오픈베이스 Technical Service Center

Prepare

LAB Build
- Docker-Ce & Docker-Compose Install
- API Server Deploy (Apache / MySQL )
  - GIT : https://github.com/jcnewell/ergast-f1-api#ergast-local-api-server
    - 약간의 Code 변경 필요
  - API 정보 http://ergast.com/mrd
- Deployment Guide
```
unzip lab.zip
cd ergast-f1-api-master

docker-compose up -d 
```
- Lab Check
```
curl 127.0.0.1:8000/api/f1/2017.json
```

NGINX Config 1 - API GW

/etc/nginx/conf.d/apigw.conf

upstream api-backend {
    server 127.0.0.1:8000;
}

server {
    listen 8443;

    location /api/f1/drivers {
        proxy_pass http://api-backend;
    }
    location /api/f1/seasons {
        proxy_pass http://api-backend;
    }
    location /api/f1/circuits {
        proxy_pass http://api-backend;
    }
}

Test

CURL Test

curl http://10.250.11.97:8443/api/f1/drivers
curl http://10.250.11.97:8443/api/f1/seasons
curl http://10.250.11.97:8443/api/f1/circuits

NGINX Config 2 - SSL Termination

SSL 인증서 발급

mkdir -p /etc/ssl/nginx/test.example.com/
cd /etc/ssl/nginx/test.example.com/
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -subj "/C=CN/ST=Seoul/L=Seoul/O=example/OU=Personal/CN=test.example.com" -keyout test.example.com.key -out test.example.com.crt

ls -alth /etc/ssl/nginx/test.example.com/

Host 수정 ( or curl -H "Host : 활용 )

echo "10.250.11.97 test.example.com" >> /etc/hosts

cat /etc/hosts

/etc/nginx/conf.d/apigw.conf

upstream api-backend {
    server 127.0.0.1:8000;
}

server {
    listen 8443 ssl;
    server_name test.example.com;
    ssl_certificate /etc/ssl/nginx/test.example.com/test.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/tesㄷt.example.com/test.example.com.key;
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1; 
    ssl_prefer_server_ciphers on; 

    location /api/f1/drivers {
        proxy_pass http://api-backend;
    }
    location /api/f1/seasons {
        proxy_pass http://api-backend;
    }
    location /api/f1/circuits {
        proxy_pass http://api-backend;
    }
}

Test

Curl Test

[root@sglee test.example.com]# curl -k -vI  -H "Host:test.example.com" https://10.250.11.97:8443/api/f1/drivers
* About to connect() to 10.250.11.97 port 8443 (#0)
*   Trying 10.250.11.97...
* Connected to 10.250.11.97 (10.250.11.97) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=test.example.com,OU=Personal,O=example,L=Seoul,ST=Seoul,C=CN
*       start date: May 09 07:31:52 2023 GMT
*       expire date: May 08 07:31:52 2024 GMT
*       common name: test.example.com
*       issuer: CN=test.example.com,OU=Personal,O=example,L=Seoul,ST=Seoul,C=CN
> HEAD /api/f1/drivers HTTP/1.1
> User-Agent: curl/7.29.0
> Accept: */*
> Host:test.example.com
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx/1.23.2
Server: nginx/1.23.2
< Date: Tue, 09 May 2023 07:51:46 GMT
Date: Tue, 09 May 2023 07:51:46 GMT
< Content-Type: application/xml; charset=utf-8
Content-Type: application/xml; charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< X-Powered-By: PHP/5.5.9-1ubuntu4.29
X-Powered-By: PHP/5.5.9-1ubuntu4.29
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *

< 
* Connection #0 to host 10.250.11.97 left intact
[root@sglee test.example.com]#

NGINX Plus - API GW & SSL Termination 인쇄

Prepare

NGINX Config 1 - API GW

Test

NGINX Config 2 - SSL Termination

Test

관련 아티클