kong安装配置手册

大家好，又见面了，我是你们的朋友全栈君。下载OneSQL for PostgreSQL

mkdir -p /root/source/kong

cd /root/source/kong

wget http://www.onexsoft.cn/software/onepgsql-9.4.11-rhel5-linux64.tar.gz

安装PostgreSQL

tar zxf onepgsql-9.4.11-rhel5-linux64.tar.gz -C /opt/websuite/

mv /opt/websuite/pgsql9411 /opt/websuite/pgsql

#创建PGSQL用户及用户组

groupadd -g 26 -o -r postgres

useradd -M -g postgres -o -r -d /database/pgsql -s /bin/bash -N -u 26 postgres

#创建pgsql数据目录及日志目录

mkdir -p /database/pgsql/{data,logs}

chown -R postgres /database/pgsql

#添加环境变量

vi /etc/profile.d/pgsql.sh

export PATH=$PATH:/opt/websuite/pgsql/bin

export PG_HOME=/opt/websuite/pgsql

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${PG_HOME}/lib

export PGDATA=/database/pgsql/data

export PGLOG=/database/pgsql/log/pgsql.log

#切换用户初始化PGSQL

su postgres

initdb -E utf8 -D /database/pgsql/data -W -U postgres

注：以下操作均在postgres环境下操作

#增加PGSQL访问权限，修改/database/pgsql/data/pg_hba.conf

host??? kong??????????? kong??????????? 172.16.4.0/23?????????? trust

新增的内容意思是允许172.16.4.0/23网段的机器可以使用用户kong访问数据库kong

#调整PGSQL的监听地址

sed -i “/#listen_addresses/c listen_addresses=’172.16.5.160′” /database/pgsql/data/postgresql.conf

#启动PGSQL

pg_ctl start -D /database/pgsql/data -l /database/pgsql/log/pgsql.log

#创建用户kong，根据提示设置用户kong的密码

createuser -l -E kong -P

#创建数据库kong

createdb -E utf8 -O kong kong

?

172.16.5.3上的操作

安装依赖软件包

rpm –ivh http://mirrors.163.com/centos/6/extras/x86_64/Packages/centos-release-scl-rh-2-3.el6.centos.noarch.rpm

yum check-update

yum install devtoolset-3-gcc devtoolset-3-gcc-c++ devtoolset-3-libstdc++-devel gperftools-devel gperftools-libs

下载源码包

mkdir -p /root/source/kong

cd /root/source/kong

wget https://openresty.org/download/openresty-1.11.2.2.tar.gz

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz

wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz

wget http://luarocks.github.io/luarocks/releases/luarocks-2.4.2.tar.gz

git clone https://github.com/cloudflare/sslconfig.git

wget https://github.com/Mashape/kong/archive/0.10.3.tar.gz -O kong-0.10.3.tar.gz

安装OpenSSL

tar zxf openssl-1.0.2j.tar.gz

cd openssl-1.0.2j

patch -p1 < /root/source/kong/sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch

./config threads shared no-zlib no-comp no-ssl2 no-ssl3 no-ssl3-method –prefix=/opt/websuite/kong/openssl

make depend

make && make install

安装OpenResty

#创建用户及用户组

groupadd websuite

useradd -g websuite -M -s /sbin/nologin websuite

#编译安装openresty

mkdir -p /root/source/tengine/module/

cd /root/source/tengine/module/

git clone git://github.com/vozlt/nginx-module-vts.git

cd /root/source/kong

tar zxf openresty-1.11.2.2.tar.gz

tar zxf pcre-8.40.tar.gz

cd openresty-1.11.2.2

./configure –prefix=/opt/websuite/kong -j24 –without-http_xss_module –without-http_form_input_module –without-http_encrypted_session_module –without-http_srcache_module –without-http_memc_module –without-http_redis2_module –without-http_redis_module –without-http_lua_upstream_module –without-http_rds_json_module –without-http_rds_json_module –with-http_iconv_module –without-lua_resty_mysql –without-lua_resty_upload –without-lua_rds_parser –without-lua51 –with-luajit –without-luajit-lua52 –sbin-path=/opt/websuite/kong/sbin/nginx –conf-path=/opt/config/kong/nginx.conf –error-log-path=/opt/logs/kong/error.log –http-log-path=/opt/logs/kong/access.log –pid-path=/opt/run/kong –user=websuite –group=websuite –without-select_module –without-poll_module –with-threads –with-file-aio –with-http_realip_module –with-http_addition_module –with-http_auth_request_module –with-http_random_index_module –with-http_slice_module –with-http_stub_status_module –with-http_ssl_module –without-http_uwsgi_module –without-http_scgi_module –without-http_memcached_module –without-http_ssi_module –http-client-body-temp-path=/opt/websuite/kong/temp/client –http-proxy-temp-path=/opt/websuite/kong/temp/proxy –without-http_fastcgi_module –without-mail_pop3_module –without-mail_imap_module –without-mail_smtp_module –with-google_perftools_module –modules-path=/opt/websuite/kong/modules –with-http_v2_module –without-http_upstream_least_conn_module –without-http_upstream_ip_hash_module –with-cc-opt=’-w -pipe -march=native -mtune=native -m128bit-long-double -m64 -fno-builtin-malloc -I/opt/websuite/kong/openssl/include’ –with-ld-opt=’-L/opt/websuite/kong/openssl/lib’ –with-pcre=../pcre-8.40 –with-pcre-opt=-fPIC –with-pcre-jit –add-dynamic-module=/root/source/tengine/module/nginx-module-vts

