This is an automated email from the ASF dual-hosted git repository.
sylviasu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/master by this push:
new e1f64257da8 docs: fix description error (#1185)
e1f64257da8 is described below
commit e1f64257da89bcb5f0595885d325b39862a22f08
Author: HanFei <[email protected]>
AuthorDate: Mon Jul 4 15:36:17 2022 +0800
docs: fix description error (#1185)
* docs: fix description error
---
.../06/14/automated-operation-base-apache-apisix.md | 20 ++++++++++----------
.../06/14/automated-operation-base-apache-apisix.md | 2 +-
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/website/blog/2022/06/14/automated-operation-base-apache-apisix.md
b/website/blog/2022/06/14/automated-operation-base-apache-apisix.md
index 5c75879c9c0..0d4ad7344fa 100644
--- a/website/blog/2022/06/14/automated-operation-base-apache-apisix.md
+++ b/website/blog/2022/06/14/automated-operation-base-apache-apisix.md
@@ -29,7 +29,7 @@ At the end of 2019, the company encountered some business
pain points in the pro
## Why Apache APISIX?
-During the selection of gateway, we have carried out the actual test. Compared
with other gateways, APISIX can basically achieve 90% of the functions of
NGINX, and supports a variety of load balancing strategies and mechanisms that
support multilingual plug-ins. It also supports soft WAF, which can cover 95%
of our security business scenarios. As a cloud native API gateway, APISIX also
provides powerful logging functions and supports custom log formats. Therefore,
access log can be direc [...]
+During the selection of gateway, we have carried out the actual test. Compared
with other gateways, APISIX can basically achieve 90% of the functions of
NGINX, and supports a variety of load balancing strategies and mechanisms that
support multilingual plugins. It also supports soft WAF, which can cover 95% of
our security business scenarios. As a cloud native API gateway, APISIX also
provides powerful logging functions and supports custom log formats. Therefore,
access log can be direct [...]
## Automation operation and maintenance platform architecture
@@ -49,7 +49,7 @@ The overall architecture of the automation operation and
maintenance platform is
## Components used by the platform
-- Core gateway Apache APISIX: mainly responsible for logging, network
security, and load balancing. In addition, we not only realize some functions
of the advanced business gateway through custom plug-ins but also integrate
with other services through APIs to quickly realize various specified functions
and effectively reduce development costs;
+- Core gateway Apache APISIX: mainly responsible for logging, network
security, and load balancing. In addition, we not only realize some functions
of the advanced business gateway through custom plugins but also integrate with
other services through APIs to quickly realize various specified functions and
effectively reduce development costs;
- API management tool YAPI: it is responsible for the specification definition
of the interface, the preparation of test cases, and the data source of ACL;
@@ -79,11 +79,11 @@ First of all, we need to understand the relevant components
we use in the scenar
After understanding the above components, let's introduce the overall process:
-When users log in, they first need to query through the gateway to see if the
page they visit is in the white list. Because some pages do not need permission
verification, such as the default page or some error pages. If the accessed
page needs to verify a login, these requests will be forwarded to the authority
authentication service through the relevant plug-ins.
+When users log in, they first need to query through the gateway to see if the
page they visit is in the white list. Because some pages do not need permission
verification, such as the default page or some error pages. If the accessed
page needs to verify a login, these requests will be forwarded to the authority
authentication service through the relevant plugins.
-In authority authentication, the authentication service will query whether the
account is correct from LDAP according to the incoming "user name" and
"password". If it is correct, the organization to which the user belongs and
which function modules can be viewed will be queried through the CMDB; After
obtaining the result, use the JWT plug-in of APISIX to generate a token
according to the user information, add the expiration time, and return it to
the front end; The user stores tokens t [...]
+In authority authentication, the authentication service will query whether the
account is correct from LDAP according to the incoming "user name" and
"password". If it is correct, the organization to which the user belongs and
which function modules can be viewed will be queried through the CMDB; After
obtaining the result, use the JWT plugin of APISIX to generate a token
according to the user information, add the expiration time, and return it to
the front end; The user stores tokens th [...]
