# ============================================================================= # Kong API Gateway - 声明式配置 # ============================================================================= # 分布式部署说明: # - Kong 服务器: 192.168.1.100 # - 后端服务器: 192.168.1.111 # # 使用方法: # 1. 启动 Kong: ./deploy.sh up # 2. 配置会自动加载 # # 文档: https://docs.konghq.com/gateway/latest/ # ============================================================================= _format_version: "3.0" _transform: true # ============================================================================= # Services - 后端微服务定义 # ============================================================================= # 注意: 使用外部 IP 地址,因为 Kong 和后端服务在不同服务器上 # 后端服务器 IP: 192.168.1.111 # ============================================================================= services: # --------------------------------------------------------------------------- # Identity Service - 身份认证服务 # --------------------------------------------------------------------------- - name: identity-service url: http://192.168.1.111:3000 routes: - name: identity-auth paths: - /api/v1/auth strip_path: false - name: identity-user paths: - /api/v1/user strip_path: false - name: identity-users paths: - /api/v1/users strip_path: false - name: identity-health paths: - /api/v1/identity/health strip_path: true # --------------------------------------------------------------------------- # Wallet Service - 钱包服务 # --------------------------------------------------------------------------- - name: wallet-service url: http://192.168.1.111:3001 routes: - name: wallet-api paths: - /api/v1/wallets strip_path: false - name: wallet-health paths: - /api/v1/wallet/health strip_path: true # --------------------------------------------------------------------------- # Backup Service - 备份服务 # --------------------------------------------------------------------------- - name: backup-service url: http://192.168.1.111:3002 routes: - name: backup-api paths: - /api/v1/backups strip_path: false # --------------------------------------------------------------------------- # Planting Service - 种植服务 # --------------------------------------------------------------------------- - name: planting-service url: http://192.168.1.111:3003 routes: - name: planting-api paths: - /api/v1/plantings - /api/v1/trees strip_path: false # --------------------------------------------------------------------------- # Referral Service - 推荐服务 # --------------------------------------------------------------------------- - name: referral-service url: http://192.168.1.111:3004 routes: - name: referral-api paths: - /api/v1/referrals strip_path: false # --------------------------------------------------------------------------- # Reward Service - 奖励服务 # --------------------------------------------------------------------------- - name: reward-service url: http://192.168.1.111:3005 routes: - name: reward-api paths: - /api/v1/rewards strip_path: false # --------------------------------------------------------------------------- # MPC Service - 多方计算服务 # --------------------------------------------------------------------------- - name: mpc-service url: http://192.168.1.111:3006 routes: - name: mpc-api paths: - /api/v1/mpc strip_path: false - name: mpc-party-api paths: - /api/v1/mpc-party strip_path: false # --------------------------------------------------------------------------- # Leaderboard Service - 排行榜服务 # --------------------------------------------------------------------------- - name: leaderboard-service url: http://192.168.1.111:3007 routes: - name: leaderboard-api paths: - /api/v1/leaderboard strip_path: false # --------------------------------------------------------------------------- # Reporting Service - 报表服务 # --------------------------------------------------------------------------- - name: reporting-service url: http://192.168.1.111:3008 routes: - name: reporting-api paths: - /api/v1/reports - /api/v1/statistics strip_path: false # --------------------------------------------------------------------------- # Authorization Service - 授权服务 # --------------------------------------------------------------------------- - name: authorization-service url: http://192.168.1.111:3009 routes: - name: authorization-api paths: - /api/v1/authorization - /api/v1/permissions - /api/v1/roles strip_path: false # --------------------------------------------------------------------------- # Admin Service - 管理服务 (包含版本管理) # --------------------------------------------------------------------------- - name: admin-service url: http://192.168.1.111:3010 routes: - name: admin-versions paths: - /api/v1/versions strip_path: false - name: admin-api paths: - /api/v1/admin strip_path: false # --------------------------------------------------------------------------- # Presence Service - 在线状态服务 # --------------------------------------------------------------------------- - name: presence-service url: http://192.168.1.111:3011 routes: - name: presence-api paths: - /api/v1/presence strip_path: false # ============================================================================= # Plugins - 全局插件配置 # ============================================================================= plugins: # CORS 跨域配置 - name: cors config: origins: - "https://rwaadmin.szaiai.com" - "https://update.szaiai.com" - "https://app.rwadurian.com" - "http://localhost:3000" - "http://localhost:3020" methods: - GET - POST - PUT - PATCH - DELETE - OPTIONS headers: - Accept - Accept-Version - Content-Length - Content-MD5 - Content-Type - Date - Authorization - X-Auth-Token exposed_headers: - X-Auth-Token credentials: true max_age: 3600 # 请求限流 - name: rate-limiting config: minute: 100 hour: 5000 policy: local # 请求日志 - name: file-log config: path: /tmp/kong-access.log reopen: true # 请求/响应大小限制 (500MB 用于 APK/IPA 上传) - name: request-size-limiting config: allowed_payload_size: 500 size_unit: megabytes # Prometheus 监控指标 - name: prometheus config: per_consumer: true status_code_metrics: true latency_metrics: true bandwidth_metrics: true upstream_health_metrics: true