舍弃Kong和Nginx,Apache APISIX 在趣链科技 BaaS 平台的落地实践

InfoQ 2021-08-09 17:40:05
apache nginx kong apisix 舍弃


{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文介绍了 Apache APISIX 在趣链科技 BaaS 平台中的落地实践情况,以及趣链科技在众多网关应用中选择 Apache APISIX 的原因。"}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"业务背景"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"BaaS(Blockchain as a Service),中文为“区块链即服务”,是指将区块链框架嵌入云计算平台,利用云服务基础设施的部署和管理优势,为开发者提供便捷、高性能的区块链生态环境和生态配套服务,支持开发者的业务拓展及运营支持的区块链开放平台。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常情况下,一套完整的 BaaS 解决方案包括设备接入、访问控制、服务监控和区块链平台四个主要环节。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/f9\/f9f1769ce0cd16c3bea3bb5368752893.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"通过 BaaS 可以快速灵活地搭建区块链网络,对于企业来说,有了 BaaS 平台****就能够对区块链业务进行统一的管理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"相信有不少朋友接触过以太坊上面的合约代码,通过 BaaS 平台,我们能够很轻松地在 IDE 上编写智能合约,然后把它部署到我们的创建出来的区块链网络上,最后供上层的服务调用区块链相关的合约来进行业务的流转。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"因为链的节点非常多,少则几十个,多则上千个,如果没有 BaaS 平台的支持,我们很难监控和维护链的运行。通过使用 BaaS 平台,用户不仅能够节约成本,而且可以更加便捷地管理区块链,提升整个系统的安全系数。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣链科技 BaaS 产品的架构总共分为四层,分别为资源层、区块链底层、区块链服务层和应用层。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/25\/25f00eff70575ff05a3b8744de925c92.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"现在我们对 Baas 平台有了初步的了解,下面我们来看看 Apache APISIX 在 BaaS 系统上的使用场景与收获。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"Apache APISIX 的使用场景"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"场景 1:在 BaaS 系统上的落地实践"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/95\/95327d12a8346c7bd96ee1722fbea00c.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"从这张图中可以看到,趣链科技 BaaS 平台的架构不仅是微服务化的,而且分为两层,分别是业务接入层和核心服务层。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"BFF(Backend For Frontend) 一般对着前端,通过 HTTP 接入。核心服务一般是通过类似 Dubbo 、ETCD 等服务注册,最后使用 gRPC 来访问。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"也就是说,趣链科技的 BaaS 平台前端连接的都是 BFF 模块,然后 BFF 模块再去连接后面的微服务模块。BFF 的作用主要就是做业务聚合、格式适配,并把最终的结果数据给到前端。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这些业务模块需要把相关信息存到注册中心(ETCD),当要使用的时候,再通过网关模块把信息读取出来。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/58\/5870e18d4a24d1cc715813544def194d.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在整个流程中,我们主要用到了 Apache APISIX 的四个特性:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"路由转发"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"流量控制"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"安全控制"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"动态加载"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我们下面再来了解下这些特性在趣链 BaaS 系统上是如何使用的。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"路由转发"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/67\/67f64d175403e4e43a4be0b3b37ae001.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣链科技使用 Apache APISIX 官方提供的 Proxy-rewrite 插件执行路由转发服务。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"当一个请求访问 8080 端口,通过 Proxy-rewrite 插件,请求会被转发到对应服务的 API 上去。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/81\/81957999b47c762d483e601540be91a0.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"上图为 Proxy-rewrite 的操作界面,我们可以看到可以通过正则匹配来匹配自己的转发规则,当然也可以通过写 HOST 或者通过 URL 来匹配。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"限流管理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/b9\/b9ed881ffc8613620a72878931fbe471.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在趣链 BaaS 平台中,客户可以根据自己的需要构建任何链。此时,BaaS 平台需要快速地支持创建这些链,并对它们进行生命周期管理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这些联盟链的创建,并不是通过硬代码直接写在代码上,而是通过驱动组件来解决的。在私有化场景中,我们需要有这样驱动组件来快速地提供支持,并需要控制驱动进程的访问频率。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/e5\/e5af457e1655927bed1be9d19628b1c0.