devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

Merge branch 'main' of github.com:jkaninda/goma-gateway into route-loadbalancing

Browse Source
This commit is contained in:
Jonas Kaninda
2024-11-10 08:18:05 +01:00
parent 0f39ead97c 8e5e01239d
commit d97306a2ec
25 changed files with 772 additions and 434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -43,6 +43,7 @@ It's designed to be straightforward and efficient, offering features, like:
- Cross-Origin Resource Sharing (CORS) - Cross-Origin Resource Sharing (CORS)
- Custom Headers - Custom Headers
- Backend Errors interceptor - Backend Errors interceptor
- Logging
- Support TLS - Support TLS
- Block common exploits middleware - Block common exploits middleware
- Patterns to detect SQL injection attempts - Patterns to detect SQL injection attempts
@@ -57,10 +58,12 @@ It's designed to be straightforward and efficient, offering features, like:
- Limit HTTP methods allowed for a particular route. - Limit HTTP methods allowed for a particular route.
### Todo: ### Todo:
- [x] Support Load Balancing, round-robin algorithm
- [ ] Distributed Rate Limiting for In-Memory client IP based across multiple instances using Redis - [ ] Load Balancing Healthcheck, disable unavailable servers
- [ ] Blocklist IP address middleware - [ ] Blocklist IP address middleware
- [ ] Tracing
- [ ] Metrics
- [ ] Distributed Rate Limiting for In-Memory client IP based across multiple instances using Redis
---- ----

2
docs/index.md
View File

@@ -71,7 +71,7 @@ While it may work against different implementations, there are no guarantees abo
We decided to publish this image as a simpler and more lightweight because of the following requirements: We decided to publish this image as a simpler and more lightweight because of the following requirements:
- The original image is based on `Alpine` and requires additional tools, making it heavy. - The original image is based on `Alpine`, making it heavy.
- This image is written in Go. - This image is written in Go.
- `arm64` and `arm/v7` architectures are supported. - `arm64` and `arm/v7` architectures are supported.
- Docker in Swarm mode is supported. - Docker in Swarm mode is supported.

49
docs/install/docker.md Normal file
View File

@@ -0,0 +1,49 @@
---
title: Docker
layout: default
parent: Installation
nav_order: 4
---
# Docker Installation
Details about how to use Goma in Docker can be found on the hub.docker.com repo hosting the image: Goma.
We also have some cool examples with [Docker Compose template](https://github.com/jkaninda/goma-gateway/tree/main/examples) with built-in orchestration and scalability.
## 1. Initialize configuration
You can generate the configuration file using `config init --output /etc/goma/config.yml` command.
The default configuration is automatically generated if any configuration file is not provided, and is available at `/etc/goma/goma.yml`
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/etc/goma/" \
jkaninda/goma-gateway config init --output /etc/goma/config.yml
```
### 3. Start server with a custom config
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/etc/goma/" \
-p 8080:8080 \
jkaninda/goma-gateway server --config /config/config.yml
```
### 4. Healthcheck
- Goma Gateway health check: `/health/live`
- Routes health check: `health/routes`
### 5. Simple deployment in docker compose file
```yaml
services:
goma-gateway:
image: jkaninda/goma-gateway
command: server
ports:
- "8080:8080"
- "8443:8443"
volumes:
- ./config:/etc/goma/
```

8
docs/install/index.md Normal file
View File

@@ -0,0 +1,8 @@
---
title: Installation
layout: default
nav_order: 2
has_children: true
---
## Installation

