大家好,又见面了,我是你们的朋友全栈君。下载OneSQL for PostgreSQL
mkdir -p /root/source/kong
cd /root/source/kong
wget http://www.onexsoft.cn/software/onepgsql-9.4.11-rhel5-linux64.tar.gz
安装PostgreSQL
tar zxf onepgsql-9.4.11-rhel5-linux64.tar.gz -C /opt/websuite/
mv /opt/websuite/pgsql9411 /opt/websuite/pgsql
#创建PGSQL用户及用户组
groupadd -g 26 -o -r postgres
useradd -M -g postgres -o -r -d /database/pgsql -s /bin/bash -N -u 26 postgres
#创建pgsql数据目录及日志目录
mkdir -p /database/pgsql/{data,logs}
chown -R postgres /database/pgsql
#添加环境变量
vi /etc/profile.d/pgsql.sh
export PATH=$PATH:/opt/websuite/pgsql/bin
export PG_HOME=/opt/websuite/pgsql
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${PG_HOME}/lib
export PGDATA=/database/pgsql/data
export PGLOG=/database/pgsql/log/pgsql.log
#切换用户初始化PGSQL
su postgres
initdb -E utf8 -D /database/pgsql/data -W -U postgres
注:以下操作均在postgres环境下操作
#增加PGSQL访问权限,修改/database/pgsql/data/pg_hba.conf
host??? kong??????????? kong??????????? 172.16.4.0/23?????????? trust
新增的内容意思是允许172.16.4.0/23网段的机器可以使用用户kong访问数据库kong
#调整PGSQL的监听地址
sed -i “/#listen_addresses/c listen_addresses=’172.16.5.160′” /database/pgsql/data/postgresql.conf
#启动PGSQL
pg_ctl start -D /database/pgsql/data -l /database/pgsql/log/pgsql.log
#创建用户kong,根据提示设置用户kong的密码
createuser -l -E kong -P
#创建数据库kong
createdb -E utf8 -O kong kong
?
172.16.5.3上的操作
安装依赖软件包
rpm –ivh http://mirrors.163.com/centos/6/extras/x86_64/Packages/centos-release-scl-rh-2-3.el6.centos.noarch.rpm
yum check-update
yum install devtoolset-3-gcc devtoolset-3-gcc-c++ devtoolset-3-libstdc++-devel gperftools-devel gperftools-libs
下载源码包
mkdir -p /root/source/kong
cd /root/source/kong
wget https://openresty.org/download/openresty-1.11.2.2.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
wget http://luarocks.github.io/luarocks/releases/luarocks-2.4.2.tar.gz
git clone https://github.com/cloudflare/sslconfig.git
wget https://github.com/Mashape/kong/archive/0.10.3.tar.gz -O kong-0.10.3.tar.gz
安装OpenSSL
tar zxf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
patch -p1 < /root/source/kong/sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
./config threads shared no-zlib no-comp no-ssl2 no-ssl3 no-ssl3-method –prefix=/opt/websuite/kong/openssl
make depend
make && make install
安装OpenResty
#创建用户及用户组
groupadd websuite
useradd -g websuite -M -s /sbin/nologin websuite
#编译安装openresty
mkdir -p /root/source/tengine/module/
cd /root/source/tengine/module/
git clone git://github.com/vozlt/nginx-module-vts.git
cd /root/source/kong
tar zxf openresty-1.11.2.2.tar.gz
tar zxf pcre-8.40.tar.gz
cd openresty-1.11.2.2
./configure –prefix=/opt/websuite/kong -j24 –without-http_xss_module –without-http_form_input_module –without-http_encrypted_session_module –without-http_srcache_module –without-http_memc_module –without-http_redis2_module –without-http_redis_module –without-http_lua_upstream_module –without-http_rds_json_module –without-http_rds_json_module –with-http_iconv_module –without-lua_resty_mysql –without-lua_resty_upload –without-lua_rds_parser –without-lua51 –with-luajit –without-luajit-lua52 –sbin-path=/opt/websuite/kong/sbin/nginx –conf-path=/opt/config/kong/nginx.conf –error-log-path=/opt/logs/kong/error.log –http-log-path=/opt/logs/kong/access.log –pid-path=/opt/run/kong –user=websuite –group=websuite –without-select_module –without-poll_module –with-threads –with-file-aio –with-http_realip_module –with-http_addition_module –with-http_auth_request_module –with-http_random_index_module –with-http_slice_module –with-http_stub_status_module –with-http_ssl_module –without-http_uwsgi_module –without-http_scgi_module –without-http_memcached_module –without-http_ssi_module –http-client-body-temp-path=/opt/websuite/kong/temp/client –http-proxy-temp-path=/opt/websuite/kong/temp/proxy –without-http_fastcgi_module –without-mail_pop3_module –without-mail_imap_module –without-mail_smtp_module –with-google_perftools_module –modules-path=/opt/websuite/kong/modules –with-http_v2_module –without-http_upstream_least_conn_module –without-http_upstream_ip_hash_module –with-cc-opt=’-w -pipe -march=native -mtune=native -m128bit-long-double -m64 -fno-builtin-malloc -I/opt/websuite/kong/openssl/include’ –with-ld-opt=’-L/opt/websuite/kong/openssl/lib’ –with-pcre=../pcre-8.40 –with-pcre-opt=-fPIC –with-pcre-jit –add-dynamic-module=/root/source/tengine/module/nginx-module-vts
gmake -j8 && make install
(如报错checking for Google perftools in /usr/local/ … not found执行以下副操作)
副操作:
上传准备好的libunwind-1.0.tar.gz到/usr/local/src
cd /usr/local/src
tar zxvf libunwind-1.0.tar.gz
cd libunwind-1.0
./configure –prefix=/usr/local/libunwind && make && make install
如果报错/usr/bin/ld: cannot find -lunwind-x86_64 则问题原因实际就是autotools兼容性的问题,运行命令autoreconf -i -f ,在重新编译安装下
上传 gperftools-2.5.91.tar.gz至/usr/local/src
tar zxvf gperftools-2.5.91.tar.gz
cd gperftools-2.5.91
vi src/sampler.cc
#在 #include <stdint.h> 后添加
#ifndef SIZE_MAX
#define SIZE_MAX (4294967295U)
#endif
./configure -prefix=/usr/local/gperftools -enable-frame-pointers && make && make install
cd /root/source/kong/openresty-1.11.2.2
vi ./bundle/nginx-1.11.2/auto/lib/google-perftools/conf 修改相关/usr/local/lib目录为/usr/local/gperftools/lib
副操作完成
#创建OpenResty所需目录
mkdir -p /opt/{run,logs}/kong
mkdir -p /opt/websuite/kong/temp/{client,proxy}
chown -R websuite.websuite /opt/{run,logs}/kong
chown -R websuite.websuite /opt/websuite/kong/temp
安装luarocks
cd ..
tar zxf luarocks-2.4.2.tar.gz
cd luarocks-2.4.2
./configure –prefix=/opt/websuite/kong –rocks-tree=/opt/websuite/kong/luajit –sysconfdir=/opt/config/kong/luarocks –lua-suffix=jit –with-lua=/opt/websuite/kong/luajit –with-lua-include=/opt/websuite/kong/luajit/include/luajit-2.1
(如果报错Lua interpreter not found in /opt/websuite/kong/luajit/bin)则安装一下luajit
make build
make install
echo ‘export PATH=”${PATH}:/opt/websuite/kong/bin:/opt/websuite/kong/sbin:/opt/websuite/kong/luajit/bin”‘ > /etc/profile.d/kong.sh source /etc/profile.d/kong.sh
luarocks install luarocks
安装Kong
tar zxf kong-0.10.3.tar.gz
cd kong-0.10.3
sed -i ‘/OPENSSL_DIR ?=/c OPENSSL_DIR ?= /opt/websuite/kong/openssl’ Makefile
vi kong-0.10.3-0.rockspec
修改luasocket的版本为3.0rc1-2
make install
cp -r bin/* /opt/websuite/kong/bin/
安装Serf
上传serf_0.8.1_linux_amd64.zip
unzip serf_0.8.1_linux_amd64.zip
mv serf /opt/websuite/kong/bin/
调整Kong的配置
—/opt/websuite/kong/luajit/share/lua/5.1/kong/conf_loader.lua
将
local DEFAULT_PATHS = {
“/etc/kong/kong.conf”,
“/etc/kong.conf”
}
local PREFIX_PATHS = {
serf_pid = {“pids”, “serf.pid”},
serf_log = {“logs”, “serf.log”},
serf_event = {“serf”, “serf_event.sh”},
serf_node_id = {“serf”, “serf.id”}
;
nginx_pid = {“pids”, “nginx.pid”},
nginx_err_logs = {“logs”, “error.log”},
nginx_acc_logs = {“logs”, “access.log”},
nginx_admin_acc_logs = {“logs”, “admin_access.log”},
nginx_conf = {“nginx.conf”},
nginx_kong_conf = {“nginx-kong.conf”}
;
修改为(红色字体为修改部分)
local DEFAULT_PATHS = {
“/opt/config/kong/kong.conf” //此处
}
?
