如何构建 Apache APISIX

注：此文档构建环境为腾讯云CentOS7.9，虚拟机同样适用。

步骤1：安装依赖

# 编写依赖脚本
cd /usr/local && mkdir apisix-deps
cd apisix-deps && vim deps.sh
# 脚本内容见下方代码块
# 添加权限并执行脚本，安装依赖
chmod +x deps.sh && ./deps.sh
rm -f deps.sh

#!/usr/bin/env bash

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

set -ex

function detect_aur_helper() {
    if [[ $(which yay) ]]; then
        AUR_HELPER=yay
    elif [[ $(which pacaur) ]]; then
        AUR_HELPER=pacaur
    else
        echo No available AUR helpers found. Please specify your AUR helper by AUR_HELPER.
        exit -1
    fi
}

function install_dependencies_with_aur() {
    detect_aur_helper
    $AUR_HELPER -S openresty --noconfirm
    sudo pacman -S openssl --noconfirm

    export OPENRESTY_PREFIX=/opt/openresty

    sudo mkdir $OPENRESTY_PREFIX/openssl
    sudo ln -s /usr/include $OPENRESTY_PREFIX/openssl/include
    sudo ln -s /usr/lib $OPENRESTY_PREFIX/openssl/lib
}

# Install dependencies on centos and fedora
function install_dependencies_with_yum() {
    sudo yum install yum-utils

    local common_dep="curl git gcc openresty-openssl111-devel unzip pcre pcre-devel openldap-devel"
    if [ "${1}" == "centos" ]; then
        # add APISIX source
        sudo yum-config-manager --add-repo https://repos.apiseven.com/packages/centos/apache-apisix.repo

        # install apisix-base and some compilation tools
        # shellcheck disable=SC2086
        sudo yum install -y apisix-base $common_dep
    else
        # add OpenResty source
        sudo yum-config-manager --add-repo "https://openresty.org/package/${1}/openresty.repo"

        # install OpenResty and some compilation tools
        # shellcheck disable=SC2086
        sudo yum install -y openresty $common_dep
    fi
}

# Install dependencies on ubuntu and debian
function install_dependencies_with_apt() {
    # add OpenResty source
    sudo apt-get update
    sudo apt-get -y install software-properties-common wget lsb-release
    wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
    if [[ "${1}" == "ubuntu" ]]; then
        sudo add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"
    elif [[ "${1}" == "debian" ]]; then
        sudo add-apt-repository -y "deb http://openresty.org/package/debian $(lsb_release -sc) openresty"
    fi
    sudo apt-get update

    # install OpenResty and some compilation tools
    sudo apt-get install -y git openresty curl openresty-openssl111-dev make gcc libpcre3 libpcre3-dev libldap2-dev
}

# Install dependencies on mac osx
function install_dependencies_on_mac_osx() {
    # install OpenResty, etcd and some compilation tools
    brew install openresty/brew/openresty luarocks lua@5.1 etcd curl git pcre openldap

    # start etcd server
    brew services start etcd
}

# Identify the different distributions and call the corresponding function
function multi_distro_installation() {
    if grep -Eqi "CentOS" /etc/issue || grep -Eq "CentOS" /etc/*-release; then
        install_dependencies_with_yum "centos"
    elif grep -Eqi "Fedora" /etc/issue || grep -Eq "Fedora" /etc/*-release; then
        install_dependencies_with_yum "fedora"
    elif grep -Eqi "Debian" /etc/issue || grep -Eq "Debian" /etc/*-release; then
        install_dependencies_with_apt "debian"
    elif grep -Eqi "Ubuntu" /etc/issue || grep -Eq "Ubuntu" /etc/*-release; then
        install_dependencies_with_apt "ubuntu"
    elif grep -Eqi "Arch" /etc/issue || grep -Eq "Arch" /etc/*-release; then
        install_dependencies_with_aur
    else
        echo "Non-supported operating system version"
    fi
}

# Install etcd
function install_etcd() {
    ETCD_VERSION='3.4.13'
    wget https://github.com/etcd-io/etcd/releases/download/v${ETCD_VERSION}/etcd-v${ETCD_VERSION}-linux-amd64.tar.gz
    tar -xvf etcd-v${ETCD_VERSION}-linux-amd64.tar.gz && \
        cd etcd-v${ETCD_VERSION}-linux-amd64 && \
        sudo cp -a etcd etcdctl /usr/bin/
    nohup etcd &
}