gmake -j8 && make install

（如报错checking for Google perftools in /usr/local/ … not found执行以下副操作）

副操作：

上传准备好的libunwind-1.0.tar.gz到/usr/local/src

cd /usr/local/src

tar zxvf libunwind-1.0.tar.gz

cd libunwind-1.0

./configure –prefix=/usr/local/libunwind && make && make install

如果报错/usr/bin/ld: cannot find -lunwind-x86_64 则问题原因实际就是autotools兼容性的问题，运行命令autoreconf -i -f ，在重新编译安装下

上传 gperftools-2.5.91.tar.gz至/usr/local/src

tar zxvf gperftools-2.5.91.tar.gz

cd gperftools-2.5.91

vi src/sampler.cc

#在 #include <stdint.h> 后添加

#ifndef SIZE_MAX

#define SIZE_MAX (4294967295U)

#endif

./configure -prefix=/usr/local/gperftools -enable-frame-pointers && make && make install

cd /root/source/kong/openresty-1.11.2.2

vi ./bundle/nginx-1.11.2/auto/lib/google-perftools/conf 修改相关/usr/local/lib目录为/usr/local/gperftools/lib

副操作完成

#创建OpenResty所需目录

mkdir -p /opt/{run,logs}/kong

mkdir -p /opt/websuite/kong/temp/{client,proxy}

chown -R websuite.websuite /opt/{run,logs}/kong

chown -R websuite.websuite /opt/websuite/kong/temp

安装luarocks

cd ..

tar zxf luarocks-2.4.2.tar.gz

cd luarocks-2.4.2

./configure –prefix=/opt/websuite/kong –rocks-tree=/opt/websuite/kong/luajit –sysconfdir=/opt/config/kong/luarocks –lua-suffix=jit –with-lua=/opt/websuite/kong/luajit –with-lua-include=/opt/websuite/kong/luajit/include/luajit-2.1

（如果报错Lua interpreter not found in /opt/websuite/kong/luajit/bin）则安装一下luajit

make build

make install

echo ‘export PATH=”${PATH}:/opt/websuite/kong/bin:/opt/websuite/kong/sbin:/opt/websuite/kong/luajit/bin”‘ > /etc/profile.d/kong.sh source /etc/profile.d/kong.sh

luarocks install luarocks

安装Kong

tar zxf kong-0.10.3.tar.gz

cd kong-0.10.3

sed -i ‘/OPENSSL_DIR ?=/c OPENSSL_DIR ?= /opt/websuite/kong/openssl’ Makefile

vi kong-0.10.3-0.rockspec

修改luasocket的版本为3.0rc1-2

make install

cp -r bin/* /opt/websuite/kong/bin/

安装Serf

上传serf_0.8.1_linux_amd64.zip

unzip serf_0.8.1_linux_amd64.zip

mv serf /opt/websuite/kong/bin/

调整Kong的配置

—/opt/websuite/kong/luajit/share/lua/5.1/kong/conf_loader.lua

将

local DEFAULT_PATHS = {

“/etc/kong/kong.conf”,

“/etc/kong.conf”

}

local PREFIX_PATHS = {

serf_pid = {“pids”, “serf.pid”},

serf_log = {“logs”, “serf.log”},

serf_event = {“serf”, “serf_event.sh”},

serf_node_id = {“serf”, “serf.id”}

;

nginx_pid = {“pids”, “nginx.pid”},

nginx_err_logs = {“logs”, “error.log”},

nginx_acc_logs = {“logs”, “access.log”},

nginx_admin_acc_logs = {“logs”, “admin_access.log”},

nginx_conf = {“nginx.conf”},

nginx_kong_conf = {“nginx-kong.conf”}

;