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在没有 Apache APISIX 之前,平台需要自己写逻辑代码,有 Apache APISIX 以后,我们可以直接使用官方提供的 Limit-req 插件来限制输入输出,以达到保护系统的目的。通过 Limit-req 插件的操作界面,我们可以很方便地配置速度、桶高等参数。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/17\/178265f700e56d65691bac47753aac5d.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"安全控制、权限管理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/12\/12418f33b4bee4427b76be56af6941b2.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在趣链科技的私有化场景,有不少用户不喜欢用平台所提供的账号体系,要求平台对接他们现有的账户系统,所以趣链科技使用了 Apache APISIX 的 Access-Auth 插件来适配第三方的鉴权服务地址。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/79\/79bb7767d7fb66ae5ab81c6c897d42b0.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在趣链科技的 Baas 平台中,所有的 Web 请求都会经过 Apache APISIX 的 Access-Auth 插件,完成 cookie 解析和鉴权,然后在 HEAD 头中携带用户信息,传给后端的微服务来处理业务。这样做的好处是,微服务的开发者不需要去解析 Cookie,而是可以直接把用户信息发送到微服务模块,非常方便。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"动态加载"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/b2\/b2d480aa8062a11c188c0683875d239d.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"上图左边是趣链科技 Baas 平台的客户端界面,上面没有 “商店” 的按钮;但在上图的右边,趣链科技的 Baas 公共平台上却有一个 “商店” 的按钮。在某些私有化场景中不需要 “商店” 按钮,但二者的后台服务是共享的,只要后端服务一启动,平台界面就会根据需求进行不同的显示。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣链科技利用 Apache APISIX 与服务中心协同运作,保证前端微服务业务模块的新增和调整,这让趣链科技 Baas 平台的线上发布流程变得非常简单。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"场景 2:在区块链节点上的落地实践"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/85\/859c69dff069d7cabbe5c28000c18c46.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通过上图可以看到有 A、B、C 三条链,这三条链是怎么创建出来的呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"当用户通过 BaaS 平台购买了一条链,它的上层业务或开发者客户端就可以直连节点,比如某银行连左三个,某保险连右三个,或者有的用户就访问一整条链。这样会带来一个很大的问题,因为基本上每个节点都会被访问到,所以我们需要在公网环境上把所有的区块链上的节点全部都暴露出来。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"节约公网端口"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/f3\/f37898cc7a31e9caae8cd4f7f6253e66.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以这张图为例,我们可以看到 6 个节点,那这条链就至少需要有 6 个公网 IP 和 6 个端口。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"这种情况对私有化的用户来说可能还可以接受,但是对于像趣链这样全部对互联网用户开放的 BaaS 平台,少则需要几十个,多则需要上百个、上千个公网 IP。这样不仅成本非常高,也对公网 IP 资源造成了浪费。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为了解决这个问题,趣链科技的 Baas 平台使用了 Apache APISIX 统一对外提供服务,无需联盟链全量节点暴露外网访问端口,可以有效节约成本。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"访问权限控制"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/bb\/bb49d317d62cafd6c78f058e0fb3285b.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"对于传统软件来说,因为不同的异构链访问都有自己非常复杂的 RBAC 权限控制,所以用户需要在客户端加很多证书,非常令人头疼。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为了解决这个痛点,趣链科技 BaaS 平台通过 Apache APISIX 的 Key-auth 插件让有权限的用户直接能够访问,并且统一所有链的权限控制。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"集群化提升节点稳定性"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/6e\/6e11f404880b0bbad6344541461c70e3.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"区块链的一个特性是:本质上,访问任何一个节点都是一样的。就像比特币一样,我们访问任何一个节点都能拿到数据,所以很多用户直接对着某个节点进行操作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/2d\/2d83978e4cf9fe0db8c380640138427d.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是,直接访问单节点的模式很容易受到攻击。比如说,银行的并发量非常高,TPS 可以达到 4-5W\/ 秒,每一次交易都会冲击这个节点。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"为了能够达到快速动态扩容的效果,趣链科技 BaaS 平台利用 Apache APISIX 在 Kubernetes 上的 HPA 部署模式,根据流量动态地扩展,有效解决了单点流量冲击问题。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"多协议支持"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/27\/274ff3f42be2bb80a7c26203f91aeb46.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣链科技 BaaS 平台使用了很多的异构链,这导致使用到的协议非常多样,如 HTTP、RPC、WebSocket 等。而 Apache APISIX 能很好地支持多协议,完全能满足趣链科技 BaaS 平台在相关场景中的使用,能显著减少开发的成本。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/41\/416b47210d612fa1c5adad1cdbb66101.