# Install LuaRocks
function install_luarocks() {
    curl https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh -sL | bash -
}

# Entry
function main() {
    OS_NAME=$(uname -s | tr '[:upper:]' '[:lower:]')
    if [[ "${OS_NAME}" == "linux" ]]; then
        multi_distro_installation
        install_luarocks
        install_etcd
    elif [[ "${OS_NAME}" == "darwin" ]]; then
        install_dependencies_on_mac_osx
    else
        echo "Non-surported distribution"
    fi
}

main

步骤2：安装 Apache APISIX

通过源码包安装

1. 创建一个名为 apisix-2.11.0 的目录。

   cd /usr/local && mkdir apisix-2.11.0 && cd apisix-2.11.0
   

2. 下载 Apache APISIX Release 源码包：

   yum install -y wget && wget https://downloads.apache.org/apisix/2.11.0/apache-apisix-2.11.0-src.tgz
   

   您也可以通过 Apache APISIX 官网下载 Apache APISIX Release 源码包。 Apache APISIX 官网也提供了 Apache APISIX、APISIX Dashboard 和 APISIX Ingress Controller 的源码包，详情请参考Apache APISIX 官网-下载页。

3. 解压 Apache APISIX Release 源码包：

   tar zxvf apache-apisix-2.11.0-src.tgz -C /usr/local/apisix-2.11.0 && rm -f apache-apisix-2.11.0-src.tgz
   

4. 安装运行时依赖的 Lua 库：

   # 安装依赖
   LUAROCKS_SERVER=https://luarocks.cn make deps
   # 安装 apisix 命令
   make install
   

步骤3：管理 Apache APISIX 服务

我们可以在 Apache APISIX 的目录下使用命令初始化依赖、启动服务和停止服务，也可以通过 apisix help 命令查看所有命令和对应的功能。

初始化依赖

运行以下命令初始化 NGINX 配置文件和 etcd。

# initialize NGINX config file and etcdapisix init
apisix init

启动 Apache APISIX

运行以下命令启动 Apache APISIX。

# start Apache APISIX serverapisix start
apisix start

停止运行 Apache APISIX

优雅停机 apisix quit 和强制停机 apisix stop都可以停止运行 Apache APISIX。建议您优先选择优雅停机的方式停止 Apache APISIX，因为这种停止方式能够保证 Apache APISIX 完成了已经接受到的请求之后再停止；而强制停机则是立即停止 Apache APISIX，在这种情况下，Apache APISIX 接收到但未完成的请求会随着强制停机一并停止。

执行优雅停机的命令如下所示：

# stop Apache APISIX server gracefully
apisix quit

执行强制停机的命令如下所示：

# stop Apache APISIX server immediately
apisix stop

查看其他操作

运行 apisix help 命令，查看返回结果，获取其他操作的命令和描述。

# more actions find by `help`
apisix help

步骤4：修改 Admin API key

您需要修改 Admin API 的 key，以保护 Apache APISIX。

请修改 conf/config.yaml 中的 apisix.admin_key 并重启服务，如下所示：

apisix:
  # ... ...
  admin_key
    -
      name: "admin"
      key: lileihehanmeimei # 将原有的 key 修改为abcdefghabcdefgh
      role: admin

当我们需要访问 Admin API 时，就可以使用上面记录的 key 了，如下所示：

curl http://127.0.0.1:9080/apisix/admin/routes?api_key=lileihehanmeimei -i

返回结果中的状态码 200 说明访问成功，如下所示：

HTTP/1.1 200 OK
Date: Wed, 15 Dec 2021 08:40:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/2.11.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 3600

{"node":{"nodes":{},"dir":true,"key":"\/apisix\/routes"},"action":"get","count":0}

在这个时候，如果您输入的 key 与 conf/config.yaml 中 apisix.admin_key 的值不匹配，例如，我们已知正确的 key 是 lileihehanmeimei，但是我们选择输入一个错误的 key，例如 wrong-key，如下所示：

curl http://127.0.0.1:9080/apisix/admin/routes?api_key=wrong-key -i

返回结果中的状态码 401 说明访问失败，原因是输入的 key 有误，未通过认证，触发 Unauthorized 错误，如下所示：

HTTP/1.1 401 Unauthorized
Date: Wed, 15 Dec 2021 08:41:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/2.11.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 3600

{"error_msg":"failed to check token"}