227
docs/install/kubernetes.md Normal file
View File

@@ -0,0 +1,227 @@
---
title: Kubernetes
layout: default
parent: Installation
nav_order: 4
---
# Kubernetes Installation
Details about how to use Goma in Kubernetes can be found on the hub.docker.com repo hosting the image: Goma.
We also have some cool examples with [Kubernetes deployment template](https://github.com/jkaninda/goma-gateway/tree/main/examples) with built-in orchestration and scalability.
## 1. Generate a configuration file
You can generate the configuration file using `config init --output /etc/goma/config.yml` command.
The default configuration is automatically generated if any configuration file is not provided, and is available at `/etc/goma/goma.yml`
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/etc/goma/" \
jkaninda/goma-gateway config init --output /etc/goma/config.yml
```
## 2. Create ConfigMap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: goma-config
data:
goma.yml: |
# Goma Gateway configurations
version: 0.1.7
gateway:
# Proxy write timeout
writeTimeout: 15
# Proxy read timeout
readTimeout: 15
# Proxy idle timeout
idleTimeout: 30
## SSL Certificate file
sslCertFile: '' #cert.pem
## SSL Private Key file
sslKeyFile: ''#key.pem
# Proxy rate limit, it's In-Memory IP based
rateLimit: 0
accessLog: "/dev/Stdout"
errorLog: "/dev/stderr"
## Enable, disable routes health check
disableHealthCheckStatus: false
## Returns backend route healthcheck errors
disableRouteHealthCheckError: false
# Disable display routes on start
disableDisplayRouteOnStart: false
# disableKeepAlive allows enabling and disabling KeepALive server
disableKeepAlive: false
# Block common exploits | detect SQL injection, and simple XSS attempts
blockCommonExploits: false
# interceptErrors intercepts backend errors based on defined the status codes
interceptErrors:
- 405
- 500
# - 400
# Proxy Global HTTP Cors
cors:
# Global routes cors for all routes
origins:
- http://localhost:8080
- https://example.com
# Global routes cors headers for all routes
headers:
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
Access-Control-Allow-Credentials: 'true'
Access-Control-Max-Age: 1728000
##### Define routes
routes:
# Example of a route | 1
- name: Public # Name is optional
# host Domain/host based request routing
host: "" # Host is optional
path: /public
## Rewrite a request path
# e.g rewrite: /store to /
rewrite: /
destination: https://example.com
# Limit HTTP methods allowed for this route
methods: [POST, PUT, GET]
#DisableHeaderXForward Disable X-forwarded header.
# [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
# It will not match the backend route, by default, it's disabled
disableHeaderXForward: false
# Internal health check
healthCheck: '' #/internal/health/ready
# Route Cors, global cors will be overridden by route
cors:
# Route Origins Cors, route will override global cors origins
origins:
- https://dev.example.com
- http://localhost:3000
- https://example.com
# Route Cors headers, route will override global cors headers
headers:
Access-Control-Allow-Methods: 'GET'
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
Access-Control-Allow-Credentials: 'true'
Access-Control-Max-Age: 1728000
##### Apply middlewares to the route
## The name must be unique
## List of middleware name
middlewares:
- api-forbidden-paths
# Example of a route | 2
- name: Basic auth
path: /protected
rewrite: /
destination: https://example.com
methods: []
healthCheck:
cors: {}
middlewares:
- api-forbidden-paths
- basic-auth
#Defines proxy middlewares
# middleware name must be unique
middlewares:
# Enable Basic auth authorization based
- name: basic-auth
# Authentication types | jwt, basic, OAuth
type: basic
paths:
- /user
- /admin
- /account
rule:
username: admin
password: admin
#Enables JWT authorization based on the result of a request and continues the request.
- name: google-auth
# Authentication types | jwt, basic, OAuth
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
type: jwt
# Paths to protect
paths:
- /protected-access
- /example-of-jwt
#- /* or wildcard path
rule:
# This is an example URL
url: https://www.googleapis.com/auth/userinfo.email
# Required headers, if not present in the request, the proxy will return 403
requiredHeaders:
- Authorization
# You can also get headers from the authentication request result and inject them into the next request header or params.
# In case you want to get headers from the authentication service and inject them into the next request headers.
# Set the request variable to the given value after the authorization request completes.
# In case you want to get headers from the authentication service and inject them into the next request headers.
# Key is authentication request response header Key. Value is the next Request header Key.
headers:
userId: Auth-UserId
userCountryId: Auth-UserCountryId
# In case you want to get headers from the Authentication service and inject them to the next request params.
#Key is authentication request response header Key. Value is the next Request parameter Key.
params:
userCountryId: countryId
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
## 3. Create Kubernetes deployment
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: goma-gateway
spec:
selector:
matchLabels:
app: goma-gateway
template:
metadata:
labels:
app: goma-gateway
spec:
containers:
- name: goma-gateway
image: jkaninda/goma-gateway
command: ["goma","server"]
resources:
limits:
memory: "128Mi"
cpu: "200m"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 15
periodSeconds: 30
timeoutSeconds: 10
volumeMounts:
- name: config
mountPath: /etc/goma/
volumes:
- name: config
configMap:
name: goma-config
```

