kong安装配置手册

kong安装配置手册下载OneSQLforPostgreSQLmkdir-p/root/source/kongcd/root/source/kongwgethttp://www.onexsoft.cn/software/onepgsql-9.4.11-rhel5-linux64.tar.gz安装PostgreSQLtarzxfonepgsql-9.4.11-rhel5-linux64.tar.gz-…

大家好,又见面了,我是你们的朋友全栈君。下载OneSQL for PostgreSQL

mkdir -p /root/source/kong

cd /root/source/kong

wget http://www.onexsoft.cn/software/onepgsql-9.4.11-rhel5-linux64.tar.gz

安装PostgreSQL

tar zxf onepgsql-9.4.11-rhel5-linux64.tar.gz -C /opt/websuite/

mv /opt/websuite/pgsql9411 /opt/websuite/pgsql

#创建PGSQL用户及用户组

groupadd -g 26 -o -r postgres

useradd -M -g postgres -o -r -d /database/pgsql -s /bin/bash -N -u 26 postgres

#创建pgsql数据目录及日志目录

mkdir -p /database/pgsql/{data,logs}

chown -R postgres /database/pgsql

#添加环境变量

vi /etc/profile.d/pgsql.sh

export PATH=$PATH:/opt/websuite/pgsql/bin

export PG_HOME=/opt/websuite/pgsql

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${PG_HOME}/lib

export PGDATA=/database/pgsql/data

export PGLOG=/database/pgsql/log/pgsql.log

#切换用户初始化PGSQL

su postgres

initdb -E utf8 -D /database/pgsql/data -W -U postgres

注:以下操作均在postgres环境下操作

#增加PGSQL访问权限,修改/database/pgsql/data/pg_hba.conf

host??? kong??????????? kong??????????? 172.16.4.0/23?????????? trust

新增的内容意思是允许172.16.4.0/23网段的机器可以使用用户kong访问数据库kong

#调整PGSQL的监听地址

sed -i “/#listen_addresses/c listen_addresses=’172.16.5.160′” /database/pgsql/data/postgresql.conf

#启动PGSQL

pg_ctl start -D /database/pgsql/data -l /database/pgsql/log/pgsql.log

#创建用户kong,根据提示设置用户kong的密码

createuser -l -E kong -P

#创建数据库kong

createdb -E utf8 -O kong kong

?

172.16.5.3上的操作

安装依赖软件包

rpm –ivh http://mirrors.163.com/centos/6/extras/x86_64/Packages/centos-release-scl-rh-2-3.el6.centos.noarch.rpm

yum check-update

yum install devtoolset-3-gcc devtoolset-3-gcc-c++ devtoolset-3-libstdc++-devel gperftools-devel gperftools-libs

下载源码包

mkdir -p /root/source/kong

cd /root/source/kong

wget https://openresty.org/download/openresty-1.11.2.2.tar.gz

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz

wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz

wget http://luarocks.github.io/luarocks/releases/luarocks-2.4.2.tar.gz

git clone https://github.com/cloudflare/sslconfig.git

wget https://github.com/Mashape/kong/archive/0.10.3.tar.gz -O kong-0.10.3.tar.gz

安装OpenSSL

tar zxf openssl-1.0.2j.tar.gz

cd openssl-1.0.2j

patch -p1 < /root/source/kong/sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch

./config threads shared no-zlib no-comp no-ssl2 no-ssl3 no-ssl3-method –prefix=/opt/websuite/kong/openssl

