Orange--------基于nginx/openresty之API网关(Gateway)实战
发表于:2025-12-02 作者:千家信息网编辑
千家信息网最后更新 2025年12月02日,Orange 简介Orange是一个基于OpenResty的API网关。除Nginx的基本功能外,它还可用于API监控、访问控制(鉴权、WAF)、流量筛选、访问限速、AB测试、动态分流等。它有以下特性
千家信息网最后更新 2025年12月02日Orange--------基于nginx/openresty之API网关(Gateway)实战
Orange 简介
Orange是一个基于OpenResty的API网关。除Nginx的基本功能外,它还可用于API监控、访问控制(鉴权、WAF)、流量筛选、访问限速、AB测试、动态分流等。它有以下特性:
- 提供了一套默认的Dashboard用于动态管理各种功能和配置
- 提供了API接口用于实现第三方服务(如个性化运维需求、第三方Dashboard等)
- 可根据规范编写自定义插件扩展Orange功能
Orange 实战
环境
[root@orange ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@orange ~]# uname -aLinux orange 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux[root@orange ~]# iptables -F[root@orange ~]# ip addr[root@orange orange]# ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:57:b5:ab brd ff:ff:ff:ff:ff:ff inet 192.168.0.131/24 brd 192.168.0.255 scope global dynamic eth0 valid_lft 7081sec preferred_lft 7081sec inet6 fe80::3f87:b30b:ff6b:e675/64 scope link valid_lft forever preferred_lft forever OpenResty下载 [ version > 1.9.7.3 ]
- 下载OpenResty源码包
[root@orange ~]# cd /usr/local/src/[root@orange src]# wget https://openresty.org/download/openresty-1.13.6.1.tar.gz--2018-03-06 15:41:59-- https://openresty.org/download/openresty-1.13.6.1.tar.gzResolving openresty.org (openresty.org)... 120.26.162.249Connecting to openresty.org (openresty.org)|120.26.162.249|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 4581699 (4.4M) [application/x-gzip]Saving to: 'openresty-1.13.6.1.tar.gz'100%[=================================>] 4,581,699 9.08MB/s in 0.5s 2018-03-06 15:42:00 (9.08 MB/s) - 'openresty-1.13.6.1.tar.gz' saved [4581699/4581699]- 解压源码包并进入包内
[root@orange src]# tar xf openresty-1.13.6.1.tar.gz [root@orange src]# cd openresty-1.13.6.1- 创建openresty系统用户
[root@orange openresty-1.13.6.1]# useradd -r -s /sbin/nologin -M openresty- 安装相关依赖
[root@orange openresty-1.13.6.1]# yum install pcre pcre-devel openssl openssl-devel git -y- 指定参数生成Makefile文件
[root@orange openresty-1.13.6.1]# ./configure --prefix=/usr/local/openresty-1.13.6.1 --user=openresty --group=openresty --with-http_stub_status_module………………Configuration summary + using system PCRE library + using system OpenSSL library + using system zlib library nginx path prefix: "/usr/local/openresty-1.13.6.1/nginx" nginx binary file: "/usr/local/openresty-1.13.6.1/nginx/sbin/nginx" nginx modules path: "/usr/local/openresty-1.13.6.1/nginx/modules" nginx configuration prefix: "/usr/local/openresty-1.13.6.1/nginx/conf" nginx configuration file: "/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf" nginx pid file: "/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid" nginx error log file: "/usr/local/openresty-1.13.6.1/nginx/logs/error.log" nginx http access log file: "/usr/local/openresty-1.13.6.1/nginx/logs/access.log" nginx http client request body temporary files: "client_body_temp" nginx http proxy temporary files: "proxy_temp" nginx http fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp"cd ../..Type the following commands to build and install: gmake gmake install- gmake编译
[root@orange openresty-1.13.6.1]# gmake………………sed -e "s|%%PREFIX%%|/usr/local/openresty-1.13.6.1/nginx|" \ -e "s|%%PID_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/nginx.pid|" \ -e "s|%%CONF_PATH%%|/usr/local/openresty-1.13.6.1/nginx/conf/nginx.conf|" \ -e "s|%%ERROR_LOG_PATH%%|/usr/local/openresty-1.13.6.1/nginx/logs/error.log|" \ < docs/man/nginx.8 > objs/nginx.8gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'- gmake install安装
[root@orange openresty-1.13.6.1]# gmake install………………gmake[2]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'gmake[1]: Leaving directory `/usr/local/src/openresty-1.13.6.1/build/nginx-1.13.6'mkdir -p /usr/local/openresty-1.13.6.1/site/lualib /usr/local/openresty-1.13.6.1/site/pod /usr/local/openresty-1.13.6.1/site/manifestln -sf /usr/local/openresty-1.13.6.1/nginx/sbin/nginx /usr/local/openresty-1.13.6.1/bin/openresty- 创建openrestyl目录软链接
[root@orange openresty-1.13.6.1]# ln -s /usr/local/openresty-1.13.6.1 /usr/local/openresty[root@orange openresty-1.13.6.1]# ls -l /usr/local/openrestylrwxrwxrwx. 1 root root 29 Mar 6 18:06 /usr/local/openresty -> /usr/local/openresty-1.13.6.1- 设置resty和nginx相关环境变量, 并生效
