A performant API Gateway based on Openresty and NGINX
Clone or download
Permalink
Failed to load latest commit information.
conf.d Change hash header to latest version in .conf files. (#298) May 9, 2018
doc Change hash header to latest version in .conf files. (#298) May 9, 2018
html Fix minor scancode EOL error in index.html. (#303) May 23, 2018
scripts/lua Add additional headers to remove when cors is disabled (#317) Jul 26, 2018
tests Fix Access-Control-Allow-Headers header; Fix case when cors is not set ( Jul 3, 2018
tools/travis Revert the copyright to the content in the template (#320) Aug 21, 2018
.dockerignore Flatten project structure (#117) Feb 21, 2017
.gitignore Flatten project structure (#117) Feb 21, 2017
.profiling.after add profiling tools Apr 28, 2017
.profiling.before add profiling tools Apr 28, 2017
.travis.yml Add ASF license header to travis yaml file. (#301) May 17, 2018
CONTRIBUTING.md Change hash header to latest version in .conf files. (#298) May 9, 2018
DEPENDENCIES.md Change hash header to latest version in .conf files. (#298) May 9, 2018
DISCLAIMER.txt Add the DISCLAIMER file for Apache incubator project (#308) Jun 6, 2018
Dockerfile Add option to encrypt redis password (#302) May 19, 2018
LICENSE.txt Revert the copyright to the content in the template (#320) Aug 21, 2018
Makefile Add option to encrypt redis password (#302) May 19, 2018
NOTICE.txt update notice file (#286) Apr 4, 2018
README.md Add the DISCLAIMER file for Apache incubator project (#308) Jun 6, 2018
api-gateway.conf Add option to encrypt redis password (#302) May 19, 2018
build_config_supervisor.sh Support ASF Header in .md and .sh files for scancode (#292) May 1, 2018
build_profiling.sh Support ASF Header in .md and .sh files for scancode (#292) May 1, 2018
init.sh Fix awk command in init.sh generating resolvers.conf file (#313) Jun 20, 2018
naxsi_core.rules Fix license header in rules config. file. (#305) May 29, 2018

README.md

OpenWhisk API Gateway

Build Status License

A performant API Gateway based on Openresty and NGINX.

Project status

This project is currently considered beta stage, Large swaths of code or APIs may change.

Table of Contents

Quick Start

docker run -p 80:80 -p <managedurl_port>:8080 -p 9000:9000 \
            -e PUBLIC_MANAGEDURL_HOST=<managedurl_host> \
            -e PUBLIC_MANAGEDURL_PORT=<managedurl_port> \
            -e REDIS_HOST=<redis_host> \
            -e REDIS_PORT=<redis_port> \
            -e REDIS_PASS=<redis_pass> \
            openwhisk/apigateway:latest

(Optional) The redis password can be passed in encrypted using the aes-256-cbc encryption algorithm. To do so, pass in the following environment variables, in addition to the encrypted password:

  • DECRYPT_REDIS_PASS=true
  • ENCRYPTION_KEY=<32 Byte hex string that was used for encryption>
  • ENCRYPTION_IV=<16 Byte hex string that was used for encryption>

API

Syncing configuration from a remote source

The Gateway can sync its configuration with a remote folder in the cloud such as Amazon S3, Google Cloud Storage, IBM Cloud Object Storage, Dropbox, and many others. The configuration is monitored for changes, and when a file is changed, the Gateway is reloaded automatically. This is very useful to gracefully update the Gateway on the fly, without impacting the active traffic; if the new configuration is invalid, the Gateway doesn't break, running with the last known valid configuration.

This feature is enabled by configuring a few environment variables:

  • REMOTE_CONFIG - the location where the configuration should be synced from. I.e. s3://api-gateway-config . The remote location is synced into is /etc/api-gateway. The default configuration is found in this project's root folder.
  • (optional) REMOTE_CONFIG_SYNC_INTERVAL - how often to check for changes in the remote location. The default value is 10s
  • (optional) REMOTE_CONFIG_RELOAD_CMD - which command to execute in order to reload the Gateway. The default value is: api-gateway -s reload

Syncing is done through rclone sync. rclone has a rich set of options such as what to exclude when syncing, or what to include. An important configuration is --config, pointing to the config file in /root/.config/rclone/rclone.conf. The Gateway should be started with /root/.config/rclone folder mounted so that rclone.conf is present. To generate a new rclone configuration simply execute:

docker run -ti --rm --entrypoint=rclone -v `pwd`/rclone/:/root/.config/rclone/ openwhisk/apigateway config

This runs an interactive rclone config command and stores the resulted configuration in ./rclone/rclone.conf file.

To test this locally, simulate a remote folder using a local location, by mounting it in /tmp folder as follows:

docker run -ti --rm -p 80:80 \
    -v `pwd`:/tmp/api-gateway-local -e REMOTE_CONFIG="/tmp/api-gateway-local" \
    -e REDIS_HOST=redis_host -e REDIS_PORT=redis_port openwhisk/apigateway

Then make changes to any configuration file ( i.e. api-gateway.conf ), save it, then watch as the Gateway reloads the updated configuration automatically.

Developer Guide

Running locally

To build the docker image locally use:

 make docker

To Run the Docker image

 make docker-run PUBLIC_MANAGEDURL_HOST=<mangedurl_host> PUBLIC_MANAGEDURL_PORT=<managedurl_port> \
   REDIS_HOST=<redis_host> REDIS_PORT=<redis_port> REDIS_PASS=<redis_pass>

Testing

First install the necessary dependencies:

 make test-build

Then, run the unit tests:

 make test-run

Disclaimer

Apache OpenWhisk API Gateway is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.