From aa1662dc637a7e648dcc8c7aa3ab862f3dfda076 Mon Sep 17 00:00:00 2001 From: october <764213885@qq.com> Date: Mon, 11 Jul 2022 23:56:51 +0800 Subject: [PATCH] feat: add ssl support --- deploy/docker-compose/docker-compose.yml | 1 + docker-compose.yml | 3 ++ packages/gateway-controller/src/config.ts | 9 +++++ packages/gateway-controller/src/index.ts | 6 +++- .../src/support/apisix-gateway-init.ts | 23 ++++++++++++ .../src/support/apisix-gateway-utils.ts | 36 +++++++++++++++++++ 6 files changed, 77 insertions(+), 1 deletion(-) diff --git a/deploy/docker-compose/docker-compose.yml b/deploy/docker-compose/docker-compose.yml index 778a6e38e7..21e37bda94 100644 --- a/deploy/docker-compose/docker-compose.yml +++ b/deploy/docker-compose/docker-compose.yml @@ -117,6 +117,7 @@ services: GATEWAY_TYPE: apisix SYS_DB_URI: mongodb://${SYS_DB_USER}:${SYS_DB_PASSWORD}@mongo:27017/?authSource=${SYS_DB}&replicaSet=laf&writeConcern=majority API_SIX_KEY: ${API_SIX_KEY} + APP_SERVICE_DEPLOY_URL_SCHEMA: ${APP_SERVICE_DEPLOY_URL_SCHEMA} networks: - laf_shared_network diff --git a/docker-compose.yml b/docker-compose.yml index c97a043db0..bb437ee436 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -124,6 +124,7 @@ services: - ./gateway_conf.yaml:/usr/local/apisix/conf/config.yaml:ro ports: - 8080:9080 + - 9443:9443 networks: - laf_shared_network @@ -140,10 +141,12 @@ services: GATEWAY_TYPE: apisix SYS_DB_URI: mongodb://my_user:password123@mongo:27017/?authSource=laf-sys&replicaSet=laf&writeConcern=majority API_SIX_KEY: edd1c9f034335f136f87ad84b625c8f1 + APP_SERVICE_DEPLOY_URL_SCHEMA: 'http' command: node ./dist/index.js volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./packages/gateway-controller:/app + - ./cert:/ssl depends_on: - gateway restart: always diff --git a/packages/gateway-controller/src/config.ts b/packages/gateway-controller/src/config.ts index 6dcaff1fb9..d2d1091080 100644 --- a/packages/gateway-controller/src/config.ts +++ b/packages/gateway-controller/src/config.ts @@ -112,4 +112,13 @@ export default class Config { return process.env['DEPLOY_OSS_DOMAIN'] } + /** + * The schema of app deployed url: `http` | `https`. + * Default value is `http`. + */ + static get APP_SERVICE_DEPLOY_URL_SCHEMA(): string { + return process.env.APP_SERVICE_DEPLOY_URL_SCHEMA ?? 'http' + } + + } \ No newline at end of file diff --git a/packages/gateway-controller/src/index.ts b/packages/gateway-controller/src/index.ts index 2627a74278..45452b245d 100644 --- a/packages/gateway-controller/src/index.ts +++ b/packages/gateway-controller/src/index.ts @@ -3,7 +3,7 @@ import Config from './config' import {logger} from './support/logger' import {DatabaseAgent} from './support/db' import {start_scheduler} from './scheduler' -import {initBaseRoute} from "./support/apisix-gateway-init"; +import {initBaseRoute, initBaseSSL} from "./support/apisix-gateway-init"; DatabaseAgent.init(Config.SYS_DB_URI) @@ -17,6 +17,10 @@ app.get('/healthz', (_req, res) => { }) // init base route initBaseRoute() +// init base ssl +if (Config.APP_SERVICE_DEPLOY_URL_SCHEMA) { + initBaseSSL() +} start_scheduler() diff --git a/packages/gateway-controller/src/support/apisix-gateway-init.ts b/packages/gateway-controller/src/support/apisix-gateway-init.ts index 9c5da35c70..4a2de9e779 100644 --- a/packages/gateway-controller/src/support/apisix-gateway-init.ts +++ b/packages/gateway-controller/src/support/apisix-gateway-init.ts @@ -3,10 +3,14 @@ */ import Config from "../config"; import {ApiSixHttpUtils} from "./apisix-gateway-utils"; +import {logger} from "./logger"; + +const fs = require('fs'); const baseUrl = 'http://gateway:9080' export function initBaseRoute() { + logger.info('start init base route') initSystemClientRoute() initAppConsoleRoute() initSysApiRoute() @@ -14,6 +18,11 @@ export function initBaseRoute() { initOssSubDomainRoute() } +export function initBaseSSL() { + logger.info('start init base url') + initGlobalSSL() +} + function initSystemClientRoute() { let data = { @@ -119,4 +128,18 @@ function initOssSubDomainRoute() { } } ApiSixHttpUtils.put(baseUrl, 'base_oss_sub_domain', data) +} + + +function initGlobalSSL() { + let crt = null + let key = null + try { + crt = fs.readFileSync('/ssl/global.crt','utf8') + key = fs.readFileSync('/ssl/global.key','utf8') + logger.info('load cert successful') + } catch (e) { + logger.error('read global ssl cert fail: {}', e) + } + ApiSixHttpUtils.putSSL(baseUrl, 'global_ssl', '*.' + Config.DEPLOY_DOMAIN, crt, key) } \ No newline at end of file diff --git a/packages/gateway-controller/src/support/apisix-gateway-utils.ts b/packages/gateway-controller/src/support/apisix-gateway-utils.ts index 8a80a786e1..40ae2fe07f 100644 --- a/packages/gateway-controller/src/support/apisix-gateway-utils.ts +++ b/packages/gateway-controller/src/support/apisix-gateway-utils.ts @@ -39,4 +39,40 @@ export class ApiSixHttpUtils { return resStatus } + static async putSSL(url: string, id: string, sns: string, cert: string, key: string) { + let resStatus = false + let data = { + cert: cert, + key: key, + snis: [sns], + labels: {'update_time': new Date().getTime() + ''} + } + await axios.put(url + '/apisix/admin/ssl/' + id, data, { + headers: this.headers, + }) + .then(_ => { + logger.info('create ssl successful') + resStatus = true + }) + .catch(err => { + logger.info('create sll failed: ', err) + }) + return resStatus + } + + static async deleteSSL(url: string, id: string) { + let resStatus = false + await axios.delete(url + '/apisix/admin/ssl/' + id, { + headers: this.headers, + }) + .then(_ => { + logger.info('delete ssl successful') + resStatus = true + }) + .catch(err => { + logger.info('delete ssl failed: ', err) + }) + return resStatus + } + } \ No newline at end of file