make depend

make && make install

安装OpenResty

#创建用户及用户组

groupadd websuite

useradd -g websuite -M -s /sbin/nologin websuite

#编译安装openresty

mkdir -p /root/source/tengine/module/

cd /root/source/tengine/module/

git clone git://github.com/vozlt/nginx-module-vts.git

cd /root/source/kong

tar zxf openresty-1.11.2.2.tar.gz

tar zxf pcre-8.40.tar.gz

cd openresty-1.11.2.2

./configure –prefix=/opt/websuite/kong -j24 –without-http_xss_module –without-http_form_input_module –without-http_encrypted_session_module –without-http_srcache_module –without-http_memc_module –without-http_redis2_module –without-http_redis_module –without-http_lua_upstream_module –without-http_rds_json_module –without-http_rds_json_module –with-http_iconv_module –without-lua_resty_mysql –without-lua_resty_upload –without-lua_rds_parser –without-lua51 –with-luajit –without-luajit-lua52 –sbin-path=/opt/websuite/kong/sbin/nginx –conf-path=/opt/config/kong/nginx.conf –error-log-path=/opt/logs/kong/error.log –http-log-path=/opt/logs/kong/access.log –pid-path=/opt/run/kong –user=websuite –group=websuite –without-select_module –without-poll_module –with-threads –with-file-aio –with-http_realip_module –with-http_addition_module –with-http_auth_request_module –with-http_random_index_module –with-http_slice_module –with-http_stub_status_module –with-http_ssl_module –without-http_uwsgi_module –without-http_scgi_module –without-http_memcached_module –without-http_ssi_module –http-client-body-temp-path=/opt/websuite/kong/temp/client –http-proxy-temp-path=/opt/websuite/kong/temp/proxy –without-http_fastcgi_module –without-mail_pop3_module –without-mail_imap_module –without-mail_smtp_module –with-google_perftools_module –modules-path=/opt/websuite/kong/modules –with-http_v2_module –without-http_upstream_least_conn_module –without-http_upstream_ip_hash_module –with-cc-opt=’-w -pipe -march=native -mtune=native -m128bit-long-double -m64 -fno-builtin-malloc -I/opt/websuite/kong/openssl/include’ –with-ld-opt=’-L/opt/websuite/kong/openssl/lib’ –with-pcre=../pcre-8.40 –with-pcre-opt=-fPIC –with-pcre-jit –add-dynamic-module=/root/source/tengine/module/nginx-module-vts

gmake -j8 && make install

(如报错checking for Google perftools in /usr/local/ … not found执行以下副操作)

副操作:

上传准备好的libunwind-1.0.tar.gz到/usr/local/src

cd /usr/local/src

tar zxvf libunwind-1.0.tar.gz

cd libunwind-1.0

 ./configure –prefix=/usr/local/libunwind && make && make install

 如果报错/usr/bin/ld: cannot find -lunwind-x86_64 则问题原因实际就是autotools兼容性的问题,运行命令autoreconf -i -f  ,在重新编译安装下

 上传 gperftools-2.5.91.tar.gz至/usr/local/src

 tar zxvf gperftools-2.5.91.tar.gz

 cd gperftools-2.5.91

 vi src/sampler.cc

 #在 #include <stdint.h> 后添加

#ifndef SIZE_MAX

#define SIZE_MAX (4294967295U)

#endif

 ./configure -prefix=/usr/local/gperftools -enable-frame-pointers && make && make install

 cd /root/source/kong/openresty-1.11.2.2

 vi ./bundle/nginx-1.11.2/auto/lib/google-perftools/conf 修改相关/usr/local/lib目录为/usr/local/gperftools/lib 

 副操作完成

 

#创建OpenResty所需目录

mkdir -p /opt/{run,logs}/kong

mkdir -p /opt/websuite/kong/temp/{client,proxy}

chown -R websuite.websuite /opt/{run,logs}/kong

chown -R websuite.websuite /opt/websuite/kong/temp

安装luarocks

cd ..

tar zxf luarocks-2.4.2.tar.gz

cd luarocks-2.4.2

./configure –prefix=/opt/websuite/kong –rocks-tree=/opt/websuite/kong/luajit –sysconfdir=/opt/config/kong/luarocks –lua-suffix=jit –with-lua=/opt/websuite/kong/luajit –with-lua-include=/opt/websuite/kong/luajit/include/luajit-2.1

(如果报错Lua interpreter not found in /opt/websuite/kong/luajit/bin)则安装一下luajit

make build

make install

echo ‘export PATH=”${PATH}:/opt/websuite/kong/bin:/opt/websuite/kong/sbin:/opt/websuite/kong/luajit/bin”‘ > /etc/profile.d/kong.sh source /etc/profile.d/kong.sh

luarocks install luarocks

安装Kong

tar zxf kong-0.10.3.tar.gz

cd kong-0.10.3

sed -i ‘/OPENSSL_DIR ?=/c OPENSSL_DIR ?= /opt/websuite/kong/openssl’ Makefile

vi kong-0.10.3-0.rockspec

修改luasocket的版本为3.0rc1-2

make install

cp -r bin/* /opt/websuite/kong/bin/

安装Serf

上传serf_0.8.1_linux_amd64.zip

unzip serf_0.8.1_linux_amd64.zip

mv serf /opt/websuite/kong/bin/

调整Kong的配置

—/opt/websuite/kong/luajit/share/lua/5.1/kong/conf_loader.lua



local DEFAULT_PATHS = {

 “/etc/kong/kong.conf”,

 “/etc/kong.conf”

}

local PREFIX_PATHS = {

 serf_pid = {“pids”, “serf.pid”},

 serf_log = {“logs”, “serf.log”},

 serf_event = {“serf”, “serf_event.sh”},

 serf_node_id = {“serf”, “serf.id”}

 ;

 nginx_pid = {“pids”, “nginx.pid”}, 

 nginx_err_logs = {“logs”, “error.log”},

 nginx_acc_logs = {“logs”, “access.log”},

 nginx_admin_acc_logs = {“logs”, “admin_access.log”},

 nginx_conf = {“nginx.conf”},

 nginx_kong_conf = {“nginx-kong.conf”}

;

