Spring-Cloud-Gateway 基礎（一）

介紹

• 基於 Spring Framework 5，Project Reactor 和 Spring Boot 2.0
• 集成 Hystrix 斷路器（未來要廢）
• 集成 Spring Cloud DiscoveryClient
• Predicates 和 Filters 作用於特定路由，易於編寫的 Predicates 和 Filters
• 具備一些網關的高級功能：動態路由、限流、路徑重寫、提供安全、監控、追蹤、彈性
• SCG 只能在 Spring Boot 和 Spring Webflux 環境下運行，不能在 War 包形式下運行。

概念

• Route：網關的基本構建塊。它由ID，目標URI，謂詞集合和過濾器集合定義。如果聚合謂詞為true，則匹配路由。
• Predicate：可以匹配 HTTP 中的所有請求。
• Filter：對於請求的攔截，可以修改請求內容。

請求流程

請求流程

• Filter 通過責任鏈模式，可以在請求前和請求后添加自己邏輯。
• 在沒有端口的路由中定義的URI，HTTP和HTTPS URI的默認端口值分別為80和443。

Predicates 匹配規則

快捷方式配置

• 示例

  

• 快捷方式配置由過濾器名稱識別，后跟等號（=），后跟以逗號（，）分隔的參數值。

全稱配置

• 示例

  

• 把 Cookie 的全稱都寫出來，有 name，有 regexp。

Route 匹配規則

規則（時間）之后匹配

• 示例：所有請求在 2017-01-20 之后可以訪問

  

規則之前匹配

• 示例：所有請求在 2017-01-20 之前可以訪問

  

請求兩次匹配

• 示例：兩個時間之間可以訪問

  

Cookie 匹配

• 示例：有對應 Cookie 才可以通過

  

Header 匹配

• 示例：請求頭里面帶有 X-reaquest-Id 才能通過

  

Host 匹配

• 示例：允許二級域名通過

  

方法（GET/POST/PUT/DELETE）匹配

• 示例：允許 GET 方法通過

  

路徑匹配

• 示例：允許對應路徑通過

  

請求參數匹配

• 示例：允許參數通過

  

遠程IP地址匹配

• 示例：允許指定 IP 段通過

  

權重路由匹配

• 示例：兩個服務權重分流

  

網關攔截器工廠

添加請求頭

添加請求參數

添加返回頭

返回頭去重

Hystrix 攔截過濾（未來廢棄）

CiruitBreaker 過濾器

• 普通拉閘

  

• 高階拉閘

  

FallbackHeaders 異常轉發附加信息

請求頭參數替換

前綴過濾

保持 Host 請求頭

請求限流（Redis 實現）

重定向過濾器

移除請求頭

移除返回頭

移除請求參數

context路徑修改

重新返回頭

• RewriteLocationResponseHeader

  

替換請求頭參數

保存 session

安全頭 SecureHeaders

SetPath 替換 context

請求頭參數全部替換

返回頭參數全部替換

修改返回狀態

踢出請求前綴

重試機制

請求大小限制

替換源請求地址

修改請求體

修改返回體

Global Filter

Filter 排序

Routing 過濾器

負載均衡過濾器

響應時負載均衡

Netty routing 過濾

Netty Routing Filter

Websocket Filter

Metrics Filter

HttpHeadersFilter

RemoveHopByHop

• 移除一些請求頭

XForwarded

• 添加一些 X-Forwarded-* headers

TLS 和 SSL

服務添加 SSL 認證

GateWay 添加認證

TLS 握手配置

配置

RouteDefinitionLocator 支持多種配置格式

Route 元數據配置

元數據配置

Http 超時配置

全局配置

針對單個配置

支持流式配置

Netty 訪問日志

訪問日志配置

跨域配置（CORS）

配置

網關監控

啟動

查看網關 routes 配置信息

• GET /actuator/gateway/routes

• 對應開關

  

  返回結果

  

檢索路由過濾器

• 全局過濾器

  • GET /actuator/gateway/globalfilters

    

• 路由過濾器

  • GET /actuator/gateway/routefilters

    

刷新路由緩存

• POST /actuator/gateway/refresh

獲取 route 列表詳情

• GET /actuator/gateway/routes

獲取單個 route 詳情

• GET /actuator/gateway/routes/{id}

新增一個 route

• POST /gateway/routes/{id_route_to_create}

  

刪除一個 route

• DELETE /gateway/routes/{id_route_to_delete}

獲取所有的 endpoint

• GET /actuator/gateway

常見問題

日志級別

• org.springframework.cloud.gateway
• org.springframework.http.server.reactive
• org.springframework.web.reactive
• org.springframework.boot.autoconfigure.web
• reactor.netty
• redisratelimiter

啟動竊聽功能

• reactor.netty DEBUG、TRACE
• spring.cloud.gateway.httpserver.wiretap=true
• spring.cloud.gateway.httpclient.wiretap=true

