Fatal编程技术网
  • wso2/
  • Wso2 如何使用apache前端在分布式设置中正确设置APIM存储?

Wso2 如何使用apache前端在分布式设置中正确设置APIM存储?

wso2

Wso2 如何使用apache前端在分布式设置中正确设置APIM存储?,wso2,reverse-proxy,distributed,apim,Wso2,Reverse Proxy,Distributed,Apim,WSO2 APIM 2.6.0的场景: 1个用于API发布者的虚拟机->前端:(网关工作人员经理) 1个虚拟机用于API存储->前端: 流量管理器的1个虚拟机->前端: 2个虚拟机用于网关群集->LB:(网关工作者) 2个虚拟机作为KM集群->LB: 商店中的carbon.xml: store.mydomain store.mydomain 商店中的apimager.xml: 我的网关 https://api.mydomain:443/services/ ${admin.username}

WSO2 APIM 2.6.0的场景:
1个用于API发布者的虚拟机->前端:(网关工作人员经理)
1个虚拟机用于API存储->前端:
流量管理器的1个虚拟机->前端:
2个虚拟机用于网关群集->LB:(网关工作者)
2个虚拟机作为KM集群->LB:

商店中的carbon.xml:

store.mydomain
store.mydomain
商店中的apimager.xml:


我的网关
https://api.mydomain:443/services/
${admin.username}
${admin.password}
http://api.mydomain:80,https://api.mydomain:443
ws://${carbon.local.ip}:9099
发布测试API后,当我尝试测试它时,存储将其用作请求URI:

请求URL:
来自API应用商店的样本请求:
curl-k-X GET“-H”接受:应用程序/json“-H”授权:承载1fcf7e3f-8292-3110-8cff-27226caa59a8“

直接发送到网关LB的请求正常
样本请求:
curl-k-X GET“-H”接受:应用程序/json“-H”授权:承载1fcf7e3f-8292-3110-8cff-27226caa59a8“
响应:{“版本”:“1.0.0”,“nome”:“测试api”}

其他信息:在网关工作人员之间安装了NFS
is KMs之间安装了NFS
发布者应该是网关管理器

附加信息 可以观察到,在API发布后,APIM发布者和APIM商店中的概述没有显示端点:

但是Publisher Server中的my apimager.xml看起来像是正确的配置,如下所示:

发布服务器中的apimager.xml:


生产和沙箱
这是一个混合网关,处理生产和沙箱令牌流量。
https://api.mydomain:443/services/
${admin.username}
${admin.password}
http://api.mydomain:80,https://api.mydomain:443
ws://${carbon.local.ip}:9099
新更新

对于VirtualServer api.mydomain:443 InsideAppache,我的配置为:

<VirtualHost api.mydomain:443>

        SSLEngine on
        SSLCipherSuite HIGH:!aNULL:!MD5
        SSLHonorCipherOrder on
        ...
        ServerName api.mydomain

        CustomLog /var/log/httpd/api.log combined
        ErrorLog /var/log/httpd/api.error.log
        LogLevel debug

        # disable forward proxy requests
        ProxyRequests off
        SSLProxyEngine On
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        ProxyPreserveHost On

        UseCanonicalName On

        Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

    <Proxy balancer://apissl_nio>
        # Add a member to the load balancing group
        BalancerMember https://gtw01.mydomain:8243 route=1
        BalancerMember https://gtw02.mydomain:8243 route=2
        ProxySet stickysession=ROUTEID
        ProxySet lbmethod=byrequests
    </Proxy>
    ProxyPass /revoke balancer://apissl_nio/revoke
    ProxyPassReverse /revoke balancer://apissl_nio/revoke

    ProxyPass /token balancer://apissl_nio/token
    ProxyPassReverse /token balancer://apissl_nio/token

    <Proxy balancer://apissl_mgt>
        # Add a member to the load balancing group
        BalancerMember https://gtw01.mydomain:9443 route=3
        BalancerMember https://gtw02.mydomain:9443 route=4
        ProxySet stickysession=ROUTEID
        ProxySet lbmethod=byrequests
    </Proxy>

    ProxyPass /services balancer://apissl_mgt/services
    ProxyPassReverse /services balancer://apissl_mgt/services


