maif / otoroshi Goto Github PK
View Code? Open in Web Editor NEWLightweight api management on top of a modern http reverse proxy
Home Page: https://www.otoroshi.io
License: Apache License 2.0
Lightweight api management on top of a modern http reverse proxy
Home Page: https://www.otoroshi.io
License: Apache License 2.0
before 1st April
Should be Otoroshi, make it configurable
each service should be able to define a redirection URL
ExposedSubdomain
is misspelled everywhere as exposedDubdomain
env.eventsName
always sent ...
Select "Priv Apps Sessions" in the Select topbar -> http://.../bo/dashboard/sessions
Not found
react-table
support server side filtering and we should leverage that
val callsShiftGlobalTime = redisCli.lpushLong(serviceCallStatsKey("global"), time).flatMap { _ =>
redisCli.ltrim(serviceCallStatsKey("global"), 0, maxQueueSize)
redisCli.expire(serviceCallStatsKey("global"), 10)
}
val callsShiftServiceTime = redisCli.lpushLong(serviceCallStatsKey(id), time).flatMap { _ =>
redisCli.ltrim(serviceCallStatsKey(id), 0, maxQueueSize)
redisCli.expire(serviceCallStatsKey(id), 10)
}
If I try first to be log with a fake ID -> "Something is wrong ..." GOOD
I retry with a good ID -> "Something is wrong ... " BAAD
As Otoroshi now supports HTTP/2, we should be able to proxy gRPC calls. That would be a great feature for Otoroshi
Linked akka-http issues
Can you consider adding an option to choose a different https port for the admin API & UI ?
We will be able to bloc traffic from internet on this port with a firewall and open it only for internals IPs and enforce the security.
it will be
downside is
prototype at https://github.com/mathieuancelin/otoroshi-akka-http or https://github.com/mathieuancelin/heimdallr
Otoroshi should verify Origin
or Referer
headers (if available) in BackOfficeAction to validate that the request actually comes from the BackOffice
after #64
shields at https://shields.io/
When no TTL, 0L
is returned in
it should be -1L
Storage key should start with otoroshi
Right now several remote assets are used
Send headers like
OtoroshiRequestId
OtoroshiProxyLatency
OtoroshiUpstreamLatency
when enabled
This issue will gather all performances improvements for Otoroshi
Should we
We should update play to last version.
But using Akka http as backend could introduce some regressions
a.k.a stop instanciating ActorSystem everywhere
we should support HTTP/2.0 as it comes with Play 2.6 (with the play-akka-http2-support
module).
https://www.playframework.com/documentation/2.6.x/AkkaHttpServer
Todo
need to support :
/api/v1/events/:type/_count
/api/v1/events/:type/:field/_sum
/api/v1/events/:type/:field/_avg
/api/v1/events/:type/:field/_piechart
/api/v1/events/:type/:field/_histogram/stats
/api/v1/events/:type/:field/_histogram/percentiles
restart it every 2 hours or something
Canary info are always sent right now :(
Authorization: Basic
headerOtoroshi-Authorization: Basic
headerUse an atomic reference to hold a Scala data structure
support all kind of authentication modules
We got these kind of error logs recently on our Otoroshi instance :
[error] otoroshi-analytics-actor - SEND_TO_ANALYTICS_ERROR: analytics actor error : Failure(java.lang.IllegalStateException: Stream is terminated. SourceQueue is detached)
Note: we did not activate Analytics.
After a restart, everything seems ok.
Add flag (ENV var + static config) to avoid exposition of admin dashboard and admin API on one specific Otoroshi instance. Another instance will be in charge of handling admin stuff.
Linked to #47
Right know, throttling is computed using a time window of 10s. The value should be statically customizable. (cc. @sebprunierserli)
The goal here is to provide a mode where an Otoroshi instance (with a redis or cassandra backend) is the master
(that does not handle traffic) and send all its internal state changes to a Kafka topic.
Other Otoroshi instances, the workers
(with an in memory storage) will be connected to the same kafka topic. At statup, a worker
will ask the state of the master
, then will receive the flow of master
s internal state changes.
This mode will be a good way to scale easily Otoroshi while providing great performance an in memory backed Otoroshi instance introduce almost no overhead
ApiController
maybe ?) to the kafka topicworker
s admin api service from master
worker
s admin users from master
worker
s admin sessions from master
worker
s private sessions from master
master
master
master
Authorization: Bearer
headerOtoroshi-Authorization: Bearer
headerclientId
should be passed using standard iss
field instead of custom clientId
Authorization
headerSometimes, a 'No ApiKey provided' is returned by Otoroshi even if an actual valid ApiKey is provided with good headers
We got this error today during a few minutes :
[error] otoroshi-error-handler - Server Error Clock is running backward. Sorry :-( on /v1/infos/categories
2018-01-16T16:31:51.197+01:00java.lang.RuntimeException: Clock is running backward. Sorry :-(
2018-01-16T16:31:51.197+01:00at security.IdGenerator$.nextId(generators.scala:27)
2018-01-16T16:31:51.197+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:346)
2018-01-16T16:31:51.197+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:345)
2018-01-16T16:31:51.198+01:00at play.core.server.netty.PlayRequestHandler$$anonfun$2$$anonfun$apply$1.applyOrElse(PlayRequestHandler.scala:99)
2018-01-16T16:31:51.198+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:346)
2018-01-16T16:31:51.198+01:00at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:345)
2018-01-16T16:31:51.198+01:00at security.IdGenerator.nextId(generators.scala:7)
2018-01-16T16:31:51.198+01:00at gateway.Errors$.craftResponseResult(errors.scala:25)
2018-01-16T16:31:51.198+01:00at gateway.ErrorHandler.onServerError(handlers.scala:56)
2018-01-16T16:31:51.198+01:00at play.core.server.netty.PlayRequestHandler$$anonfun$2$$anonfun$apply$1.applyOrElse(PlayRequestHandler.scala:100)
2018-01-16T16:31:51.199+01:00at security.IdGenerator$.nextId(generators.scala:27)
2018-01-16T16:31:51.199+01:00at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
2018-01-16T16:31:51.199+01:00at security.IdGenerator.nextId(generators.scala:7)
2018-01-16T16:31:51.199+01:00at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:70)
2018-01-16T16:31:51.199+01:00at gateway.Errors$.craftResponseResult(errors.scala:25)
Our config :
When you wan't to add a service there is a default value in "exposed domain" field (https://myservice.foo.bar)
It's impossible to delete the entire value due to the pattern check, there is always at least one letter left.
(example : https://m)
Of course you can past value in this field or use cunning to change the remaining letter but it's a little weird :)
First steps has been pushed in 99dea2e
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.