# added the debug version of the api-gateway activated with the env var DEBUG=true, and support for running unit tests via Test NGINX module

Author: ddragosd

Dockerfile

@@ -8,22 +8,24 @@ FROM alpine:latest
 
 RUN apk update \
     && apk add gcc tar libtool zlib jemalloc jemalloc-dev perl \ 
-    make musl-dev openssl-dev pcre-dev g++ zlib-dev curl python
+    make musl-dev openssl-dev pcre-dev g++ zlib-dev curl python \
+    perl-test-longstring perl-list-moreutils perl-http-message
 
 ENV OPENRESTY_VERSION 1.9.3.1
 ENV NAXSI_VERSION 0.53-2
 ENV PCRE_VERSION 8.37
+ENV TEST_NGINX_VERSION 0.24
 ENV HMAC_LUA_VERSION 1.0.0
 ENV REQUEST_VALIDATION_VERSION 1.0.1
 
 RUN mkdir -p /tmp/api-gateway/
-ADD https://github.com/nbs-system/naxsi/archive/${NAXSI_VERSION}.tar.gz /tmp/api-gateway/naxsi-${NAXSI_VERSION}.tar.gz
-ADD http://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz /tmp/api-gateway/prce-${PCRE_VERSION}.tar.gz
-ADD http://openresty.org/download/ngx_openresty-${OPENRESTY_VERSION}.tar.gz /tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION}.tar.gz
-ADD https://github.com/adobe-apiplatform/api-gateway-request-validation/archive/${REQUEST_VALIDATION_VERSION}.tar.gz /tmp/api-gateway/api-gateway-request-validation-${REQUEST_VALIDATION_VERSION}.tar.gz
-ADD https://github.com/adobe-apiplatform/api-gateway-hmac/archive/${HMAC_LUA_VERSION}.tar.gz /tmp/api-gateway/api-gateway-hmac-${HMAC_LUA_VERSION}.tar.gz
 
-RUN  cd /tmp/api-gateway/ \ 
+RUN  cd /tmp/api-gateway/ \
+     && curl -L https://github.com/nbs-system/naxsi/archive/${NAXSI_VERSION}.tar.gz -o /tmp/api-gateway/naxsi-${NAXSI_VERSION}.tar.gz \
+     && curl -L http://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz -o /tmp/api-gateway/prce-${PCRE_VERSION}.tar.gz \
+     && curl -L https://github.com/adobe-apiplatform/apigateway/releases/download/openresty_backup_1.9.3.1/ngx_openresty-1.9.3.1.tar.gz -o /tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION}.tar.gz \
+     && curl -L https://github.com/adobe-apiplatform/api-gateway-request-validation/archive/${REQUEST_VALIDATION_VERSION}.tar.gz -o /tmp/api-gateway/api-gateway-request-validation-${REQUEST_VALIDATION_VERSION}.tar.gz \
+     && curl -L https://github.com/adobe-apiplatform/api-gateway-hmac/archive/${HMAC_LUA_VERSION}.tar.gz -o /tmp/api-gateway/api-gateway-hmac-${HMAC_LUA_VERSION}.tar.gz \
      && tar -xf ./ngx_openresty-${OPENRESTY_VERSION}.tar.gz \
      && tar -xf ./prce-${PCRE_VERSION}.tar.gz \
      && tar -xf ./naxsi-${NAXSI_VERSION}.tar.gz \
@@ -35,7 +37,30 @@ RUN  cd /tmp/api-gateway/ \
      && _localstatedir="/var" \
      && _sysconfdir="/etc" \
      && _sbindir="$_exec_prefix/sbin" \
+     && echo "building debugging version of the api-gateway ... " \
      && ./configure \
+            --prefix=${_exec_prefix}/api-gateway \
+            --sbin-path=${_sbindir}/api-gateway-debug \
+            --conf-path=${_sysconfdir}/api-gateway/api-gateway.conf \
+            --error-log-path=${_localstatedir}/log/api-gateway/error.log \
+            --http-log-path=${_localstatedir}/log/api-gateway/access.log \
+            --pid-path=${_localstatedir}/run/api-gateway.pid \
+            --lock-path=${_localstatedir}/run/api-gateway.lock \
+            --add-module=../naxsi-${NAXSI_VERSION}/naxsi_src/ \
+            --with-pcre=../pcre-${PCRE_VERSION}/ --with-pcre-jit \
+            --with-http_ssl_module \
+            --with-http_stub_status_module \
+            --with-luajit \
+            --without-http_ssi_module \
+            --without-http_userid_module \
+            --without-http_uwsgi_module \
+            --without-http_scgi_module \
+            --with-debug \
+            -j${NPROC} \
+    && make -j${NPROC} \
+    && make install \
+    && echo "building regular version of the api-gateway ... " \
+    && ./configure \
             --prefix=${_exec_prefix}/api-gateway \
             --sbin-path=${_sbindir}/api-gateway \
             --conf-path=${_sysconfdir}/api-gateway/api-gateway.conf \
@@ -68,7 +93,13 @@ RUN  cd /tmp/api-gateway/ \
          LUA_LIB_DIR=${_exec_prefix}/api-gateway/lualib \
          INSTALL=/tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION}/build/install \
     && rm -rf /var/cache/apk/* \
-    && rm -rf /tmp/api-gateway
+    && rm -rf /tmp/api-gateway \
+    && echo " ... adding Nginx Test support" \
+    && curl -L https://github.com/openresty/test-nginx/archive/v${TEST_NGINX_VERSION}.tar.gz -o /usr/local/test-nginx-${TEST_NGINX_VERSION}.tar.gz \
+    && cd /usr/local/ \
+    && tar -xf /usr/local/test-nginx-${TEST_NGINX_VERSION}.tar.gz \
+    && rm /usr/local/test-nginx-${TEST_NGINX_VERSION}.tar.gz \
+    && ln -s /usr/local/sbin/api-gateway-debug /usr/local/sbin/nginx
 