233
docs/middleware.md
View File

@@ -1,233 +0,0 @@
---
title: Middleware
layout: default
nav_order: 4
---
## Middlewares
Middleware is a function executed before (or after) the route callback.
This is a great way to add API authentication checks, or to validate that the user has permission to access the route.
With Goma you can create your middleware based on the type you want and apply it on your routes
Goma Gateway supports :
- Authentication middleware
- JWT `client authorization based on the result of a request`
- Basic-Auth
- OAuth
- Rate limiting middleware
- In-Memory client IP based
- Access middleware
### BasicAuth middleware
The BasicAuth middleware grants access to route to authorized users only.
### Configuration Options
You don't need to hash your password (MD5, SHA1, or BCrypt), Goma gateway will handle it.
You need just to provide the username and password
Example of basic-auth middleware
```yaml
middlewares:
# Middleware name
- name: basic-auth
# Middleware type
type: basic
# Paths to apply middleware
paths:
- /user
- /admin
- /account
rule:
username: admin
password: admin
```
### JWT middleware
As BasicAuth, JWT middleware grants also access to route to authorized users only.
It implements client authorization based on the result of a request.
If the request returns a 200 response code, access is allowed.
If it returns 401 or 403, the access is denied with the corresponding error code. Any other response code returned by the request is considered an error.
It depends on an authentication service on the backend.
It works as `ngx_http_auth_request_module` on Nginx
```conf
location /private/ {
auth_request /auth;
...
}
location = /auth {
proxy_pass ...
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
```
You can also get headers from the authentication request result and inject them into the next request header or params.
In case you want to get headers from the authentication service and inject them into the next request headers.
Set the request variable to the given value after the authorization request completes.
Key is authentication request response header Key. Value is the next Request header Key.
```yaml
headers:
## Key Authentication request header key and value is next request header key
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
```
The second example, is in case you want to get headers from the authentication request and inject them into the next request parameters.
Key is authentication request response header Key. Value is the next Request parameter Key.
See the example below.
```yaml
# Key Authentication request header key and value is next request parameter key
params:
userId: userId
userCountryId: countryId
```
Example of JWT middleware
```yaml
middlewares:
#Enables JWT authorization based on the result of a request and continues the request.
- name: google-auth
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
type: jwt
# Paths to protect
paths:
- /protected-access
- /example-of-jwt
#- /* or wildcard path
rule:
# This is an example URL
url: https://www.googleapis.com/auth/userinfo.email
# Required headers, if not present in the request, the proxy will return 403
requiredHeaders:
- Authorization
#Set the request variable to the given value after the authorization request completes.
#
# Add header to the next request from AuthRequest header, depending on your requirements
# Key is AuthRequest's response header Key, and value is Request's header Key
# In case you want to get headers from the authentication service and inject them into the next request header or parameters,
#Set the request variable to the given value after completing the authorization request.
#
# Add header to the next request from AuthRequest header, depending on your requirements
# Key is AuthRequest's response header Key, and value is next request header Key
# In case you want to get headers from the authentication service and inject them into the next request headers.
headers:
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
# In case you want to get headers from the Authentication service and inject them to the next request params.
params:
userCountryId: countryId
```
### OAuth middleware
Example of Google provider
```yaml
- name: google-oauth
type: oauth
paths:
- /*
rule:
clientId: xxx
clientSecret: xxxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: google # facebook, gitlab, github, amazon
redirectUrl: https://example.com/callback/protected
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: /dashboard
scopes:
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```
Example of Authentik provider
```yaml
- name: oauth-authentik
type: oauth
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: custom
endpoint:
authUrl: https://authentik.example.com/application/o/authorize/
tokenUrl: https://authentik.example.com/application/o/token/
userInfoUrl: https://authentik.example.com/application/o/userinfo/
redirectUrl: https://example.com/callback
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: ''
#CookiePath e.g.: /my-protected-path or / || by default is applied on a route path
cookiePath: "/"
scopes:
- email
- openid
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```
### Access middleware
Access middleware prevents access to a route or specific route path.
Example of access middleware
```yaml
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
### RateLimit middleware
The RateLimit middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
Example of rateLimit middleware
```yaml
```
### Apply middleware on the route
```yaml
##### Define routes
routes:
- name: Basic auth
path: /protected
rewrite: /
destination: 'https://example.com'
methods: [POST, PUT, GET]
healthCheck:
cors: {}
middlewares:
# Name of middleware
- basic-auth
- access
```

40
docs/middleware/access.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: Access
layout: default
parent: Middleware
nav_order: 2
---
# Access Middleware
Access middleware prevents access to a route or specific route path.
Example of access middleware
```yaml
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
### Apply access middleware on the route
```yaml
routes:
- path: /protected
name: Basic auth
rewrite: /
destination: 'https://example.com'
methods: [POST, PUT, GET]
healthCheck:
cors: {}
middlewares:
- api-forbidden-paths
```

