devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

docs: add route and gatewat configuration options

Browse Source
This commit is contained in:
Jonas Kaninda
2024-11-19 19:34:26 +01:00
parent 1c0097d8e4
commit cc9b6b0042
9 changed files with 123 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/index.md
View File

@@ -101,10 +101,6 @@ docker pull ghcr.io/jkaninda/goma-gateway
Documentation references Docker Hub, but all examples will work using ghcr.io just as well.
## Supported Engines
This image is developed and tested against the Docker CE engine exclusively.
While it may work against different implementations, there are no guarantees about support for non-Docker engines.
## References

23
docs/middleware/intro.md
View File

@@ -1,23 +0,0 @@
---
title: Intro
layout: default
parent: Middleware
nav_order: 1
---
# Middlewares
Middleware is a function executed before (or after) the route callback.
This is a great way to add API authentication checks, or to validate that the user has permission to access the route.
With Goma you can create your middleware based on the type you want and apply it on your routes
Goma Gateway supports :
- Authentication middleware
- JWT `client authorization based on the result of a request`
- Basic-Auth
- OAuth
- Rate limiting middleware
- In-Memory client IP based
- Access middleware

29
docs/middleware/overview.md Normal file
View File

@@ -0,0 +1,29 @@
---
title: Overview
layout: default
parent: Middleware
nav_order: 1
---
# Middlewares
Middleware functions are executed before or after a route callback, enabling you to extend the behavior of your routes.
They are an excellent way to implement features like API authentication, access control, or request validation.
With Goma, you can create custom middleware tailored to your needs and apply them to your routes seamlessly.
## Supported Middleware Types
- **Authentication Middleware**
- **JWT**: Performs client authorization based on the result of a request using JSON Web Tokens.
- **Basic-Auth**: Verifies credentials through Basic Authentication.
- **OAuth**: Supports OAuth-based authentication flows.
- **Rate Limiting Middleware**
- **In-Memory Client IP Based**: Throttles requests based on the clients IP address using an in-memory store.
- **Distributed Rate Limiting**: Leverage Redis for scalable, client IP-based rate limits.
- **Access Middleware**
- Validates user permissions or access rights for specific route paths.
Middleware provides a flexible and powerful way to enhance the functionality, security, and performance of your API.

4
docs/quickstart/distrubuted-intance.md
View File

@@ -8,6 +8,10 @@ nav_order: 5
# Distributed instances
Goma Gateway includes built-in support for Redis-based rate limiting, enabling efficient and scalable deployments.
By leveraging Redis, the Gateway ensures high-performance request throttling and distributed rate limiting across multiple instances, making it ideal for modern, cloud-native architectures.
```yaml
version: "1.0"
gateway:

3
docs/quickstart/extra-route.md
View File

@@ -31,6 +31,8 @@ gateway:
- path: /
name: example
```
## Routes Configuration
Below is an example of configuring routes for the Gateway, defining service paths, methods, backends, health checks, and other settings.
Create a file in `/etc/goma/extra` using `yaml` or `.yaml` extension.
@@ -86,6 +88,7 @@ Create a file in `/etc/goma/extra` using `yaml` or `.yaml` extension.
disableHostFording: true
interceptErrors: [404,401]
blockCommonExploits: false
## List of middleware
middlewares:
- auth-middleware

