Spring-Cloud-Gateway-基礎篇（二）

1. 項目地址

https://github.com/HoldDie/spring-cloud-gateway

1. 基本概念

   介紹

• 基於 Spring Framework 5，Project Reactor 和 Spring Boot 2.0
• 集成 Hystrix 斷路器（未來要廢）
• 集成 Spring Cloud DiscoveryClient
• Predicates 和 Filters 作用於特定路由，易於編寫的 Predicates 和 Filters
• 具備一些網關的高級功能：動態路由、限流、路徑重寫、提供安全、監控、追蹤、彈性

• SCG 只能在 Spring Boot 和 Spring Webflux 環境下運行，不能在 War 包形式下運行。

  概念

• Route：網關的基本構建塊。它由ID，目標URI，謂詞集合和過濾器集合定義。如果聚合謂詞為true，則匹配路由。

• Predicate：可以匹配 HTTP 中的所有請求。

• Filter：對於請求的攔截，可以修改請求內容。

  請求流程

請求流程

• Filter 通過責任鏈模式，可以在請求前和請求后添加自己邏輯。
• 在沒有端口的路由中定義的URI，HTTP和HTTPS URI的默認端口值分別為80和443。
  ## Predicates 匹配規則

快捷方式配置

示例

• 快捷方式配置由過濾器名稱識別，后跟等號（=），后跟以逗號（，）分隔的參數值。
  ### 全稱配置

示例

• 把 Cookie 的全稱都寫出來，有 name，有 regexp。
  ## Route 匹配規則

規則（時間）之后匹配

示例：所有請求在 2017-01-20 之后可以訪問

規則之前匹配

示例：所有請求在 2017-01-20 之前可以訪問

區間匹配

示例：兩個時間之間可以訪問

Cookie 匹配

示例：有對應 Cookie 才可以通過

Header 匹配

示例：請求頭里面帶有 X-reaquest-Id 才能通過

Host 匹配

示例：允許二級域名通過

方法（GET/POST/PUT/DELETE）匹配

示例：允許 GET 方法通過

路徑匹配

示例：允許對應路徑通過

請求參數匹配

示例：允許參數通過

遠程IP地址匹配

示例：允許指定 IP 段通過

權重路由匹配

示例：兩個服務權重分流

網關攔截器工廠

添加請求頭

添加請求參數

添加返回頭

返回頭去重

Hystrix 攔截過濾（未來廢棄）

CiruitBreaker 過濾器

普通拉閘

高階拉閘

FallbackHeaders 異常轉發附加信息

請求頭參數替換

前綴過濾

保持 Host 請求頭

請求限流（Redis 實現）

重定向過濾器

移除請求頭

移除返回頭

移除請求參數

context路徑修改

重新返回頭

RewriteLocationResponseHeader

替換請求頭參數

保存 session

安全頭 SecureHeaders

SetPath 替換 context

請求頭參數全部替換

返回頭參數全部替換

修改返回狀態

踢出請求前綴

重試機制

請求大小限制

替換源請求地址

修改請求體

修改返回體

Global Filter

Filter 排序

Routing 過濾器

負載均衡過濾器

響應時負載均衡

Netty routing 過濾

Netty Routing Filter

Websocket Filter

Metrics Filter

HttpHeadersFilter

RemoveHopByHop

• 移除一些請求頭

  XForwarded

• 添加一些 X-Forwarded-* headers

  TLS 和 SSL

服務添加 SSL 認證

GateWay 添加認證

TLS 握手配置

配置

RouteDefinitionLocator 支持多種配置格式

Route 元數據配置

元數據配置

Http 超時配置

全局配置

針對單個配置

支持流式配置

Netty 訪問日志

訪問日志配置

跨域配置（CORS）

配置

網關監控

啟動

查看網關 routes 配置信息

• GET /actuator/gateway/routes

對應開關

返回結果

檢索路由過濾器

• 全局過濾器

GET /actuator/gateway/globalfilters

• 路由過濾器

GET /actuator/gateway/routefilters

刷新路由緩存

• POST /actuator/gateway/refresh

  獲取 route 列表詳情

• GET /actuator/gateway/routes

  獲取單個 route 詳情

• GET /actuator/gateway/routes/{id}

  新增一個 route

POST /gateway/routes/{id_route_to_create}

刪除一個 route

• DELETE /gateway/routes/{id_route_to_delete}

  獲取所有的 endpoint

• GET /actuator/gateway

  常見問題

日志級別

• org.springframework.cloud.gateway
• org.springframework.http.server.reactive
• org.springframework.web.reactive
• org.springframework.boot.autoconfigure.web
• reactor.netty