 
 COPY init.sh /etc/init-container.sh
@@ -81,4 +112,4 @@ RUN adduser -S nginx-api-gateway \
 ONBUILD COPY api-gateway-config /etc/api-gateway
 
 
-CMD ["/etc/init-container.sh"]
+ENTRYPOINT ["/etc/init-container.sh"]

Makefile

@@ -2,31 +2,31 @@ DOCKER_TAG ?= snapshot-`date +'%Y%m%d-%H%M'`
 DOCKER_REGISTRY ?= ''
 
 docker:
-	docker build -t apiplatform/apigateway .
+	docker build -t adobeapiplatform/apigateway .
 
 .PHONY: docker-ssh
 docker-ssh:
-	docker run -ti --entrypoint='bash' apiplatform/apigateway:latest
+	docker run -ti --entrypoint='bash' adobeapiplatform/apigateway:latest
 
 .PHONY: docker-run
 docker-run:
-	docker run --rm --name="apigateway" -p 8080:80 apiplatform/apigateway:latest ${DOCKER_ARGS}
+	docker run --rm --name="apigateway" -p 80:80 adobeapiplatform/apigateway:latest ${DOCKER_ARGS}
 
 .PHONY: docker-debug
 docker-debug:
 	#Volumes directories must be under your Users directory
 	mkdir -p ${HOME}/tmp/apiplatform/apigateway
 	rm -rf ${HOME}/tmp/apiplatform/apigateway/api-gateway-config
-	#ln -s  `pwd`/api-gateway-config ${HOME}/tmp/apiplatform/apigateway/api-gateway-config
 	cp -r `pwd`/api-gateway-config ${HOME}/tmp/apiplatform/apigateway/
 	docker run --name="apigateway" \
-			-p 8080:80 \
-			-e "LOG_LEVEL=debug" \
+			-p 80:80 \
+			-e "LOG_LEVEL=info" -e "DEBUG=true" \
 			-v ${HOME}/tmp/apiplatform/apigateway/api-gateway-config/:/etc/api-gateway \
-			apiplatform/apigateway:latest ${DOCKER_ARGS}
+			adobeapiplatform/apigateway:latest ${DOCKER_ARGS}
 
 .PHONY: docker-reload
 docker-reload:
+	cp -r `pwd`/api-gateway-config ${HOME}/tmp/apiplatform/apigateway/
 	docker exec apigateway api-gateway -t -p /usr/local/api-gateway/ -c /etc/api-gateway/api-gateway.conf
 	docker exec apigateway api-gateway -s reload
 
@@ -41,6 +41,6 @@ docker-stop:
 
 .PHONY: docker-push
 docker-push:
-	docker tag -f apiplatform/apigateway $(DOCKER_REGISTRY)/apiplatform/apigateway:$(DOCKER_TAG)
-	docker push $(DOCKER_REGISTRY)/apiplatform/apigateway:$(DOCKER_TAG)
+	docker tag -f adobeapiplatform/apigateway $(DOCKER_REGISTRY)/adobeapiplatform/apigateway:$(DOCKER_TAG)
+	docker push $(DOCKER_REGISTRY)/adobeapiplatform/apigateway:$(DOCKER_TAG)
 

README.md

@@ -1,7 +1,35 @@
   apigateway
 =============
-A performant API Gateway based on Openresty and Nginx.
+A performant API Gateway based on Openresty and NGINX.
 