84
docs/quickstart/gateway.md
View File

@@ -7,49 +7,51 @@ nav_order: 1
# Gateway
```yaml
version: 1.0
gateway:
sslCertFile: /etc/goma/cert.pem
sslKeyFile: /etc/goma/key.pem
writeTimeout: 15
readTimeout: 15
idleTimeout: 30
# Rate limiting
rateLimit: 0
accessLog: /dev/Stdout
errorLog: /dev/stderr
logLevel: info
## Add additional routes
extraRoutes:
# path
directory: /etc/goma/extra
watch: true
disableRouteHealthCheckError: false
disableDisplayRouteOnStart: false
disableKeepAlive: false
disableHealthCheckStatus: false
blockCommonExploits: true
# Intercept backend errors
interceptErrors:
- 500
cors:
origins:
- http://localhost:8080
- https://example.com
headers:
Access-Control-Allow-Credentials: "true"
Access-Control-Allow-Headers: Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id
Access-Control-Max-Age: "1728000"
routes: []
```
## Extra Routes
The Gateway serves as the entry point to the server. This section provides options to configure the proxy server, define routes, and specify additional routes.
The Extra Routes feature allows you to define additional routes by using .yml or .yaml files stored in a specified directory.
These settings enable precise control over traffic flow and routing within your deployment.
This approach helps you avoid the complexity of managing all routes in a single file.
## Configuration Options
When dealing with many routes, maintaining them in one file can quickly become unwieldy. With this feature, you can organize your routes into separate files, making them easier to manage and maintain.
- **`sslCertFile`** (`string`): Path to the SSL certificate file.
- **`sslKeyFile`** (`string`): Path to the SSL certificate private key file.
- **`redis`**: Redis configuration settings.
- **`writeTimeout`** (`integer`): Timeout for writing responses (in seconds).
- **`readTimeout`** (`integer`): Timeout for reading requests (in seconds).
- **`idleTimeout`** (`integer`): Timeout for idle connections (in seconds).
- **`rateLimit`** (`integer`): Global rate limiting for the proxy.
- **`blockCommonExploits`** (`boolean`): Enable or disable blocking of common exploits.
- **`accessLog`** (`string`, default: `/dev/stdout`): Path for access logs.
- **`errorLog`** (`string`, default: `/dev/stderr`): Path for error logs.
- **`logLevel`** (`string`): Log verbosity level (e.g., `info`, `debug`, `error`).
- **`disableHealthCheckStatus`** (`boolean`): Enable or disable exposing the health check route status.
- **`disableRouteHealthCheckError`** (`boolean`): Enable or disable returning health check error responses for routes.
- **`disableDisplayRouteOnStart`** (`boolean`): Enable or disable displaying routes during server startup.
- **`disableKeepAlive`** (`boolean`): Enable or disable `keepAlive` for the proxy.
- **`enableMetrics`** (`boolean`): Enable or disable server metrics collection.
- **`interceptErrors`** (`array of integers`): List of HTTP status codes to intercept for custom handling.
### CORS Configuration
Customize Cross-Origin Resource Sharing (CORS) settings for the proxy:
- **`origins`** (`array of strings`): List of allowed origins.
- **`headers`** (`map[string]string`): Custom headers to include in responses.
### Additional Routes
Define custom routes for additional flexibility:
- **`directory`** (`string`): Directory path for serving extra routes.
- **`watch`** (`boolean`): Watch the directory for changes and update routes dynamically.
### Routes
Define the main routes for the Gateway, enabling routing logic for incoming requests.
---
## Example Configuration
```yaml
version: 1.0
@@ -72,11 +74,13 @@ gateway:
# Intercept backend errors
interceptErrors:
- 500
- 405
cors:
origins:
- http://localhost:8080
- https://example.com
headers:
X-Custom-Header: "Value"
Access-Control-Allow-Credentials: "true"
Access-Control-Allow-Headers: Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id
Access-Control-Max-Age: "1728000"

4
docs/quickstart/healthcheck.md
View File

@@ -8,7 +8,9 @@ nav_order: 5
# Healthcheck
Goma comes with routes healthcheck, that can be enabled and disabled.
The proxy includes built-in health check routes, which can be easily enabled or disabled based on your requirements.
These routes allow you to monitor the health and availability of your services.
```yaml
version: 1.0

40
docs/quickstart/route.md
View File

@@ -10,6 +10,46 @@ nav_order: 2
The Route allows you to match on HTTP traffic and direct it to the backend.
## Configuration Options
This section outlines the available configuration options for defining routes in the Gateway.
### Route Configuration
- **`path`** (`string`): The route path (e.g., `/api/v1/resource`).
- **`name`** (`string`): A unique name for the route.
- **`hosts`** (`list of strings`): A list of allowed hostnames for the route.
- **`rewrite`** (`string`): Rewrites the incoming route path to a new path.
- **`methods`** (`array of strings`): A list of allowed HTTP methods (e.g., `GET`, `POST`).
- **`destination`** (`string`): The backend endpoint for the route.
- **`backends`** (`list of strings`): A list of backend services for load balancing.
- **`insecureSkipVerify`** (`boolean`): Disables backend TLS certificate verification.
## Health Check Configuration
- **`healthCheck`**:
- **`path`** (`string`): The health check path (e.g., `/health`).
- **`interval`** (`string`, default: `30s`): The interval between health checks.
- **`timeout`** (`string`, default: `10s`): The maximum time to wait for a health check response.
- **`healthyStatuses`** (`array of integers`): A list of HTTP status codes considered healthy.
## CORS Configuration
- **`cors`**:
- **`origins`** (`array of strings`): A list of allowed origins for Cross-Origin Resource Sharing (CORS).
- **`headers`** (`array of strings`): A list of custom headers to include in responses.
## Additional Options
- **`rateLimit`** (`integer`): The maximum number of requests allowed per minute.
- **`disableHostFording`** (`boolean`): Disables proxy host forwarding for improved security.
- **`interceptErrors`** (`array of integers`): A list of backend error status codes to intercept for custom handling.
- **`blockCommonExploits`** (`boolean`): Enables or disables blocking of common exploits.
- **`middlewares`** (`array of strings`): A list of middleware names applied to the route.
---
### Simple route
```yaml

1
examples/goma.yml
View File

@@ -16,7 +16,6 @@ gateway:
logLevel: info # debug, trace, off
accessLog: "/dev/Stdout"
errorLog: "/dev/stderr"
## Redis connexion for distributed rate limiting, when using multiple instances | It's optional
#redis:
#addr: redis:6379
# password: password