Path filter, and rate limiter for Consul

2026-04-30 23:08:40 +08:00 · 2025-10-16 19:04:46 +02:00
parent e87c60cf4f
commit 9519280026
6 changed files with 188 additions and 170 deletions
--- a/etc/upstreams.yaml
+++ b/etc/upstreams.yaml
@@ -1,57 +1,76 @@
 # The file under watch and hot reload, changes are applied immediately, no need to restart or reload.
-provider: "file" # consul, kubernetes
+provider: "file" # "file" "consul" "kubernetes"
 sticky_sessions: false
-to_ssl: false
-#rate_limit: 100
+to_https: false
+rate_limit: 100
 headers:
  - "Access-Control-Allow-Origin:*"
  - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
  - "Access-Control-Max-Age:86400"
-  - "X-Custom-Header:Something Special"
-authorization:
-  type: "jwt"
-  creds: "910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774"
+  - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
+#authorization:
+#  type: "jwt"
+#  creds: "910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774"
 #  type: "basic"
-#  creds: "user:Passw0rd"
+#  creds: "username:Pa$$w0rd"
 #  type: "apikey"
 #  creds: "5ecbf799-1343-4e94-a9b5-e278af5cd313-56b45249-1839-4008-a450-a60dc76d2bae"
-consul: # If the provider is consul. Otherwise, ignored.
+consul:
  servers:
-    - "http://consul1:8500"
-    - "http://consul2:8500"
-    - "http://consul3:8500"
-  services: # proxy: The hostname to access the proxy server, real : The real service name in Consul database.
-    - proxy: "proxy-frontend-dev-frontend-srv"
-      real: "frontend-dev-frontend-srv"
+    - "http://192.168.1.199:8500"
+    - "http://192.168.1.200:8500"
+    - "http://192.168.1.201:8500"
+  services: # hostname: The hostname to access the proxy server, upstream : The real service name in Consul database.
+    - hostname: "vt-webapi-service"
+      upstream: "vt-webapi-service-health"
+      path: "/one"
+      headers:
+        - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
+        - "X-Proxy-From:Aralez"
+      rate_limit: 1
+      to_https: false
+    - hostname: "vt-webapi-service"
+      upstream: "vt-webapi-service-health"
+      path: "/"
  token: "8e2db809-845b-45e1-8b47-2c8356a09da0-a4370955-18c2-4d6e-a8f8-ffcc0b47be81" # Consul server access token, If Consul auth is enabled
 kubernetes:
  servers:
-    - "172.16.0.11:5443" # KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS
+    - "192.168.1.55:443" #For testing only, overrides with KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS env variables.
  services:
-    - proxy: "api-service"
-      real: "api-service"
+    - hostname: "vt-webapi-service"
      path: "/"
-    - proxy: "api-service"
-      real: "search-service"
-      path: "/search"
-    - proxy: "websocket-service"
-      real: "websocket-service"
-  tokenpath: "/tmp/token.txt" # /var/run/secrets/kubernetes.io/serviceaccount/token
+      upstream: "vt-webapi-service"
+    - hostname: "vt-webapi-service"
+      upstream: "vt-console-service"
+      path: "/one"
+      headers:
+        - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
+        - "X-Proxy-From:Aralez"
+      rate_limit: 100
+      to_https: false
+    - hostname: "vt-webapi-service"
+      upstream: "vt-rambulik-service"
+      path: "/two"
+    - hostname: "vt-websocket-service"
+      upstream: "vt-websocket-service"
+      path: "/"
+  tokenpath: "/path/to/kubetoken.txt" #If not set, will default to /var/run/secrets/kubernetes.io/serviceaccount/token
 upstreams:
  myip.mydomain.com:
    paths:
-      rate_limit: 10 # Per path rate limit have higher priority than global rate limit. If not set, the global rate limit will be used
      "/":
+        rate_limit: 200
        to_https: false
        headers:
          - "X-Proxy-From:Aralez"
-        servers: # List of upstreams HOST:PORT
+        servers:
          - "127.0.0.1:8000"
          - "127.0.0.2:8000"
          - "127.0.0.3:8000"
          - "127.0.0.4:8000"
+          - "127.0.0.5:8000"
      "/ping":
-        to_https: true
+        to_https: false
        headers:
          - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
          - "X-Proxy-From:Aralez"
@@ -64,14 +83,28 @@ upstreams:
  polo.mydomain.com:
    paths:
      "/":
+        to_https: false
        headers:
          - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
        servers:
+          - "192.168.1.1:8000"
+          - "192.168.1.10:8000"
          - "127.0.0.1:8000"
          - "127.0.0.2:8000"
          - "127.0.0.3:8000"
          - "127.0.0.4:8000"
-  "/.well-known/acme-challenge":
-    healthcheck: false
-    servers:
-      - "127.0.0.1:8001"
+  apt.mydomain.com:
+    paths:
+      "/":
+        servers:
+          - "192.168.1.10:443"
+      "/.well-known/acme-challenge":
+        healthcheck: false
+        servers:
+          - "127.0.0.1:8001"
+  localpost:
+    paths:
+      "/":
+        to_https: false
+        servers:
+          - "127.0.0.1:9000"