Commit Graph

18 Commits

Author SHA1 Message Date
Yousa
0ff2ab8242
fix: disable ssl_session_tickets by default (#2641)
fix #2638

In a word, 'ssl_session_tickets' would make Perfect Forward Secrecy useless.

reference:
ingress-nginx:kubernetes/ingress-nginx#6196
mozilla:mozilla/server-side-tls#135
2020-11-09 22:44:26 +08:00
罗泽轩
ebf0563a40
change: disable skywalking by default. (#2632)
* fix: disable skywalking by default.

Close #2623.

* trailing sw

* clean test
2020-11-09 08:12:52 +08:00
Alex Zhang
188355494d
feat: hide APISIX version from Server header. (#2639)
Sometimes expose version is dangerous, which can be utilized by
malicious crackers when there are some security bugs in that version.
2020-11-07 00:04:28 +08:00
Alex Zhang
5191374545
feat: support TLS connection with etcd. (#2548)
Support the TLS connection when communicating with etcd cluster. We added a configuration item to custom the certificate verification. Whether to setup TLS connection or not depends on the endpoints' scheme, for instance, when endpoints are:

```
etcd:
  host:
    - "https://127.0.0.1:2379"
    - "https://127.0.0.1:3379"
```

APISIX will originate TLS connection automatically, and the Server Name Indication extention will be set by the endpoint host (`127.0.0.1` in above case). Note by default APISIX will verify the certificate, close the verification in configuration explicitly if you want to bypass it.

```
etcd:
  tls:
    verfiy: false
```
2020-11-03 13:53:39 +08:00
shoogoome
fff4d14a0d
feature: support multiple service discovery (#2556)
support multiple service discovery,then we can switch it in upstream
2020-10-30 20:34:10 +08:00
YuanSheng Wang
f2f5ab9766
feat: support json encoding escape for access logs (#2269)
fix #2266 .
2020-10-30 16:07:24 +08:00
罗泽轩
b6eb6f4842
change: rename APIX_WORKER_PROCESSES to APISIX_WORKER_PROCESSES (#2552)
Close #2517.
2020-10-30 08:14:04 +08:00
YuanSheng Wang
b23475fcba
feat: upgrade skywalking plugin to support skywalking 8.0 . (#2389) 2020-10-29 15:29:52 +08:00
Alex Zhang
d87ce33485
feature: support injecting lua_ssl_trusted_certificate. (#2519) 2020-10-28 06:49:20 +08:00
YuanSheng Wang
6a7dfa6775
feat: implement api breaker plugin. (#2455)
Co-authored-by: liuheng <liuhengloveyou@gmail.com>
2020-10-27 13:40:23 +08:00
Vinci Xu
1a6fb8ec2c
feat(CLI): worker and cpu optimization (#2153) 2020-10-22 16:28:26 +08:00
罗泽轩
5b97223592
feat: implemented referer-restriction plugin (#2352) 2020-10-06 18:20:17 +08:00
nic-chen
84ce7ba781
feat: add AK/SK(HMAC) auth plugin. (#2192) 2020-09-16 14:27:56 +08:00
罗泽轩
b6354ec33e
feat: allow to limit client body size to protect the service (#2214) 2020-09-15 21:58:30 +08:00
seven dickens
312a97c96f
feat: define env in nginx.conf template (#2174)
Co-authored-by: lixiangyang <lixiangyang@dragonest.com>
2020-09-14 18:12:29 +08:00
nic-chen
c54aec8f6c
feat: support custom access log format (#2122)
fix #2009
2020-08-26 16:51:44 +08:00
YuanSheng Wang
9070a4fa95
feature: implemented plugin log-rotate, rotate log by interval time. (#2097) 2020-08-26 16:40:36 +08:00
YuanSheng Wang
cf882bda1e
feature: divide config.yaml into two files config-custom.yaml & confi… (#2023)
* feature: divide config.yaml into two files config-custom.yaml & config-default.yaml .

fix #1923
2020-08-18 20:18:55 +08:00