1. An overview of the
2. Fast installation
3. APISIX console
4. Dynamic load balancing
5. Current limiting speed limit
6. The authentication
7. Health check
8. eggs

---

5.1 Written on vacation.

Ah! I’m serious!!

1. An overview of the

APISIX is a cloud-native, high-performance, scalable microservices API gateway based on OpenResty + ETCD implementation. It is Chinese open source, has entered Apache for incubation, cow force!!

OpenResty: A scalable Web platform implemented through Lua extension NGINX.

Etcd: Key/Value Storage system.

APISIX provides dynamic load balancing, authentication, traffic limiting and other functions through plug-in mechanism. Of course, we can also develop our own plug-ins to extend.

The overall architecture

• Dynamic load balancing: dynamic load balancing across multiple upstream services. Round-robin polling and consistent hashing are supported.
• Authentication: Supports key-Auth, JWT, basic-Auth, wolf-RBAC and other authentication modes.
• Traffic limiting: Limiting traffic based on speed, number of requests, and concurrency.

APISIX also supports advanced features such as A/B testing, Canary publishing (grayscale publishing), blue-green deployment, monitoring alarms, service observability, and service governance, which are very important features as A microservices API gateway.

APISIX documentation is very complete, because it is Chinese open source, so the documentation is Also Chinese friendly. Therefore, Nai nai here is not beep introduction, fat friends can be read as follows:

• APISIX Official Documentation – Introduction
• APISIX Official Documentation — Plugins
• APISIX Official Documentation — White Paper

Below, we officially enter APISIX’s minimalist introduction tour.

2. Quick installation

In APISIX official Documentation – Installation, the source code package, RPM package, Luarocks, Docker installation methods are introduced. Here we use CentOS 7.X system, so use RPM package.

Because APISIX is based on OpenResty + ETCD, you need to install both of them.

2.1 installation OpenResty

To install OpenResty, use the following command:

# Install the OpenResty YUM software source
$ yum install yum-utils
$ yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo

# Install OpenResty software
$ yum install -y openresty 
Copy the code

2.2 installation etcd

To install etcd, use the following command:

# installation etcd
$ yum install -y etcd

# start etcd
$ service etcd start
Copy the code

2.3 installation APISIX

To install APISIX, use the following command:

Note: The version of APISIX we installed here is version 1.2.

The latest version can be obtained from APISIX official documentation – Building Apache APISIX.

# installation APISIX
$ yum install -y https://github.com/apache/incubator-apisix/releases/download/1.2/apisix-1.2-0.el7.noarch.rpm

# start APISIX
$ apisix start
Copy the code

At this point, APISIX is installed in the /usr/local/apisix directory, using the following command:

$ cd /usr/local/apisix/
$ ls -ls
total 40
4 drwxr-xr-x 8 root   root 4096 May  1 20:40 apisix # APISIX program
4 drwx------ 2 nobody root 4096 May  1 20:44 client_body_temp
4 drwxr-xr-x 3 root   root 4096 May  1 20:50 conf # config file
4 drwxr-xr-x 6 root   root 4096 May  1 20:40 dashboard # APISIX console
4 drwxr-xr-x 5 root   root 4096 May  1 20:40 deps
4 drwx------ 2 nobody root 4096 May  1 20:44 fastcgi_temp
4 drwxrwxr-x 2 root   root 4096 May  1 20:44 logs # log file
4 drwx------ 2 nobody root 4096 May  1 20:44 proxy_temp
4 drwx------ 2 nobody root 4096 May  1 20:44 scgi_temp
4 drwx------ 2 nobody root 4096 May  1 20:44 uwsgi_temp
Copy the code

By default, APISIX is started on port 9080 using the following command:

${curl http://127.0.0.1:9080/"error_msg":"failed to match any routes"}
Copy the code

3. APISIX console

APISIX built-in console allows you to view and maintain APISIX Route, Consumer, Service, SSL, and Upstream. As shown below:

APISIX console

In the/usr/local/apisix/conf/nginx. Conf configuration file, set the apisix console access path to/apisix/dashboard. As shown below:

APISIX console – Configuration

Friendly note: if you are installing APISIX on this machine, you may not perform the following steps.

Considering the safety, APISIX console allows only the machine access, so we need to modify/usr/local/APISIX/conf/config. The yaml configuration file, increase allows access to the remote IP address. As shown below:

APISIX Console – Modify configuration

After modifying the configuration, run the apisix restart command to restart apisix for the configuration to take effect. Then, use the browser to access http://172.16.48.185:9080/apisix/dashboard address, enter APISIX console. The results are shown below:

APISIX console – Login

Log in to the APISIX console using the default account admin/123456. The results are shown below:

APISIX Console – Home page

Note: The APISIX console is implemented by calling the administration API provided by APISIX, so check out the APISIX official documentation – Administration API.

4. Dynamic load balancing

In this section, we implement load balancing for the API interfaces provided by the back-end service. For convenience, Nai Nai at github.com/YunaiV/Spri… The repository provides a Spring Boot project lab-56-Demo01, as shown below:

Spring the Boot program

The final example looks like this:

Effect of the project

4.1 Starting back-end Services

Run the Demo01Application and Demo02Application classes, respectively, and start the two back-end services on ports 18080 and 28080. The sample /demo/echo interface is then called to confirm successful startup.

Friendly reminder: 10.8.8.18 address, the address of the back-end service for Nai deployment.

$curl http://10.8.8.18:18080/demo/echo
echoFor $18080, curl: http://10.8.8.18:28080/demo/echo
echo: 28080Copy the code

4.2 Creating APISIX Upstream

APISIX Upstream, a virtual host abstraction, loads a given number of service nodes according to configuration rules.