41
docs/middleware/basic.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: Basic auth
layout: default
parent: Middleware
nav_order: 3
---
# Basic Auth Middleware
Access middleware prevents access to a route or specific route path.
Example of access middleware
```yaml
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
### Apply access middleware on the route
```yaml
routes:
- path: /protected
name: Basic auth
rewrite: /
destination: 'https://example.com'
methods: [POST, PUT, GET]
healthCheck:
cors: {}
middlewares:
- api-forbidden-paths
```

8
docs/middleware/index.md Normal file
View File

@@ -0,0 +1,8 @@
---
title: Middleware
layout: default
nav_order: 4
has_children: true
---
## Middleware

23
docs/middleware/intro.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: Intro
layout: default
parent: Middleware
nav_order: 1
---
# Middlewares
Middleware is a function executed before (or after) the route callback.
This is a great way to add API authentication checks, or to validate that the user has permission to access the route.
With Goma you can create your middleware based on the type you want and apply it on your routes
Goma Gateway supports :
- Authentication middleware
- JWT `client authorization based on the result of a request`
- Basic-Auth
- OAuth
- Rate limiting middleware
- In-Memory client IP based
- Access middleware

93
docs/middleware/jwt.md Normal file
View File

@@ -0,0 +1,93 @@
---
title: JWT auth
layout: default
parent: Middleware
nav_order: 4
---
### JWT middleware
As BasicAuth, JWT middleware grants also access to route to authorized users only.
It implements client authorization based on the result of a request.
If the request returns a 200 response code, access is allowed.
If it returns 401 or 403, the access is denied with the corresponding error code. Any other response code returned by the request is considered an error.
It depends on an authentication service on the backend.
It works as `ngx_http_auth_request_module` on Nginx
```conf
location /private/ {
auth_request /auth;
...
}
location = /auth {
proxy_pass ...
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
```
You can also get headers from the authentication request result and inject them into the next request header or params.
In case you want to get headers from the authentication service and inject them into the next request headers.
Set the request variable to the given value after the authorization request completes.
Key is authentication request response header Key. Value is the next Request header Key.
```yaml
headers:
## Key Authentication request header key and value is next request header key
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
```
The second example, is in case you want to get headers from the authentication request and inject them into the next request parameters.
Key is authentication request response header Key. Value is the next Request parameter Key.
See the example below.
```yaml
# Key Authentication request header key and value is next request parameter key
params:
userId: userId
userCountryId: countryId
```
Example of JWT middleware
```yaml
middlewares:
#Enables JWT authorization based on the result of a request and continues the request.
- name: google-auth
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
type: jwt
# Paths to protect
paths:
- /protected-access
- /example-of-jwt
#- /* or wildcard path
rule:
# This is an example URL
url: https://www.example.com/auth/access
# Required headers, if not present in the request, the proxy will return 403
requiredHeaders:
- Authorization
#Set the request variable to the given value after the authorization request completes.
#
# Add header to the next request from AuthRequest header, depending on your requirements
# Key is AuthRequest's response header Key, and value is Request's header Key
# In case you want to get headers from the authentication service and inject them into the next request header or parameters,
#Set the request variable to the given value after completing the authorization request.
