Back to Details

api-gateway-configuration

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

API Gateway Configuration

API网关配置

Design and configure API gateways for microservice architectures.
为微服务架构设计并配置API网关。

Gateway Responsibilities

网关职责

  • Request routing and load balancing
  • Authentication and authorization
  • Rate limiting and throttling
  • Request/response transformation
  • Logging and monitoring
  • SSL termination
  • 请求路由与负载均衡
  • 认证与授权
  • 限流与流量控制
  • 请求/响应转换
  • 日志与监控
  • SSL终止

Kong Configuration (YAML)

Kong配置(YAML格式)

yaml
_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths: ["/api/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: jwt

  - name: order-service
    url: http://order-service:3000
    routes:
      - name: order-routes
        paths: ["/api/orders"]
yaml
_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths: ["/api/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: jwt

  - name: order-service
    url: http://order-service:3000
    routes:
      - name: order-routes
        paths: ["/api/orders"]

Nginx Configuration

Nginx配置

nginx
upstream backend {
    server backend1:3000 weight=5;
    server backend2:3000 weight=5;
    keepalive 32;
}

server {
    listen 443 ssl;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_valid 200 1m;
    }

    location /health {
        return 200 'OK';
    }
}
nginx
upstream backend {
    server backend1:3000 weight=5;
    server backend2:3000 weight=5;
    keepalive 32;
}

server {
    listen 443 ssl;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_valid 200 1m;
    }

    location /health {
        return 200 'OK';
    }
}

AWS API Gateway (SAM)

AWS API Gateway(SAM格式)

yaml
Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Auth:
        DefaultAuthorizer: JWTAuthorizer
        Authorizers:
          JWTAuthorizer:
            JwtConfiguration:
              issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"
yaml
Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Auth:
        DefaultAuthorizer: JWTAuthorizer
        Authorizers:
          JWTAuthorizer:
            JwtConfiguration:
              issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"

Best Practices

最佳实践

  • Authenticate at gateway level
  • Implement global rate limiting
  • Enable request logging
  • Use health checks for backends
  • Apply response caching strategically
  • Never expose backend details in errors
  • Enforce HTTPS in production
  • 在网关层进行认证
  • 实现全局限流
  • 启用请求日志
  • 为后端服务配置健康检查
  • 策略性地应用响应缓存
  • 错误信息中绝不暴露后端细节
  • 生产环境强制使用HTTPS