2019-10-31 09:27:28 +08:00
|
|
|
#
|
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
|
|
# this work for additional information regarding copyright ownership.
|
|
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
|
# (the "License"); you may not use this file except in compliance with
|
|
|
|
# the License. You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
2019-06-03 16:15:57 +08:00
|
|
|
apisix:
|
2019-09-09 17:42:20 +08:00
|
|
|
node_listen: 9080 # APISIX listening port
|
2019-06-13 12:01:36 +08:00
|
|
|
enable_admin: true
|
2019-12-24 14:44:42 +08:00
|
|
|
enable_admin_cors: true # Admin API support CORS response headers.
|
2019-07-27 09:10:06 +08:00
|
|
|
enable_debug: false
|
2019-12-05 00:09:20 +08:00
|
|
|
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
|
2020-02-09 17:19:45 +08:00
|
|
|
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
|
2019-08-24 09:10:11 +08:00
|
|
|
enable_ipv6: true
|
2019-09-09 17:42:20 +08:00
|
|
|
config_center: etcd # etcd: use etcd to store the config value
|
|
|
|
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
|
2020-02-12 10:53:20 +08:00
|
|
|
|
|
|
|
#proxy_protocol: # Proxy Protocol configuration
|
|
|
|
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
|
|
|
|
# This port can only receive http request with proxy protocol, but node_listen & port_admin
|
|
|
|
# can only receive http request. If you enable proxy protocol, you must use this port to
|
|
|
|
# receive http request with proxy protocol
|
|
|
|
# listen_https_port: 9182 # The port with proxy protocol for https
|
|
|
|
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
|
|
|
|
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
|
|
|
|
|
2020-03-15 22:26:08 +08:00
|
|
|
proxy_cache: # Proxy Caching configuration
|
|
|
|
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
|
|
|
|
zones: # The parameters of a cache
|
|
|
|
- name: disk_cache_one # The name of the cache, administrator can be specify
|
|
|
|
# which cache to use by name in the admin api
|
|
|
|
memory_size: 50m # The size of shared memory, it's used to store the cache index
|
|
|
|
disk_size: 1G # The size of disk, it's used to store the cache data
|
|
|
|
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
|
|
|
|
cache_levels: "1:2" # The hierarchy levels of a cache
|
|
|
|
# - name: disk_cache_two
|
|
|
|
# memory_size: 50m
|
|
|
|
# disk_size: 1G
|
|
|
|
# disk_path: "/tmp/disk_cache_two"
|
|
|
|
# cache_levels: "1:2"
|
|
|
|
|
2020-04-15 22:39:11 +08:00
|
|
|
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
|
|
|
|
- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
|
2019-08-29 15:55:13 +08:00
|
|
|
# - "::/64"
|
2019-08-04 02:06:42 +08:00
|
|
|
# port_admin: 9180 # use a separate port
|
2020-06-07 21:02:50 +08:00
|
|
|
# https_admin: true # enable HTTPS when use a separate port for Admin API.
|
2020-07-21 11:41:11 +08:00
|
|
|
# Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate.
|
|
|
|
admin_api_mtls: # Depends on `port_admin` and `https_admin`.
|
|
|
|
admin_ssl_cert: "" # Path of your self-signed server side cert.
|
|
|
|
admin_ssl_cert_key: "" # Path of your self-signed server side key.
|
|
|
|
admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates.