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"为什么选择 Apache APISIX?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在 Apache APISIX 之前,趣链科技 BaaS 平台已经在使用 Kong 了,但是后来 Kong 被放弃了。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"为什么放弃 Kong?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kong 使用 PostgreSQL 来存储它的信息,这显然不是一个好方式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/d9\/d9ee0b2e50dbc171e93faf6f6a0aa98d.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在软件行业,数据库的高可用配置非常复杂。不仅需要配备专门的 DBA,实施难度也非常大。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣链科技 BaaS 系统本身已经在使用 MySQL,如果这里还需要搭建一个 PostgreSQL 数据库的话,意味着趣链科技的 BaaS 系统需要有两套关系型数据库。这会给实施难度、运维成本带来更多麻烦,引入更多风险。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同时,因为趣链科技 BaaS 平台也有不少地方用到了 etcd,所以最后趣链科技选择放弃 Kong,全面投向了基于 etcd 的 Apache APISIX。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"为什么不使用 Nginx?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可能会有朋友会想,那为什么不使用 Nginx?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其实趣链科技 BaaS 平台以前用的就是 Nginx,但是后来发现,Nginx 与 Apache APISIX 相比还是有很多不完善的地方。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/a1\/a173a0ced1286c10c21dc213a5546355.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"热启动、热插件问题"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在趣链 BaaS 平台中,我们不仅需要对联盟链进行管理,而且要能够随时对节点进行新增、删除。如果使用 Nginx,不仅存在扩展性问题,调整配置后还需要重启。而且在插件的编写上,Nginx 上需要配置非常复杂的规则代码。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"集群化困难"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Nginx 的集群化非常困难,而 Apache APISIX 可以通过 etcd 集群的增强功能来实现。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"无法直接代理 TCP、UDP"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Nginx 在默认情况下只能实现七层网络的代理,如果要支持四层网络,需要把 Stream 模块重新编译,而 Apache APISIX 能同时支持四 \/ 七层的代理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"没有良好的 Dashboard"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Nginx 没有 Dashboard,而 Apache APISIX Dashboard 能让开发、运维人员对于管理节点的难度变小。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"未来规划"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/30\/30bb55bdafadd62c4c5fa74bd454d1d6.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1.运用 Apache APISIX 提供或自研的日志插件"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Apache APISIX 官网已提供了不少日志插件,比如对 HTTP、UDP 的支持,包括 Kafka 等,但像趣链 BaaS 这样需要管控成千上万区块链网络的平台,当每次问题发生的时候,在日志中翻找故障痕迹都是一件非常头痛的事情。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在不久的将来,趣链科技会在 BaaS 系统和区块链系统之间,基于 Apache APISIX 增加一些 APM 功能,提升多链场景下的运维管理效率。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2.开发监管插件,实现操作留痕及溯源"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"国内对于区块链的监管非常严格,一切操作都需要留痕和溯源。未来,趣链科技会基于 Apache APISIX 开发监管插件来提升监管能力,增加 VIP、白名单、回放等功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3.使用 APISIX Ingress Controller,代替 Kubernetes 默认的 Nginx-Ingress"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在部署 Kubernetes 的时候,我们一般都会选择 Nginx-Ingress 来处理外网请求,但因为上面提到的一些 Nginx 的问题,趣链科技正在调研使用 APISIX Ingress Controller。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4.探索 Service Mesh"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣链科技之前尝试过 traffic-mesh,未来会尝试使用 APISIX Mesh 。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"作者介绍:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"盛威锋,现趣链科技区块链服务平台(BaaS) 架构师。长期从事国产自主区块链服务平台技术的研发,相关成果服务于包括建设银行、光大银行等国内多个大中型银行的总行级区块链建设项目,对区块链运行机制、联盟跨域组网、区块链应用落地等方面有深刻理解与实践。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://www.infoq.cn/article/BBxJa68fiTMNFLVx4GC0?utm_source=rss&utm_medium=article

  1. HTML + CSS + JavaScript to achieve cool Fireworks (cloud like particle text 3D opening)
  2. HTML + CSS + JavaScript realizes 520 advertising love tree (including music), which is necessary for programmers to express themselves
