://apissl_mgt/services
ProxyPassReverse /services balancer://apissl_mgt/services
</VirtualHost>
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://gwmng:9443${carbon.context}services/</ServerURL>
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<GatewayEndpoint>http://gw:80,https://gw:443</GatewayEndpoint>
<!-- Endpoint of the Websocket APIs hosted in this API Gateway -->
<GatewayWSEndpoint>ws://gw:9099</GatewayWSEndpoint>
<APIGateway>
<Environments>
<Environment>
<Name>****</Name>