postgresql+Kong+kongdashbord安裝步驟

環(huán)境:CentOS Linux release 7.4.1708 (Core)

1、openresty-1.11.2.4.tar.gz

2、luarocks-2.4.2.tar.gz

3、pcre-8.40.tar.gz

4、openssl-1.0.2n.tar.gz

5、kong-0.11.0.tar.gz

6、node-v8.9.4-linux-x64.tar.xz

7.? luarocks-2.4.2-1.src.rock

8.?sslconfig

源碼目錄:/home/package

/usr/local/kong

軟件目錄規(guī)劃:

安裝目錄:/usr/local/kong

日志目錄:/usr/local/kong/logs

PID目錄:/opt/run/kong

配置文件目錄:

/usr/local/kong

機器分配

Kong:10.95.196.149/150

PostgreSQL:10.95.196.149

PostgreSQL安裝過程

10.95.196.149上的操作

下載PostgreSQL,

postgresql-9.6.6.tar.gz

#創(chuàng)建PGSQL用戶及用戶組

groupadd?-g?26?-o?-r?postgres

useradd?-M?-g?postgres?-o?-r?-d?/home/pgsql?-s?/bin/bash ?-u?26?postgres

#創(chuàng)建pgsql數據目錄及日志目錄

mkdir?-p?/home/pgsql/{data,logs}

chown?-R?postgres?/home/pgsql


#切換用戶初始化PGSQL

su?postgres

#添加環(huán)境變量

vi? .bash_profile

PGHOME=/home/pgsql/postgresql-9.6.6

export PGHOME

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PGHOME/lib

export PGLOG=/home/pgsql/logs/pgsql.log

PGDATA=/home/pgsql/data

export PGDATA

PATH=$PATH:$HOME/.local/bin:$HOME/bin:$PGHOME/bin

export PATH


初始化postgresql

initdb?-E?utf8?-D?/home/pgsql/data?-W?-U?postgres

注:以下操作均在postgres環(huán)境下操作

#增加PGSQL訪問權限,修改/home/pgsql/data/pg_hba.conf

host????kong149? ? ? ? ? ? kong149? ? ? ? ? ? 10.95.196.0/24 ? ? ? ? ? trust

新增的內容意思是允許10.95.196.0/24網段的機器可以使用用戶kong訪問數據庫kong

#調整PGSQL的監(jiān)聽地址

sed?-i?"/#listen_addresses/c?listen_addresses='10.95.196.149'"?/home/pgsql/data/postgresql.conf

#啟動PGSQL

pg_ctl?start?-D?/home/pgsql/data?-l?/home/pgsql/logs/pgsql.log

#創(chuàng)建用戶kong,根據提示設置用戶kong的密碼

createuser?-l?-E?kong149 -P?

根據提示輸入密碼 ui8ga$No

#創(chuàng)建數據庫kong

createdb?-E?utf8?-O?kong149??kong149


10.95.196.149-150上的操作

安裝一些另外的包

yum?install?devtoolset-3-gcc?devtoolset-3-gcc-c++?devtoolset-3-libstdc++-devel?gperftools-devel?gperftools-libs

下載源碼包

mkdir?-p /home/package

cd? /home/package

wget?https://openresty.org/download/openresty-1.11.2.4.tar.gz

wget?ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz

wget?https://www.openssl.org/source/openssl-1.0.2j.tar.gz

wget?http://luarocks.github.io/luarocks/releases/luarocks-2.4.2.tar.gz

git?clone?https://github.com/cloudflare/sslconfig.git

wget?https://github.com/Mashape/kong/archive/0.10.3.tar.gz?-O?kong-0.10.3.tar.gz

以上包可以直接對對應網站下載,服務器直接下可以遇到ssl無法握手問題;

安裝OpenSSL

tar?-xf?openssl-1.0.2n.tar.gz ?#-xzvf解壓安裝會遇到問題,不清楚原因

cd? openssl-1.0.2n

patch?-p1?</home/package/sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch

./config?threads?shared

make?depend

make?&&?make?install

默認安裝到 /usr/local/ssl 對應下面編譯中ssl環(huán)境目錄需要相應變更

安裝OpenResty

#創(chuàng)建用戶及用戶組 ?也可以不創(chuàng)建

groupadd?websuite

useradd?-g?websuite?-M?-s?/sbin/nologin?websuite


#編譯安裝openresty

tar -xf?

openresty-1.11.2.4.tar.gz

tar -xf pcre-8.40.tar.gz

#創(chuàng)建OpenResty所需目錄

mkdir?-p?/usr/local/kong/{run,logs,conf}

mkdir?-p?/usr/local/kong/temp/{client,proxy}

cd? openresty-1.11.2.4

./configure?--prefix=/usr/local/kong?-j24?\

--with-http_iconv_module?\

--with-luajit?\

--sbin-path=/usr/local/kong/sbin/nginx?\

--conf-path=/usr/local/kong/conf/nginx.conf?\

--error-log-path=/usr/local/kong/logs/error.log?\

--http-log-path=/usr/local/kong/logs/access.log?\

--with-threads?\

--with-file-aio?\

--with-http_realip_module?\

--with-http_addition_module?\

--with-http_auth_request_module?\

--with-http_random_index_module?\

--with-http_slice_module?\

--with-http_stub_status_module?\

--with-http_ssl_module?\

--http-client-body-temp-path=/usr/local/kong/temp/client?\

--http-proxy-temp-path=/usr/local/kong/temp/proxy?\

--modules-path=/usr/local/kong/modules?\

--with-http_v2_module?\

--with-cc-opt='-w?-pipe?-march=native?-mtune=native?-m128bit-long-double?-m64?-fno-builtin-malloc?-I/usr/local/ssl/include'?\

--with-ld-opt='-L/usr/local/ssl/lib'?\

--with-pcre=../pcre-8.40?\

--with-pcre-opt=-fPIC?\

--with-pcre-jit

gmake?-j8?&&?make?install


安裝luarocks

tar?zxf?luarocks-2.4.2.tar.gz

cd?luarocks-2.4.2

./configure?--prefix=/usr/local/kong?\

--rocks-tree=/usr/local/kong/luajit?\

--sysconfdir=/usr/local/kong/conf/luarocks?\

--lua-suffix=jit?\

--with-lua=/usr/local/kong/luajit?\

--with-lua-include=/usr/local/kong/luajit/include/luajit-2.1

make?build

make?install

echo?'export?PATH="${PATH}:/usr/local/kong/bin:/usr/local/kong/sbin:/usr/local/kong/luajit/bin"'?>?/etc/profile.d/kong.sh

source?/etc/profile.d/kong.sh

把下載的luarocks-2.4.2-1.src.rock 放到luarocks-2.4.2目錄下執(zhí)行:

luarocks?install?luarocks-2.4.2-1.src.rock


安裝Kong

tar -xf?kong-0.11.0.tar.gz

cd?kong-0.11.0

sed?-i?'/OPENSSL_DIR??=/c?OPENSSL_DIR??=?/usr/local/ssl'?Makefile

make?install

cp?-r?bin/*?/usr/local/kong/bin/

安裝

HiRes組件

yum?-y??install?perl-Time-HiRes

建立軟連接

ln?-f?-s?/usr/local/ssl/lib/libssl.so.1.0.0?/lib64/libssl.so.1.0.0

ln?-f?-s?/usr/local/ssl/lib/libcrypto.so.1.0.0?/lib64/libcrypto.so.1.0.0

調整Kong的配置

路徑:/usr/local/kong/luajit/share/lua/5.1/kong/templates

文件:nginx.lua

return?[[

>?if?nginx_user?then

user?${{NGINX_USER}};

>?end

worker_processes?${{NGINX_WORKER_PROCESSES}};

daemon?${{NGINX_DAEMON}};

pid?pids/nginx.pid;

error_log?${{PROXY_ERROR_LOG}}?${{LOG_LEVEL}};

>?if?nginx_optimizations?then

worker_rlimit_nofile?${{WORKER_RLIMIT}};