[root@orange openresty-1.13.6.1]# cat /etc/profile.d/openresty.sh export OPENRESTY_HOME=/usr/local/openrestyexport NGINX_HOME=$OPENRESTY_HOME/nginxexport PATH=$OPENRESTY_HOME/bin:$NGINX_HOME/sbin:$PATH[root@orange openresty-1.13.6.1]# source /etc/profile[root@orange openresty-1.13.6.1]# echo $PATH/usr/local/openresty/bin:/usr/local/openresty/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/binlor(lua web框架)安装
- 若使用的Orange版本低于v0.6.2则应安装lor v0.2.*版本
- 若使用的Orange版本高于或等于v0.6.2则应安装lor v0.3.0+版本
- git克隆lor代码库,并进入代码包
[root@orange src]# cd /usr/local/src/[root@orange src]# git clone https://github.com/sumory/lorCloning into 'lor'...remote: Counting objects: 1716, done.remote: Total 1716 (delta 0), reused 0 (delta 0), pack-reused 1716Receiving objects: 100% (1716/1716), 335.55 KiB | 8.00 KiB/s, done.Resolving deltas: 100% (903/903), done.[root@orange src]# cd lor/- 安装lor
[root@orange lor]# make installinstall lor runtime files to /usr/local/lorlor runtime files installed.install lord cli to /usr/local/bin/lord cli installed.lor framework installed successfullyMySQL安装 [此处用yum安装Mariadb,MySQL二进制安装点这里]
- 安装MySQL
[root@orange lor]# yum install mariadb-server -y………………Installed: mariadb-server.x86_64 1:5.5.56-2.el7 Dependency Installed: libaio.x86_64 0:0.3.109-13.el7 mariadb.x86_64 1:5.5.56-2.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 Complete!- 启动mysqld,并查看启动状态
[root@orange lor]# systemctl start mariadb.service[root@orange lor]# systemctl status mariadb.service● mariadb.service - MariaDB database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2018-03-06 16:13:53 CST; 34s ago Process: 11775 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS) Process: 11696 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS) Main PID: 11774 (mysqld_safe) CGroup: /system.slice/mariadb.service ├─11774 /bin/sh /usr/bin/mysqld_safe --basedir=/usr └─11936 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/maria...Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: MySQL manual for more instructions.Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Please report any problems at http://mariadb.org/jiraMar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: The latest information about MariaDB is available at http://mariadb.org/.Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: You can find additional information about the MySQL part at:Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: http://dev.mysql.comMar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: Consider joining MariaDB's strong and vibrant community:Mar 06 16:13:51 orange mariadb-prepare-db-dir[11696]: https://mariadb.org/get-involved/Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.Mar 06 16:13:51 orange mysqld_safe[11774]: 180306 16:13:51 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysqlMar 06 16:13:53 orange systemd[1]: Started MariaDB database server.- 设置root@localhost密码
[root@orange lor]# mysqlWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 4Server version: 5.5.56-MariaDB MariaDB ServerCopyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> set password = password('123');Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> quitBye安装orange
- 下载orange包
[root@orange lor]# cd /usr/local/src/[root@orange src]# git clone https://github.com/sumory/orange.gitCloning into 'orange'...remote: Counting objects: 3385, done.remote: Compressing objects: 100% (27/27), done.remote: Total 3385 (delta 9), reused 5 (delta 2), pack-reused 3356Receiving objects: 100% (3385/3385), 2.60 MiB | 29.00 KiB/s, done.Resolving deltas: 100% (2151/2151), done.- 安装orange [Orange可选择不"安装"即可使用, 需拿start.sh启动程序]
[root@orange orange]# cd ..[root@orange src]# lslor openresty-1.13.6.1 openresty-1.13.6.1.tar.gz orange[root@orange src]# lltotal 4480drwxr-xr-x. 8 root root 262 Mar 6 16:06 lordrwxrwxr-x. 6 1000 1000 157 Mar 6 15:50 openresty-1.13.6.1-rw-r--r--. 1 root root 4581699 Nov 13 13:53 openresty-1.13.6.1.tar.gzdrwxr-xr-x. 12 root root 4096 Mar 6 18:11 orange[root@orange src]# cd orange/[root@orange orange]# make installcopy nginx.confcopy orange.confOrange installed./usr/local/bin/orange helpOrange v0.6.4, OpenResty/Nginx API Gateway.Usage: orange COMMAND [OPTIONS]The commands are:stop Stop current Orangeversion Show the version of Orangerestart Restart Orangereload Reload the config of Orangestore Init/Update/Backup Orange storehelp Show help tipsstart Start the Orange Gateway配置文件
[Orange有两个配置文件,一个是conf/orange.conf,用于配置插件、存储方式和内部集成的默认Dashboard,另一个是conf/nginx.conf用于配置Nginx(OpenResty).]