-Here, we use the [`consumer
restriction`](https://apisix.apache.org/zh/docs/apisix/plugins/consumer-restriction/)plug-in
of APISIX. The authority authentication mentioned above is completed through
the [`consumer
restriction`](https://apisix.apache.org/zh/docs/apisix/plugins/consumer-restriction/)
plug-in, and we do not need to repeatedly authenticate in the background.
+Here, we use the [`consumer
restriction`](https://apisix.apache.org/zh/docs/apisix/plugins/consumer-restriction/)
plugin of APISIX. The authority authentication mentioned above is completed
through the [`consumer
restriction`](https://apisix.apache.org/zh/docs/apisix/plugins/consumer-restriction/)
plugin, and we do not need to repeatedly authenticate in the background.
Through the above description, I believe you have a certain understanding of
the normal request process. Next, I will introduce you to the scenarios of how
to judge the insufficient permissions of these users. In the operation and
maintenance platform, if there is an operation involving data change, a token
must be carried. When the token is verified by the ACL interface that it has no
access, it will directly return to a page that is forbidden to access for the
front end to the process. [...]
@@ -111,17 +111,17 @@ Because APISIX is implemented based on NGINX+Lua, some
functions need to be impl
In the rewrite/access phase, the message has not been transferred upstream, so
various data preprocessing can be performed in this phase. From the above
figure, we can see that there is an access_by_Lua. In this phase, the deny
command can be used to manage permissions, including interface permissions and
IP access white list. The plugin acl_plugin.lua, described later, is
implemented at this stage.
-Second, in `header_filter_by_lua` stage is often used to insert some
additional `key:values` in the HTTP request header for subsequent use when
requesting access. For example, when we need online gray-scale publishing, we
can add flag bits to the user's request header. Through these flag bits, we can
control which back-end services these requests forward, to realize gray-scale
publishing. Of course, we can also use the [`traffic
split`](https://apisix.apache.org/zh/docs/apisix/plugins/tr [...]
+Second, in `access` stage is often used to insert some additional `key:value`
in the HTTP request header for subsequent use when requesting access. For
example, when we need online gray-scale publishing, we can add flag bits to the
user's request header. Through these flag bits, we can control which back-end
services these requests forward, to realize gray-scale publishing. Of course,
we can also use the [`traffic
split`](https://apisix.apache.org/zh/docs/apisix/plugins/traffic-split) pl [...]
-Finally, `log_by_Lua` stage. In this stage, we can directly input some trace
information or some fault information into the log file. Similarly, APISIX also
provides many plug-ins for loggers, including `skywalking-logger`,
`kafka-logger`, `rocketmq-logger`, and so on.
+Finally, `log_by_Lua` stage. In this stage, we can directly input some trace
information or some fault information into the log file. Similarly, APISIX also
provides many plugins for loggers, including `skywalking-logger`,
`kafka-logger`, `rocketmq-logger`, and so on.
### Custom plugins `acl-plugin.lua`
-The implementation of the
[`acl-plugin.lua`](https://raw.githubusercontent.com/chenqing24/ops-apisix/main/centos/acl-plugin.lua)
plug-in is very simple. First, when the user is requesting, we will add the
relevant JWT token to the user and store it in the cookie. Then the user will
extract the JWT token from the accessed cookie, decode the token and obtain the
user information.
+The implementation of the
[`acl-plugin.lua`](https://raw.githubusercontent.com/chenqing24/ops-apisix/main/centos/acl-plugin.lua)
plugin is very simple. First, when the user is requesting, we will add the
relevant JWT token to the user and store it in the cookie. Then the user will
extract the JWT token from the accessed cookie, decode the token and obtain the
user information.
In the rewrite phase, the user ID, method, and URI are used to send a request
to the background ACL interface for permission verification. If it passes,
relevant information will be recorded in the log for future security
authentication. If it fails, it directly returns an error status code and
records it in the error log.
-In APISIX version 1.1, the `cors` plug-in was not released at that time.