#
# Add header to the next request from AuthRequest header, depending on your requirements
# Key is AuthRequest's response header Key, and value is next request header Key
# In case you want to get headers from the authentication service and inject them into the next request headers.
headers:
userId: X-Auth-UserId
userCountryId: X-Auth-UserCountryId
# In case you want to get headers from the Authentication service and inject them to the next request params.
params:
userCountryId: countryId
```

102
docs/middleware/oauth.md Normal file
View File

@@ -0,0 +1,102 @@
---
title: OAuth auth
layout: default
parent: Middleware
nav_order: 5
---
### OAuth middleware
Example of Google provider
```yaml
- name: google-oauth
type: oauth
paths:
- /*
rule:
clientId: xxx
clientSecret: xxxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: google # facebook, gitlab, github, amazon
redirectUrl: https://example.com/callback/protected
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: /dashboard
scopes:
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```
Example of Authentik provider
```yaml
- name: oauth-authentik
type: oauth
paths:
- /protected
- /example-of-oauth
rule:
clientId: xxx
clientSecret: xxx
# oauth provider google, gitlab, github, amazon, facebook, custom
provider: custom
endpoint:
authUrl: https://authentik.example.com/application/o/authorize/
tokenUrl: https://authentik.example.com/application/o/token/
userInfoUrl: https://authentik.example.com/application/o/userinfo/
redirectUrl: https://example.com/callback
#RedirectPath is the PATH to redirect users after authentication, e.g: /my-protected-path/dashboard
redirectPath: ''
#CookiePath e.g.: /my-protected-path or / || by default is applied on a route path
cookiePath: "/"
scopes:
- email
- openid
state: randomStateString
jwtSecret: your-strong-jwt-secret | It's optional
```
### Access middleware
Access middleware prevents access to a route or specific route path.
Example of access middleware
```yaml
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```
### RateLimit middleware
The RateLimit middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
Example of rateLimit middleware
```yaml
```
### Apply middleware on the route
```yaml
##### Define routes
routes:
- name: Basic auth
path: /protected
rewrite: /
destination: 'https://example.com'
methods: [POST, PUT, GET]
healthCheck:
cors: {}
middlewares:
- oauth-authentik
```

22
docs/middleware/rate-limit.md Normal file
View File

@@ -0,0 +1,22 @@
---
title: Rate Limit
layout: default
parent: Middleware
nav_order: 6
---
### RateLimit middleware
The RateLimit middleware ensures that services will receive a fair number of requests, and allows one to define what fair is.
Example of global rateLimit middleware
```yaml
version: 0.1.7
gateway:
# Proxy rate limit, it's In-Memory IP based
rateLimit: 60 # peer minute
routes:
- name: Example
```

191
docs/quickstart.md
View File

@@ -1,191 +0,0 @@
---
title: Quickstart
layout: default
nav_order: 2
---
## Usage
### 1. Initialize configuration
You can generate the configuration file using `config init --output /etc/goma/config.yml` command.
The default configuration is automatically generated if any configuration file is not provided, and is available at `/etc/goma/goma.yml`
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/etc/goma/" \
jkaninda/goma-gateway config init --output /etc/goma/config.yml
```
### 3. Start server with a custom config
```shell
docker run --rm --name goma-gateway \
-v "${PWD}/config:/etc/goma/" \
-p 8080:8080 \
jkaninda/goma-gateway server --config /config/config.yml
```
### 4. Healthcheck
- Goma Gateway health check: `/health/live`
- Routes health check: `health/routes`
### 5. Simple deployment in docker compose file
```yaml
services:
goma-gateway:
image: jkaninda/goma-gateway
command: server
ports:
- "8080:8080"
- "8443:8443"
volumes:
- ./config:/etc/goma/
```
## Customize configuration file
Example of a configuration file
```yaml
# Goma Gateway configurations
gateway:
# Proxy write timeout
writeTimeout: 15
