参考链接

Kong 的安装和启动

准备数据库

提供一个 PostgreSQL 连接地址,及一个具备创建表权限的账号密码,进行数据表的初始化操作

1
2
3
4
5
6
7
docker run --rm \
  -e "KONG_DATABASE=postgres" \
  -e "KONG_PG_HOST=${KONG_PG_HOST}" \
  -e "KONG_PG_DATABASE=kong" \
  -e "KONG_PG_USER=${KONG_PG_USER}" \
  -e "KONG_PG_PASSWORD=${KONG_PG_PASSWORD}" \
 kong/kong-gateway:3.0.0.0-alpine kong migrations bootstrap

启动 Kong

提供一个 PostgreSQL 连接地址,及一个具备读写数据权限的账号密码启动服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
docker run -d --restart=unless-stopped \
  --name kong \
  --network=host \
  -e "KONG_DATABASE=postgres" \
  -e "KONG_PG_HOST=${KONG_PG_HOST}" \
  -e "KONG_PG_DATABASE=kong" \
  -e "KONG_PG_USER=${KONG_PG_USER}" \
  -e "KONG_PG_PASSWORD=${KONG_PG_PASSWORD}" \
  -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
  -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
  -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
  -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
  -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
  kong/kong-gateway:3.0.0.0-alpine

验证服务

1
curl -i -X GET --url http://localhost:8001/services

使用 KongA 进行管理

KongA 不会直接访问 Kong 的数据库,其数据库可以区别于 KongDB 进行保存,支持 MySQL 或 PostgreSQL (而 KongDB 仅支持 PostgreSQL)

此处我使用 MySQL

初始化数据库

1
docker run --rm pantsel/konga:latest -c prepare -a mysql -u mysql://${USERNAME}:${PASSWORD}@${HOST}/${DBNAME}

启动 KongA

1
2
3
4
5
6
7
8
docker run -d --restart=unless-stopped \
  --name konga \
  --network=host \
  -e "TOKEN_SECRET={{somerandomstring}}" \
  -e "DB_ADAPTER=postgres" \
  -e "DB_URI=mysql://${USERNAME}:${PASSWORD}@${HOST}/${DBNAME}" \
  -e "NODE_ENV=production" \
  pantsel/konga

Tips

The general form of a connection URI in PostgreSQL:

1
postgresql://[user[:password]@][netloc][:port][,...][/dbname][?param1=value1&...]

Defines trusted IP addresses blocks that are known to send correct X-Forwarded-* headers.

Requests from trusted IPs make Kong forward their X-Forwarded-* headers upstream.

Non-trusted requests make Kong insert its own X-Forwarded-* headers.

This property also sets the set_real_ip_from directive(s) in the Nginx configuration. It accepts the same type of values (CIDR blocks) but as a comma-separated list.

To trust all /!\ IPs, set this value to 0.0.0.0/0,::/0.

If the special value unix: is specified, all UNIX-domain sockets will be trusted.

See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from for examples of accepted values.

Default: none