Therefore, we also implement cross-domain requests through this plug-in. WWhen
the request uses the GET and POST request methods, it will be processed. For
other requests, they will be passed directly. Now, they can be implemented
directly using the `cors` plug-in of APISIX. APISIX can also use multiple
languages to develop plug-ins, not just Lua. For details, please refer to:
https://apisix.apache.org/zh/docs/apisi [...]
+In APISIX version 1.1, the `cors` plugin was not released at that time.
Therefore, we also implement cross-domain requests through this plugin. WWhen
the request uses the GET and POST request methods, it will be processed. For
other requests, they will be passed directly. Now, they can be implemented
directly using the `cors` plugin of APISIX. APISIX can also use multiple
languages to develop plugins, not just Lua. For details, please refer to:
https://apisix.apache.org/zh/docs/apisix/pl [...]
### Auth service
@@ -135,4 +135,4 @@ The core function of auth service is to load ACL rules from
a database into memo
## Summary
-The above is an introduction to the architecture and some scenarios of the
automatic operation and maintenance platform of Tongcheng Digital Technology
Co., Ltd. based on Apache APISIX. Now, APISIX is becoming more and more
powerful. It supports plug-in development using Wasm and Python. The ecology of
Apache APISIX is also very strong. If you have any questions, you are welcome
to communicate and discuss in the community.
+The above is an introduction to the architecture and some scenarios of the
automatic operation and maintenance platform of Tongcheng Digital Technology
Co., Ltd. based on Apache APISIX. Now, APISIX is becoming more and more
powerful. It supports plugin development using Wasm and Python. The ecology of
Apache APISIX is also very strong. If you have any questions, you are welcome
to communicate and discuss in the community.
diff --git
a/website/i18n/zh/docusaurus-plugin-content-blog/2022/06/14/automated-operation-base-apache-apisix.md
b/website/i18n/zh/docusaurus-plugin-content-blog/2022/06/14/automated-operation-base-apache-apisix.md
index c46bf1b01f9..697919feb56 100644
---
a/website/i18n/zh/docusaurus-plugin-content-blog/2022/06/14/automated-operation-base-apache-apisix.md
+++
b/website/i18n/zh/docusaurus-plugin-content-blog/2022/06/14/automated-operation-base-apache-apisix.md
@@ -111,7 +111,7 @@ tags: [Technology]
因为在 Rewrite/Access 阶段,报文还没有转给 Upstream,所以可以在该阶段进行各种各样的数据预处理。从上图中我们可以看到有个
`access_by_lua`,在该阶段,可以使用 deny 命令进行权限的管理,包括接口权限以及 IP 准入白名单都可以在该阶段实现。后文所介绍的
`acl_plugin.lua` 的插件就是在该阶段实现的。
-其次在 `header_filter_by_lua` 这个阶段,常用于在请求访问时,额外的在 HTTP 请求头插入一些
`key:value`,供后续使用。例如,当需要我们线上灰度发布时,就可以在用户的请求头中加入标志位,通过这些标志位,就可以控制这些请求转发哪些后端服务,从而实现灰度发布。当然我们也可以使用
APISIX 的
[`traffic-split`](https://apisix.apache.org/zh/docs/apisix/plugins/traffic-split)
插件实现灰度发布。
+其次在 `access` 这个阶段,常用于在请求访问时,额外的在 HTTP 请求头插入一些
`key:value`,供后续使用。例如,当需要我们线上灰度发布时,就可以在用户的请求头中加入标志位,通过这些标志位,就可以控制这些请求转发哪些后端服务,从而实现灰度发布。当然我们也可以使用
APISIX 的
[`traffic-split`](https://apisix.apache.org/zh/docs/apisix/plugins/traffic-split)
插件实现灰度发布。
最后就是 `log_by_lua` 阶段,在该阶段,我们可以把一些 trace 信息或者一些故障信息可以直接输入到 log 文件中。同样的,针对
`Loggers`,APISIX 也提供了非常多的插件,包括
`skywalking-logger`、`kafka-logger`、`rocketmq-logger` 等等。