• redisratelimiter

  啟動竊聽功能

• reactor.netty DEBUG、TRACE

• spring.cloud.gateway.httpserver.wiretap=true

• spring.cloud.gateway.httpclient.wiretap=true

  定制網關

自定義 Route

• 需要實現 RoutePredicateFactory 接口，一般繼承 AbstractRoutePredicateFactory 類即可

栗子

自定義 GatewayFilter

• 實現 GatewayFilterFactory 接口，一般繼承 AbstractGatewayFilterFactory 類即可。

PreGatewayFilterFactory

PostGatewayFilterFactory

自定義 Global Filter

• 實現 GlobalFilter 接口

栗子

gateway 網關參數

• spring.cloud.gateway.default-filters
  • List of filter definitions that are applied to every route.
• spring.cloud.gateway.discovery.locator.enabled
  • false
  • Flag that enables DiscoveryClient gateway integration.
• spring.cloud.gateway.discovery.locator.filters
• spring.cloud.gateway.discovery.locator.include-expression
  • true
  • SpEL expression that will evaluate whether to include a service in gateway integration or not, defaults to: true.
• spring.cloud.gateway.discovery.locator.lower-case-service-id false
  • Option to lower case serviceId in predicates and filters, defaults to false. Useful with eureka when it automatically uppercases serviceId. so MYSERIVCE, would match /myservice/**
• spring.cloud.gateway.discovery.locator.predicates
• spring.cloud.gateway.discovery.locator.route-id-prefix
  • The prefix for the routeId, defaults to discoveryClient.getClass().getSimpleName() + "_". Service Id will be appended to create the routeId.
• spring.cloud.gateway.discovery.locator.url-expression
  • 'lb://'+serviceId
  • SpEL expression that create the uri for each route, defaults to: 'lb://'+serviceId.
• spring.cloud.gateway.enabled true
  • Enables gateway functionality.
• spring.cloud.gateway.fail-on-route-definition-error
  • true
  • Option to fail on route definition errors, defaults to true. Otherwise, a warning is logged.
• spring.cloud.gateway.filter.remove-hop-by-hop.headers
• spring.cloud.gateway.filter.remove-hop-by-hop.order
• spring.cloud.gateway.filter.request-rate-limiter.deny-empty-key
  • true
  • Switch to deny requests if the Key Resolver returns an empty key, defaults to true.
• spring.cloud.gateway.filter.request-rate-limiter.empty-key-status-code
  • HttpStatus to return when denyEmptyKey is true, defaults to FORBIDDEN.
• spring.cloud.gateway.filter.secure-headers.content-security-policy
  • default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
• spring.cloud.gateway.filter.secure-headers.content-type-options
  • nosniff
• spring.cloud.gateway.filter.secure-headers.disable
• spring.cloud.gateway.filter.secure-headers.download-options
  • noopen
• spring.cloud.gateway.filter.secure-headers.frame-options
  • DENY
• spring.cloud.gateway.filter.secure-headers.permitted-cross-domain-policies
  • none
• spring.cloud.gateway.filter.secure-headers.referrer-policy
  • no-referrer
• spring.cloud.gateway.filter.secure-headers.strict-transport-security
  • max-age=631138519
• spring.cloud.gateway.filter.secure-headers.xss-protection-header
  • 1 ; mode=block
• spring.cloud.gateway.forwarded.enabled
  • true
  • Enables the ForwardedHeadersFilter.
• spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping false
  • If global CORS config should be added to the URL handler.
• spring.cloud.gateway.globalcors.cors-configurations
• spring.cloud.gateway.httpclient.connect-timeout
  • The connect timeout in millis, the default is 45s.
• spring.cloud.gateway.httpclient.max-header-size
  • The max response header size.
• spring.cloud.gateway.httpclient.max-initial-line-length
  • The max initial line length.
• spring.cloud.gateway.httpclient.pool.acquire-timeout
  • Only for type FIXED, the maximum time in millis to wait for aquiring.
• spring.cloud.gateway.httpclient.pool.max-connections
  • Only for type FIXED, the maximum number of connections before starting pending acquisition on existing ones.
• spring.cloud.gateway.httpclient.pool.max-idle-time
  • Time in millis after which the channel will be closed. If NULL, there is no max idle time.
• spring.cloud.gateway.httpclient.pool.max-life-time
  • Duration after which the channel will be closed. If NULL, there is no max life time.
• spring.cloud.gateway.httpclient.pool.name
  • proxy
  • The channel pool map name, defaults to proxy.
• spring.cloud.gateway.httpclient.pool.type
  • Type of pool for HttpClient to use, defaults to ELASTIC.
• spring.cloud.gateway.httpclient.proxy.host
  • Hostname for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.non-proxy-hosts-pattern
  • Regular expression (Java) for a configured list of hosts. that should be reached directly, bypassing the proxy
• spring.cloud.gateway.httpclient.proxy.password
  • Password for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.port
