动态VS
1. 功能说明
在现有监听的port的基础上,支持对server模块的动态添加、删除,可以对支持在server中添加的指令进行便捷的配置。
还可以在动态server基础上添加动态location实现location级别指令功能的动态添加及使用。
2. 依赖模块
动态VS功能依赖模块:
njet.conf
load_module modules/njt_http_dyn_server_module.so; njet_ctrl.conf
load_module modules/njt_http_dyn_server_api_module.so;3. 配置说明
njet.conf (数据面配置)
helper broker modules/njt_helper_broker_module.so conf/mqtt.conf;
helper ctrl modules/njt_helper_ctrl_module.so conf/ctrl.conf;
load_module modules/njt_http_dyn_server_module.so; #配置动态VS 模块
load_module modules/njt_http_location_module.so; #location验证
user root root;
cluster_name helper;
node_name node-u01;
error_log logs/error.log info;
pid logs/njet.pid;
events {
worker_connections 1024;
}
http {
dyn_kv_conf conf/iot-work.conf;
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_set_key $request_uri "$realip_remote_addr to $server_name";
variables_hash_max_size 2048;
sendfile on;
keepalive_timeout 65;
upstream backend1 {
zone backend1_zone 128k;
server 127.0.0.1:5800;
}
server {
listen 5555;
server_name test-server;
location / {
alias html;
}
}
server {
listen 443 ssl;
server_name dev.test.com;
ssl_reject_handshake off;
ssl_ntls off;
ssl_certificate certs/rsa.dev.test.com.crt.pem;
ssl_certificate_key certs/rsa.dev.test.com.key.pem;
ssl_ciphers RSA+AES128:RSA+AES256:RSA+3DES:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
location / {
charset utf-8;
default_type text/html;
return 200 "dev.test.com 443 test ok";
}
}
}njet_ctrl.conf (控制面配置)
load_module modules/njt_http_sendmsg_module.so;
load_module modules/njt_ctrl_config_api_module.so;
load_module modules/njt_http_location_api_module.so;
load_module modules/njt_doc_module.so;
load_module modules/njt_http_dyn_server_api_module.so; #配置动态VS api模块
events {
worker_connections 1024;
}
error_log logs/error_ctrl.log debug;
http {
dyn_sendmsg_conf conf/iot-ctrl.conf;
access_log logs/access_ctrl.log combined;
include mime.types;
server {
listen 8081;
location /api {
dyn_module_api;
}
location /doc {
doc_api;
}
}
}
cluster_name helper;
node_name node1;4. API说明
添加接口:
POST http://IP+port/api/v1/dyn_srv删除接口:
PUT http://IP+port/api/v1/dyn_srv新增VS API
| 配置项 | 必填 | 配置说明 |
|---|---|---|
| type | 是 | “add” 添加 VS |
| addr_port | 是 | 添加的主机的,port 端口。 例如:“192.168.40.203:8000”, 或 “0.0.0.0:8000” |
| listen_option | 否 | 监听的参数。 例如:ssl,proxy_protocol。ssl会根据监听的端口进行自适应(例如 静态文件中listen 443 ssl;添加443的VS时,该server会自动加上ssl字段。) |
| server_name | 是 | 主机的server_name, 例如:“cluster.tmlake.com"VS的server_name唯一,不允许重复。 |
| server_body | 是 | server_body server 块内的指令集,每条指令用分号分隔。server_body内容可以为空。 |
删除VS API
| 配置项 | 必填 | 配置说明 |
|---|---|---|
| type | 是 | “del” 删除VS |
| addr_port | 是 | 添加的主机的,port 端口。 例如:“192.168.40.203:8000”, 或 “0.0.0.0:8000” |
| server_name | 是 | 主机的server_name, 例如:“cluster.tmlake.com” |
5.调用样例
5.1 新增VS
通过POST方法新增VS
curl -v -X POST http://127.0.0.1:8081/api/v1/dyn_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:5555",
"server_name": "test.server.com",
"server_body": "return 200 \"test ok\";"
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> POST /dyn_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 154
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Thu, 14 Dec 2023 08:50:42 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.2 删除VS
通过PUT方法删除VS
curl -v -X PUT http://127.0.0.1:8081/api/v1/dyn_srv -d '{
"type": "del",
"addr_port": "0.0.0.0:5555",
"server_name": "test.server.com"
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> PUT /dyn_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 104
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Thu, 14 Dec 2023 09:48:19 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.3 在动态VS上添加动态location
通过POST方法添加VS
curl -v -X POST http://127.0.0.1:8081/api/v1/dyn_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:5555",
"server_name": "test.server.com",
"server_body": "return 200 \"test ok\";"
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> PUT /dyn_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 104
