源码安装kong 2.0.3

环境准备:操作系统 centeros7.7

环境准备

git

yum install git -y

gcc

yum install gcc -y

升级openssl 到1.1.1 f

yum install -y wget unzip

安装prel5

1
2
3
4
5
6
7
8
9
wget https://www.cpan.org/src/5.0/perl-5.28.0.tar.gz
tar -zxvf perl-5.28.0.tar.gz
cd perl-5.28.0 
./Configure -des -Dprefix=$HOME/localperl  
make  
make test  
make install

export PATH="$PATH:/root/localperl/bin"

安装openssl 1.1.1f

1
2
3
4
5
wget https://www.openssl.org/source/openssl-1.1.1f.tar.gz
tar -zxvf openssl-1.1.1f.tar.gz
cd openssl-1.1.1f 
./config --prefix=/usr/local/openssl no-zlib  
make && make install

更新openssl版本

1
2
3
4
5
6
7
8
9
10
11
12
# 备份
mv /usr/bin/openssl /usr/bin/openssl.bak  
mv /usr/include/openssl/ /usr/include/openssl.bak

# 重新链接
ln -s /usr/local/openssl/include/openssl /usr/include/openssl  
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/local/lib64/libssl.so  
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

# 修改系统配置,写入openssl库文件的搜索路径
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v

验证
openssl version

lua

1
2
3
4
5
6
7
wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz

tar -xvf LuaJIT-2.0.5.tar.gz

cd LuaJIT-2.0.5

make install

下载lua-kong-nginx-module

https://github.com/Kong/lua-kong-nginx-module/releases

安装 openresty

wget https://openresty.org/download/openresty-1.15.8.3.tar.gz
tar -xvf openresty-1.15.8.3.tar.gz

不整合sm2加密

1
2
3
4
5
6
7
8
cd openresty-1.15.8.3

./configure  --with-pcre-jit --with-http_ssl_module  --with-http_realip_module --with-http_stub_status_module  --with-http_v2_module --with-openssl=/root/openssl-1.1.1f --add-module=/root/lua-kong-nginx-module 

gmake
gmake install

export PATH="$PATH:/usr/local/openresty/bin"

整合sm2加密

整合sm2后的openresty安装kong有问题,待解决

下载沃通sm2包

1
2
3
4
5
6
7
8
9
10
11
12
wotrus_ssl.tar.gz

tar -xvf wotrus_ssl.tar.gz

cd openresty-1.15.8.3

./configure  --with-pcre-jit --with-http_ssl_module  --with-http_realip_module --with-http_stub_status_module  --with-http_v2_module --with-openssl=/root/wotrus_ssl


gmake
gmake install

发现报错
/bin/sh: line 2: ./config: No such file or directory
gmake[2]: *** [/root/route_workspace/wotrus_ssl/.openssl/include/openssl/ssl.h] Error 127

修改root/openresty-1.15.8.3/bundle/nginx-1.15.8.3/auto/lib/openssl/conf 文件

1
2
3
4
5
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

重新安装

1
2
3
4
5
6
7
8
9
cd openresty-1.15.8.3

make clean

./configure  --with-pcre-jit --with-http_ssl_module  --with-http_realip_module --with-http_stub_status_module  --with-http_v2_module --with-openssl=/root/wotrus_ssl

gmake
gmake install

验证
/usr/local/openresty/nginx/sbin/nginx -V

1
2
3
4
5
nginx version: openresty/1.15.8.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) 
built with WoTrusSSL 1.1.0g - OpenSSL 1.1.0d-fips  18 Jan 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt=-O2 --add-module=../ngx_devel_kit-0.3.1rc1 --add-module=../echo-nginx-module-0.61 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.32 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.08 --add-module=../srcache-nginx-module-0.31 --add-module=../ngx_lua-0.10.15 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.15 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.7 --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --with-pcre-jit --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_v2_module --with-openssl=/root/wotrus_ssl --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module

export PATH=”$PATH:/usr/local/openresty/bin”

安装 luarocks

1
2
3
4
5
6
7
8
9
10
11
12
yum install unzip

wget http://luarocks.github.io/luarocks/releases/luarocks-3.3.1.tar.gz

tar -xvf luarocks-3.3.1.tar.gz

cd luarocks-3.3.1

./configure

make install

安装docker

1
2
3
4
5
6
7
8
9
yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum list docker-ce --showduplicates | sort -r

yum install docker-ce-18.03.1.ce

systemctl start docker

修改阿里docker源
sudo mkdir -p /etc/docker
vi /etc/docker/daemon.json
{
“registry-mirrors”: [“https://7sr79bgb.mirror.aliyuncs.com"]
}
sudo systemctl daemon-reload
sudo systemctl restart docker

docker安装postgres数据库

docker run -d --name kong-database \ -p 5432:5432 \ -e "POSTGRES_USER=kong" \ -e "POSTGRES_DB=kong" \ -e "POSTGRES_PASSWORD=123456" \ postgres:9.6

