# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # master_process on; worker_processes 1; error_log logs/error.log warn; pid logs/nginx.pid; worker_rlimit_nofile 20480; events { accept_mutex off; worker_connections 10620; } worker_rlimit_core 500M; working_directory /tmp/apisix_cores/; worker_shutdown_timeout 3; http { lua_package_path "$prefix/deps/share/lua/5.1/?.lua;$prefix/lua/?.lua;/usr/share/lua/5.1/?.lua;;"; lua_package_cpath "$prefix/deps/lib64/lua/5.1/?.so;$prefix/deps/lib/lua/5.1/?.so;/usr/lib64/lua/5.1/?.so;;"; lua_shared_dict plugin-limit-req 10m; lua_shared_dict plugin-limit-count 10m; lua_shared_dict prometheus-metrics 10m; lua_shared_dict plugin-limit-conn 10m; lua_shared_dict upstream-healthcheck 10m; lua_shared_dict worker-events 10m; # for openid-connect plugin lua_shared_dict discovery 1m; # cache for discovery metadata documents lua_shared_dict jwks 1m; # cache for JWKs lua_shared_dict introspection 10m; # cache for JWT verification results lua_ssl_verify_depth 5; ssl_session_timeout 86400; lua_socket_log_errors off; resolver 114.114.114.114 ipv6=off local=on; resolver_timeout 5; lua_http10_buffering off; lua_regex_match_limit 100000; lua_regex_cache_max_entries 8192; log_format main '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time'; access_log logs/access.log main buffer=32768 flush=3; open_file_cache max=1000 inactive=60; client_max_body_size 0; server_tokens off; more_set_headers 'Server: APISIX web server'; include mime.types; real_ip_header X-Real-IP; set_real_ip_from 127.0.0.1; set_real_ip_from unix:; upstream apisix_backend { server 0.0.0.1; balancer_by_lua_block { apisix.http_balancer_phase() } keepalive 320; } init_by_lua_block { require "resty.core" apisix = require("apisix") apisix.http_init() } init_worker_by_lua_block { apisix.http_init_worker() } server { listen 9080; listen 9443 ssl http2; ssl_certificate cert/apisix.crt; ssl_certificate_key cert/apisix.key; ssl_session_cache shared:SSL:1m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA; ssl_prefer_server_ciphers on; location = /apisix/nginx_status { allow 127.0.0.0/24; deny all; access_log off; stub_status; } location /apisix/admin { content_by_lua_block { apisix.http_admin() } } location /apisix/dashboard { index index.html; alias dashboard/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-PORT $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; try_files $uri $uri/ /index.html; } ssl_certificate_by_lua_block { apisix.http_ssl_phase() } location / { set $upstream_scheme 'http'; set $upstream_host $host; set $upstream_upgrade ''; set $upstream_connection ''; set $upstream_uri ''; access_by_lua_block { apisix.http_access_phase() } proxy_http_version 1.1; proxy_set_header Host $upstream_host; proxy_set_header Upgrade $upstream_upgrade; proxy_set_header Connection $upstream_connection; proxy_set_header X-Real-IP $remote_addr; proxy_pass_header Server; proxy_pass_header Date; proxy_pass $upstream_scheme://apisix_backend$upstream_uri; header_filter_by_lua_block { apisix.http_header_filter_phase() } body_filter_by_lua_block { apisix.http_body_filter_phase() } log_by_lua_block { apisix.http_log_phase() } } location @grpc_pass { access_by_lua_block { apisix.grpc_access_phase() } grpc_set_header Content-Type application/grpc; grpc_socket_keepalive on; grpc_pass grpc://apisix_backend; header_filter_by_lua_block { apisix.http_header_filter_phase() } body_filter_by_lua_block { apisix.http_body_filter_phase() } log_by_lua_block { apisix.http_log_phase() } } } }