local PREFIX_PATHS = {
serf_pid = {“/opt/run/kong”, “serf.pid”}, //此处
serf_log = {“/opt/logs/kong”, “serf.log”}, //此处
? serf_event = {“serf”, “serf_event.sh”},
? serf_node_id = {“serf”, “serf.id”}
? ;
nginx_pid = {“/opt/run/kong”, “nginx.pid”},//此处
nginx_err_logs = {“/opt/logs/kong”, “error.log”},//此处
nginx_acc_logs = {“/opt/logs/kong”, “access.log”},//此处
nginx_admin_acc_logs = {“/opt/logs/kong”, “admin_access.log”},//此处
nginx_conf = {“nginx.conf”},
nginx_kong_conf = {“nginx-kong.conf”}
;
—/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/kong_defaults.lua
将
return [[
prefix = /usr/local/kong/
log_level = notice
proxy_access_log = logs/access.log
proxy_error_log = logs/error.log
admin_access_log = logs/admin_access.log
admin_error_log = logs/error.log
custom_plugins = NONE
anonymous_reports = on
proxy_listen = 0.0.0.0:8000
proxy_listen_ssl = 0.0.0.0:8443
admin_listen = 0.0.0.0:8001
admin_listen_ssl = 0.0.0.0:8444
nginx_worker_processes = auto
nginx_optimizations = on
nginx_daemon = on
mem_cache_size = 128m
ssl = on
ssl_cert = NONE
ssl_cert_key = NONE
client_ssl = off
client_ssl_cert = NONE
client_ssl_cert_key = NONE
ssl_cipher_suite = modern
ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
admin_ssl = on
admin_ssl_cert = NONE
admin_ssl_cert_key = NONE
upstream_keepalive = 60
server_tokens = on
latency_tokens = on
error_default_type = text/plain
client_max_body_size = 0
client_body_buffer_size = 8k
database = postgres
pg_host = 127.0.0.1
pg_port = 5432
pg_database = kong
pg_user = kong
pg_password = NONE
pg_ssl = off
pg_ssl_verify = off
cassandra_contact_points = 127.0.0.1
cassandra_port = 9042
cassandra_keyspace = kong
cassandra_timeout = 5000
cassandra_ssl = off
cassandra_ssl_verify = off
cassandra_username = kong
cassandra_password = NONE
cassandra_consistency = ONE
cassandra_lb_policy = RoundRobin
cassandra_local_datacenter = NONE
cassandra_repl_strategy = SimpleStrategy
cassandra_repl_factor = 1
cassandra_data_centers = dc1:2,dc2:3
cassandra_schema_consensus_timeout = 10000
cluster_listen = 0.0.0.0:7946
cluster_listen_rpc = 127.0.0.1:7373
cluster_advertise = NONE
cluster_encrypt_key = NONE
cluster_keyring_file = NONE
cluster_profile = wan
cluster_ttl_on_failure = 3600
dns_resolver = NONE
dns_hostsfile = /etc/hosts
lua_code_cache = on
lua_socket_pool_size = 30
lua_ssl_trusted_certificate = NONE
lua_ssl_verify_depth = 1
lua_package_path = ?/init.lua;./kong/?.lua
lua_package_cpath = NONE
serf_path = serf
]]
修改为(红色字体部分可根据自己的实际情况修改)
return [[
prefix = /opt/config/kong/ //此处
log_level = notice
proxy_access_log = /opt/logs/kong/access.log //此处
proxy_error_log = /opt/logs/kong/error.log //此处
admin_access_log = /opt/logs/kong/admin_access.log //此处
admin_error_log = /opt/logs/kong/error.log //此处
custom_plugins = NONE
anonymous_reports = on
proxy_listen = 0.0.0.0:80 //此处
proxy_listen_ssl = 0.0.0.0:443 //此处
admin_listen = 0.0.0.0:8001 //此处
admin_listen_ssl = 0.0.0.0:8444 //此处
nginx_worker_processes = auto
nginx_optimizations = on
nginx_daemon = on
mem_cache_size = 128m
ssl = on
ssl_cert = NONE
ssl_cert_key = NONE
client_ssl = off
client_ssl_cert = NONE
client_ssl_cert_key = NONE
ssl_cipher_suite = modern
ssl_ciphers=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
admin_ssl = on
admin_ssl_cert = NONE
admin_ssl_cert_key = NONE
upstream_keepalive = 60
server_tokens = on
latency_tokens = on
database = postgres
pg_host = 172.16.5.160 //此处根据实际的情况配置
pg_port = 5432 //此处根据实际的情况配置
pg_database = kong //此处根据实际的情况配置
pg_user = kong //此处根据实际的情况配置
pg_password = ttpai //此处根据实际的情况配置
pg_ssl = off
pg_ssl_verify = off
cassandra_contact_points = 127.0.0.1?? (如果不使用cassandra,请保留这一行cassandra的配置,否则在目前的版本之间升级会报错)
cluster_listen = 0.0.0.0:7946
cluster_listen_rpc = 127.0.0.1:7373
cluster_advertise = NONE
cluster_encrypt_key = NONE
cluster_keyring_file = NONE
cluster_profile = wan
cluster_ttl_on_failure = 3600
dns_resolver = 119.29.29.29 //此处根据实际的dns
dns_hostsfile = /etc/hosts
lua_code_cache = on
lua_socket_pool_size = 30
lua_ssl_trusted_certificate = NONE
lua_ssl_verify_depth = 1
lua_package_path = ?/init.lua;./kong/?.lua
lua_package_cpath = NONE
serf_path = /opt/websuite/kong/bin/serf //此处
]]
?
