dosubot[bot] commented on issue #11491:
URL: https://github.com/apache/apisix/issues/11491#issuecomment-2275137289
<!-- Greeting -->
@lingbao08 你好!我是一个能帮助您解决错误、回答问题并成为贡献者的机器人。我在这里等待人类维护者,如果您需要帮助,请告诉我!
<!-- Answer -->
要在 APISIX
中根据不同的接口应用不同的插件组合(如限流、鉴权、加密等),你需要为每个接口定义特定的路由,并在每个路由中配置相应的插件。以下是一个示例配置:
```json
{
"routes": [
{
"uri": "/endpoint1",
"plugins": {
"limit-req": {
"rate": 1,
"burst": 2,
"rejected_code": 503
},
"key-auth": {},
"proxy-rewrite": {
"scheme": "https"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
},
{
"uri": "/endpoint2",
"plugins": {
"limit-count": {
"count": 2,
"time_window": 60,
"rejected_code": 503
},
"jwt-auth": {},
"proxy-rewrite": {
"scheme": "https"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1981": 1
}
}
},
{
"uri": "/endpoint3",
"plugins": {
"limit-conn": {
"conn": 1,
"burst": 1,
"default_conn_delay": 0.1,
"rejected_code": 503
},
"basic-auth": {},
"proxy-rewrite": {
"scheme": "https"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1982": 1
}
}
}
]
}
```
在这个配置中:
- `/endpoint1` 使用 `limit-req`、`key-auth` 和 `proxy-rewrite` 插件。
- `/endpoint2` 使用 `limit-count`、`jwt-auth` 和 `proxy-rewrite` 插件。
- `/endpoint3` 使用 `limit-conn`、`basic-auth` 和 `proxy-rewrite` 插件。
每个路由都指定了 URI、要应用的插件以及上游服务器的详细信息。
此外,你还可以使用 APISIX 的 Consumer 对象来管理 API
消费者,并为不同的消费者应用不同的规则。例如,你可以为特定消费者创建一个带有特定插件的配置:
```shell
curl http://127.0.0.1:9180/apisix/admin/consumers -H "X-API-KEY: $admin_key"
-X PUT -d '
{
"username":"consumer1",
"plugins":{
"key-auth":{
"key":"auth-one"
},
"limit-count":{
"count":2,
"time_window":60,
"rejected_code":403,
"rejected_msg":"Requests are too many, please try again later or
upgrade your subscription plan.",
"key":"remote_addr"
}
}
}'
```
然后,创建一个路由并将其与消费者关联:
```shell
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key"
-X PUT -d '
{
"name": "Route for consumer request rate limiting",
"methods": [
"GET"
],
"uri": "/api/products",
"plugins": {
"key-auth": {}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"productapi:80": 1
}
}
}'
```
APISIX 还支持对敏感字段的数据加密。你可以在配置中启用数据加密:
```yaml
apisix:
data_encryption:
enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
```
这确保了敏感数据(如密码)在存储到 etcd 时被加密,并在通过管理 API 访问时解密。以下是一个在路由上启用多个鉴权插件并使用数据加密的示例:
```shell
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key"
-X PUT -d '
{
"plugins": {
"basic-auth": {},
"key-auth": {}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}'
```
通过这种方式,你可以在 APISIX
中为不同的接口和消费者管理不同的插件组合,确保功能和安全性<sup>[[1]](https://github.com/apache/apisix/blob/master/apisix/cli/config.lua)</sup><sup>[[2]](https://github.com/apache/apisix/blob/master/docs/en/latest/tutorials/manage-api-consumers.md)</sup><sup>[[3]](https://github.com/apache/apisix/blob/master/t/node/data_encrypt.t)</sup><sup>[[4]](https://github.com/apache/apisix/blob/master/docs/en/latest/tutorials/protect-api.md)</sup>。
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