修改为（红色字体为修改部分）

local DEFAULT_PATHS = {

“/opt/config/kong/kong.conf” //此处

}

?

local PREFIX_PATHS = {

serf_pid = {“/opt/run/kong”, “serf.pid”}, //此处
serf_log = {“/opt/logs/kong”, “serf.log”}, //此处

? serf_event = {“serf”, “serf_event.sh”},

? serf_node_id = {“serf”, “serf.id”}

? ;

nginx_pid = {“/opt/run/kong”, “nginx.pid”},//此处
nginx_err_logs = {“/opt/logs/kong”, “error.log”},//此处
nginx_acc_logs = {“/opt/logs/kong”, “access.log”},//此处
nginx_admin_acc_logs = {“/opt/logs/kong”, “admin_access.log”},//此处

nginx_conf = {“nginx.conf”},

nginx_kong_conf = {“nginx-kong.conf”}

;

—/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/kong_defaults.lua

将

return [[

prefix = /usr/local/kong/

log_level = notice

proxy_access_log = logs/access.log

proxy_error_log = logs/error.log

admin_access_log = logs/admin_access.log

admin_error_log = logs/error.log

custom_plugins = NONE

anonymous_reports = on

proxy_listen = 0.0.0.0:8000
proxy_listen_ssl = 0.0.0.0:8443
admin_listen = 0.0.0.0:8001
admin_listen_ssl = 0.0.0.0:8444

nginx_worker_processes = auto

nginx_optimizations = on

nginx_daemon = on

mem_cache_size = 128m

ssl = on

ssl_cert = NONE

ssl_cert_key = NONE

client_ssl = off

client_ssl_cert = NONE

client_ssl_cert_key = NONE

ssl_cipher_suite = modern

ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

admin_ssl = on

admin_ssl_cert = NONE

admin_ssl_cert_key = NONE

upstream_keepalive = 60

server_tokens = on

latency_tokens = on

error_default_type = text/plain

client_max_body_size = 0

client_body_buffer_size = 8k

database = postgres

pg_host = 127.0.0.1

pg_port = 5432

pg_database = kong

pg_user = kong

pg_password = NONE

pg_ssl = off

pg_ssl_verify = off

cassandra_contact_points = 127.0.0.1

cassandra_port = 9042

cassandra_keyspace = kong

cassandra_timeout = 5000

cassandra_ssl = off

cassandra_ssl_verify = off

cassandra_username = kong

cassandra_password = NONE

cassandra_consistency = ONE

cassandra_lb_policy = RoundRobin

cassandra_local_datacenter = NONE

cassandra_repl_strategy = SimpleStrategy

cassandra_repl_factor = 1

cassandra_data_centers = dc1:2,dc2:3

cassandra_schema_consensus_timeout = 10000

cluster_listen = 0.0.0.0:7946

cluster_listen_rpc = 127.0.0.1:7373

cluster_advertise = NONE

cluster_encrypt_key = NONE

cluster_keyring_file = NONE

cluster_profile = wan

cluster_ttl_on_failure = 3600

dns_resolver = NONE

dns_hostsfile = /etc/hosts

lua_code_cache = on

lua_socket_pool_size = 30

lua_ssl_trusted_certificate = NONE

lua_ssl_verify_depth = 1

lua_package_path = ?/init.lua;./kong/?.lua

lua_package_cpath = NONE

serf_path = serf

]]

修改为（红色字体部分可根据自己的实际情况修改）

return [[

prefix = /opt/config/kong/ //此处

log_level = notice

proxy_access_log = /opt/logs/kong/access.log //此处
proxy_error_log = /opt/logs/kong/error.log //此处
admin_access_log = /opt/logs/kong/admin_access.log //此处
admin_error_log = /opt/logs/kong/error.log //此处

custom_plugins = NONE

anonymous_reports = on

proxy_listen = 0.0.0.0:80 //此处
proxy_listen_ssl = 0.0.0.0:443 //此处
admin_listen = 0.0.0.0:8001 //此处
admin_listen_ssl = 0.0.0.0:8444 //此处

nginx_worker_processes = auto

nginx_optimizations = on

nginx_daemon = on

mem_cache_size = 128m

ssl = on

ssl_cert = NONE

ssl_cert_key = NONE

client_ssl = off

client_ssl_cert = NONE

client_ssl_cert_key = NONE

ssl_cipher_suite = modern

ssl_ciphers=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

admin_ssl = on

admin_ssl_cert = NONE

admin_ssl_cert_key = NONE

upstream_keepalive = 60

server_tokens = on

latency_tokens = on

database = postgres

pg_host = 172.16.5.160 //此处根据实际的情况配置
pg_port = 5432 //此处根据实际的情况配置
pg_database = kong //此处根据实际的情况配置
pg_user = kong //此处根据实际的情况配置
pg_password = ttpai //此处根据实际的情况配置

