{ "ReRoutes": [ { /* Forward user's request /post/1 to localhost/api/post/1 */ /* DownstreamPathTemplate: The address to go to DownstreamScheme: The request protocol to go to DownstreamHostAndPorts: Go port address and port information UpstreamPathTemplate: listening route address UpstreamHttpMethod: Listen to the available array of routing request types Priority: The priority of the route Prority is large, it will be preferred Universal template forwarding: { "DownstreamPathTemplate": "/{url}", "DownstreamScheme": "https", "DownstreamHostAndPorts": [ { "Host": "localhost", "Port": 80, } ], "UpstreamPathTemplate": "/{url}", "UpstreamHttpMethod": [ "Get" ] } */ "DownstreamPathTemplate": "/api/post/{postId}", "DownstreamScheme": "https", "DownstreamHostAndPorts": [ { "Host": "localhost", "Port": 80 } ], "UpstreamPathTemplate": "/post/{postId}", "UpstreamHttpMethod": [ "Get" ], "Priority": 1, /*设置HttpHeaders*/ "AddHeadersToRequest": {}, "AddClaimsToRequest": {}, /* Authentication After we get the claims through the AllowedScopes in the authentication, if we want to authenticate the permissions, we need to add the following configuration "RouteClaimsRequirement": { "UserType": "registered" } */ "RouteClaimsRequirement": {}, "AddQueriesToRequest": {}, "RequestIdKey": "", /* cache Ocelot can cache the downstream request results, but the cache function is not very powerful at present. It is mainly implemented by relying on CacheManager, we only need to add the following configuration under the route Region is a partition of the cache, we can call Ocelot's administration API to remove the cache under a certain region */ "FileCacheOptions": { "TtlSeconds": 0, "Region": "somename" }, "ReRouteIsCaseSensitive": false, "ServiceName": "", /* Quality of service and circuit breaker: circuit breaker means to stop forwarding requests to downstream services. Re-requesting when the downstream service has failed is also rewarding, and increases the burden on the downstream server and API gateway. This function is implemented with Pollly, we only need to do some simple configuration for routing ExceptionsAllowedBeforeBreaking how many exception requests are allowed DurationOfBreak blown time, in seconds TimeoutValue Set the request to timeout freely if the processing time of the downstream request exceeds */ "QoSOptions": { "ExceptionsAllowedBeforeBreaking": 0, "DurationOfBreak": 0, "TimeoutValue": 0 }, /* LeastConnection - sends requests to the least busy server RoundRobin - send in rotation NoLoadBalance - always sent to the first request or service discovery */ " LoadBalancer " : "" , // will determine the load balancing algorithm /* Limiting Limiting requests can prevent downstream servers from crashing due to overloaded access. Very elegant implementation, we only need to add some simple configuration under the route to complete ClientWihteList whitelist EnableRateLimiting whether to enable current limiting Period Statistics period: 1s, 5m, 1h, 1d PeroidTimeSpan After how many seconds the client can retry Limit The maximum number of requests allowed in the statistical time period */ "RateLimitOptions": { "ClientWhitelist": [], "EnableRateLimiting": false, "Period": "", "PeriodTimespan": 0, "Limit": 0 }, /* Certification If we need to authenticate the downstream API and the authentication service, firstly, the Ocelot gateway needs to add the authentication service here. This is no different from adding an authentication service to a single API or ASP.NET Core Mvc. JWT Token public void ConfigureServices(IServiceCollection services) { var authenticationProviderKey = "ProviderKey"; services.AddAuthentication() .AddJwtBearer(authenticationProviderKey, x => { }); } Then configure the AuthenticationOptions in the routing template of ReRoutes, as long as our AuthenticationProviderKey is the same. "AuthenticationOptions": { "AuthenticationProviderKey": "ProviderKey", "AllowedScopes": [] } }] The same is true for adding Identity Server authentication public void ConfigureServices(IServiceCollection services) { var authenticationProviderKey = "TestKey"; var options = o => { o.Authority = "address of identityserver4"; o.ApiName = "api"; o.SupportedTokens = SupportedTokens.Both; o.ApiSecret = "secret"; }; services.AddAuthentication() .AddIdentityServerAuthentication(authenticationProviderKey, options); services.AddOcelot(); } */ "AuthenticationOptions": { "AuthenticationProviderKey": "", "AllowedScopes": [] }, /* */ "HttpHandlerOptions": { "AllowAutoRedirect": true, "UseCookieContainer": true, "UseTracing": true }, "UseServiceDiscovery": false, "Key": "keys1" } ], "Aggregates": [ { "ReRouteKeys": [ "keys1", "keys2" ], "UpstreamPathTemplate": "/" } ], "GlobalConfiguration": { "BaseUrl": "http://localhost:5002" } }