获取kong源码

https://github.com/Kong/kong/releases 获取2.0.3版本kong源码

安装kong

安装kong 2.0.3源码

yum install -y libyaml libyaml-devel git
跳转到kong源码目录 进行make安装
cd kong
make install

如果成功会提示:kong 2.0.3-0 is now installed in /usr/local (license: Apache 2.0)

启动kong

export PATH=”$PATH:/usr/local/openresty/bin”

在 /etc/kong/ 文件创建kong.conf 内容如下

1
2
3
4
5
6
7
8
9
10
11
# kong 安装目录
prefix = /usr/data/kong/
proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl
admin_listen = 127.0.0.1:8001
database = postgres # Determines which of PostgreSQL or Cassandra

pg_host = 127.0.0.1 # The PostgreSQL host to connect to.
pg_port = 5432 # The port to connect to.
pg_user = kong # The username to authenticate if required.
pg_password = 123456 # The password to authenticate if required.
pg_database = kong

启动
bin/kong migrations bootstrap –v
bin/kong start –v

错误

缺少lua-kong-nginx-module

如果缺少lua-kong-nginx-module模块会导致启动时出现下面的报错
Error: module ‘resty.kong.tls’ not found:No LuaRocks module found for resty.kong.tls
no field package.preload[‘resty.kong.tls’]
使用find命令在根目录下找kong缺失的模块文件(如:find / -name tls.lua),将找到后的模块文件放到kong启动加载时检索的目录下,或使用建立软连接的方式即可
创建文件夹 mkdir /usr/local/share/lua/5.1/resty/kong
拷贝lua-kong-nginx-module里的/root/lua-kong-nginx-module-0.0.6/lualib/resty/kong 到 /usr/local/share/lua/5.1/resty/kong

启动报错

集成sm2后启动报错,不集成的话没有这个问题

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
2020/04/13 15:45:53 [verbose] Kong: 2.0.3
2020/04/13 15:45:53 [verbose] reading config file at /etc/kong/kong.conf
2020/04/13 15:45:53 [verbose] prefix in use: /usr/data/kong
2020/04/13 15:45:53 [verbose] retrieving database schema state...
2020/04/13 15:45:53 [verbose] schema state retrieved
2020/04/13 15:45:53 [verbose] preparing nginx prefix directory at /usr/data/kong
2020/04/13 15:45:53 [info] prefix directory /usr/data/kong not found, trying to create it
2020/04/13 15:45:53 [verbose] SSL enabled, no custom certificate set: using default certificate
2020/04/13 15:45:53 [verbose] generating default SSL certificate and key
2020/04/13 15:45:53 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
2020/04/13 15:46:01 [verbose] could not start Kong, stopping services
2020/04/13 15:46:01 [verbose] stopped services
Error: 
./kong/cmd/start.lua:75: ./kong/cmd/start.lua:64: nginx: [error] init_by_lua error: error loading module '_openssl.hmac' from file '/usr/local/lib/lua/5.1/_openssl.so':
	/usr/local/lib/lua/5.1/_openssl.so: undefined symbol: SSL_CTX_set1_cert_store
stack traceback:
	[C]: at 0x7f0535100ff0
	[C]: in function 'require'
	/usr/local/share/lua/5.1/openssl/hmac.lua:1: in main chunk
	[C]: in function 'require'
	/usr/local/share/lua/5.1/lapis/util/encoding.lua:3: in main chunk
	[C]: in function 'require'
	/usr/local/share/lua/5.1/lapis/session.lua:4: in main chunk
	[C]: in function 'require'
	/usr/local/share/lua/5.1/lapis/request.lua:3: in main chunk
	[C]: in function 'require'
	/usr/local/share/lua/5.1/lapis/application.lua:25: in main chunk
	[C]: in function 'require'
	/usr/local/share/lua/5.1/lapis/init.lua:1: in main chunk
	[C]: in function 'require'
	./kong/init.lua:71: in main chunk
	[C]: in function 'require'
	init_by_lua:2: in main chunk

stack traceback:
	[C]: in function 'error'
	./kong/cmd/start.lua:75: in function 'cmd_exec'
	./kong/cmd/init.lua:88: in function <./kong/cmd/init.lua:88>
	[C]: in function 'xpcall'
	./kong/cmd/init.lua:88: in function <./kong/cmd/init.lua:45>
	bin/kong:9: in function 'file_gen'
	init_worker_by_lua:47: in function <init_worker_by_lua:45>
	[C]: in function 'xpcall'
	init_worker_by_lua:54: in function <init_worker_by_lua:52>

怀疑和openssl版本有关

检查配置:
curl -i -X GET http://localhost:8001/