pg_ssl = off

pg_ssl_verify = off

cassandra_contact_points = 127.0.0.1?? （如果不使用cassandra，请保留这一行cassandra的配置，否则在目前的版本之间升级会报错）

cluster_listen = 0.0.0.0:7946

cluster_listen_rpc = 127.0.0.1:7373

cluster_advertise = NONE

cluster_encrypt_key = NONE

cluster_keyring_file = NONE

cluster_profile = wan

cluster_ttl_on_failure = 3600

dns_resolver = 119.29.29.29 //此处根据实际的dns

dns_hostsfile = /etc/hosts

lua_code_cache = on

lua_socket_pool_size = 30

lua_ssl_trusted_certificate = NONE

lua_ssl_verify_depth = 1

lua_package_path = ?/init.lua;./kong/?.lua

lua_package_cpath = NONE

serf_path = /opt/websuite/kong/bin/serf //此处

]]

?

—/opt/websuite/kong/luajit/share/lua/5.1/kong/templates/nginx.lua

将

return [[

worker_processes ${
{NGINX_WORKER_PROCESSES}};

daemon ${
{NGINX_DAEMON}};

pid pids/nginx.pid;

error_log ${
{PROXY_ERROR_LOG}} ${
{LOG_LEVEL}};

> if nginx_optimizations then

worker_rlimit_nofile ${
{WORKER_RLIMIT}};

> end

events {

> if nginx_optimizations then

worker_connections ${
{WORKER_CONNECTIONS}};

multi_accept on;

> end

}

http {

??? include ‘nginx-kong.conf’;

}

]]

修改为（红色字体为修改部分）

return [[

worker_processes ${
{NGINX_WORKER_PROCESSES}};

daemon ${
{NGINX_DAEMON}};

pid /opt/run/kong/nginx.pid; //此处

error_log ${
{PROXY_ERROR_LOG}} ${
{LOG_LEVEL}};

> if nginx_optimizations then

worker_rlimit_nofile ${
{WORKER_RLIMIT}};

> end

events {

> if nginx_optimizations then

worker_connections ${
{WORKER_CONNECTIONS}};

multi_accept on;

> end

}

http {

include ‘nginx-kong.conf’;

}

]]

修改Kong个别脚本适配自定义安装的OpenResty

—/opt/websuite/kong/luajit/share/lua/5.1/lapis/cmd/nginx.lua

将

nginx_search_paths = {

“/opt/openresty/nginx/sbin/”,

“/usr/local/openresty/nginx/sbin/”,

“/usr/local/opt/openresty/bin/”,

“/usr/sbin/”,

“”

},

修改为

nginx_search_paths = {

“/opt/websuite/kong/sbin/”

},

—/opt/websuite/kong/luajit/share/lua/5.1/kong/cmd/utils/serf_signals.lua

将

local serf_search_paths = {

“serf”,

“/usr/local/bin/serf”

}

修改为

local serf_search_paths = {

“/opt/websuite/kong/bin/serf”

}

ln -s /opt/websuite/kong/openssl/lib/libssl.so /usr/lib64/libssl.so

ln -s /opt/websuite/kong/openssl/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.1.0.0

ln -s /opt/websuite/kong/openssl/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0

ln -s /usr/local/gperftools/lib/libprofiler.so.0 /usr/lib64/libprofiler.so.0

启动Kong

kong start or kong start -vv(如果执行kong start报错，可以使用kong start -vv来进行调试)

安装admin ui

上传node-v6.0.0-linux-x64.tar.gz

解压后

tar zxf node-v6.0.0-linux-x64.tar.gz

然后制作软连接

ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/npm /usr/local/sbin

ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/node /usr/local/sbin

npm install -g kong-dashboard

ln -s /root/source/kong/node-v6.0.0-linux-x64/bin/kong-dashboard /usr/local/sbin

# Start Kong Dashboard

kong-dashboard start –kong-url http://0.0.0.0:8001

# Start Kong Dashboard on a custom port

kong-dashboard start –kong-url http://0.0.0.0:8001 –basic-auth callcent=callcent admin=admin

–port [port]

# Start Kong Dashboard with basic auth

kong-dashboard start –kong-url http://0.0.0.0:8001 –p 8002 –basic-auth callcent=callcent admin=admin

# See full list of start options

kong-dashboard start –help