In the previous article, we have used the eureka / ribbon / feign / hystrix built a seemingly perfect micro-services, and that if there is a place worth continue to optimize it? The answer is definitely yes, if the entire microService Internally, it has basically been complete, but our service micro inevitable need to provide services to the outside, this time, we will focus on the concerns of external services this one.
If there is an external service, call our entire micro-services in a number of different services, such as customer service, order services, logistics services, etc., think about what will direct calls to the micro-service problems?
1. First of all, the external service must We know our micro-service application name eureka registry, according to the application name to call (if you do not go eureka registry directly call the service would be meaningless micro-services), and we do not want the external service exposure such information. Introduction under Italian, we both want the external shield our internal information, but also provide services in the case of the shield information.
2. Secondly, the use of micro restful API services architecture style, direct access to external services micro-services internal services, It is bound to add permissions check logic in each micro-services, which is precisely destroy the restful API stateless characteristics.
3. external service multiple calls to different services micro internal services, increases the complexity of external services, not to facilitate the maintenance of late.
Therefore, in order to solve these problems, we need the authority to control such things pulled out of our services, and the best place for these logical place is in the forefront of foreign visit, which is the API gateway. The spring cloud of API gateway is zuul, Next, let's take a look zuul.
What is the API Gateway zuul?
zuul is spring cloud in the API Gateway, similar to the design patterns inside Facade Facade pattern:
his presence is like the whole facade micro services, all external client access have to go through it for forwarding and filtering, its core is a series of filters, its main role include:
1. authentication and security: to identify the authentication requirements for each resource and deny the request does not meet these requirements
2. monitoring and statistics: monitoring and statistical data for us provide accurate view of production.
3. dynamic routing: similar Nginx, according to need to dynamically routes the request to the backend different micro service.
Next, let us show you the code to use zuul, first add a module:
then the old rules, three steps, first configure maven dependent:
then the configuration file:
mainly the port number, and eureka-server address, because the gateway sure is the need to find services from eureka in, so you need to configure information eureka-server, has started eureka-server, producer-hystrix (the service requires password authentication) as well as user-hystrix (the service requires no password verification):
then start zuul gateway access to try, let's look at access without a password to access the user:
and then try again need a password to access the producer:
discovery requires login account password, because our producer enabled security, safety verification, so we need to configure the authentication header in the information we said before, the core zuul is a series of filters, its various functions are performed through a filter, so we need to implement this functionality through the filter, the filter zuul following types:
very obviously, we need to pre type of filter, the filter implemented zuul inherited ZuulFilter manner and covers a corresponding method, wherein the heaviest The method is run method, which is to achieve our approach to business logic.
After you create this filter, you must create a bean to take effect:
before you visit try:
Ah? Why is this? We configured the filter does not take effect? Is the code that a problem? Actually no, it's a pit spring cloud, this is because of the high spring cloud zuul version supports more than 2.0.0.RELEASE well, this is the place zuul has been criticized, so spring cloud from 2.0.0.RELEASE official start, also launched its own micro-services gateway spring-cloud-starter-gateway, but also want to replace zuul purpose, interested children's shoes can go to look at gateway, we said, to solve this problem, because zuul version is too high, for springboot support is not very good cause, remember before our zuul configuration?
our springboot and cloud are used in 2.1.2 version, as long as we can solve this problem reduced version of:
springboot we use the 2.0.7 version, zuul we use version 2.0.0, and then restart the zuul service access:
can be found in our filters have been came into force, provided in the header of the account password information, verified by a producer of security. but there is a problem, we said earlier, is due to the foreign service, we do not want too much violence Our internal information services, such as application name in the path of micro-services, we also need to configure:
the front two, used to tell zuul, all access / producer-proxy / path to forward all dhp-micro- service-producer services, Article zuul told to ignore all services, so think through direct access to micro can not access the service name, and can only be accessed by designated / producer-proxy / proxy address:
see then be accessed by way of the application name directly reported to 404, and by our proxy address settings, you can normally access.
zuul Secure Access
作为所有微服务访问的统一入口,zuul也是可以进行加密访问的,同理是使用spring security:
则访问的时候就需要进行安全验证:
验证成功后就能正常访问了:
feign访问zuul
在之前的文章中,我们使用了feign来简化代码开发,现在我们集成了网关zuul,所有的服务都走zuul,因此,我们之前的代码也需要进行改造,使用feign集成zuul来访问微服务.
我们说feign是通过eureka-server拉取服务,因此要使feign集成zuul,首先zuul也需要注册到eureka:
然后新增一个使用feign访问zuul的service(本文直接在consumer中完成,实际生产环境可能由于有多个服务会需要调用,因此可以单独抽一个module出来):
读过我之前文章的童鞋们应该明白,首先表示我这个接口使用feign代理,并且关注的服务是DHP-MICRO-SERVICE-ZUUL-GATEWAY,由于所有服务都有安全验证,因此有一个FeignClientConfig配置验证信息:
如果调用服务失败,我们还需要服务降级,因此有一个ZuulProxyServiceFallbackFactory:
此时,相关准备工作已经就绪,开始使用,首先在consumer-feign中新增maven依赖:
然后编码实现:
然后依次启动eureka-server,producer,user,zuul,consumer访问试一试:
可以看到,我们成功通过zuul访问到了producer和user.但这还不够,我们现在是通过消费者通过zuul代理访问服务方,此时zuul从功能上类似于Nginx,主要是转发,假如zuul转发到的服务挂了,会直接显示错误页面,比如我们现在把producer停掉再访问一下:
这显然是不行的,因此zuul本身也需要进行降级处理,新增一个降级处理的类:
The main effect of the downgrade of the class is to build a corresponding information http request failed this time to try to restart zuul:
can be found in our zuul downgrade has been successful, this will not zuul proxy service is unavailable caused by throwing an exception a.
The next article, we continue to introduce spring cloud distributed configuration center config, so stay tuned!
This article from the blog article multiple platforms OpenWrite release!