# Proxy read timeout
readTimeout: 15
# Proxy idle timeout
idleTimeout: 60
## SSL Certificate file
sslCertFile: '' #cert.pem
## SSL Private Key file
sslKeyFile: ''#key.pem
# Proxy rate limit, it's In-Memory IP based
rateLimiter: 0
accessLog: "/dev/Stdout"
errorLog: "/dev/stderr"
## Enable, disable routes health check
disableHealthCheckStatus: false
## Returns backend route healthcheck errors
disableRouteHealthCheckError: false
# Disable display routes on start
disableDisplayRouteOnStart: false
# disableKeepAlive allows enabling and disabling KeepALive server
disableKeepAlive: false
blockCommonExploits: false
# interceptErrors intercepts backend errors based on defined the status codes
interceptErrors:
- 405
- 500
# - 400
# Proxy Global HTTP Cors
cors:
# Global routes cors for all routes
origins:
- http://localhost:8080
- https://example.com
# Global routes cors headers for all routes
headers:
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
Access-Control-Allow-Credentials: 'true'
Access-Control-Max-Age: 1728000
##### Define routes
routes:
# Example of a route | 1
- name: Public
# host Domain/host based request routing
host: "" # Host is optional
path: /public
## Rewrite a request path
# e.g rewrite: /store to /
rewrite: /
destination: https://example.com
#DisableHeaderXForward Disable X-forwarded header.
# [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
# It will not match the backend route, by default, it's disabled
disableHeaderXForward: false
# Internal health check
healthCheck: '' #/internal/health/ready
# Route Cors, global cors will be overridden by route
cors:
# Route Origins Cors, route will override global cors origins
origins:
- https://dev.example.com
- http://localhost:3000
- https://example.com
# Route Cors headers, route will override global cors headers
headers:
Access-Control-Allow-Methods: 'GET'
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
Access-Control-Allow-Credentials: 'true'
Access-Control-Max-Age: 1728000
##### Apply middlewares to the route
## The name must be unique
## List of middleware name
middlewares:
- api-forbidden-paths
# Example of a route | 2
- name: Basic auth
path: /protected
rewrite: /
destination: https://example.com
healthCheck:
cors: {}
middlewares:
- api-forbidden-paths
- basic-auth
#Defines proxy middlewares
# middleware name must be unique
middlewares:
# Enable Basic auth authorization based
- name: basic-auth
# Authentication types | jwt, basic, OAuth
type: basic
paths:
- /user
- /admin
- /account
rule:
username: admin
password: admin
#Enables JWT authorization based on the result of a request and continues the request.
- name: google-auth
# Authentication types | jwt, basic, OAuth
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
type: jwt
# Paths to protect
paths:
- /protected-access
- /example-of-jwt
#- /* or wildcard path
rule:
# This is an example URL
url: https://www.googleapis.com/auth/userinfo.email
# Required headers, if not present in the request, the proxy will return 403
requiredHeaders:
- Authorization
# You can also get headers from the authentication request result and inject them into the next request header or params.
# In case you want to get headers from the authentication service and inject them into the next request headers.
# Set the request variable to the given value after the authorization request completes.
# In case you want to get headers from the authentication service and inject them into the next request headers.
# Key is authentication request response header Key. Value is the next Request header Key.
headers:
userId: Auth-UserId
userCountryId: Auth-UserCountryId
# In case you want to get headers from the Authentication service and inject them to the next request params.
#Key is authentication request response header Key. Value is the next Request parameter Key.
params:
userCountryId: countryId
# The server will return 403
- name: api-forbidden-paths
type: access
## prevents access paths
paths:
- /swagger-ui/*
- /v2/swagger-ui/*
- /api-docs/*
- /internal/*
- /actuator/*
```

