Kong 证书安装

By studyk8s 0 Comments

首先要打开 Kong的 8443 端口

完整的 docker-compose.yml 文件如下

version: "3"
 
networks:
 kong-net:
  driver: bridge
 
services:
 
  #######################################
  # Postgres: The database used by Kong
  #######################################
  kong-database:
    image: postgres:9.6
    restart: always
    networks:
      - kong-net
    environment:
      POSTGRES_USER: kong
      POSTGRES_DB: kong
      POSTGRES_PASSWORD: kong
    ports:
      - "5432:5432"
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "kong"]
      interval: 5s
      timeout: 5s
      retries: 5
 
  #######################################
  # Kong database migration
  #######################################
  kong-migration:
    image: kong:latest
    command: "kong migrations bootstrap"
    networks:
      - kong-net
    restart: on-failure
    environment:
      - KONG_DATABASE=postgres
      - KONG_PG_HOST=kong-database
      - KONG_PG_DATABASE=kong
      - KONG_PG_PASSWORD=kong
    links:
      - kong-database
    depends_on:
      - kong-database
 
  #######################################
  # Kong: The API Gateway
  #######################################
  kong:
    image: kong:latest
    restart: always
    networks:
      - kong-net
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_PASSWORD: kong
      KONG_PROXY_LISTEN: 0.0.0.0:8000,0.0.0.0:8443 ssl
      KONG_ADMIN_LISTEN: 0.0.0.0:8001
    depends_on:
      - kong-migration
    links:
      - kong-database
    healthcheck:
      test: ["CMD", "curl", "-f", "http://kong:8001"]
      interval: 5s
      timeout: 2s
      retries: 15
    ports:
      - "8001:8001"
      - "8000:8000"
      - "8443:8443"
 
 
  #######################################
  # Konga database prepare
  #######################################
  konga-prepare:
    image: pantsel/konga:latest
    command: "-c prepare -a postgres -u postgresql://kong:kong@kong-database:5432/konga"
    networks:
      - kong-net
    restart: on-failure
    environment:
      - KONG_DATABASE=postgres
      - KONG_PG_HOST=kong-database
      - KONG_PG_DATABASE=konga
      - KONG_PG_PASSWORD=kong
    links:
      - kong-database
    depends_on:
      - kong-database
 
  #######################################
  # Konga: Kong GUI
  #######################################
  konga:
    image: pantsel/konga:latest
    restart: always
    networks:
     - kong-net
    environment:
      DB_ADAPTER: postgres
      DB_URI: postgresql://kong:kong@kong-database:5432/konga
      NODE_ENV: production
    links:
      - kong-database
    depends_on:
      - kong
      - konga-prepare
    ports:
      - "1337:1337"

然后需要注入一个 cert

curl -k -X POST \
  http://diynocap.com:8001/certificates \
  -H 'Content-Type: multipart/form-data' \
  -F cert=@./cert.crt \
  -F key=@./private.key \
  -F snis[]=studyk8s.com

虽然会提示 zsh: no matches found: snis[]=studyk8s.com 但是证书仍然被创建成功了

也可以通过 konga的 UI 界面来添加

后端服务可以正常使用 http 80 端口,然后把前端的 kong暴露到 8443


Related Posts:
Previous Post

EFK Logstash Kafka
Next Post

Bitnami chat

Send a Message