+### Quick start
+
+```
+docker run --name="apigateway" \
+            -p 80:80 \
+            -e "MARATHON_HOST=http://<marathon_host>:<port>/" \
+            -e "LOG_LEVEL=info" \
+            adobeapiplatform/apigateway:latest
+```
+
+This command starts an API Gateway that automatically discovers the services running in Marathon.
+The discovered services are exposed on individual VHosts as you can see in the [config file](https://github.com/adobe-apiplatform/apigateway/blob/master/api-gateway-config/conf.d/marathon_apis.conf#L36).
+
+#### Accessing a Marathon app
+
+For example, if you have an application named `hello-world` you can access it on its VHost in 2 ways:
+1. Edit `/etc/hosts` and add `<docker_host_ip> hello-world.api.localhost` then browse to `http://hello-world.api.localhost`
+2. Sending the Host header in a curl command: `curl -H "Host:hello-world.api.localhost" http://<docker_host_ip>`
+
+The [discovery script](https://github.com/adobe-apiplatform/apigateway/blob/master/api-gateway-config/marathon-service-discovery.sh) is provided as an example for a quick-start and it can be replaced with your favourite discovery mechanism.
+The script updates a [configuration file](https://github.com/adobe-apiplatform/apigateway/blob/master/api-gateway-config/environment.conf.d/api-gateway-upstreams.http.conf) containing all the NGINX upstreams that are used in the [config file](https://github.com/adobe-apiplatform/apigateway/blob/master/api-gateway-config/conf.d/marathon_apis.conf#L36).
+
+#### Resolvers
+While starting up this container automatically creates the `/etc/api-gateway/conf.d/includes/resolvers.conf` config file using `/etc/resolv.conf` as the source.
+To learn more about the `resolver` directive in NGINX see the [docs](http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver).
+
+#### Running the API Gateway outside of Marathon and Mesos
+Besides the discovery part which is dependent on Marathon at the  moment, the API Gateway can run on its own as well. The Marathon service discovery is activated with the ` -e "MARATHON_HOST=http://<marathon_host>:<port>/"`.
 
 ### Developer guide
 
@@ -19,25 +47,25 @@ A performant API Gateway based on Openresty and Nginx.
  ```
   make docker-run
  ```
- The main API Gateway process is exposed to port 8080. To test that the Gateway works see its `health-check`:
+ The main API Gateway process is exposed to port `80`. To test that the Gateway works see its `health-check`:
  ```
-  $ curl http://<docker_host_ip>:8080/health-check
+  $ curl http://<docker_host_ip>/health-check
     API-Platform is running!
  ```
  If you're up for a quick performance test, you can play with Apache Benchmark via Docker:
 
  ```
-  docker run jordi/ab ab -k -n 200000 -c 500 http://<docker_host_ip>:8080/health-check
+  docker run jordi/ab ab -k -n 200000 -c 500 http://<docker_host_ip>/health-check
  ```
 
  To run docker mounting the local `api-gateway-config` directory into `/etc/api-gateway/` issue:
 
  ```bash
  $ make docker-debug
  ```
- In debug mode docker container starts with `-e "LOG_LEVEL=debug"` which will give you a little more debugging information.
-
- To enable the full debug logging in nginx ( using a build configured `--with-debug` ) there will be a separate container.
+ In debug mode the docker container starts a special `api-gateway` compiled `--with-debug` providing very detailed debugging information.
+When started with `-e "LOG_LEVEL=info"` the output is quite verbose.
+To learn more about this option visit [NGINX docs](http://nginx.org/en/docs/debugging_log.html).
 
