apisix/conf/config.yaml

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apisix:
  node_listen: 9080              # APISIX listening port
  enable_heartbeat: true
  enable_admin: true
  enable_admin_cors: true         # Admin API support CORS response headers.
  enable_debug: false
  enable_dev_mode: false          # Sets nginx worker_processes to 1 if set to true
  enable_reuseport: true          # Enable nginx SO_REUSEPORT switch if set to true.
  enable_ipv6: true
  config_center: etcd             # etcd: use etcd to store the config value
                                  # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`

  #proxy_protocol:                 # Proxy Protocol configuration
  #  listen_http_port: 9181        # The port with proxy protocol for http, it differs from node_listen and port_admin.
                                   # This port can only receive http request with proxy protocol, but node_listen & port_admin
                                   # can only receive http request. If you enable proxy protocol, you must use this port to
                                   # receive http request with proxy protocol
  #  listen_https_port: 9182       # The port with proxy protocol for https
  #  enable_tcp_pp: true           # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
  #  enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server

  proxy_cache:                     # Proxy Caching configuration
    cache_ttl: 10s                 # The default caching time if the upstream does not specify the cache time
    zones:                         # The parameters of a cache
    - name: disk_cache_one         # The name of the cache, administrator can be specify
                                   # which cache to use by name in the admin api
      memory_size: 50m             # The size of shared memory, it's used to store the cache index
      disk_size: 1G                # The size of disk, it's used to store the cache data
      disk_path: "/tmp/disk_cache_one" # The path to store the cache data
      cache_levels: "1:2"           # The hierarchy levels of a cache
  #  - name: disk_cache_two
  #    memory_size: 50m
  #    disk_size: 1G
  #    disk_path: "/tmp/disk_cache_two"
  #    cache_levels: "1:2"

  allow_admin:                  # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
    - 127.0.0.0/24              # If we don't set any IP list, then any IP access is allowed by default.
  #   - "::/64"
  # port_admin: 9180              # use a separate port

  # Default token when use API to call for Admin API.
  # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
  # Disabling this configuration item means that the Admin API does not
  # require any authentication.
  admin_key:
    -
      name: "admin"
      key: edd1c9f034335f136f87ad84b625c8f1
      role: admin                 # admin: manage all configuration data
                                  # viewer: only can view configuration data
    -
      name: "viewer"
      key: 4054f7cf07e344346cd3f287985e76a2
      role: viewer
  router:
    http: 'radixtree_uri'         # radixtree_uri: match route by uri(base on radixtree)
                                  # radixtree_host_uri: match route by host + uri(base on radixtree)
    ssl: 'radixtree_sni'          # radixtree_sni: match route by SNI(base on radixtree)
  # stream_proxy:                 # TCP/UDP proxy
  #   tcp:                        # TCP proxy port list
  #     - 9100
  #     - 9101
  #   udp:                        # UDP proxy port list
  #     - 9200
  #     - 9211
  # dns_resolver:                   # If not set, read from `/etc/resolv.conf`
  #  - 1.1.1.1
  #  - 8.8.8.8
  dns_resolver_valid: 30          # valid time for dns result 30 seconds
  resolver_timeout: 5             # resolver timeout
  ssl:
    enable: true
    enable_http2: true
    listen_port: 9443
    ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
    ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
#  discovery: eureka               # service discovery center
nginx_config:                     # config for render the template to genarate nginx.conf
  error_log: "logs/error.log"
  error_log_level: "warn"         # warn,error
  worker_rlimit_nofile: 20480     # the number of files a worker process can open, should be larger than worker_connections
  event:
    worker_connections: 10620
  http:
    access_log: "logs/access.log"
    keepalive_timeout: 60s         # timeout during which a keep-alive client connection will stay open on the server side.
    client_header_timeout: 60s     # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
    client_body_timeout: 60s       # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
    send_timeout: 10s              # timeout for transmitting a response to the client.then the connection is closed
    underscores_in_headers: "on"   # default enables the use of underscores in client request header fields
    real_ip_header: "X-Real-IP"    # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
    real_ip_from:                  # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
      - 127.0.0.1
      - 'unix:'
    #lua_shared_dicts:              # add custom shared cache to nginx.conf
    #  ipc_shared_dict: 100m        # custom shared cache, format: `cache-key: cache-size`