For more information on Upstream, see APISIX Official Documentation — Architectural Design (Upstream).

On the “Upstream” menu of the APISIX console, create an APISIX Upstream. As shown below:

APISIX Upstream

4.3 Creating APISIX Route

APISIX Route, which literally means Route, defines rules to match a client’s request, then loads and executes the plug-in based on the match, and forwards the request to the specified Upstream.

For more information about Route, see APISIX Official Documentation — Architectural Design (Route).

APISIX Route

4.4 Simple Test

Now let’s ask the APISIX gateway to forward the request to the back-end service.

Note: 172.16.48.185 is the address where the APISIX gateway is deployed for Nai.

$curl http://172.16.48.185:9080/demo/echo
echoFor $18080, curl: http://172.16.48.185:9080/demo/echo
echoFor $28080, curl: http://172.16.48.185:9080/demo/echo
echoFor $18080, curl: http://172.16.48.185:9080/demo/echo
echo: 28080Copy the code

As you can see from the results, the APISIX gateway uses a polling algorithm to forward requests to the back-end service in turn.

5. Limit traffic and speed

APISIX has three built-in speed limiting plug-ins:

• Limit-count: indicates the speed limit implementation based on fixed window.
• Limit-req: indicates the request rate limiting based on the leaky bucket principle.
• Limit-conn: limits concurrent requests (or connections).

In this section, we demonstrate the use of limit-req plug-in. After all, the leak-bucket based traffic limiting algorithm is a commonly used traffic limiting method at present.

The Leaky Bucket algorithm is commonly used in Traffic Shaping or Rate Limiting on the network. It controls the Rate at which data is injected into the network and smoothen burst Traffic on the network.

The leaky bucket algorithm provides a mechanism by which burst traffic can be shaped to provide a steady flow of traffic to the network.

Bucket algorithm

5.1 Configuring the Limit-req plug-in

In the section “4. Dynamic Load Balancing,” we have created an APISIX Route. Here, we configure limit-req for the Route. As shown below:

Configure limit-req plug-in

Rate: Specifies the request rate (in seconds). Requests exceeding rate but not exceeding (rate + brUST) will be delayed

Burst: Requests whose request rate exceeds (rate + brUST) are rejected

Rejected_code: HTTP status code to be returned if the request is rejected when the threshold is exceeded

The received keys are remote_ADDR (client IP address), server_ADDR (server IP address), and X-Forwarded-for (X- Forwarded-for) or X-real-IP.

The above configuration limits the request rate to 1 per second. If the request rate is greater than 1 and less than 3, the delay will be added. If the request rate exceeds 3, the request rate will be rejected.

5.2 Simple Test

Rapid request http://172.16.48.185:9080/demo/echo address for many times, we will see the page returns a 503 error code, current limiting by APISIX success. As shown below:

A simple test

6. Authentication

APISIX has four built-in authentication plug-ins:

• Key-auth: indicates user Authentication based on key Authentication.
• Jwt-auth: User Authentication based on JWT (JSON Web Tokens) Authentication
• Basic-auth: indicates user authentication based on basic Auth.
• Wolf-rbac: User authentication and authorization based on RBAC. Wolf service needs to be set up to provide users, roles, resources and other information.

In this section, we demonstrate the well-known authentication method using the JwT-Auth plug-in. For those who don’t know, you can read the following article:

• JSON Web Token – Securely Transferring Information between Web Applications
• Designing a Single Sign-on System using JSON Web Token

6.1 Configuring the JwT-Auth plug-in

① In the “Consumer” menu of the APISIX console, create an APISIX Consumer using the JWT-Auth plug-in. As shown below:

A Consumer is a Consumer of a service that needs to be used in conjunction with a user authentication system.

For more information about consumers, see the APISIX official documentation — Architectural Design (Consumer).

• To create a Consumer 01

• Create Consumer 02 where each attribute does the following:

• Key: Different consumer objects should have different values; it should be unique. If different consumers use the same key, a request matching exception will occur.

• Secret: optional field, encryption key. If you do not specify, the background will automatically generate it for you.

• Algorithm: Optional field, encryption algorithm. Currently, HS256, HS384, HS512, RS256, and ES256 are supported. If this parameter is not specified, HS256 is used by default.

• Exp: Indicates the timeout period of the token, in seconds. This field is optional. For example, if the validity period is 5 minutes, it should be set to 5 * 60 = 300.

② In section “4. Dynamic Load Balancing”, we have created an APISIX Route. Here, we configure the jwt-Auth plugin for the Route. As shown below:

Configure the jwt-Auth plug-in

Friendly reminder: do not feel the configuration process is a little strange, calm down ~

6.2 Simple Test

① Invoke the signature interface provided by the JwT-Auth plug-in to obtain the Token.

The # key parameter is the key property that we set when configuring the jwt-Auth plugin.$curl http://172.16.48.185:9080/apisix/plugin/jwt/sign? key=yunai eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ5dW5haSIsImV4cCI6MTU4ODQ3MzA5NX0.WlLhM_gpr-zWKXCcXEuSuw-7JosU9mnHwfeSPts pCGoCopy the code

② Use Postman to simulate calling the sample /demo/echo interface, with JWT attached. As shown below:

Postman simulates requests

Note: At this point, we are done with the jwt-Auth plug-in.

You can first remove the jwt-Auth plug-in for the example Route configuration to facilitate the simulation of requests.

7. Health checkup

Because the APISIX console does not provide the configuration function of health check, Nai nai and others will be supplemented later.

You can first read the APISIX official document – Health Check and use the APISIX Admin API to add health check configurations.

666. The eggs

No eggs yet.

Continue to follow the evolution and changes of APISIX