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Thu, 14 Dec 2023 09:48:19 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}再通过POST方法添加动态location
curl -v -X POST http://127.0.0.1:8081/api/v1/dyn_loc -d '{
"type": "add",
"addr_port": "0.0.0.0:5555",
"server_name": "test.server.com",
"locations": [
{
"location_rule": "",
"location_name": "/",
"location_body": "",
"proxy_pass": "http://backend1"
}
]
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> POST /dyn_loc HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 240
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Fri, 15 Dec 2023 06:41:53 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.4 在动态VS中配置RSA证书
通过POST方法添加VS
curl -v -X POST http://127.0.0.1:8081/api/v1/dyn_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:443",
"server_name": "dev.test.com",
"server_body": "ssl_certificate certs/rsa.dev.test.com.crt.pem;
ssl_certificate_key certs/rsa.dev.test.com.key.pem;
ssl_ciphers RSA+AES128:RSA+AES256:RSA+3DES:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
return 200 rsa;"
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> POST /dyn_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 489
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Mon, 18 Dec 2023 06:33:14 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.5 在动态VS中添加国密证书
通过POST方法添加VS
curl -v -X POST http://127.0.0.1:8081/api/v1/dyn_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:443",
"server_name": "dev.test.com",
"server_body": "ssl_certificate certs/sm2.dev.test.com.enc.crt.pem certs/sm2.dev.test.com.sig.crt.pem;
ssl_certificate_key certs/sm2.dev.test.com.enc.key.pem certs/sm2.dev.test.com.sig.key.pem;
ssl_ntls on;
ssl_ciphers RSA+AES128:RSA+AES256:RSA+3DES:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
return 200 guomi;"
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> POST /dyn_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 489
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Mon, 18 Dec 2023 06:33:14 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.6 静态配置中不配置默认证书,添加VS中添加证书。
njet.conf
helper broker modules/njt_helper_broker_module.so conf/mqtt.conf;
helper ctrl modules/njt_helper_ctrl_module.so conf/ctrl.conf;
load_module modules/njt_http_split_clients_2_module.so;
load_module modules/njt_agent_dynlog_module.so;
load_module modules/njt_http_dyn_bwlist_module.so;
load_module modules/njt_dyn_ssl_module.so;
load_module modules/njt_http_vtsc_module.so;
load_module modules/njt_http_dyn_server_module.so; #配置动态VS 模块
load_module modules/njt_http_location_module.so; #location验证
user root root;
cluster_name helper;
node_name node-u01;
error_log logs/error.log info;
pid logs/njet.pid;
events {
worker_connections 1024;
}
http {
dyn_kv_conf conf/iot-work.conf;
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_set_key $request_uri "$realip_remote_addr to $server_name";
variables_hash_max_size 2048;
sendfile on;
keepalive_timeout 65;
upstream backend1 {
zone backend1_zone 128k;
server 127.0.0.1:5800;
}
server {
listen 5555;
server_name test-server;
location / {
alias html;
}
}
server {
listen 443 ssl;
server_name dev.test.com;
ssl_reject_handshake on;
location / {
charset utf-8;
default_type text/html;
return 200 "dev.test.com 443 test ok";
}
}
}通过POST方法添加VS
curl -v -X POST http://127.0.0.1:8081/api/v1/dyn_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:443",
"server_name": "dev.test.com",
"server_body": "ssl_certificate certs/rsa.dev.test.com.crt.pem;
ssl_certificate_key certs/rsa.dev.test.com.key.pem;
ssl_ciphers RSA+AES128:RSA+AES256:RSA+3DES:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
return 200 rsa;"
}'返回值
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> POST /dyn_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.1.0-DEV
> Accept: */*
> Content-Length: 489
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/1.2.3
< Date: Mon, 18 Dec 2023 06:33:14 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}