  When done stop the image:
  ```
@@ -61,7 +89,7 @@ For optimal performance leave the `network` on `HOST` mode. To learn more about
   "container": {
     "type": "DOCKER",
     "docker": {
-      "image": "apiplatform/apigateway:latest",
+      "image": "adobeapiplatform/apigateway:latest",
       "forcePullImage": true,
       "network": "HOST"
     }
@@ -71,16 +99,8 @@ For optimal performance leave the `network` on `HOST` mode. To learn more about
   "env": {
     "MARATHON_HOST": "http://<marathon_host>:<marathon_port>"
   },
-  "constraints": [
-    [
-      "hostname",
-      "UNIQUE"
-    ]
-  ],
-  "acceptedResourceRoles": ["slave_public"],
-  "ports": [
-    80
-  ],
+  "constraints": [  [ "hostname","UNIQUE" ]  ],
+  "ports": [ 80 ],
   "healthChecks": [
     {
       "protocol": "HTTP",
@@ -95,6 +115,11 @@ For optimal performance leave the `network` on `HOST` mode. To learn more about
 }
 ```
 
+To run the Gateway only on specific nodes marked with `slave_public` you can add the property bellow to the main JSON object:
+```
+"acceptedResourceRoles": [ "slave_public" ]
+```
+
 ##### Auto-discover and register Marathon tasks in the Gateway
 
 To enable auto-discovery in a Mesos with Marathon framework define the following Environment Variables:
@@ -109,6 +134,6 @@ docker run --name="apigateway" \
             -p 8080:80 \
             -e "MARATHON_HOST=http://<marathon_host>:<port>/" \
             -e "LOG_LEVEL=info" \
-            apiplatform/apigateway:latest
+            adobeapiplatform/apigateway:latest
 ```
 

api-gateway-config/conf.d/marathon_apis.conf

@@ -33,7 +33,7 @@ server {
 #    listen 8080;
 
     # listenes on <marathon_app_name>.api.any.domain with the assumption that the marathon_app_name has been defined in marathon. TBD what to do when the app is not found
-    server_name ~^(?<marathon_app_name>.[^\.]+)\.api\.(?<domain>.+);
+    server_name ~^(?<marathon_app_name>.[^\.]+)\.(api|gw)\.(?<domain>.+);
 
     server_tokens off;
 

api-gateway-config/html/index.html

@@ -23,7 +23,7 @@
 
 <html>
 <head>
-<title>Welcome to API Gateway ! An Nginx and Openresty based gateway.</title>
+<title>Welcome to API Gateway ! An NGINX and Openresty based gateway.</title>
 <style>
     body {
         width: 35em;
@@ -34,7 +34,7 @@
 </head>
 <body>
 <h1>Welcome to API Gateway ! </h1>
-<h3>An Nginx and Openresty based API Gateway.</h3>
+<h3>An NGINX and Openresty based API Gateway.</h3>
 <p>If you see this page, the API Gateway is successfully installed and
 working. Further configuration may be required.</p>
 

init.sh

@@ -21,22 +21,29 @@
 # * DEALINGS IN THE SOFTWARE.
 # *
 # */
-
+debug_mode=$(echo $DEBUG)
 log_level=${LOG_LEVEL:-warn}
 marathon_host=$(echo $MARATHON_HOST)
+sleep_duration=${MARATHON_POLL_INTERVAL:-5}
 
 echo "Starting api-gateway ..."
+if [ "${debug_mode}" == "true" ]; then
+    echo "   ...  in DEBUG mode "
+    mv /usr/local/sbin/api-gateway /usr/local/sbin/api-gateway-no-debug
+    ln -sf /usr/local/sbin/api-gateway-debug /usr/local/sbin/api-gateway
+fi
+
 /usr/local/sbin/api-gateway -V
 echo "------"
 
 echo resolver $(awk 'BEGIN{ORS=" "} /nameserver/{print $2}' /etc/resolv.conf | sed "s/ $/;/g") > /etc/api-gateway/conf.d/includes/resolvers.conf
 echo "   ...  with dns $(cat /etc/api-gateway/conf.d/includes/resolvers.conf)"
 
 if [[ -n "${marathon_host}" ]]; then
-    echo "  ... starting Marathon Service Discovery "
+    echo "  ... starting Marathon Service Discovery on ${marathon_host}"
     touch /var/run/apigateway-config-watcher.lastrun
     # start marathon's service discovery
-    while true; do /etc/api-gateway/marathon-service-discovery.sh > /dev/stderr; sleep 5; done &
+    while true; do /etc/api-gateway/marathon-service-discovery.sh > /dev/stderr; sleep ${sleep_duration}; done &
     # start simple statsd logger
     #
     # ASSUMPTION: there is a graphite app named "api-gateway-graphite" deployed in marathon