- orange.conf的配置如下,请按需修改:
{ "plugins": [ //可用的插件列表,若不需要可从中删除,系统将自动加载这些插件的开放API并在7777端口暴露 "stat", "monitor", "redirect", "rewrite", "rate_limiting", "property_rate_limiting", "basic_auth", "key_auth", "signature_auth", "waf", "divide", "kvstore" ], "store": "mysql",//目前仅支持mysql存储 "store_mysql": { //MySQL配置 "timeout": 5000, "connect_config": {//连接信息,请修改为需要的配置 "host": "localhost", // 注意修改修改为本地数据库信息 "port": 3306, // 注意修改修改为本地数据库信息 "database": "orange", // 注意修改修改为本地数据库信息 "user": "root", // 注意修改修改为本地数据库信息 "password": "123", // 注意修改修改为本地数据库信息 "max_packet_size": 1048576 }, "pool_config": { "max_idle_timeout": 10000, "pool_size": 3 }, "desc": "mysql configuration" }, "dashboard": {//默认的Dashboard配置. "auth": false, //设为true,则需用户名、密码才能登录Dashboard,默认的用户名和密码为admin/orange_admin "session_secret": "y0ji4pdj61aaf3f11c2e65cd2263d3e7e5", //加密cookie用的盐,自行修改即可 "whitelist": [//不需要鉴权的uri,如登录页面,无需修改此值 "^/auth/login$", "^/error/$" ] }, "api": {//API server配置 "auth_enable": true,//访问API时是否需要授权 "credentials": [//HTTP Basic Auth配置,仅在开启auth_enable时有效,自行添加或修改即可 { "username":"api_username", "password":"api_password" } ] }}- conf/nginx.conf里是一些nginx相关配置,请自行检查并按照实际需要更改或添加配置,特别注意以下几个配置:
- lua_package_path:需要根据本地环境配置适当修改,如lor框架的安装路径
- resolver:DNS解析
- 各个server或是location的权限,如是否需要通过allow/deny指定配置黑白名单ip
数据表导入MySQL
- 在MySQL中创建数据库,名为orange
[root@orange lor]# mysql -uroot -p123Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 7Server version: 5.5.56-MariaDB MariaDB ServerCopyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database orange character set utf8mb4;Query OK, 1 row affected (0.00 sec)- SQL脚本(如install/orange-v0.6.4.sql)导入到orange库中
[root@orange lor]# mysql -uroot -p123Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 9Server version: 5.5.56-MariaDB MariaDB ServerCopyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> use orangeDatabase changedMariaDB [orange]> source /usr/local/orange/install/orange-v0.6.4.sqlQuery OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 1 row affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.01 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)Query OK, 0 rows affected (0.00 sec)MariaDB [orange]> quitBye启动orange
[root@orange lor]# orange start[INFO] Orange: 0.6.4[INFO] ngx_lua: 10011[INFO] nginx: 1013006[INFO] Lua: LuaJIT 2.1.0-beta3[INFO] args:[INFO] ngx_conf:/usr/local/orange/conf/nginx.conf[INFO] orange_conf:/usr/local/orange/conf/orange.conf[INFO] prefix:/usr/local/orange[INFO] args end.[INFO] Start orange command execute.[INFO] ORANGE_CONF=/usr/local/orange/conf/orange.conf nginx -p /usr/local/orange -c /usr/local/orange/conf/nginx.confweb访问orange dashboard [192.168.0.131为测试主机]
配置
数据
信息
数据库
插件
版本
功能
密码
文件
环境
代码
动态
框架
源码
用户
第三方
系统
存储
测试
登录
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
北京网络安全中心张捷
吉林鸿燚互联网科技有限公司
服务器托管房间
软件开发后什么时候使用数组
新型网络安全工程师招聘
poker 软件开发
网络安全面临威胁的实例
平安医疗网络安全
数据库应用技术形考任务5
5g网络技术包括哪些
关系数据库的专门关系运算
2022年国家政策数据库网下载
深圳服务器机柜多少钱
辽宁网络技术基础
数据库年龄需要加引号吗
方舟非官方服务器会有别人吗
软件开发质量保证大纲
网络安全和防范公需课
数据库uq
spring 数据库集群
第一章认识数据库
贝壳找房网络技术有限公司
风清扬输入法软件开发
怎么连接数据库文件
防火墙与服务器无法匹配
江苏hpe服务器虚拟主机
服务器上传文件找不到密码
软件开发培训学校的三大特色
数据库系统概论第5版
网络技术与信息安全专业好不好
