Skip to main content

One post tagged with "go-runner"

View All Tags

· 4 min read
CheverJohn

I’m having trouble integrating openid-connect plugin with apisix gateway. When I have it enabled I end up getting no response from the API. Any idea what am I doing wrong or how to troubleshoot it? in slack

  1. enabled openid-connect plugin
curl [http://127.0.0.1:9080/apisix/admin/routes/5](http://127.0.0.1:9080/apisix/admin/routes/5) -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/get",
"plugins": {
"openid-connect": {
"client_id": "my-client",
"client_secret": "XXXX-XXXX-XXX",
"discovery": "[https://my-auth-server/myapi/.well-known/openid-configuration](https://my-auth-server/myapi/.well-known/openid-configuration)",
"access_token_in_authorization_header": true,
"bearer_only": true
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"httpbin.org:80": 1
}
}
}'
  1. request to the /get endpoint results in Empty reply from server
curl -i -X GET [http://127.0.0.1:9080/get](http://127.0.0.1:9080/get) -H "Host: httpbin.org" -H "Authorization: Bearer #####token####"

curl: (52) Empty reply from server

3.   error.log has the following:

2022/03/18 21:23:09 [alert] 1#1: worker process 124 exited on signal 11
2022/03/18 21:23:09 [warn] 127#127: *723842 [lua] plugin.lua:172: load(): new plugins: {"uri-blocker":true,"fault-injection":true,"serverless-pre-function":true,"wolf-rbac":true,"datadog":true,"authz-keycloak":true,"skywalking-logger":true,"grpc-transcode":true,"splunk-hec-logging":true,"ext-plugin-pre-req":true,"ua-restriction":true,"ext-plugin-post-req":true,"response-rewrite":true,"key-auth":true,"grpc-web":true,"jwt-auth":true,"limit-count":true,"referer-restriction":true,"forward-auth":true,"udp-logger":true,"serverless-post-function":true,"basic-auth":true,"openwhisk":true,"cors":true,"limit-conn":true,"server-info":true,"azure-functions":true,"traffic-split":true,"request-validation":true,"google-cloud-logging":true,"rocketmq-logger":true,"sls-logger":true,"kafka-logger":true,"proxy-control":true,"proxy-rewrite":true,"syslog":true,"consumer-restriction":true,"echo":true,"http-logger":true,"prometheus":true,"redirect":true,"ip-restriction":true,"aws-lambda":true,"limit-req":true,"opa":true,"real-ip":true,"authz-casbin":true,"tcp-logger":true,"zipkin":true,"openid-connect":true,"gzip":true,"example-plugin":true,"request-id":true,"api-breaker":true,"hmac-auth":true,"ldap-auth":true,"proxy-mirror":true,"client-control":true,"proxy-cache":true}, context: init_worker_by_lua*
2022/03/18 21:23:09 [warn] 127#127: *723842 [lua] plugin.lua:222: load_stream(): new plugins: {"limit-conn":true,"ip-restriction":true,"mqtt-proxy":true}, context: init_worker_by_lua*

首先在我本地的 m1 上已安装的 APISIX 上看是否能重现bug。 流程如下:

  1. 进入 APISIX,使用 ./bin/apisix start 命令启动 APISIX。
  2. 直接报错 401,这个属于正常情况,因为没有做权限认证,就应该是这样的报错。

换一种重现方式:使用 docker 镜像(arm 版本) https://hub.docker.com/r/apache/apisix/tags#:~:text=3ab0b2f76959-,linux,-/arm64 首先复制命令

apache/apisix/2.12.1-alpine/images/sha256-3ab0b2f76959f057790b35adf2438fea5ae6cbc8c994aff159bf17d72654d857?context=explore
docker pull apache/apisix:2.12.1-alpine@sha256:3ab0b2f76959f057790b35adf2438fea5ae6cbc8c994aff159bf17d72654d857
docker pull nginx:stable-perl@sha256:3ab0b2f76959f057790b35adf2438fea5ae6cbc8c994aff159bf17d72654d857
docker pull nginx:stable-perl@sha256:3ab0b2f76959f057790b35adf2438fea5ae6cbc8c994aff159bf17d72654d857
docker run -itd --rm --name=dev-apisx -v /srv/[github.com/apache/apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml](http://github.com/apache/apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml) apache/apisix

修改:docker tag c8202912bb3a apache/apisix:dev 这个命令用于运行apisix,记住这边得先把 APISIX镜像的tag改了哈改成 apache/apisix:dev

docker run -itd --rm --name=dev-apisx -p 9080:9080 -v /Users/cheverjohn/home/api7/dev_cj/apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml apache/apisix:dev

上面的这条命令要好好理解,这是最终的状态。

![[dockerdestop.png]]

这边还有一个 etcd 的映射端口更改。

这一块需要思考到的地方有, etcd 由于我是本地使用 brew 命令安装的,所以它会默认由brew 守护开启,也就是无论你开关机它都会启动。这个 需要额外关闭。我是通过这条命令看到的

brew info etcd

看到可以这样关闭 etcd

brew services stop etcd
ETCD_UNSUPPORTED_ARCH="arm64" /opt/homebrew/opt/etcd/bin/etcd
ETCD_UNSUPPORTED_ARCH="arm64" /opt/homebrew/opt/etcd/bin/etcd --listen-client-urls=http://0.0.0.0:2379
ETCD_UNSUPPORTED_ARCH="arm64" /opt/homebrew/opt/etcd/bin/etcd --listen-client-urls http://0.0.0.0:2379 --advertise-client-urls http://0.0.0.0:2379 --listen-peer-urls http://0.0.0.0:2380 --initial-advertise-peer-urls http://0.0.0.0:2380

其中为了确认 etcd 的安装位置,他的端口状态,会一直使用到以下命令:

lsof -i:2379

得出运行 2379 端口的进程。

lsof -p PID

根据 PID 得到进程的具体位置,根据这个操作确认到 进程的具体位置。

这里边超哥贡献了一些命令:

history | grep etcd
curl http://192.168.28.179:2379/version

期望通过这个配置,判断是否正常启动好 etcd。

还有命令:

docker logs aae1b3434ce4

这里边的 后边的数字其实是 container ID

此处码一下,希望了解清楚以下两条命令的区别:

docker ps

docker ps -a

下面的代码也要了解清楚各种参数的意思:

docker run -itd --name=dev-apisx -v /Users/cheverjohn/home/api7/dev_cj/apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml apache/apisix:dev

查看日志命令

tail -f error.log

有时候我也看到会连续执行两条命令:

docker stop 9b17b3bbb061

docker rm 9b17b3bbb061

docker rmi c8202912bb3a

检查: docker inspect apache/apisix:dev

这边配置好 etcd 和 APISIX 之后,开始 curl 请求 ifconfig | grep 192.168 找到了:curl http://192.168.101.161:2379/version