  • Port for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.proxy.username
  • Username for proxy configuration of Netty HttpClient.
• spring.cloud.gateway.httpclient.response-timeout
  • The response timeout.
• spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout
  • 3000ms
  • SSL close_notify flush timeout. Default to 3000 ms.
• spring.cloud.gateway.httpclient.ssl.close-notify-flush-timeout-millis
• spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout
  • SSL close_notify read timeout. Default to 0 ms.
• spring.cloud.gateway.httpclient.ssl.close-notify-read-timeout-millis
• spring.cloud.gateway.httpclient.ssl.default-configuration-type
  • The default ssl configuration type. Defaults to TCP.
• spring.cloud.gateway.httpclient.ssl.handshake-timeout
  • 10000ms
  • SSL handshake timeout. Default to 10000 ms
• spring.cloud.gateway.httpclient.ssl.handshake-timeout-millis
• spring.cloud.gateway.httpclient.ssl.key-password
  • Key password, default is same as keyStorePassword.
• spring.cloud.gateway.httpclient.ssl.key-store
  • Keystore path for Netty HttpClient.
• spring.cloud.gateway.httpclient.ssl.key-store-password
  • Keystore password.
• spring.cloud.gateway.httpclient.ssl.key-store-provider
  • Keystore provider for Netty HttpClient, optional field.
• spring.cloud.gateway.httpclient.ssl.key-store-type
  • JKS
  • Keystore type for Netty HttpClient, default is JKS.
• spring.cloud.gateway.httpclient.ssl.trusted-x509-certificates
  • Trusted certificates for verifying the remote endpoint’s certificate.
• spring.cloud.gateway.httpclient.ssl.use-insecure-trust-manager
  • false
  • Installs the netty InsecureTrustManagerFactory. This is insecure and not suitable for production.
• spring.cloud.gateway.httpclient.websocket.max-frame-payload-length
  • Max frame payload length.
• spring.cloud.gateway.httpclient.websocket.proxy-ping
  • true
  • Proxy ping frames to downstream services, defaults to true.
• spring.cloud.gateway.httpclient.wiretap
  • false
  • Enables wiretap debugging for Netty HttpClient.
• spring.cloud.gateway.httpserver.wiretap
  • false
  • Enables wiretap debugging for Netty HttpServer.
• spring.cloud.gateway.loadbalancer.use404
  • false
• spring.cloud.gateway.metrics.enabled
  • true
  • Enables the collection of metrics data.
• spring.cloud.gateway.metrics.tags
  • Tags map that added to metrics.
• spring.cloud.gateway.redis-rate-limiter.burst-capacity-header
  • X-RateLimit-Burst-Capacity
  • The name of the header that returns the burst capacity configuration.
• spring.cloud.gateway.redis-rate-limiter.config
• spring.cloud.gateway.redis-rate-limiter.include-headers
  • true
  • Whether or not to include headers containing rate limiter information, defaults to true.
• spring.cloud.gateway.redis-rate-limiter.remaining-header
  • X-RateLimit-Remaining
  • The name of the header that returns number of remaining requests during the current second.
• spring.cloud.gateway.redis-rate-limiter.replenish-rate-header
  • X-RateLimit-Replenish-Rate
  • The name of the header that returns the replenish rate configuration.
• spring.cloud.gateway.redis-rate-limiter.requested-tokens-header
  • X-RateLimit-Requested-Tokens
• The name of the header that returns the requested tokens configuration.
  • spring.cloud.gateway.routes
  • List of Routes.
• spring.cloud.gateway.set-status.original-status-header-name
  • The name of the header which contains http code of the proxied request.
• spring.cloud.gateway.streaming-media-types
• spring.cloud.gateway.x-forwarded.enabled
  • true
  • If the XForwardedHeadersFilter is enabled.
• spring.cloud.gateway.x-forwarded.for-append
  • true
  • If appending X-Forwarded-For as a list is enabled.
• spring.cloud.gateway.x-forwarded.for-enabled
  • true
  • If X-Forwarded-For is enabled.
• spring.cloud.gateway.x-forwarded.host-append
  • true
  • If appending X-Forwarded-Host as a list is enabled.
• spring.cloud.gateway.x-forwarded.host-enabled
  • true
  • If X-Forwarded-Host is enabled.
• spring.cloud.gateway.x-forwarded.order
  • 0
  • The order of the XForwardedHeadersFilter.
• spring.cloud.gateway.x-forwarded.port-append
  • true
  • If appending X-Forwarded-Port as a list is enabled.
• spring.cloud.gateway.x-forwarded.port-enabled
  • true
  • If X-Forwarded-Port is enabled.
• spring.cloud.gateway.x-forwarded.prefix-append
  • true
  • If appending X-Forwarded-Prefix as a list is enabled.
• spring.cloud.gateway.x-forwarded.prefix-enabled
  • true
  • If X-Forwarded-Prefix is enabled.
• spring.cloud.gateway.x-forwarded.proto-append
  • true
  • If appending X-Forwarded-Proto as a list is enabled.
• spring.cloud.gateway.x-forwarded.proto-enabled
  • true
  • If X-Forwarded-Proto is enabled.
• 運行栗子
  ### 正常接口代理