|
2020-03-05 14:48:27 +08:00
|
|
|
|
|
|
|
# Default token when use API to call for Admin API.
|
|
|
|
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
|
|
|
|
# Disabling this configuration item means that the Admin API does not
|
|
|
|
# require any authentication.
|
|
|
|
admin_key:
|
|
|
|
-
|
|
|
|
name: "admin"
|
|
|
|
key: edd1c9f034335f136f87ad84b625c8f1
|
|
|
|
role: admin # admin: manage all configuration data
|
|
|
|
# viewer: only can view configuration data
|
|
|
|
-
|
|
|
|
name: "viewer"
|
|
|
|
key: 4054f7cf07e344346cd3f287985e76a2
|
|
|
|
role: viewer
|
2020-07-29 19:25:30 +08:00
|
|
|
|
|
|
|
delete_uri_tail_slash: false # delete the '/' at the end of the URI
|
2019-08-04 02:06:42 +08:00
|
|
|
router:
|
2019-10-12 14:24:34 +08:00
|
|
|
http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)
|
|
|
|
# radixtree_host_uri: match route by host + uri(base on radixtree)
|
2019-10-23 12:59:22 +08:00
|
|
|
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
|
2019-09-12 13:27:18 +08:00
|
|
|
# stream_proxy: # TCP/UDP proxy
|
|
|
|
# tcp: # TCP proxy port list
|
|
|
|
# - 9100
|
|
|
|
# - 9101
|
|
|
|
# udp: # UDP proxy port list
|
|
|
|
# - 9200
|
|
|
|
# - 9211
|
2020-04-02 09:16:24 +08:00
|
|
|
# dns_resolver: # If not set, read from `/etc/resolv.conf`
|
|
|
|
# - 1.1.1.1
|
|
|
|
# - 8.8.8.8
|
2020-02-19 20:30:34 +08:00
|
|
|
dns_resolver_valid: 30 # valid time for dns result 30 seconds
|
2020-03-26 09:48:18 +08:00
|
|
|
resolver_timeout: 5 # resolver timeout
|
2019-10-10 22:28:58 +08:00
|
|
|
ssl:
|
|
|
|
enable: true
|
|
|
|
enable_http2: true
|
|
|
|
listen_port: 9443
|
2020-06-23 16:03:19 +08:00
|
|
|
ssl_protocols: "TLSv1.2 TLSv1.3"
|
|
|
|
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
2020-06-13 16:10:27 +08:00
|
|
|
key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin ssl key into etcd.
|
|
|
|
# If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC
|
2020-06-22 14:45:55 +08:00
|
|
|
# !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
|
2020-05-14 23:20:44 +08:00
|
|
|
# discovery: eureka # service discovery center
|
2019-10-15 19:59:40 +08:00
|
|
|
nginx_config: # config for render the template to genarate nginx.conf
|
|
|
|
error_log: "logs/error.log"
|
|
|
|
error_log_level: "warn" # warn,error
|
2020-02-02 09:13:34 +08:00
|
|
|
worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections
|
2020-07-24 16:05:29 +08:00
|
|
|
worker_shutdown_timeout: 240s # timeout for a graceful shutdown of worker processes
|
2019-10-15 19:59:40 +08:00
|
|
|
event:
|
|
|
|
worker_connections: 10620
|
|
|
|
http:
|
|
|
|
access_log: "logs/access.log"
|
|
|
|
keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
|
|
|
|
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
|
|
|
|
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
|
|
|
|
send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
|
2020-01-10 15:17:17 +08:00
|
|
|
underscores_in_headers: "on" # default enables the use of underscores in client request header fields
|
2020-02-12 10:53:20 +08:00
|
|
|
real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
|
|
|
|
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
|
|
|
|
- 127.0.0.1
|
|
|
|
- 'unix:'
|
2020-03-31 10:22:58 +08:00
|
|
|
#lua_shared_dicts: # add custom shared cache to nginx.conf
|
|
|
|
# ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size`
|
2019-10-15 19:59:40 +08:00
|
|
|
|
2019-04-11 16:53:21 +08:00
|
|
|
etcd:
|
2020-03-19 08:01:41 +08:00
|
|
|
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
|
|
|
|
- "http://127.0.0.1:2379" # multiple etcd address
|
2019-08-12 09:04:41 +08:00
|
|
|
prefix: "/apisix" # apisix configurations prefix
|
2020-07-29 23:09:02 +08:00
|
|
|
timeout: 30 # 30 seconds
|
2020-06-26 17:25:58 +08:00
|
|
|
# user: root # root username for etcd
|
|
|
|
# password: 5tHkHhYkjr6cQY # root password for etcd
|
2020-05-14 23:20:44 +08:00
|
|
|
#eureka:
