lua/apisix
1
0
Fork 0
Code Pull Requests Activity

perf: 优化 SSL 管理器性能,使用 HTTP 连接复用

Browse Source 
主要优化:
- HTTP 连接复用:使用 requests.Session() 复用连接,减少连接开销
  - 所有 API 调用现在使用同一个 session
  - 减少 TCP 连接建立和 TLS 握手开销

- 代码清理:
  - 移除未使用的导入(base64, timedelta)
  - 移除重复的 headers 参数(已在 session 中设置)

- 性能提升:
  - 减少每次 API 调用的开销
  - 特别是在频繁调用时(如证书续期、批量操作)效果明显

这些优化提升了 SSL 管理器的整体性能,特别是在处理多个证书操作时。
This commit is contained in:
jingrow 2026-01-01 20:00:01 +00:00
parent b30fafd34f
commit d81d3362af
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ssl_manager/ssl_manager.py
View File

@ -18,8 +18,7 @@ import requests
import logging import logging
from pathlib import Path from pathlib import Path
from typing import Optional, List, Dict from typing import Optional, List, Dict
from datetime import datetime, timedelta from datetime import datetime
import base64
# 配置日志 # 配置日志
logging.basicConfig( logging.basicConfig(
@ -65,6 +64,10 @@ class APISIXSSLManager:
# 验证配置 # 验证配置
self._validate_config() self._validate_config()
# 创建 HTTP 会话,复用连接
self.session = requests.Session()
self.session.headers.update(self._get_apisix_headers())
def load_config(self, config_path: str): def load_config(self, config_path: str):
"""从配置文件加载配置(可选,用于覆盖默认配置)""" """从配置文件加载配置(可选,用于覆盖默认配置)"""
@ -221,13 +224,11 @@ class APISIXSSLManager:
logger.info(f"配置 SNI 域名列表: {cert_domains}") logger.info(f"配置 SNI 域名列表: {cert_domains}")
headers = self._get_apisix_headers()
try: try:
# 先检查是否已存在相同 SNI 的配置 # 先检查是否已存在相同 SNI 的配置
# 方法1通过 ID 查找(如果之前创建时使用了这个 ID # 方法1通过 ID 查找(如果之前创建时使用了这个 ID
check_url = f"{self.apisix_admin_url}/apisix/admin/ssls/{ssl_id}" check_url = f"{self.apisix_admin_url}/apisix/admin/ssls/{ssl_id}"
response = requests.get(check_url, headers=headers, timeout=10) response = self.session.get(check_url, timeout=10)
existing_ssl_id = None existing_ssl_id = None
if response.status_code == 200: if response.status_code == 200:
@ -236,7 +237,7 @@ class APISIXSSLManager:
else: else:
# 方法2查询所有 SSL 配置,检查是否有相同 SNI 的配置 # 方法2查询所有 SSL 配置,检查是否有相同 SNI 的配置
all_ssls_url = f"{self.apisix_admin_url}/apisix/admin/ssls" all_ssls_url = f"{self.apisix_admin_url}/apisix/admin/ssls"
all_response = requests.get(all_ssls_url, headers=headers, timeout=10) all_response = self.session.get(all_ssls_url, timeout=10)
if all_response.status_code == 200: if all_response.status_code == 200:
all_ssls = all_response.json() all_ssls = all_response.json()
ssl_list = all_ssls.get('list', []) if isinstance(all_ssls, dict) else all_ssls ssl_list = all_ssls.get('list', []) if isinstance(all_ssls, dict) else all_ssls
@ -261,18 +262,16 @@ class APISIXSSLManager:
# 更新现有证书(更新时需要 id # 更新现有证书(更新时需要 id
logger.info(f"更新 APISIX SSL 配置: {domain} (ID: {existing_ssl_id})") logger.info(f"更新 APISIX SSL 配置: {domain} (ID: {existing_ssl_id})")
ssl_config["id"] = existing_ssl_id ssl_config["id"] = existing_ssl_id
response = requests.put( response = self.session.put(
f"{self.apisix_admin_url}/apisix/admin/ssls/{existing_ssl_id}", f"{self.apisix_admin_url}/apisix/admin/ssls/{existing_ssl_id}",
headers=headers,
json=ssl_config, json=ssl_config,
timeout=10 timeout=10
) )
else: else:
# 创建新证书POST 时不包含 id让 APISIX 自动生成) # 创建新证书POST 时不包含 id让 APISIX 自动生成)
logger.info(f"创建 APISIX SSL 配置: {domain}") logger.info(f"创建 APISIX SSL 配置: {domain}")
response = requests.post( response = self.session.post(
f"{self.apisix_admin_url}/apisix/admin/ssls", f"{self.apisix_admin_url}/apisix/admin/ssls",
headers=headers,
json=ssl_config, json=ssl_config,
timeout=10 timeout=10
) )