Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

应用网关生成策略的合法性进行强制检查 #321

Closed
barnettZQG opened this issue Jul 15, 2019 · 1 comment
Closed

应用网关生成策略的合法性进行强制检查 #321

barnettZQG opened this issue Jul 15, 2019 · 1 comment
Assignees
Labels
Milestone

Comments

@barnettZQG
Copy link
Collaborator

@barnettZQG barnettZQG commented Jul 15, 2019

需求描述:Rainbond应用网关目前使用nginx作为负载均衡器,当需要添加或更新访问策略时,由于用户输入数据存在不合法性可能导致已存在配置失效。 我们需要对将要进入生效队列的规则进行严格的合法性检查,以确保不影响已存在策略。

设计改进:1. 将最终生效的配置文件以租户的维度进行分离。
2. 即将生效的配置文件写入临时文件使用nginx命令进行检测。
3. 前端和API部分采用严格的参数验证。

@barnettZQG

This comment has been minimized.

Copy link
Collaborator Author

@barnettZQG barnettZQG commented Aug 28, 2019

网关服务生成的nginx配置文件包括下面几部分:
/run/nginx/conf/nginx.conf 配置文件总入口(1)
/run/nginx/conf/http//.conf http server配置文件(2)
/run/nginx/conf/stream//.conf tcp&udp 配置文件(3)

其中
(1)部分配置是固定的,不由用户数据的改变而改变,只需要进行一次性检测。
(2) 部分只会生成http server配置,这里需要以server为单元进行错误检测。
(3) 部分需要对 server 和 upstream 分别进行单元错误检测。

@barnettZQG barnettZQG closed this Aug 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.