etcd:
  host:                           # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
    - "http://127.0.0.1:2379"     # multiple etcd address
  prefix: "/apisix"               # apisix configurations prefix
  timeout: 3                      # 3 seconds

#eureka:
#  host:                           # it's possible to define multiple eureka hosts addresses of the same eureka cluster.
#    - "http://127.0.0.1:8761"
#  prefix: "/eureka/"
#  fetch_interval: 30              # default 30s
#  weight: 100                     # default weight for node
#  timeout:
#    connect: 2000                 # default 2000ms
#    send: 2000                    # default 2000ms
#    read: 5000                    # default 5000ms

plugins:                          # plugin list
  - example-plugin
  - limit-req
  - limit-count
  - limit-conn
  - key-auth
  - basic-auth
  - prometheus
  - node-status
  - jwt-auth
  - zipkin
  - ip-restriction
  - grpc-transcode
  - serverless-pre-function
  - serverless-post-function
  - openid-connect
  - proxy-rewrite
  - redirect
  - response-rewrite
  - fault-injection
  - udp-logger
  - wolf-rbac
  - proxy-cache
  - tcp-logger
  - proxy-mirror
  - kafka-logger
  - cors
  - syslog
  - batch-requests
  - http-logger
  - skywalking

stream_plugins:
  - mqtt-proxy
license: add ASF header. (#743) 2019-10-31 09:27:28 +08:00			`#`
			`# Licensed to the Apache Software Foundation (ASF) under one or more`
			`# contributor license agreements. See the NOTICE file distributed with`
			`# this work for additional information regarding copyright ownership.`
			`# The ASF licenses this file to You under the Apache License, Version 2.0`
			`# (the "License"); you may not use this file except in compliance with`
			`# the License. You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`#`
CLI: generated different nginx.conf for different OS. 2019-06-03 16:15:57 +08:00			`apisix:`
feature: support to load routes from local yaml file. (#464) * feature: support to load routes from local yaml file. 2019-09-09 17:42:20 +08:00			`node_listen: 9080 # APISIX listening port`
change: added a global swith to control if enable the feature heartbeat. optimize: used a shorter `user-agent` name. 2019-06-10 16:43:13 +08:00			`enable_heartbeat: true`
feature: implemented routes API for admin user, allowed user to manage route. (#79) * feature: supported to generate admin API basic configurations when the admin API is enabled. * feature: supported to manage route API for admin user, it contains: PUT, GET, DELETE and POST. * feature: used json schema to check if the request configuration is valid. 2019-06-13 12:01:36 +08:00			`enable_admin: true`
feature: added support CORS for /apisix/admin. (#982) 2019-12-24 14:44:42 +08:00			`enable_admin_cors: true # Admin API support CORS response headers.`
feature: supported debug mode. (#319) * feature: supported debug mode. print the plugin list which sort by priority. * feature: show the enabled plugin list in header for debug mode. 2019-07-27 09:10:06 +08:00			`enable_debug: false`
feature: added dev mode flag in config yaml to set the nginx worker_process to one (#926) 2019-12-05 00:09:20 +08:00			`enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true`
CLI: `bin/apisix` to support the SO_REUSEPORT (#1085) Fix #342 2020-02-09 17:19:45 +08:00			`enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.`
feature: support to match IPv6 request. (#341) * CLI: supported to listen IPv6. * feature: supported to match route by remote address. 2019-08-24 09:10:11 +08:00			`enable_ipv6: true`
feature: support to load routes from local yaml file. (#464) * feature: support to load routes from local yaml file. 2019-09-09 17:42:20 +08:00			`config_center: etcd # etcd: use etcd to store the config value`
			# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
feature: Add support for PROXY Protocol. (#1113) 2020-02-12 10:53:20 +08:00
			`#proxy_protocol: # Proxy Protocol configuration`
			`# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.`
			`# This port can only receive http request with proxy protocol, but node_listen & port_admin`
			`# can only receive http request. If you enable proxy protocol, you must use this port to`
			`# receive http request with proxy protocol`
			`# listen_https_port: 9182 # The port with proxy protocol for https`
			`# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option`
			`# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server`

