Zuul的各种姿势
Zuul Http Clienthttps://cloud.spring.io/spring-cloud-netflix/reference/html/#_zuul_http_clientZuul是使用Apache的HTTP Client,他以前用的是Ribbon Rest Client,在新的版本是用的HTTP Client,如果你還是想用RestClient呢,或者我想使用okhttp3,也是可以的,如果你想用RestClient,可以使用ribbon.restclient.enabled=true這個(gè)屬性,如果你想用okhttp3,就用okhttp3.OkHttpClient這個(gè)屬性,The default HTTP client used by Zuul is now backed by the Apache HTTP Client instead of the deprecated Ribbon RestClient. To use RestClient or okhttp3.OkHttpClient, set ribbon.restclient.enabled=true or ribbon.okhttp.enabled=true, respectively. If you would like to customize the Apache HTTP client or the OK HTTP client, provide a bean of type ClosableHttpClient or OkHttpClient.我們來看Cookies and Sensitive Headerszuul:routes:users:path: /myusers/**sensitiveHeaders: Cookie,Set-Cookie,Authorizationurl: https://downstreamsensitiveHeaders是什么意思,有一些敏感的HTTP頭,我可能不想讓他傳到Zuul后端的微服務(wù),或者我不想讓他傳到瀏覽器上來,那這個(gè)時(shí)候我就可以用這個(gè)屬性去設(shè)置,sensitiveHeaders,看一下他的默認(rèn)值org.springframework.cloud.netflix.zuul.filters.ZuulProperties/*** List of sensitive headers that are not passed to downstream requests. Defaults to a* "safe" set of headers that commonly contain user credentials. It's OK to remove* those from the list if the downstream service is part of the same system as the* proxy, so they are sharing authentication data. If using a physical URL outside* your own domain, then generally it would be a bad idea to leak user credentials.*/
private Set<String> sensitiveHeaders = new LinkedHashSet<>(Arrays.asList("Cookie", "Set-Cookie", "Authorization"));這段注釋很重要,里面提到了一個(gè)downstream,我們的請求是不是從用戶,經(jīng)過瀏覽器,然后經(jīng)過zuul,這是后端微服務(wù),他認(rèn)為數(shù)據(jù)像一個(gè)流水一樣,瀏覽器,zuul,后端微服務(wù),downstream指的是什么,對于一個(gè)request downstream,他默認(rèn)的是一個(gè)安全的頭的集合,你可以移掉"Cookie", "Set-Cookie", "Authorization"三個(gè)里面的一個(gè),如果你正在使用外部的物理URL,一般來說他不該這么玩,sensitiveHeaders他的作用是什么呢,我讓zuul不傳播,zuul會反向代理,我把這些header攔下來了,不傳到下游的服務(wù)里面去,同理還有ignoreHeaders,sensitiveHeaders會加到Ignored Headers里面去https://github.com/spring-cloud/spring-cloud-netflix/issues/1487Understanding zuul.ignoredHeaders and zuul.ignoreSecurityHeaders #1487假設(shè)設(shè)置Setting zuul.ignoredHeaders = Header1, Header2,"Header1, Header2"就不會傳入到微服務(wù)里面去了,就被zuul攔截掉了,默認(rèn)情況下它是空的,默認(rèn)情況下Ignored Headers它是空的,假設(shè) Spring SecurityPragma,Cache-Control,X-Frame-Options,X-Content-Type-Options,X-XSS-Protection,Expires就是這些,Otherwise, they are initialized to a set of well known “security” headers (for example, involving caching) as specified by Spring Security./*** Flag to say that SECURITY_HEADERS are added to ignored headers if spring security is on the classpath.* By setting ignoreSecurityHeaders to false we can switch off this default behaviour. This should be used together with* disabling the default spring security headers* see https://docs.spring.io/spring-security/site/docs/current/reference/html/headers.html#default-security-headers*/
private boolean ignoreSecurityHeaders = true;Routes Endpointhttps://cloud.spring.io/spring-cloud-netflix/reference/html/#_routes_endpointlocalhost:8040/routes可以看到zull代理微服務(wù)的路徑localhost:8040/microservice-simple-provider-user/simple/1There was an unexpected error (type=Unauthorized, status=401).management.security.enabled=falselocalhost:8040/routes{"/microservice-simple-provider-user/**":"microservice-simple-provider-user"}https://cloud.spring.io/spring-cloud-netflix/reference/html/#_strangulation_patterns_and_local_forwardsStrangulation Patterns and Local Forwards先說一下什么是校驗(yàn)者模式,StranglerApplication martinfolwerhttps://martinfowler.com/bliki/StranglerFigApplication.html一個(gè)很重的單體架構(gòu),單體服務(wù),我想把它改造成微服務(wù),我可能一口氣做不到,我可以慢慢的把它轉(zhuǎn)變成一個(gè)微服務(wù)架構(gòu)zuul:routes:first:path: /first/**url: https://first.example.comsecond:path: /second/**url: forward:/secondthird:path: /third/**url: forward:/3rdlegacy:path: /**url: https://legacy.example.com
server.port=8040
spring.application.name=microservice-gateway-zuul-reg-exp
eureka.instance.prefer-ip-address=true
eureka.instance.instance-id=${spring.application.name}:${spring.cloud.client.ipAddress}:${spring.application.instance_id:${server.port}}
eureka.client.serviceUrl.defaultZone=http://admin:1234@10.40.8.152:8761/eureka
eureka.instance.appname=microservice-gateway-zuul-reg-exp
#zuul.prefix=/api
#zuul.routes.user-route.stripPrefix=false
#zuul.prefix=/simple
#zuul.stripPrefix=true
logging.level.com.learn=trace
logging.file=springboot.log
logging.pattern.console=%d{yyyy-MM-dd} [%thread] %-5level %logger{50} - %msg%n
logging.pattern.file=%d{yyyy-MM-dd} ==== [%thread] %-5level ==== %logger{50} ==== %msg%nmanagement.security.enabled=false
?
超強(qiáng)干貨來襲 云風(fēng)專訪:近40年碼齡,通宵達(dá)旦的技術(shù)人生總結(jié)
- 上一篇: Zuul路由的strip-prefix与
- 下一篇: 通过Zuul上传文件,禁用Zuul的Fi