# ============================================================================= # Kong API Gateway - 声明式配置 # ============================================================================= # 分布式部署说明: # - Kong 服务器: 192.168.1.100 # - 后端服务器: 192.168.1.111 # # 使用方法: # 1. 启动 Kong: ./deploy.sh up # 2. 配置会自动加载 # # 文档: https://docs.konghq.com/gateway/latest/ # ============================================================================= _format_version: "3.0" _transform: true # ============================================================================= # Services - 后端微服务定义 # ============================================================================= # 注意: 使用外部 IP 地址,因为 Kong 和后端服务在不同服务器上 # 后端服务器 IP: 192.168.1.111 # ============================================================================= services: # --------------------------------------------------------------------------- # Identity Service - 身份认证服务 # --------------------------------------------------------------------------- - name: identity-service url: http://192.168.1.111:3000 routes: - name: identity-auth paths: - /api/v1/auth strip_path: false - name: identity-me paths: - /api/v1/me strip_path: false - name: identity-user paths: - /api/v1/user strip_path: false - name: identity-users paths: - /api/v1/users strip_path: false - name: identity-health paths: - /api/v1/identity/health strip_path: true # --------------------------------------------------------------------------- # Wallet Service - 钱包服务 # --------------------------------------------------------------------------- - name: wallet-service url: http://192.168.1.111:3001 routes: - name: wallet-api paths: - /api/v1/wallets strip_path: false - name: wallet-main paths: - /api/v1/wallet strip_path: false - name: wallet-health paths: - /api/v1/wallet-service/health strip_path: true # --------------------------------------------------------------------------- # Backup Service - 备份服务 # --------------------------------------------------------------------------- - name: backup-service url: http://192.168.1.111:3002 routes: - name: backup-api paths: - /api/v1/backups strip_path: false - name: backup-share-api paths: - /api/v1/backup-share strip_path: false # --------------------------------------------------------------------------- # Planting Service - 种植服务 # --------------------------------------------------------------------------- - name: planting-service url: http://192.168.1.111:3003 routes: - name: planting-api paths: - /api/v1/planting strip_path: false # --------------------------------------------------------------------------- # Referral Service - 推荐服务 # --------------------------------------------------------------------------- - name: referral-service url: http://192.168.1.111:3004 routes: - name: referral-api paths: - /api/v1/referral strip_path: false - name: referral-referrals paths: - /api/v1/referrals strip_path: false # 注意: /api/v1/leaderboard 已移至 leaderboard-service - name: referral-team-statistics paths: - /api/v1/team-statistics strip_path: false # --------------------------------------------------------------------------- # Reward Service - 奖励服务 # --------------------------------------------------------------------------- - name: reward-service url: http://192.168.1.111:3005 routes: - name: reward-api paths: - /api/v1/rewards strip_path: false # --------------------------------------------------------------------------- # MPC Service - 多方计算服务 # --------------------------------------------------------------------------- - name: mpc-service url: http://192.168.1.111:3006 routes: - name: mpc-api paths: - /api/v1/mpc strip_path: false - name: mpc-party-api paths: - /api/v1/mpc-party strip_path: false # --------------------------------------------------------------------------- # Leaderboard Service - 排行榜服务 # --------------------------------------------------------------------------- - name: leaderboard-service url: http://192.168.1.111:3007 routes: - name: leaderboard-api paths: - /api/v1/leaderboard strip_path: false - name: leaderboard-virtual-accounts paths: - /api/v1/virtual-accounts strip_path: false # --------------------------------------------------------------------------- # Reporting Service - 报表服务 # --------------------------------------------------------------------------- - name: reporting-service url: http://192.168.1.111:3008 routes: - name: reporting-dashboard paths: - /api/v1/dashboard strip_path: false - name: reporting-api paths: - /api/v1/reports strip_path: false - name: reporting-export paths: - /api/v1/export strip_path: false # --------------------------------------------------------------------------- # Authorization Service - 授权服务 # --------------------------------------------------------------------------- - name: authorization-service url: http://192.168.1.111:3009 routes: - name: authorization-api paths: - /api/v1/authorizations strip_path: false - name: authorization-admin paths: - /api/v1/admin/authorizations strip_path: false # --------------------------------------------------------------------------- # Admin Service - 管理服务 (包含版本管理) # --------------------------------------------------------------------------- - name: admin-service url: http://192.168.1.111:3010 routes: - name: admin-versions paths: - /api/v1/versions strip_path: false - name: admin-api paths: - /api/v1/admin strip_path: false - name: admin-mobile-version paths: - /api/app/version strip_path: false - name: admin-downloads paths: - /downloads strip_path: false # --------------------------------------------------------------------------- # Presence Service - 在线状态服务 # --------------------------------------------------------------------------- - name: presence-service url: http://192.168.1.111:3011 routes: - name: presence-api paths: - /api/v1/presence strip_path: false - name: presence-analytics paths: - /api/v1/analytics strip_path: false # --------------------------------------------------------------------------- # Blockchain Service - 区块链服务 # --------------------------------------------------------------------------- - name: blockchain-service url: http://192.168.1.111:3012 routes: - name: blockchain-deposit paths: - /api/v1/deposit strip_path: false - name: blockchain-balance paths: - /api/v1/balance strip_path: false # ============================================================================= # Plugins - 全局插件配置 # ============================================================================= plugins: # CORS 跨域配置 - name: cors config: origins: - "https://rwaadmin.szaiai.com" - "https://update.szaiai.com" - "https://app.rwadurian.com" - "http://localhost:3000" - "http://localhost:3020" methods: - GET - POST - PUT - PATCH - DELETE - OPTIONS headers: - Accept - Accept-Version - Content-Length - Content-MD5 - Content-Type - Date - Authorization - X-Auth-Token exposed_headers: - X-Auth-Token credentials: true max_age: 3600 # 请求限流 - name: rate-limiting config: minute: 100 hour: 5000 policy: local # 请求日志 - name: file-log config: path: /tmp/kong-access.log reopen: true # 请求/响应大小限制 (500MB 用于 APK/IPA 上传) - name: request-size-limiting config: allowed_payload_size: 500 size_unit: megabytes # Prometheus 监控指标 - name: prometheus config: per_consumer: true status_code_metrics: true latency_metrics: true bandwidth_metrics: true upstream_health_metrics: true