39
docs/quickstart/gateway.md Normal file
View File

@@ -0,0 +1,39 @@
---
title: Gateway
layout: default
parent: Quickstart
nav_order: 1
---
# Gateway
```yaml
version: 1.0
gateway:
sslCertFile: cert.pem
sslKeyFile: key.pem
writeTimeout: 15
readTimeout: 15
idleTimeout: 30
# Rate limiting
rateLimiter: 0
accessLog: /dev/Stdout
errorLog: /dev/stderr
disableRouteHealthCheckError: false
disableDisplayRouteOnStart: false
disableKeepAlive: false
disableHealthCheckStatus: false
blockCommonExploits: true
interceptErrors:
- 500
cors:
origins:
- http://localhost:8080
- https://example.com
headers:
Access-Control-Allow-Credentials: "true"
Access-Control-Allow-Headers: Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id
Access-Control-Max-Age: "1728000"
routes:
```

54
docs/quickstart/healthcheck.md Normal file
View File

@@ -0,0 +1,54 @@
---
title: Healthcheck
layout: default
parent: Quickstart
nav_order: 5
---
# Healthcheck
Goma comes with routes healthcheck, that can be enabled and disabled.
- Goma Gateway healthcheck: `/health/live`
- Routes health check: `health/routes`
### Gateway healthcheck response:
```json
{
"name": "Service Gateway",
"status": "healthy",
"error": ""
}
```
### Routes healthcheck response:
```json
{
"status": "healthy",
"routes": [
{
"name": "order-service",
"status": "healthy",
"error": ""
},
{
"name": "notification-service",
"status": "healthy",
"error": ""
},
{
"name": "store-service",
"status": "healthy",
"error": ""
},
{
"name": "account-service",
"status": "healthy",
"error": ""
}
]
}
```

8
docs/quickstart/index.md Normal file
View File

@@ -0,0 +1,8 @@
---
title: Quickstart
layout: default
nav_order: 3
has_children: true
---
## Quickstart

12
docs/quickstart/loadbalanging.md Normal file
View File

@@ -0,0 +1,12 @@
---
title: Load Balancing
layout: default
parent: Quickstart
nav_order: 4
---
# Load Balancing

12
docs/route.md → docs/quickstart/route.md
View File

@@ -1,17 +1,21 @@
--- ---
title: Routes title: Route
layout: default layout: default
nav_order: 3 parent: Quickstart
nav_order: 2
--- ---
## Routes # Route
The Route allows you to match on HTTP traffic and direct it to the backend. The Route allows you to match on HTTP traffic and direct it to the backend.
### Example of a route ### Example of a route
```yaml ```yaml
version: 1.0
gateway:
routes:
- name: Example - name: Example
path: /store/cart path: /store/cart
rewrite: /cart rewrite: /cart

19
docs/quickstart/ssl.md Normal file
View File

@@ -0,0 +1,19 @@
---
title: SSL Certificate
layout: default
parent: Quickstart
nav_order: 4
---
# SSL Certificate
```yaml
version: 1.0
gateway:
sslCertFile: cert.pem
sslKeyFile: key.pem
```

1
docs/robots.txt Normal file
View File

@@ -0,0 +1 @@
User-agent: *

8
docs/upgrade/index.md Normal file
View File

@@ -0,0 +1,8 @@
---
title: Upgrade Notes
layout: default
nav_order: 5
has_children: true
---
## Upgrade Notes

2
examples/configMap.yaml
View File

@@ -5,7 +5,7 @@ metadata:
data: data:
goma.yml: | goma.yml: |
# Goma Gateway configurations # Goma Gateway configurations
version: 0.1.7 version: 1.0
gateway: gateway:
# Proxy write timeout # Proxy write timeout
writeTimeout: 15 writeTimeout: 15

2
examples/goma.yml
View File

@@ -1,5 +1,5 @@
# Goma Gateway configurations # Goma Gateway configurations
version: 0.1.7 version: 1.0
gateway: gateway:
# Proxy write timeout # Proxy write timeout
writeTimeout: 15 writeTimeout: 15

1
goma.yml
View File

@@ -1,4 +1,5 @@
# Goma Gateway configurations # Goma Gateway configurations
version: 1.0
gateway: gateway:
# Proxy write timeout # Proxy write timeout
writeTimeout: 15 writeTimeout: 15