|
|
|
|
# host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster.
|
|
|
|
# - "http://127.0.0.1:8761"
|
|
|
|
# prefix: "/eureka/"
|
|
|
|
# fetch_interval: 30 # default 30s
|
|
|
|
# weight: 100 # default weight for node
|
|
|
|
# timeout:
|
|
|
|
# connect: 2000 # default 2000ms
|
|
|
|
# send: 2000 # default 2000ms
|
|
|
|
# read: 5000 # default 5000ms
|
|
|
|
|
2019-08-12 09:04:41 +08:00
|
|
|
plugins: # plugin list
|
2019-05-07 15:58:44 +08:00
|
|
|
- example-plugin
|
2019-05-20 16:50:43 +08:00
|
|
|
- limit-req
|
2019-05-21 11:17:46 +08:00
|
|
|
- limit-count
|
2019-07-26 17:16:31 +08:00
|
|
|
- limit-conn
|
2019-05-23 15:19:07 +08:00
|
|
|
- key-auth
|
2020-01-13 17:43:04 +08:00
|
|
|
- basic-auth
|
2019-05-24 22:38:40 +08:00
|
|
|
- prometheus
|
2019-06-22 08:24:02 +08:00
|
|
|
- node-status
|
2019-07-24 16:59:37 +08:00
|
|
|
- jwt-auth
|
2019-07-26 17:16:31 +08:00
|
|
|
- zipkin
|
2019-08-19 13:59:47 +08:00
|
|
|
- ip-restriction
|
2019-08-22 14:40:56 +08:00
|
|
|
- grpc-transcode
|
2019-08-26 10:37:36 +08:00
|
|
|
- serverless-pre-function
|
|
|
|
- serverless-post-function
|
2019-08-30 19:49:45 +08:00
|
|
|
- openid-connect
|
2019-09-27 15:14:49 +08:00
|
|
|
- proxy-rewrite
|
2019-10-31 10:19:22 +08:00
|
|
|
- redirect
|
2019-11-21 21:49:53 +08:00
|
|
|
- response-rewrite
|
2020-01-13 22:22:21 +08:00
|
|
|
- fault-injection
|
2020-01-17 23:30:05 +08:00
|
|
|
- udp-logger
|
2020-02-06 15:22:49 +08:00
|
|
|
- wolf-rbac
|
2020-03-15 09:22:13 +08:00
|
|
|
- tcp-logger
|
2020-03-25 08:26:45 +08:00
|
|
|
- kafka-logger
|
2020-03-29 10:30:59 +08:00
|
|
|
- cors
|
2020-06-08 12:49:46 +08:00
|
|
|
- consumer-restriction
|
2020-05-06 10:49:18 +08:00
|
|
|
- syslog
|
2020-04-29 21:40:45 +08:00
|
|
|
- batch-requests
|
2020-05-09 16:19:41 +08:00
|
|
|
- http-logger
|
2020-05-27 17:55:47 +08:00
|
|
|
- skywalking
|
2020-06-13 20:56:11 +08:00
|
|
|
- echo
|
2020-06-16 13:51:36 +08:00
|
|
|
- authz-keycloak
|
2020-06-22 14:45:55 +08:00
|
|
|
- uri-blocker
|
2020-07-21 21:38:48 +08:00
|
|
|
- request-validation
|
2020-08-05 00:20:04 +08:00
|
|
|
- proxy-cache
|
|
|
|
- proxy-mirror
|
2020-05-27 17:55:47 +08:00
|
|
|
|
2019-09-16 10:58:27 +08:00
|
|
|
stream_plugins:
|
|
|
|
- mqtt-proxy
|