>?end

events?{

>?if?nginx_optimizations?then

use?????????????????epoll;

worker_connections??65536;

multi_accept?on;

>?end

}

http?{

include?'nginx-kong.conf';

}

]]

文件:nginx_kong.lua

return?[[

charset?UTF-8;

>?if?anonymous_reports?then

${{SYSLOG_REPORTS}}

>?end

error_log?${{PROXY_ERROR_LOG}}?${{LOG_LEVEL}};

>if?nginx_optimizations?then

include???????/usr/local/kong/conf/mime.types;

default_type??application/octet-stream;

sendfile????????on;

>--?send_timeout?60s;??????????#?default?value

keepalive_timeout?120s;?????#?default?value

keepalive_requests?????10000;

server_tokens?????off;

>--?client_body_timeout?60s;???#?default?value

>--?client_header_timeout?60s;?#?default?value

>--?tcp_nopush?on;?????????????#?disabled?until?benchmarked

gzip??on;

gzip_comp_level?????6;

gzip_min_length?????1024;

gzip_proxied???????????any;

gzip_vary?????????????????on;

gzip_buffers????????????96?8k;

gzip_types???????????????text/json??text/plain??text/css??application/json??application/javascript??application/x-javascript??application/rss+xml;

>--?proxy_buffer_size?128k;????#?disabled?until?benchmarked

proxy_buffers?128?8k;??????#?disabled?until?benchmarked

>--?proxy_busy_buffers_size?256k;?#?disabled?until?benchmarked

>--?reset_timedout_connection?on;?#?disabled?until?benchmarked

>end

log_format??access?'$http_x_forwarded_for?[$time_local]?request_time[$request_time]?upto?$upstream_addr,'

'upresponse_time[$upstream_response_time],?"$request"?$status?$body_bytes_sent?'

'"$http_user_agent"';

client_max_body_size?${{CLIENT_MAX_BODY_SIZE}};

proxy_ssl_server_name?on;

underscores_in_headers?on;

lua_package_path?'${{LUA_PACKAGE_PATH}};;';

lua_package_cpath?'${{LUA_PACKAGE_CPATH}};;';

lua_socket_pool_size?${{LUA_SOCKET_POOL_SIZE}};

lua_max_running_timers?4096;

lua_max_pending_timers?16384;

lua_shared_dict?kong????????????????30m;

lua_shared_dict?kong_cache??????????${{MEM_CACHE_SIZE}};

lua_shared_dict?kong_process_events?30m;

lua_shared_dict?kong_cluster_events?30m;

lua_shared_dict?kong_healthchecks???30m;

>?if?database?==?"cassandra"?then

lua_shared_dict?kong_cassandra??????5m;

>?end

lua_socket_log_errors?off;

>?if?lua_ssl_trusted_certificate?then

lua_ssl_trusted_certificate?'${{LUA_SSL_TRUSTED_CERTIFICATE}}';

lua_ssl_verify_depth?${{LUA_SSL_VERIFY_DEPTH}};

>?end

init_by_lua_block?{

kong?=?require?'kong'

kong.init()

}

init_worker_by_lua_block?{

kong.init_worker()

}

proxy_next_upstream_tries?2;

upstream?kong_upstream?{

server?0.0.0.1;

balancer_by_lua_block?{

kong.balancer()

}

keepalive?${{UPSTREAM_KEEPALIVE}};

}

server?{

????server_name?localhost;

listen?${{PROXY_LISTEN}}${{PROXY_PROTOCOL}};

error_page?400?404?408?411?412?413?414?417?/kong_error_handler;

error_page?500?502?503?504?/kong_error_handler;

????access_log?${{PROXY_ACCESS_LOG}}?access;

error_log?${{PROXY_ERROR_LOG}}?${{LOG_LEVEL}};

client_body_buffer_size?${{CLIENT_BODY_BUFFER_SIZE}};