feature: support for proxy caching plugin based on disk. (#1153) 2020-03-15 22:26:08 +08:00			`proxy_cache: # Proxy Caching configuration`
			`cache_ttl: 10s # The default caching time if the upstream does not specify the cache time`
			`zones: # The parameters of a cache`
			`- name: disk_cache_one # The name of the cache, administrator can be specify`
			`# which cache to use by name in the admin api`
			`memory_size: 50m # The size of shared memory, it's used to store the cache index`
			`disk_size: 1G # The size of disk, it's used to store the cache data`
			`disk_path: "/tmp/disk_cache_one" # The path to store the cache data`
			`cache_levels: "1:2" # The hierarchy levels of a cache`
			`# - name: disk_cache_two`
			`# memory_size: 50m`
			`# disk_size: 1G`
			`# disk_path: "/tmp/disk_cache_two"`
			`# cache_levels: "1:2"`

bugfix: only allow 127.0.0.1 access admin API and dashboard by default. (#1458) 2020-04-15 22:39:11 +08:00			`allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow`
			`- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.`
change: if we don't set any IP list, then any IP access is allowed by default for admin API. 2019-08-29 15:55:13 +08:00			`# - "::/64"`
feature: allowed to use different router. 2019-08-04 02:06:42 +08:00			`# port_admin: 9180 # use a separate port`
feature: supported key-based authentication to the dashboard. (#1169) 2020-03-05 14:48:27 +08:00
			`# Default token when use API to call for Admin API.`
			`# NOTE: Highly recommended to modify this value to protect APISIX's Admin API.`
			`# Disabling this configuration item means that the Admin API does not`
			`# require any authentication.`
			`admin_key:`
			`-`
			`name: "admin"`
			`key: edd1c9f034335f136f87ad84b625c8f1`
			`role: admin # admin: manage all configuration data`
			`# viewer: only can view configuration data`
			`-`
			`name: "viewer"`
			`key: 4054f7cf07e344346cd3f287985e76a2`
			`role: viewer`
feature: allowed to use different router. 2019-08-04 02:06:42 +08:00			`router:`
feature: support for `host + uri` as an index (radixtree) (#671) 2019-10-12 14:24:34 +08:00			`http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)`
			`# radixtree_host_uri: match route by host + uri(base on radixtree)`
change: removed router r3. (#725) 2019-10-23 12:59:22 +08:00			`ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)`
feature: support dynamic stream(TCP/UDP) proxy in apisix. (#501) * feature: support stream in apisix. * doc: added new feature in README. * CLI and added more doc. 2019-09-12 13:27:18 +08:00			`# stream_proxy: # TCP/UDP proxy`
			`# tcp: # TCP proxy port list`
			`# - 9100`
			`# - 9101`
			`# udp: # UDP proxy port list`
			`# - 9200`
			`# - 9211`
change: update to use the local DNS resolver by default (#1387) close #1378 2020-04-02 09:16:24 +08:00			# dns_resolver: # If not set, read from `/etc/resolv.conf`
			`# - 1.1.1.1`
			`# - 8.8.8.8`
bugfix: updated the dns parse result by TTL. (#1077) 2020-02-19 20:30:34 +08:00			`dns_resolver_valid: 30 # valid time for dns result 30 seconds`
feature: if the `dns_resolver` is not set in the file `conf/config.yaml`, use the resolver in local DNS. (#1217) Fix #1164 2020-03-26 09:48:18 +08:00			`resolver_timeout: 5 # resolver timeout`
feature: enabled HTTP2 and supported to set `ssl_protocols`. (#663) * feature: enabled HTTP2 and supported to set `ssl_protocols`. * bugfix: used default certificate if failed to load certificate by SNI. Fix #595. 2019-10-10 22:28:58 +08:00			`ssl:`