定制網關

自定義 Route

• 需要實現 RoutePredicateFactory 接口，一般繼承 AbstractRoutePredicateFactory 類即可

• 栗子

  

自定義 GatewayFilter

• 實現 GatewayFilterFactory 接口，一般繼承 AbstractGatewayFilterFactory 類即可。

• PreGatewayFilterFactory

  

  PostGatewayFilterFactory

  

自定義 Global Filter

• 實現 GlobalFilter 接口

• 栗子

  

gateway 網關參數

• spring.cloud.gateway.default-filters
  • List of filter definitions that are applied to every route.
• spring.cloud.gateway.discovery.locator.enabled
  • false
  • Flag that enables DiscoveryClient gateway integration.
• spring.cloud.gateway.discovery.locator.filters
• spring.cloud.gateway.discovery.locator.include-expression
  • true
  • SpEL expression that will evaluate whether to include a service in gateway integration or not, defaults to: true.
• spring.cloud.gateway.discovery.locator.lower-case-service-id false
  • Option to lower case serviceId in predicates and filters, defaults to false. Useful with eureka when it automatically uppercases serviceId. so MYSERIVCE, would match /myservice/**
• spring.cloud.gateway.discovery.locator.predicates
• spring.cloud.gateway.discovery.locator.route-id-prefix
  • The prefix for the routeId, defaults to discoveryClient.getClass().getSimpleName() + "_". Service Id will be appended to create the routeId.
• spring.cloud.gateway.discovery.locator.url-expression
  • 'lb://'+serviceId
  • SpEL expression that create the uri for each route, defaults to: 'lb://'+serviceId.
• spring.cloud.gateway.enabled true
  • Enables gateway functionality.
• spring.cloud.gateway.fail-on-route-definition-error
  • true
  • Option to fail on route definition errors, defaults to true. Otherwise, a warning is logged.
• spring.cloud.gateway.filter.remove-hop-by-hop.headers
• spring.cloud.gateway.filter.remove-hop-by-hop.order
• spring.cloud.gateway.filter.request-rate-limiter.deny-empty-key
  • true
  • Switch to deny requests if the Key Resolver returns an empty key, defaults to true.
• spring.cloud.gateway.filter.request-rate-limiter.empty-key-status-code
  • HttpStatus to return when denyEmptyKey is true, defaults to FORBIDDEN.
• spring.cloud.gateway.filter.secure-headers.content-security-policy
  • default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
• spring.cloud.gateway.filter.secure-headers.content-type-options
  • nosniff
• spring.cloud.gateway.filter.secure-headers.disable
• spring.cloud.gateway.filter.secure-headers.download-options
  • noopen
• spring.cloud.gateway.filter.secure-headers.frame-options
  • DENY
• spring.cloud.gateway.filter.secure-headers.permitted-cross-domain-policies
  • none
• spring.cloud.gateway.filter.secure-headers.referrer-policy
  • no-referrer
• spring.cloud.gateway.filter.secure-headers.strict-transport-security
  • max-age=631138519
• spring.cloud.gateway.filter.secure-headers.xss-protection-header
  • 1 ; mode=block
• spring.cloud.gateway.forwarded.enabled
  • true
  • Enables the ForwardedHeadersFilter.
• spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping false
  • If global CORS config should be added to the URL handler.
• spring.cloud.gateway.globalcors.cors-configurations
• spring.cloud.gateway.httpclient.connect-timeout
  • The connect timeout in millis, the default is 45s.
• spring.cloud.gateway.httpclient.max-header-size
  • The max response header size.
• spring.cloud.gateway.httpclient.max-initial-line-length
  • The max initial line length.
• spring.cloud.gateway.httpclient.pool.acquire-timeout
  • Only for type FIXED, the maximum time in millis to wait for aquiring.
• spring.cloud.gateway.httpclient.pool.max-connections
  • Only for type FIXED, the maximum number of connections before starting pending acquisition on existing ones.
• spring.cloud.gateway.httpclient.pool.max-idle-time
  • Time in millis after which the channel will be closed. If NULL, there is no max idle time.
• spring.cloud.gateway.httpclient.pool.max-life-time
  • Duration after which the channel will be closed. If NULL, there is no max life time.
• spring.cloud.gateway.httpclient.pool.name
  • proxy
  • The channel pool map name, defaults to proxy.
• spring.cloud.gateway.httpclient.pool.type
  • Type of pool for HttpClient to use, defaults to ELASTIC.
• spring.cloud.gateway.httpclient.proxy.host
  • Hostname for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.non-proxy-hosts-pattern
  • Regular expression (Java) for a configured list of hosts. that should be reached directly, bypassing the proxy
• spring.cloud.gateway.httpclient.proxy.password
  • Password for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.port
  • Port for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.username