—/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/nginx.lua
将
return [[
worker_processes ${
{NGINX_WORKER_PROCESSES}};
daemon ${
{NGINX_DAEMON}};
pid pids/nginx.pid;
error_log ${
{PROXY_ERROR_LOG}} ${
{LOG_LEVEL}};
> if nginx_optimizations then
worker_rlimit_nofile ${
{WORKER_RLIMIT}};
> end
events {
> if nginx_optimizations then
worker_connections ${
{WORKER_CONNECTIONS}};
multi_accept on;
> end
}
http {
??? include ‘nginx-kong.conf’;
}
]]
修改为(红色字体为修改部分)
return [[
worker_processes ${
{NGINX_WORKER_PROCESSES}};
daemon ${
{NGINX_DAEMON}};
pid /opt/run/kong/nginx.pid; //此处
error_log ${
{PROXY_ERROR_LOG}} ${
{LOG_LEVEL}};
> if nginx_optimizations then
worker_rlimit_nofile ${
{WORKER_RLIMIT}};
> end
events {
> if nginx_optimizations then
worker_connections ${
{WORKER_CONNECTIONS}};
multi_accept on;
> end
}
http {
include ‘nginx-kong.conf’;
}
]]
修改Kong个别脚本适配自定义安装的OpenResty
—/opt/websuite/kong/luajit/share/lua/5.1/lapis/cmd/nginx.lua
将
nginx_search_paths = {
“/opt/openresty/nginx/sbin/”,
“/usr/local/openresty/nginx/sbin/”,
“/usr/local/opt/openresty/bin/”,
“/usr/sbin/”,
“”
},
修改为
nginx_search_paths = {
“/opt/websuite/kong/sbin/”
},
—/opt/websuite/kong/luajit/share/lua/5.1/kong/cmd/utils/serf_signals.lua
将
local serf_search_paths = {
“serf”,
“/usr/local/bin/serf”
}
修改为
local serf_search_paths = {
“/opt/websuite/kong/bin/serf”
}
ln -s /opt/websuite/kong/openssl/lib/libssl.so /usr/lib64/libssl.so
ln -s /opt/websuite/kong/openssl/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.1.0.0
ln -s /opt/websuite/kong/openssl/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0
ln -s /usr/local/gperftools/lib/libprofiler.so.0 /usr/lib64/libprofiler.so.0
启动Kong
kong start or kong start -vv(如果执行kong start报错,可以使用kong start -vv来进行调试)
安装admin ui
上传node-v6.0.0-linux-x64.tar.gz
解压后
tar zxf node-v6.0.0-linux-x64.tar.gz
然后 制作软连接
ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/npm /usr/local/sbin
ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/node /usr/local/sbin
npm install -g kong-dashboard
ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/kong-dashboard /usr/local/sbin
# Start Kong Dashboard
kong-dashboard start –kong-url http://0.0.0.0:8001
# Start Kong Dashboard on a custom port
kong-dashboard start –kong-url http://0.0.0.0:8001 –basic-auth callcent=callcent admin=admin
–port [port]
# Start Kong Dashboard with basic auth
kong-dashboard start –kong-url http://0.0.0.0:8001 –p 8002 –basic-auth callcent=callcent admin=admin
# See full list of start options
kong-dashboard start –help
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/153198.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...