修改为(红色字体为修改部分)

local DEFAULT_PATHS = {


“/opt/config/kong/kong.conf” //此处

}

?

local PREFIX_PATHS = {


 serf_pid = {“/opt/run/kong”, “serf.pid”},  //此处
 serf_log = {“/opt/logs/kong”, “serf.log”}, //此处


? serf_event = {“serf”, “serf_event.sh”},

? serf_node_id = {“serf”, “serf.id”}

? ;


 nginx_pid = {“/opt/run/kong”, “nginx.pid”},//此处
 nginx_err_logs = {“/opt/logs/kong”, “error.log”},//此处
 nginx_acc_logs = {“/opt/logs/kong”, “access.log”},//此处
 nginx_admin_acc_logs = {“/opt/logs/kong”, “admin_access.log”},//此处


 nginx_conf = {“nginx.conf”},

 nginx_kong_conf = {“nginx-kong.conf”}

 ;

—/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/kong_defaults.lua



return [[

prefix = /usr/local/kong/

log_level = notice

proxy_access_log = logs/access.log

proxy_error_log = logs/error.log

admin_access_log = logs/admin_access.log

admin_error_log = logs/error.log

custom_plugins = NONE

anonymous_reports = on


proxy_listen = 0.0.0.0:8000
proxy_listen_ssl = 0.0.0.0:8443
admin_listen = 0.0.0.0:8001
admin_listen_ssl = 0.0.0.0:8444


nginx_worker_processes = auto

nginx_optimizations = on

nginx_daemon = on

mem_cache_size = 128m

ssl = on

ssl_cert = NONE

ssl_cert_key = NONE

client_ssl = off

client_ssl_cert = NONE

client_ssl_cert_key = NONE

ssl_cipher_suite = modern

ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

admin_ssl = on

admin_ssl_cert = NONE

admin_ssl_cert_key = NONE

upstream_keepalive = 60

server_tokens = on

latency_tokens = on

error_default_type = text/plain

client_max_body_size = 0

client_body_buffer_size = 8k

database = postgres

pg_host = 127.0.0.1

pg_port = 5432

pg_database = kong

pg_user = kong

pg_password = NONE

pg_ssl = off

pg_ssl_verify = off

cassandra_contact_points = 127.0.0.1

cassandra_port = 9042

cassandra_keyspace = kong

cassandra_timeout = 5000

cassandra_ssl = off

cassandra_ssl_verify = off

cassandra_username = kong

cassandra_password = NONE

cassandra_consistency = ONE

cassandra_lb_policy = RoundRobin

cassandra_local_datacenter = NONE

cassandra_repl_strategy = SimpleStrategy

cassandra_repl_factor = 1

cassandra_data_centers = dc1:2,dc2:3

cassandra_schema_consensus_timeout = 10000

cluster_listen = 0.0.0.0:7946

cluster_listen_rpc = 127.0.0.1:7373

cluster_advertise = NONE

cluster_encrypt_key = NONE

cluster_keyring_file = NONE

cluster_profile = wan

cluster_ttl_on_failure = 3600

dns_resolver = NONE

dns_hostsfile = /etc/hosts

lua_code_cache = on

lua_socket_pool_size = 30

lua_ssl_trusted_certificate = NONE

lua_ssl_verify_depth = 1

lua_package_path = ?/init.lua;./kong/?.lua

lua_package_cpath = NONE

serf_path = serf

]]

修改为(红色字体部分可根据自己的实际情况修改)

return [[

prefix = /opt/config/kong/ //此处

log_level = notice


proxy_access_log = /opt/logs/kong/access.log //此处
proxy_error_log = /opt/logs/kong/error.log //此处
admin_access_log = /opt/logs/kong/admin_access.log //此处
admin_error_log = /opt/logs/kong/error.log //此处


custom_plugins = NONE

anonymous_reports = on


proxy_listen = 0.0.0.0:80  //此处
proxy_listen_ssl = 0.0.0.0:443 //此处
admin_listen = 0.0.0.0:8001 //此处
admin_listen_ssl = 0.0.0.0:8444  //此处