  • Username for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.response-timeout
  • The response timeout.
• spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout
  • 3000ms
  • SSL close_notify flush timeout. Default to 3000 ms.
• spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout-millis
• spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout
  • SSL close_notify read timeout. Default to 0 ms.
• spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout-millis
• spring.cloud.gateway.httpclient.ssl.default-configuration-type
  • The default ssl configuration type. Defaults to TCP.
• spring.cloud.gateway.httpclient.ssl.handshake-timeout
  • 10000ms
  • SSL handshake timeout. Default to 10000 ms
• spring.cloud.gateway.httpclient.ssl.handshake-timeout-millis
• spring.cloud.gateway.httpclient.ssl.key-password
  • Key password, default is same as keyStorePassword.
• spring.cloud.gateway.httpclient.ssl.key-store
  • Keystore path for Netty HttpClient.
• spring.cloud.gateway.httpclient.ssl.key-store-password
  • Keystore password.
• spring.cloud.gateway.httpclient.ssl.key-store-provider
  • Keystore provider for Netty HttpClient, optional field.
• spring.cloud.gateway.httpclient.ssl.key-store-type
  • JKS
  • Keystore type for Netty HttpClient, default is JKS.
• spring.cloud.gateway.httpclient.ssl.trusted-x509-certificates
  • Trusted certificates for verifying the remote endpoint’s certificate.
• spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager
  • false
  • Installs the netty InsecureTrustManagerFactory. This is insecure and not suitable for production.
• spring.cloud.gateway.httpclient.websocket.max-frame-payload-length
  • Max frame payload length.
• spring.cloud.gateway.httpclient.websocket.proxy-ping
  • true
  • Proxy ping frames to downstream services, defaults to true.
• spring.cloud.gateway.httpclient.wiretap
  • false
  • Enables wiretap debugging for Netty HttpClient.
• spring.cloud.gateway.httpserver.wiretap
  • false
  • Enables wiretap debugging for Netty HttpServer.
• spring.cloud.gateway.loadbalancer.use404
  • false
• spring.cloud.gateway.metrics.enabled
  • true
  • Enables the collection of metrics data.
• spring.cloud.gateway.metrics.tags
  • Tags map that added to metrics.
• spring.cloud.gateway.redis-rate-limiter.burst-capacity-header
  • X-RateLimit-Burst-Capacity
  • The name of the header that returns the burst capacity configuration.
• spring.cloud.gateway.redis-rate-limiter.config
• spring.cloud.gateway.redis-rate-limiter.include-headers
  • true
  • Whether or not to include headers containing rate limiter information, defaults to true.
• spring.cloud.gateway.redis-rate-limiter.remaining-header
  • X-RateLimit-Remaining
  • The name of the header that returns number of remaining requests during the current second.
• spring.cloud.gateway.redis-rate-limiter.replenish-rate-header
  • X-RateLimit-Replenish-Rate
  • The name of the header that returns the replenish rate configuration.
• spring.cloud.gateway.redis-rate-limiter.requested-tokens-header
  • X-RateLimit-Requested-Tokens
• The name of the header that returns the requested tokens configuration.
  • spring.cloud.gateway.routes
  • List of Routes.
• spring.cloud.gateway.set-status.original-status-header-name
  • The name of the header which contains http code of the proxied request.
• spring.cloud.gateway.streaming-media-types
• spring.cloud.gateway.x-forwarded.enabled
  • true
  • If the XForwardedHeadersFilter is enabled.
• spring.cloud.gateway.x-forwarded.for-append
  • true
  • If appending X-Forwarded-For as a list is enabled.
• spring.cloud.gateway.x-forwarded.for-enabled
  • true
  • If X-Forwarded-For is enabled.
• spring.cloud.gateway.x-forwarded.host-append
  • true
  • If appending X-Forwarded-Host as a list is enabled.
• spring.cloud.gateway.x-forwarded.host-enabled
  • true
  • If X-Forwarded-Host is enabled.
• spring.cloud.gateway.x-forwarded.order
  • 0
  • The order of the XForwardedHeadersFilter.
• spring.cloud.gateway.x-forwarded.port-append
  • true
  • If appending X-Forwarded-Port as a list is enabled.
• spring.cloud.gateway.x-forwarded.port-enabled
  • true
  • If X-Forwarded-Port is enabled.
• spring.cloud.gateway.x-forwarded.prefix-append
  • true
  • If appending X-Forwarded-Prefix as a list is enabled.
• spring.cloud.gateway.x-forwarded.prefix-enabled
  • true
  • If X-Forwarded-Prefix is enabled.
• spring.cloud.gateway.x-forwarded.proto-append
  • true
  • If appending X-Forwarded-Proto as a list is enabled.
• spring.cloud.gateway.x-forwarded.proto-enabled
  • true
  • If X-Forwarded-Proto is enabled.