>?if?ssl?then

listen?${{PROXY_LISTEN_SSL}}?ssl${{HTTP2}}${{PROXY_PROTOCOL}};

ssl_certificate?${{SSL_CERT}};

ssl_certificate_key?${{SSL_CERT_KEY}};

ssl_protocols?TLSv1.1?TLSv1.2;

ssl_certificate_by_lua_block?{

kong.ssl_certificate()

}

ssl_session_cache?shared:SSL:10m;

ssl_session_timeout?10m;

ssl_prefer_server_ciphers?on;

ssl_ciphers?${{SSL_CIPHERS}};

>?end

>?if?client_ssl?then

proxy_ssl_certificate?${{CLIENT_SSL_CERT}};

proxy_ssl_certificate_key?${{CLIENT_SSL_CERT_KEY}};

>?end

real_ip_header?????${{REAL_IP_HEADER}};

real_ip_recursive??${{REAL_IP_RECURSIVE}};

>?for?i?=?1,?#trusted_ips?do

set_real_ip_from???$(trusted_ips[i]);

>?end

location?/?{

set?$upstream_host???????????????'';

set?$upstream_upgrade????????????'';

set?$upstream_connection?????????'';

set?$upstream_scheme?????????????'http';

set?$upstream_uri????????????????'';

set?$upstream_x_forwarded_for????'';

set?$upstream_x_forwarded_proto??'';

set?$upstream_x_forwarded_host???'';

set?$upstream_x_forwarded_port???'';

rewrite_by_lua_block?{

kong.rewrite()

}

access_by_lua_block?{

kong.access()

}

proxy_http_version?1.1;

proxy_set_header???Host??????????????$upstream_host;

proxy_set_header???Upgrade???????????$upstream_upgrade;

proxy_set_header???Connection????????$upstream_connection;

#proxy_set_header???X-Forwarded-For???$upstream_x_forwarded_for;

proxy_set_header???X-Forwarded-Proto?$upstream_x_forwarded_proto;

proxy_set_header???X-Forwarded-Host??$upstream_x_forwarded_host;

proxy_set_header???X-Forwarded-Port??$upstream_x_forwarded_port;

????????proxy_set_header???X-Real-IP?????????$http_x_forwarded_for;

proxy_pass_header??Server;

proxy_pass_header??Date;

proxy_ssl_name?????$upstream_host;

????????proxy_pass?????????http://kong_upstream$upstream_uri;

header_filter_by_lua_block?{

kong.header_filter()

}

body_filter_by_lua_block?{

kong.body_filter()

}

log_by_lua_block?{

kong.log()

}

}

location?=?/kong_error_handler?{

internal;

content_by_lua_block?{

kong.handle_error()

}

}

}

server?{

????server_name?localhost;

listen?${{ADMIN_LISTEN}};

access_log?${{ADMIN_ACCESS_LOG}};

error_log?${{ADMIN_ERROR_LOG}}?${{LOG_LEVEL}};

client_max_body_size?10m;

client_body_buffer_size?10m;

>?if?admin_ssl?then

listen?${{ADMIN_LISTEN_SSL}}?ssl${{ADMIN_HTTP2}};

ssl_certificate?${{ADMIN_SSL_CERT}};

ssl_certificate_key?${{ADMIN_SSL_CERT_KEY}};

ssl_protocols?TLSv1.1?TLSv1.2;

ssl_session_cache?shared:SSL:10m;

ssl_session_timeout?10m;

ssl_prefer_server_ciphers?on;

ssl_ciphers?${{SSL_CIPHERS}};

>?end

location?/?{

default_type?application/json;

content_by_lua_block?{

kong.serve_admin_api()

}

}

location?/nginx_status?{

internal;

access_log?off;

stub_status;

}

location?/robots.txt?{

return?200?'User-agent:?*\nDisallow:?/';

}

}

]]

文件:kong_defaults.lua?

