mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-14 17:01:20 +08:00
0e10fa6c68
* feature: enabled HTTP2 and supported to set `ssl_protocols`. * bugfix: used default certificate if failed to load certificate by SNI. Fix #595.
183 lines
5.1 KiB
Nginx Configuration File
183 lines
5.1 KiB
Nginx Configuration File
master_process on;
|
|
|
|
worker_processes 1;
|
|
|
|
error_log logs/error.log warn;
|
|
pid logs/nginx.pid;
|
|
|
|
worker_rlimit_nofile 20480;
|
|
|
|
events {
|
|
accept_mutex off;
|
|
worker_connections 10620;
|
|
}
|
|
|
|
worker_rlimit_core 500M;
|
|
working_directory /tmp/apisix_cores/;
|
|
|
|
worker_shutdown_timeout 3;
|
|
|
|
|
|
http {
|
|
lua_package_path "$prefix/deps/share/lua/5.1/?.lua;$prefix/lua/?.lua;/usr/share/lua/5.1/?.lua;;";
|
|
lua_package_cpath "$prefix/deps/lib64/lua/5.1/?.so;$prefix/deps/lib/lua/5.1/?.so;/usr/lib64/lua/5.1/?.so;;";
|
|
|
|
lua_shared_dict plugin-limit-req 10m;
|
|
lua_shared_dict plugin-limit-count 10m;
|
|
lua_shared_dict prometheus-metrics 10m;
|
|
lua_shared_dict plugin-limit-conn 10m;
|
|
lua_shared_dict upstream-healthcheck 10m;
|
|
lua_shared_dict worker-events 10m;
|
|
|
|
# for openid-connect plugin
|
|
lua_shared_dict discovery 1m; # cache for discovery metadata documents
|
|
lua_shared_dict jwks 1m; # cache for JWKs
|
|
lua_shared_dict introspection 10m; # cache for JWT verification results
|
|
|
|
lua_ssl_verify_depth 5;
|
|
ssl_session_timeout 86400;
|
|
|
|
lua_socket_log_errors off;
|
|
|
|
resolver 114.114.114.114 ipv6=off local=on;
|
|
resolver_timeout 5;
|
|
|
|
lua_http10_buffering off;
|
|
|
|
lua_regex_match_limit 100000;
|
|
lua_regex_cache_max_entries 8192;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time';
|
|
|
|
access_log logs/access.log main buffer=32768 flush=3;
|
|
open_file_cache max=1000 inactive=60;
|
|
client_max_body_size 0;
|
|
|
|
server_tokens off;
|
|
more_set_headers 'Server: APISIX web server';
|
|
|
|
include mime.types;
|
|
|
|
real_ip_header X-Real-IP;
|
|
set_real_ip_from 127.0.0.1;
|
|
set_real_ip_from unix:;
|
|
|
|
upstream apisix_backend {
|
|
server 0.0.0.1;
|
|
balancer_by_lua_block {
|
|
apisix.http_balancer_phase()
|
|
}
|
|
|
|
keepalive 320;
|
|
}
|
|
|
|
init_by_lua_block {
|
|
require "resty.core"
|
|
apisix = require("apisix")
|
|
apisix.http_init()
|
|
}
|
|
|
|
init_worker_by_lua_block {
|
|
apisix.http_init_worker()
|
|
}
|
|
|
|
|
|
server {
|
|
listen 9080;
|
|
listen 9443 ssl http2;
|
|
|
|
ssl_certificate cert/apisix.crt;
|
|
ssl_certificate_key cert/apisix.key;
|
|
ssl_session_cache shared:SSL:1m;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
|
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
|
|
|
|
location = /apisix/nginx_status {
|
|
allow 127.0.0.0/24;
|
|
deny all;
|
|
access_log off;
|
|
stub_status;
|
|
}
|
|
|
|
location /apisix/admin {
|
|
|
|
content_by_lua_block {
|
|
apisix.http_admin()
|
|
}
|
|
}
|
|
|
|
location /apisix/dashboard {
|
|
index index.html;
|
|
|
|
alias dashboard/;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Real-PORT $remote_port;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
ssl_certificate_by_lua_block {
|
|
apisix.http_ssl_phase()
|
|
}
|
|
|
|
location / {
|
|
set $upstream_scheme 'http';
|
|
set $upstream_host $host;
|
|
set $upstream_upgrade '';
|
|
set $upstream_connection '';
|
|
set $upstream_uri '';
|
|
|
|
access_by_lua_block {
|
|
apisix.http_access_phase()
|
|
}
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $upstream_host;
|
|
proxy_set_header Upgrade $upstream_upgrade;
|
|
proxy_set_header Connection $upstream_connection;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass_header Server;
|
|
proxy_pass_header Date;
|
|
proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
|
|
|
|
header_filter_by_lua_block {
|
|
apisix.http_header_filter_phase()
|
|
}
|
|
|
|
body_filter_by_lua_block {
|
|
apisix.http_body_filter_phase()
|
|
}
|
|
|
|
log_by_lua_block {
|
|
apisix.http_log_phase()
|
|
}
|
|
}
|
|
|
|
location @grpc_pass {
|
|
|
|
access_by_lua_block {
|
|
apisix.grpc_access_phase()
|
|
}
|
|
|
|
grpc_set_header Content-Type application/grpc;
|
|
grpc_socket_keepalive on;
|
|
grpc_pass grpc://apisix_backend;
|
|
|
|
header_filter_by_lua_block {
|
|
apisix.http_header_filter_phase()
|
|
}
|
|
|
|
body_filter_by_lua_block {
|
|
apisix.http_body_filter_phase()
|
|
}
|
|
|
|
log_by_lua_block {
|
|
apisix.http_log_phase()
|
|
}
|
|
}
|
|
}
|
|
}
|