			`enable: true`
			`enable_http2: true`
			`listen_port: 9443`
			`ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"`
bugfix: set ssl_ciphers to `old` mode as default. (#667) 2019-10-11 11:30:47 +08:00			ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
feature: support discovery center (#1440) 2020-05-14 23:20:44 +08:00			`# discovery: eureka # service discovery center`
CLI: added more nginx configures in the config.yaml. 2019-10-15 19:59:40 +08:00			`nginx_config: # config for render the template to genarate nginx.conf`
			`error_log: "logs/error.log"`
			`error_log_level: "warn" # warn,error`
feature: make the number of file is as configurable as the connections. (#1098) 2020-02-02 09:13:34 +08:00			`worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections`
CLI: added more nginx configures in the config.yaml. 2019-10-15 19:59:40 +08:00			`event:`
			`worker_connections: 10620`
			`http:`
			`access_log: "logs/access.log"`
			`keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.`
			`client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client`
			`client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client`
			`send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed`
feature: chash key support more flexible ways (#1022) upstream add hash_on, chash key support more flexible ways routes and services admin api add upstream_conf check 2020-01-10 15:17:17 +08:00			`underscores_in_headers: "on" # default enables the use of underscores in client request header fields`
feature: Add support for PROXY Protocol. (#1113) 2020-02-12 10:53:20 +08:00			`real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header`
			`real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from`
			`- 127.0.0.1`
			`- 'unix:'`
feature: Allow add custom shared dict (#1367) 2020-03-31 10:22:58 +08:00			`#lua_shared_dicts: # add custom shared cache to nginx.conf`
			# ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size`
CLI: added more nginx configures in the config.yaml. 2019-10-15 19:59:40 +08:00
feature: supported to load config from YAML config. 2019-04-11 16:53:21 +08:00			`etcd:`
feature: support multiple etcd address. (#1283) 2020-03-19 08:01:41 +08:00			`host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.`
			`- "http://127.0.0.1:2379" # multiple etcd address`
feature: supported to use router `lua-resty-radixtree`. (#391) * feature: supported new router `lua-resty-radixtree`. * change(nginx.conf): sync from CLI. 2019-08-12 09:04:41 +08:00			`prefix: "/apisix" # apisix configurations prefix`
optimize: avoid concat string object, and kept source route id and se… (#738) * optimize: avoid concat string object, and kept source route id and service id. * default config: changed the timeout of etcd to 3 sec. 2019-10-28 15:57:30 +08:00			`timeout: 3 # 3 seconds`
change: added doc of how to load plugin. (#1) 2019-05-06 10:14:39 +08:00
feature: support discovery center (#1440) 2020-05-14 23:20:44 +08:00			`#eureka:`
			`# host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster.`
			`# - "http://127.0.0.1:8761"`
			`# prefix: "/eureka/"`
			`# fetch_interval: 30 # default 30s`
			`# weight: 100 # default weight for node`
			`# timeout:`
			`# connect: 2000 # default 2000ms`
			`# send: 2000 # default 2000ms`
			`# read: 5000 # default 5000ms`