return?[[

prefix?=?/usr/local/kong/

log_level?=?notice

proxy_access_log?=?logs/access.log

proxy_error_log?=?logs/error.log

admin_access_log?=?logs/admin_access.log

admin_error_log?=?logs/admin_error.log

custom_plugins?=?NONE

anonymous_reports?=?on

proxy_listen?=?0.0.0.0:8000

proxy_listen_ssl?=?0.0.0.0:8443

admin_listen?=?0.0.0.0:5000

admin_listen_ssl?=?0.0.0.0:5443

nginx_user?=?root

nginx_worker_processes?=?auto

nginx_optimizations?=?on

nginx_daemon?=?on

mem_cache_size?=?1024m

http2?=?off

ssl?=?on

ssl_cert?=?NONE

ssl_cert_key?=?NONE

client_ssl?=?off

client_ssl_cert?=?NONE

client_ssl_cert_key?=?NONE

ssl_cipher_suite?=?modern

ssl_ciphers?=?ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AE

S256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

admin_http2?=?off

admin_ssl?=?on

admin_ssl_cert?=?NONE

admin_ssl_cert_key?=?NONE

upstream_keepalive?=?60

server_tokens?=?off

latency_tokens?=?on

trusted_ips?=?NONE

real_ip_header?=?X-Forwarded-For

real_ip_recursive?=?off

client_max_body_size?=?8m

client_body_buffer_size?=?8k

error_default_type?=?text/plain

database?=?postgres

pg_host?=?10.95.196.149

pg_port?=?5432

pg_database?= kong149

pg_user?= kong149

pg_password?= ui8ga$No

pg_ssl?=?off

pg_ssl_verify?=?off

cassandra_contact_points?=?127.0.0.1

cassandra_port?=?9042

cassandra_keyspace?=?kong

cassandra_timeout?=?5000

cassandra_ssl?=?off

cassandra_ssl_verify?=?off

cassandra_username?=?kong

cassandra_password?=?NONE

cassandra_consistency?=?ONE

cassandra_lb_policy?=?RoundRobin

cassandra_local_datacenter?=?NONE

cassandra_repl_strategy?=?SimpleStrategy

cassandra_repl_factor?=?1

cassandra_data_centers?=?dc1:2,dc2:3

cassandra_schema_consensus_timeout?=?10000

db_update_frequency?=?60

db_update_propagation?=?0

db_cache_ttl?=?3600

dns_resolver?=?NONE

dns_hostsfile?=?/etc/hosts

dns_order?=?LAST,SRV,A,CNAME

dns_stale_ttl?=?4

dns_not_found_ttl?=?30

dns_error_ttl?=?1

dns_no_sync?=?off

lua_socket_pool_size?=?30

lua_ssl_trusted_certificate?=?NONE

lua_ssl_verify_depth?=?1

lua_package_path?=?./?.lua;./kong/init.lua;

lua_package_cpath?=?NONE

]]

啟動Kong

kong?start?or?kong?start?-vv(如果執(zhí)行kong?start報錯,可以使用kong?start?-vv來進行調試)

如遇數據庫表結構不兼容?執(zhí)行kong?migrations?up



下載安裝node

node-v8.9.4-linux-x64.tar.xz

wget https://nodejs.org/dist/v8.9.4/node-v8.9.4-linux-x64.tar.xz // 下載

tar xf node-v8.9.4-linux-x64.tar.xz

cd node-v8.9.4-linux-x64/

ln -s /home/package/kongpack/node-v8.9.4-linux-x64/bin/npm /usr/local/bin/

ln -s /home/package/kongpack/node-v8.9.4-linux-x64/bin/node? /usr/local/bin/

node -v


使用 npm安裝Kong-dashboard 安裝 啟動運行

nohup node /usr/local/bin/kong-dashboard start -u http://127.0.0.1:5000 -p 9001 --basic-auth admin=bei}g6Th &

在瀏覽器中輸入地址,使用用戶名密碼登錄

再在F5層做負載均衡配置到10.96.196.149/150實現高可用


最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
【社區(qū)內容提示】社區(qū)部分內容疑似由AI輔助生成,瀏覽時請結合常識與多方信息審慎甄別。
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發(fā)布,文章內容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關閱讀更多精彩內容

友情鏈接更多精彩內容