nginx_worker_processes = auto

nginx_optimizations = on

nginx_daemon = on

mem_cache_size = 128m

ssl = on

ssl_cert = NONE

ssl_cert_key = NONE

client_ssl = off

client_ssl_cert = NONE

client_ssl_cert_key = NONE

ssl_cipher_suite = modern

ssl_ciphers=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

admin_ssl = on

admin_ssl_cert = NONE

admin_ssl_cert_key = NONE

upstream_keepalive = 60

server_tokens = on

latency_tokens = on

database = postgres


pg_host = 172.16.5.160 //此处根据实际的情况配置
pg_port = 5432 //此处根据实际的情况配置
pg_database = kong //此处根据实际的情况配置
pg_user = kong //此处根据实际的情况配置
pg_password = ttpai //此处根据实际的情况配置


pg_ssl = off

pg_ssl_verify = off

cassandra_contact_points = 127.0.0.1?? (如果不使用cassandra,请保留这一行cassandra的配置,否则在目前的版本之间升级会报错)

cluster_listen = 0.0.0.0:7946

cluster_listen_rpc = 127.0.0.1:7373

cluster_advertise = NONE

cluster_encrypt_key = NONE

cluster_keyring_file = NONE

cluster_profile = wan

cluster_ttl_on_failure = 3600


dns_resolver = 119.29.29.29   //此处根据实际的dns

dns_hostsfile = /etc/hosts

lua_code_cache = on

lua_socket_pool_size = 30

lua_ssl_trusted_certificate = NONE

lua_ssl_verify_depth = 1

lua_package_path = ?/init.lua;./kong/?.lua

lua_package_cpath = NONE


serf_path = /opt/websuite/kong/bin/serf  //此处

]]

?

—/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/nginx.lua



return [[

worker_processes ${
{NGINX_WORKER_PROCESSES}};

daemon ${
{NGINX_DAEMON}};

pid pids/nginx.pid;

error_log ${
{PROXY_ERROR_LOG}} ${
{LOG_LEVEL}};

> if nginx_optimizations then

worker_rlimit_nofile ${
{WORKER_RLIMIT}};

> end

events {

> if nginx_optimizations then

 worker_connections ${
{WORKER_CONNECTIONS}};

 multi_accept on;

> end

}

http {

??? include ‘nginx-kong.conf’;

}

]]

修改为(红色字体为修改部分)

return [[

worker_processes ${
{NGINX_WORKER_PROCESSES}};

daemon ${
{NGINX_DAEMON}};


pid /opt/run/kong/nginx.pid;  //此处

error_log ${
{PROXY_ERROR_LOG}} ${
{LOG_LEVEL}};

> if nginx_optimizations then

worker_rlimit_nofile ${
{WORKER_RLIMIT}};

> end

events {

> if nginx_optimizations then

 worker_connections ${
{WORKER_CONNECTIONS}};

 multi_accept on;

> end

}

http {

 include ‘nginx-kong.conf’;

}

]]

修改Kong个别脚本适配自定义安装的OpenResty

—/opt/websuite/kong/luajit/share/lua/5.1/lapis/cmd/nginx.lua



nginx_search_paths = {

 “/opt/openresty/nginx/sbin/”,

 “/usr/local/openresty/nginx/sbin/”,

 “/usr/local/opt/openresty/bin/”,

 “/usr/sbin/”,

 “”

 },

修改为

nginx_search_paths = {


 “/opt/websuite/kong/sbin/”

},

—/opt/websuite/kong/luajit/share/lua/5.1/kong/cmd/utils/serf_signals.lua



local serf_search_paths = {

 “serf”,

 “/usr/local/bin/serf”

}

修改为

local serf_search_paths = {


 “/opt/websuite/kong/bin/serf”

}

ln -s  /opt/websuite/kong/openssl/lib/libssl.so /usr/lib64/libssl.so

ln -s /opt/websuite/kong/openssl/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.1.0.0

ln -s /opt/websuite/kong/openssl/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0

ln -s /usr/local/gperftools/lib/libprofiler.so.0 /usr/lib64/libprofiler.so.0

启动Kong

kong start or kong start -vv(如果执行kong start报错,可以使用kong start -vv来进行调试)

安装admin ui

上传node-v6.0.0-linux-x64.tar.gz

解压后

tar zxf node-v6.0.0-linux-x64.tar.gz

然后 制作软连接

ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/npm /usr/local/sbin

ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/node /usr/local/sbin

npm install -g kong-dashboard

 ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/kong-dashboard /usr/local/sbin

# Start Kong Dashboard 

kong-dashboard start –kong-url http://0.0.0.0:8001

 

# Start Kong Dashboard on a custom port 

kong-dashboard start –kong-url http://0.0.0.0:8001 –basic-auth callcent=callcent admin=admin

  –port [port]

 

# Start Kong Dashboard with basic auth 

kong-dashboard start –kong-url http://0.0.0.0:8001 –p 8002 –basic-auth callcent=callcent admin=admin

 

# See full list of start options 

kong-dashboard start –help

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/153198.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号