feature: supported to use router `lua-resty-radixtree`. (#391) * feature: supported new router `lua-resty-radixtree`. * change(nginx.conf): sync from CLI. 2019-08-12 09:04:41 +08:00			`plugins: # plugin list`
change: used '###-##-###' as the name style of plugin. 2019-05-07 15:58:44 +08:00			`- example-plugin`
feature: implemented new feature `limit-req`. 2019-05-20 16:50:43 +08:00			`- limit-req`
feature: implemented plugin `limit-count`. 2019-05-21 11:17:46 +08:00			`- limit-count`
feature: supported zipkin plugin. (#304) 2019-07-26 17:16:31 +08:00			`- limit-conn`
feature: added `core.request` module. 2019-05-23 15:19:07 +08:00			`- key-auth`
feature: add basic-auth plugin (#1029) 2020-01-13 17:43:04 +08:00			`- basic-auth`
feature: implemented plugin `prometheus`. 2019-05-24 22:38:40 +08:00			`- prometheus`
feature: supported to collect nginx status and pushed it to etcd. (#149) * feature: supported to collect nginx status and pushed it to etcd. * the return value of the exported api is the same as the other methods in the plugin. 2019-06-22 08:24:02 +08:00			`- node-status`
feature: supported JWT plugin and added test cases. 2019-07-24 16:59:37 +08:00			`- jwt-auth`
feature: supported zipkin plugin. (#304) 2019-07-26 17:16:31 +08:00			`- zipkin`
feature: added IPv4 whitelist/blacklist plugin `ip-restriction` (#398) 2019-08-19 13:59:47 +08:00			`- ip-restriction`
change: renamed plugin `grpc-proxy` to `grpc-transcode`. 2019-08-22 14:40:56 +08:00			`- grpc-transcode`
feature: added serverless plugins. (#86) 2019-08-26 10:37:36 +08:00			`- serverless-pre-function`
			`- serverless-post-function`
feature: implemented openid-connect plugin. (#447) 2019-08-30 19:49:45 +08:00			`- openid-connect`
feature(plugin): rewrite upstream info with plugin `proxy-rewrite` (#594) * test: add `proxy-rewrite` plugin test cases 2019-09-27 15:14:49 +08:00			`- proxy-rewrite`
feature: supported `redirect` plugin. (#732) 2019-10-31 10:19:22 +08:00			`- redirect`
plugin: implement plugin `response rewrite` 2019-11-21 21:49:53 +08:00			`- response-rewrite`
feature: implemented new `fault-injection` plugin. (#1042) 2020-01-13 22:22:21 +08:00			`- fault-injection`
feature: add UDP logger plugin (#1070) 2020-01-17 23:30:05 +08:00			`- udp-logger`
feature: Add wolf rbac plugin (#1095) 2020-02-06 15:22:49 +08:00			`- wolf-rbac`
feature: support for proxy caching plugin based on disk. (#1153) 2020-03-15 22:26:08 +08:00			`- proxy-cache`
feature: implemented tcp logger plugin. (#1221) 2020-03-15 09:22:13 +08:00			`- tcp-logger`
feautre: support for proxy mirror plugin. (#1288) 2020-03-19 08:10:03 +08:00			`- proxy-mirror`
feature: add Kafka Logger plugin. (#1312) 2020-03-25 08:26:45 +08:00			`- kafka-logger`
feature: add cors plugin (#1327) 2020-03-29 10:30:59 +08:00			`- cors`
feature: implemented plugin `sys logger`. (#1414) 2020-05-06 10:49:18 +08:00			`- syslog`
feature: add batch request plugin. (#1388) 2020-04-29 21:40:45 +08:00			`- batch-requests`
plugin: add HTTP logger for APISIX (#1396) 2020-05-09 16:19:41 +08:00			`- http-logger`
feature: add skywalking plugin. (#1241) 2020-05-27 17:55:47 +08:00			`- skywalking`

feature: supported to added pluings to stream routes. (#513) * feature: supported to added pluings to stream routes. * feature: supported MQTT protocol. 2019-09-16 10:58:27 +08:00			`stream_plugins:`
			`- mqtt-proxy`