</VirtualHost>


斯伦金安
SSLCipherSuite高:!阿努尔:!MD5
SSLHonorCipherOrder开启
...
ServerName api.mydomain
CustomLog/var/log/httpd/api.log组合
ErrorLog/var/log/httpd/api.error.log
日志级调试
#禁用转发代理请求
代理请求关闭
SSLProxyEngine打开
SSLProxyCheckPeerCN关闭
SSLProxyCheckPeerName关闭
SSLProxycheckpeer关闭
代理主机
在上使用CanonicalName
标头添加集Cookie“ROUTEID=。%{BALANCER\u WORKER\u ROUTE}e;path=/”env=BALANCER\u ROUTE\u已更改
#向负载平衡组添加成员
平衡员https://gtw01.mydomain:8243 路线=1
平衡员https://gtw02.mydomain:8243 路线=2
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
代理通过/撤销balancer://apissl_nio/revoke
ProxyPassReverse/revokebalancer://apissl_nio/revoke
代理通行证/代币balancer://apissl_nio/token
ProxyPassReverse/令牌balancer://apissl_nio/token
#向负载平衡组添加成员
平衡员https://gtw01.mydomain:9443 路线=3
平衡员https://gtw02.mydomain:9443 路线=4
ProxySet stickysession=ROUTEID
ProxySet lbmethod=byrequests
代理通行证/服务balancer://apissl_mgt/services
ProxyPassReverse/servicesbalancer://apissl_mgt/services
服务器URL用于网关的管理服务,而不是NIO。 您应该启用对9443/9763端口的访问,或者创建一个新的虚拟主机来平衡网关实例的9443和/或9763端口

    <Environment type="hybrid" api-console="true">
        <Name>Production and Sandbox</Name>
        <Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
        <!-- Server URL of the API gateway -->

        <ServerURL>https://gwmng:9443${carbon.context}services/</ServerURL>
                <!-- Admin username for the API gateway. -->
        <Username>${admin.username}</Username>
        <!-- Admin password for the API gateway.-->
        <Password>${admin.password}</Password>
        <!-- Endpoint URLs for the APIs hosted in this API gateway.-->
        <GatewayEndpoint>http://gw:80,https://gw:443</GatewayEndpoint>
        <!-- Endpoint of the Websocket APIs hosted in this API Gateway -->
        <GatewayWSEndpoint>ws://gw:9099</GatewayWSEndpoint>


生产和沙箱
这是一个混合网关,处理生产和沙箱令牌流量。
https://gwmng:9443${carbon.context}服务/
${admin.username}
${admin.password}
http://gw:80,https://gw:443
ws://gw:9099
首先,感谢您的评论和回答。我在

<APIGateway>
    <Environments>
      <Environment>
          <Name>****</Name>


****
我使用与其他组件不同的环境名称部署了存储。由于发布者使用该名称选择正确的网关来部署API,因此存储区找不到端点,即使您的ServerURL和GatewayEndpoint填写正确

真奇怪。它应该使用您在
中设置的URL。你还有其他的吗?没有。只有这一个。嗨,猎鹰!谢谢您的回答,但是我的负载平衡器正在为网关工作程序中的9443端口映射。我已经升级了我的问题,以明确这一点…正是。但是我发现了问题,你可以从我的回答中看到。谢谢 
<VirtualHost api.mydomain:443>

        SSLEngine on
        SSLCipherSuite HIGH:!aNULL:!MD5
        SSLHonorCipherOrder on
        ...
        ServerName api.mydomain

        CustomLog /var/log/httpd/api.log combined
        ErrorLog /var/log/httpd/api.error.log
        LogLevel debug

        # disable forward proxy requests
        ProxyRequests off
        SSLProxyEngine On
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        ProxyPreserveHost On

        UseCanonicalName On

        Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

    <Proxy balancer://apissl_nio>
        # Add a member to the load balancing group
        BalancerMember https://gtw01.mydomain:8243 route=1
        BalancerMember https://gtw02.mydomain:8243 route=2
        ProxySet stickysession=ROUTEID
        ProxySet lbmethod=byrequests
    </Proxy>
    ProxyPass /revoke balancer://apissl_nio/revoke
    ProxyPassReverse /revoke balancer://apissl_nio/revoke

    ProxyPass /token balancer://apissl_nio/token
    ProxyPassReverse /token balancer://apissl_nio/token

    <Proxy balancer://apissl_mgt>
        # Add a member to the load balancing group
        BalancerMember https://gtw01.mydomain:9443 route=3
        BalancerMember https://gtw02.mydomain:9443 route=4
        ProxySet stickysession=ROUTEID
        ProxySet lbmethod=byrequests
    </Proxy>

    ProxyPass /services balancer://apissl_mgt/services
    ProxyPassReverse /services balancer://apissl_mgt/services


</VirtualHost>

    <Environment type="hybrid" api-console="true">
        <Name>Production and Sandbox</Name>
        <Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
        <!-- Server URL of the API gateway -->

        <ServerURL>https://gwmng:9443${carbon.context}services/</ServerURL>
                <!-- Admin username for the API gateway. -->
        <Username>${admin.username}</Username>
        <!-- Admin password for the API gateway.-->
        <Password>${admin.password}</Password>
        <!-- Endpoint URLs for the APIs hosted in this API gateway.-->
        <GatewayEndpoint>http://gw:80,https://gw:443</GatewayEndpoint>
        <!-- Endpoint of the Websocket APIs hosted in this API Gateway -->
        <GatewayWSEndpoint>ws://gw:9099</GatewayWSEndpoint>

<APIGateway>
    <Environments>
      <Environment>
          <Name>****</Name>