  3. Solve the problem of Web front-end deployment server (it can be deployed online without a server)
  4. HTML + CSS + JS make wedding countdown web page template (520 / Tanabata Valentine's Day / programmer advertisement)
  5. What else can driverless minibus do besides "Park connection"?
  6. Cloud native leads the era of all cloud development
  7. NRM mirror source management tool
  8. Bring it to you, flex Jiugong
  9. Lolstyle UI component development practice (II) -- button group component
  10. Deconstruction assignment in ES6
  11. Luo 2 peerless Tang clan was officially launched. The official gave a key point, and the broadcast time was implied
  12. 20初识前端HTML(1)
  13. 当新零售遇上 Serverless
  14. 20 initial knowledge of front-end HTML (1)
  15. When new retail meets serverless
  16. [golang] - go into go language lesson 5 type conversion
  17. [golang] - go into go language lesson 6 conditional expression
  18. HTML5(八)——SVG 之 path 详解
  19. HTML5 (8) -- detailed explanation of SVG path
  20. 需要开通VIP以后页面内容才能复制怎么办?控制台禁用javascript即可
  21. Web前端|CSS入门教程(超详细的CSS使用讲解,适合前端初学者)
  22. 实践积累 —— 用Vue3简单写一个单行横向滚动组件
  23. Serverless 全能选手,再下一城
  24. What if you need to open a VIP to copy the page content? Just disable JavaScript on the console
  25. Web front end | CSS introductory tutorial (super detailed CSS explanation, suitable for front-end beginners)
  26. Practice accumulation - write a single line horizontal scroll component simply with vue3
  27. Dili Reba is thin again. She looks elegant and high in a strapless hollow skirt, and her "palm waist" is beautiful to a new height
  28. Serverless all-round player, next city
  29. The difference between MySQL semi synchronous replication and lossless semi synchronous replication
  30. Vue表单设计器的终极解决方案
  31. The ultimate solution for Vue form designer
  32. Nginx从理论到实践超详细笔记
  33. Yu Shuxin's red backless swimsuit is split to the waist and tail, with a concave convex figure and excessive color matching, and his face is white to dazzling
  34. Nginx ultra detailed notes from theory to practice
  35. 【动画消消乐|CSS】086.炫酷水波浪Loading过渡动画
  36. typecho全站启用https
  37. CCTV has another popular employee. The off-site interpretation is very professional, and the appearance ability is no less than that of Wang Bingbing
  38. [animation Xiaole | CSS] 086. Cool water wave loading transition animation
  39. Enable HTTPS in Typecho
  40. 50天用JavaScript完成50个web项目,我学到了什么?
  41. 根据JavaScript中原生的XMLHttpRequest实现jQuery的Ajax
  42. What have I learned from completing 50 web projects with JavaScript in 50 days?
  43. "My neighbor doesn't grow up" has hit the whole network. There are countless horse music circles, and actor Zhou Xiaochuan has successfully made a circle
  44. 根据JavaScript中原生的XMLHttpRequest实现jQuery的Ajax
  45. Implement the Ajax of jQuery according to the native XMLHttpRequest in JavaScript
  46. Implement the Ajax of jQuery according to the native XMLHttpRequest in JavaScript
  47. 30 + women still wear less T-shirts and jeans. If they wear them like stars, they will lose weight
  48. 数栈技术分享前端篇:TS,看你哪里逃~
  49. Several stack technology sharing front end: TS, see where you escape~
  50. 舍弃Kong和Nginx,Apache APISIX 在趣链科技 BaaS 平台的落地实践
  51. Abandon the landing practice of Kong and nginx, Apache apisik on the baas platform of fun chain technology
  52. 浪迹天涯king教你用elementui做复杂的表格,去处理报表数据(合并表头,合并表体行和列)
  53. 前端HTML两万字图文大总结,快来看看你会多少!【️熬夜整理&建议收藏️】
  54. Wandering around the world king teaches you to use elementui to make complex tables and process report data (merge header, merge table body rows and columns)
  55. 路由刷新数据丢失 - vuex数据读取的问题
  56. Front end HTML 20000 word graphic summary, come and see how much you can【 Stay up late to sort out & suggestions]
  57. Route refresh data loss - vuex data reading problem
  58. Systemctl系统启动Nginx服务脚本
  59. Systemctl system startup nginx service script
  60. sleepless