feat: add ssl support (#179)

labring · Jul 12, 2022 · 1bac7f0 · 1bac7f0
1 parent 2b3a578
commit 1bac7f0
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 1 deletion.
diff --git a/deploy/docker-compose/docker-compose.yml b/deploy/docker-compose/docker-compose.yml
@@ -117,6 +117,7 @@ services:
       GATEWAY_TYPE: apisix
       SYS_DB_URI: mongodb://${SYS_DB_USER}:${SYS_DB_PASSWORD}@mongo:27017/?authSource=${SYS_DB}&replicaSet=laf&writeConcern=majority
       API_SIX_KEY: ${API_SIX_KEY}
+      APP_SERVICE_DEPLOY_URL_SCHEMA: ${APP_SERVICE_DEPLOY_URL_SCHEMA}
     networks:
       - laf_shared_network
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -124,6 +124,7 @@ services:
       - ./gateway_conf.yaml:/usr/local/apisix/conf/config.yaml:ro
     ports:
       - 8080:9080
+      - 9443:9443
     networks:
       - laf_shared_network
 
@@ -140,10 +141,12 @@ services:
       GATEWAY_TYPE: apisix
       SYS_DB_URI: mongodb://my_user:password123@mongo:27017/?authSource=laf-sys&replicaSet=laf&writeConcern=majority
       API_SIX_KEY: edd1c9f034335f136f87ad84b625c8f1
+      APP_SERVICE_DEPLOY_URL_SCHEMA: 'http'
     command: node ./dist/index.js
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./packages/gateway-controller:/app
+      - ./cert:/ssl
     depends_on:
       - gateway
     restart: always

diff --git a/packages/gateway-controller/src/config.ts b/packages/gateway-controller/src/config.ts
@@ -112,4 +112,13 @@ export default class Config {
     return process.env['DEPLOY_OSS_DOMAIN']
   }
 
+    /**
+     * The schema of app deployed url: `http` | `https`.
+     * Default value is `http`.
+     */
+    static get APP_SERVICE_DEPLOY_URL_SCHEMA(): string {
+        return process.env.APP_SERVICE_DEPLOY_URL_SCHEMA ?? 'http'
+    }
+
+
 }
diff --git a/packages/gateway-controller/src/index.ts b/packages/gateway-controller/src/index.ts
@@ -3,7 +3,7 @@ import Config from './config'
 import {logger} from './support/logger'
 import {DatabaseAgent} from './support/db'
 import {start_scheduler} from './scheduler'
-import {initBaseRoute} from "./support/apisix-gateway-init";
+import {initBaseRoute, initBaseSSL} from "./support/apisix-gateway-init";
 
 DatabaseAgent.init(Config.SYS_DB_URI)
 
@@ -17,6 +17,10 @@ app.get('/healthz', (_req, res) => {
 })
 // init base route
 initBaseRoute()
+// init base ssl
+if (Config.APP_SERVICE_DEPLOY_URL_SCHEMA) {
+    initBaseSSL()
+}
 
 start_scheduler()
 

diff --git a/packages/gateway-controller/src/support/apisix-gateway-init.ts b/packages/gateway-controller/src/support/apisix-gateway-init.ts
@@ -3,17 +3,26 @@
  */
 import Config from "../config";
 import {ApiSixHttpUtils} from "./apisix-gateway-utils";
+import {logger} from "./logger";
+
+const fs = require('fs');
 
 const baseUrl = 'http://gateway:9080'
 
 export function initBaseRoute() {
+    logger.info('start init base route')
     initSystemClientRoute()
     initAppConsoleRoute()
     initSysApiRoute()
     initOssRoute()
     initOssSubDomainRoute()
 }
 
+export function initBaseSSL() {
+    logger.info('start init base url')
+    initGlobalSSL()
+}
+
 
 function initSystemClientRoute() {
     let data = {
@@ -119,4 +128,18 @@ function initOssSubDomainRoute() {
         }
     }
     ApiSixHttpUtils.put(baseUrl, 'base_oss_sub_domain', data)
+}
+
+
+function initGlobalSSL() {
+    let crt = null
+    let key = null
+    try {
+        crt = fs.readFileSync('/ssl/global.crt','utf8')
+        key = fs.readFileSync('/ssl/global.key','utf8')
+        logger.info('load cert successful')
+    } catch (e) {
+        logger.error('read global ssl cert fail: {}', e)
+    }
+    ApiSixHttpUtils.putSSL(baseUrl, 'global_ssl', '*.' + Config.DEPLOY_DOMAIN, crt, key)
 }
diff --git a/packages/gateway-controller/src/support/apisix-gateway-utils.ts b/packages/gateway-controller/src/support/apisix-gateway-utils.ts
@@ -39,4 +39,40 @@ export class ApiSixHttpUtils {
         return resStatus
     }
 
+    static async putSSL(url: string, id: string, sns: string, cert: string, key: string) {
+        let resStatus = false
+        let data = {
+            cert: cert,
+            key: key,
+            snis: [sns],
+            labels: {'update_time': new Date().getTime() + ''}
+        }
+        await axios.put(url + '/apisix/admin/ssl/' + id, data, {
+            headers: this.headers,
+        })
+            .then(_ => {
+                logger.info('create ssl successful')
+                resStatus = true
+            })
+            .catch(err => {
+                logger.info('create sll failed: ', err)
+            })
+        return resStatus
+    }
+
+    static async deleteSSL(url: string, id: string) {
+        let resStatus = false
+        await axios.delete(url + '/apisix/admin/ssl/' + id, {
+            headers: this.headers,
+        })
+            .then(_ => {
+                logger.info('delete ssl successful')
+                resStatus = true
+            })
+            .catch(err => {
+                logger.info('delete ssl failed: ', err)
+            })
+        return resStatus
+    }
+
 }