--- title: "极限网关案例分享(1):使用极限网关代替 Nginx 访问 ECE" date: 2024-12-28 lastmod: 2024-12-28 description: "为解决Nginx性能瓶颈,采用极限网关替换Nginx代理功能,与Keepalived混合部署确保高可用,同时支持请求转发、日志记录及弹性搜索集群访问,提升业务请求处理能力。" tags: ["Gateway", "Nginx", "ECE"] summary: "背景 # 某 ECE 集群,后端 300+ 实例,最开始使用 Nginx + Keepalived 代理请求,转发到 ECE Proxy。 随着业务请求的增多,Nginx 出现异常,不能满足需求。 方案 # 进行请求代理改造,为了减少对现网环境有大的改动,设计方案如下: 保留当前的 Nginx + Keepalived,极限网关和 Nginx 混合部署在一台机器上面,同时借用 Keepalived 保障网关的高可用性。 替换用来承载业务访问的 Nginx 代理功能,由极限网关来承载外部请求,转发给后端的 ECE Proxy。 极限网关配置如下: path.data: data path.logs: log entry: - name: my_es_entry enabled: true router: my_router max_concurrency: 10000 network: binding: 0.0.0.0:9243 tls: enabled: true cert_file: /etc/ssl.crt key_file: /etc/ssl.key skip_insecure_verify: false flow: - name: primary-write-flow filter: - http: schema: "https" #https or http hosts: - "192." --- ## 背景 某 ECE 集群,后端 300+ 实例,最开始使用 Nginx + Keepalived 代理请求,转发到 ECE Proxy。 随着业务请求的增多,Nginx 出现异常,不能满足需求。 ## 方案 进行请求代理改造,为了减少对现网环境有大的改动,设计方案如下: - 保留当前的 Nginx + Keepalived,极限网关和 Nginx 混合部署在一台机器上面,同时借用 Keepalived 保障网关的高可用性。 - 替换用来承载业务访问的 Nginx 代理功能,由极限网关来承载外部请求,转发给后端的 ECE Proxy。 极限网关配置如下: ```yaml path.data: data path.logs: log entry: - name: my_es_entry enabled: true router: my_router max_concurrency: 10000 network: binding: 0.0.0.0:9243 tls: enabled: true cert_file: /etc/ssl.crt key_file: /etc/ssl.key skip_insecure_verify: false flow: - name: primary-write-flow filter: - http: schema: "https" #https or http hosts: - "192.168.200.209:9243" - "192.168.200.210:9243" - "192.168.200.211:9243" - name: request_logging filter: - logging: queue_name: request_logging max_request_body_size: 10240 max_response_body_size: 10240 when: #>1s or none-200 requests will be logged or: - not: or: - equals: _ctx.request.path: "/favicon.ico" - equals: _ctx.response.status: 200 - in: _ctx.request.path: ["/sw.js"] - range: _ctx.elapsed.gte: 1000 router: - name: my_router default_flow: primary-write-flow tracing_flow: request_logging elasticsearch: - name: logging-server enabled: true endpoints: - https://d6794e84d46e4b7db21d364de10620c4.192.168.200.209.ip.es.io:9243 basic_auth: username: elastic password: 1qaz!QAZ discovery: enabled: false pipeline: - name: indexing_merge auto_start: true keep_running: true processor: - indexing_merge: input_queue: "request_logging" elasticsearch: "logging-server" index_name: "infini_gateway_requests" output_queue: name: "gateway_requests" label: tag: "request_logging" worker_size: 1 bulk_size_in_mb: 10 - name: logging_requests auto_start: true keep_running: true processor: - bulk_indexing: bulk: compress: true batch_size_in_mb: 10 batch_size_in_docs: 5000 consumer: fetch_max_messages: 100 queues: type: indexing_merge when: cluster_available: ["logging-server"] ``` 配置说明: ```yaml path.data: /data path.logs: /log ``` - 网关本地的存储路径,建议配置 SSD,磁盘空间在 500GB 以上。 ```yaml tls: enabled: true cert_file: /etc/ssl.crt key_file: /etc/ssl.key ``` - 泛域名证书,保持和 Nginx 一致。 ```yaml - http: schema: "https" #https or http hosts: - "192.168.200.209:9243" - "192.168.200.210:9243" - "192.168.200.211:9243" ``` - ECE Proxy 的访问地址。 ```yaml - name: logging-server enabled: true endpoints: - https://d6794e84d46e4b7db21d364de10620c4.192.168.200.209.ip.es.io:9243 basic_auth: username: elastic password: 1qaz!QAZ ``` - 记录访问日志的集群,用于分析发送给 Elasticsearch 服务器的请求。 更多极限网关配置信息请参考[官网](https://docs.infinilabs.com/gateway/main/zh//)。 ## 关于极限网关(INFINI Gateway) ![](/img/blog/banner/gateway_banner@2x.png) INFINI Gateway 是一个面向搜索场景的高性能数据网关,所有请求都经过网关处理后再转发到后端的搜索业务集群。基于 INFINI Gateway,可以实现索引级别的限速限流、常见查询的缓存加速、查询请求的审计、查询结果的动态修改等等。 Gateway 现已开源(),如有相关问题或建议,欢迎提交 PR 或 Issue,一起参与开源共建!