curl http://localhost:8080/get
{
"args": {},
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Forwarded": "proto=http;host=\"localhost:8080\";for=\"0:0:0:0:0:0:0:1:58265\"",
"Host": "httpbin.org",
"User-Agent": "curl/7.64.1",
"X--------------": "1.1.1.1",
"X-Amzn-Trace-Id": "Root=1-5fea8da1-49ecda5f16a83c4225d66956",
"X-Forwarded-Host": "localhost:8080"
},
"origin": "203.90.236.199",
"url": "http://localhost:8080/get"
}

使用 Hystrix

curl --dump-header - --header 'Host: www.hystrix.com'
http://localhost:8080/get
HTTP/1.1 200 OK
Date: Tue, 29 Dec 2020 03:07:11 GMT
Content-Type: application/json
Content-Length: 472
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
{
"args": {},
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Forwarded": "proto=http;host=www.hystrix.com;for=\"0:0:0:0:0:0:0:1:60205\"",
"Hello": "World",
"Host": "httpbin.org",
"User-Agent": "curl/7.64.1",
"X--------------": "1.1.1.1",
"X-Amzn-Trace-Id": "Root=1-5fea9d5f-621231a47d809f3718c485f4",
"X-Forwarded-Host": "www.hystrix.com"
},
"origin": "203.90.236.199",
"url": "http://www.hystrix.com/get"
}

壓測結果

wrk -t8 -c40 -d60s --latency http://localhost:8080/get
Running 1m test @ http://localhost:8080/get
8 threads and 40 connections
Thread Stats   Avg      Stdev     Max   +/- Stdev
Latency   294.07ms   65.96ms   1.61s    96.86%
Req/Sec    17.46      8.40    40.00     52.41%
Latency Distribution
50%  285.59ms
75%  288.15ms
90%  289.87ms
99%  601.29ms
8215 requests in 1.00m, 5.26MB read
Socket errors: connect 0, read 0, write 0, timeout 1
Requests/sec:    136.69
Transfer/sec:     89.71KB