maif / otoroshi Goto Github PK
View Code? Open in Web Editor NEWLightweight api management on top of a modern http reverse proxy
Home Page: https://www.otoroshi.io
License: Apache License 2.0
Lightweight api management on top of a modern http reverse proxy
Home Page: https://www.otoroshi.io
License: Apache License 2.0
Sometimes, a 'No ApiKey provided' is returned by Otoroshi even if an actual valid ApiKey is provided with good headers
val callsShiftGlobalTime = redisCli.lpushLong(serviceCallStatsKey("global"), time).flatMap { _ =>
redisCli.ltrim(serviceCallStatsKey("global"), 0, maxQueueSize)
redisCli.expire(serviceCallStatsKey("global"), 10)
}
val callsShiftServiceTime = redisCli.lpushLong(serviceCallStatsKey(id), time).flatMap { _ =>
redisCli.ltrim(serviceCallStatsKey(id), 0, maxQueueSize)
redisCli.expire(serviceCallStatsKey(id), 10)
}
Right know, throttling is computed using a time window of 10s. The value should be statically customizable. (cc. @sebprunierserli)
it will be
downside is
prototype at https://github.com/mathieuancelin/otoroshi-akka-http or https://github.com/mathieuancelin/heimdallr
Use an atomic reference to hold a Scala data structure
Send headers like
OtoroshiRequestId
OtoroshiProxyLatency
OtoroshiUpstreamLatency
when enabled
Right now several remote assets are used
When no TTL, 0L
is returned in
it should be -1L
Storage key should start with otoroshi
Canary info are always sent right now :(
We got this error today during a few minutes :
[error] otoroshi-error-handler - Server Error Clock is running backward. Sorry :-( on /v1/infos/categories
2018-01-16T16:31:51.197+01:00java.lang.RuntimeException: Clock is running backward. Sorry :-(
2018-01-16T16:31:51.197+01:00at security.IdGenerator$.nextId(generators.scala:27)
2018-01-16T16:31:51.197+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:346)
2018-01-16T16:31:51.197+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:345)
2018-01-16T16:31:51.198+01:00at play.core.server.netty.PlayRequestHandler$$anonfun$2$$anonfun$apply$1.applyOrElse(PlayRequestHandler.scala:99)
2018-01-16T16:31:51.198+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:346)
2018-01-16T16:31:51.198+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:345)
2018-01-16T16:31:51.198+01:00at security.IdGenerator.nextId(generators.scala:7)
2018-01-16T16:31:51.198+01:00at gateway.Errors$.craftResponseResult(errors.scala:25)
2018-01-16T16:31:51.198+01:00at gateway.ErrorHandler.onServerError(handlers.scala:56)
2018-01-16T16:31:51.198+01:00at play.core.server.netty.PlayRequestHandler$$anonfun$2$$anonfun$apply$1.applyOrElse(PlayRequestHandler.scala:100)
2018-01-16T16:31:51.199+01:00at security.IdGenerator$.nextId(generators.scala:27)
2018-01-16T16:31:51.199+01:00at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
2018-01-16T16:31:51.199+01:00at security.IdGenerator.nextId(generators.scala:7)
2018-01-16T16:31:51.199+01:00at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:70)
2018-01-16T16:31:51.199+01:00at gateway.Errors$.craftResponseResult(errors.scala:25)
Our config :
The goal here is to provide a mode where an Otoroshi instance (with a redis or cassandra backend) is the master
(that does not handle traffic) and send all its internal state changes to a Kafka topic.
Other Otoroshi instances, the workers
(with an in memory storage) will be connected to the same kafka topic. At statup, a worker
will ask the state of the master
, then will receive the flow of master
s internal state changes.
This mode will be a good way to scale easily Otoroshi while providing great performance an in memory backed Otoroshi instance introduce almost no overhead
ApiController
maybe ?) to the kafka topicworker
s admin api service from master
worker
s admin users from master
worker
s admin sessions from master
worker
s private sessions from master
master
master
master
If I try first to be log with a fake ID -> "Something is wrong ..." GOOD
I retry with a good ID -> "Something is wrong ... " BAAD
react-table
support server side filtering and we should leverage that
before 1st April
Authorization: Bearer
headerOtoroshi-Authorization: Bearer
headerclientId
should be passed using standard iss
field instead of custom clientId
Authorization
headerAdd flag (ENV var + static config) to avoid exposition of admin dashboard and admin API on one specific Otoroshi instance. Another instance will be in charge of handling admin stuff.
Linked to #47
env.eventsName
always sent ...
We should update play to last version.
But using Akka http as backend could introduce some regressions
we should support HTTP/2.0 as it comes with Play 2.6 (with the play-akka-http2-support
module).
https://www.playframework.com/documentation/2.6.x/AkkaHttpServer
Todo
need to support :
/api/v1/events/:type/_count
/api/v1/events/:type/:field/_sum
/api/v1/events/:type/:field/_avg
/api/v1/events/:type/:field/_piechart
/api/v1/events/:type/:field/_histogram/stats
/api/v1/events/:type/:field/_histogram/percentiles
Should be Otoroshi, make it configurable
shields at https://shields.io/
Can you consider adding an option to choose a different https port for the admin API & UI ?
We will be able to bloc traffic from internet on this port with a firewall and open it only for internals IPs and enforce the security.
First steps has been pushed in 99dea2e
Should we
We got these kind of error logs recently on our Otoroshi instance :
[error] otoroshi-analytics-actor - SEND_TO_ANALYTICS_ERROR: analytics actor error : Failure(java.lang.IllegalStateException: Stream is terminated. SourceQueue is detached)
Note: we did not activate Analytics.
After a restart, everything seems ok.
each service should be able to define a redirection URL
after #64
Select "Priv Apps Sessions" in the Select topbar -> http://.../bo/dashboard/sessions
Not found
support all kind of authentication modules
ExposedSubdomain
is misspelled everywhere as exposedDubdomain
Otoroshi should verify Origin
or Referer
headers (if available) in BackOfficeAction to validate that the request actually comes from the BackOffice
restart it every 2 hours or something
a.k.a stop instanciating ActorSystem everywhere
As Otoroshi now supports HTTP/2, we should be able to proxy gRPC calls. That would be a great feature for Otoroshi
Linked akka-http issues
This issue will gather all performances improvements for Otoroshi
Authorization: Basic
headerOtoroshi-Authorization: Basic
headerWhen you wan't to add a service there is a default value in "exposed domain" field (https://myservice.foo.bar)
It's impossible to delete the entire value due to the pattern check, there is always at least one letter left.
(example : https://m)
Of course you can past value in this field or use cunning to change the remaining letter but it's a little weird :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.