mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-15 01:11:58 +08:00
200 lines
6.2 KiB
Nginx Configuration File
200 lines
6.2 KiB
Nginx Configuration File
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
master_process on;
|
|
|
|
worker_processes 1;
|
|
|
|
error_log logs/error.log warn;
|
|
pid logs/nginx.pid;
|
|
|
|
worker_rlimit_nofile 20480;
|
|
|
|
events {
|
|
accept_mutex off;
|
|
worker_connections 10620;
|
|
}
|
|
|
|
worker_rlimit_core 500M;
|
|
working_directory /tmp/apisix_cores/;
|
|
|
|
worker_shutdown_timeout 3;
|
|
|
|
|
|
http {
|
|
lua_package_path "$prefix/deps/share/lua/5.1/?.lua;$prefix/lua/?.lua;/usr/share/lua/5.1/?.lua;;";
|
|
lua_package_cpath "$prefix/deps/lib64/lua/5.1/?.so;$prefix/deps/lib/lua/5.1/?.so;/usr/lib64/lua/5.1/?.so;;";
|
|
|
|
lua_shared_dict plugin-limit-req 10m;
|
|
lua_shared_dict plugin-limit-count 10m;
|
|
lua_shared_dict prometheus-metrics 10m;
|
|
lua_shared_dict plugin-limit-conn 10m;
|
|
lua_shared_dict upstream-healthcheck 10m;
|
|
lua_shared_dict worker-events 10m;
|
|
|
|
# for openid-connect plugin
|
|
lua_shared_dict discovery 1m; # cache for discovery metadata documents
|
|
lua_shared_dict jwks 1m; # cache for JWKs
|
|
lua_shared_dict introspection 10m; # cache for JWT verification results
|
|
|
|
lua_ssl_verify_depth 5;
|
|
ssl_session_timeout 86400;
|
|
|
|
lua_socket_log_errors off;
|
|
|
|
resolver 114.114.114.114 ipv6=off local=on;
|
|
resolver_timeout 5;
|
|
|
|
lua_http10_buffering off;
|
|
|
|
lua_regex_match_limit 100000;
|
|
lua_regex_cache_max_entries 8192;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time';
|
|
|
|
access_log logs/access.log main buffer=32768 flush=3;
|
|
open_file_cache max=1000 inactive=60;
|
|
client_max_body_size 0;
|
|
|
|
server_tokens off;
|
|
more_set_headers 'Server: APISIX web server';
|
|
|
|
include mime.types;
|
|
|
|
real_ip_header X-Real-IP;
|
|
set_real_ip_from 127.0.0.1;
|
|
set_real_ip_from unix:;
|
|
|
|
upstream apisix_backend {
|
|
server 0.0.0.1;
|
|
balancer_by_lua_block {
|
|
apisix.http_balancer_phase()
|
|
}
|
|
|
|
keepalive 320;
|
|
}
|
|
|
|
init_by_lua_block {
|
|
require "resty.core"
|
|
apisix = require("apisix")
|
|
apisix.http_init()
|
|
}
|
|
|
|
init_worker_by_lua_block {
|
|
apisix.http_init_worker()
|
|
}
|
|
|
|
|
|
server {
|
|
listen 9080;
|
|
listen 9443 ssl http2;
|
|
|
|
ssl_certificate cert/apisix.crt;
|
|
ssl_certificate_key cert/apisix.key;
|
|
ssl_session_cache shared:SSL:1m;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
location = /apisix/nginx_status {
|
|
allow 127.0.0.0/24;
|
|
deny all;
|
|
access_log off;
|
|
stub_status;
|
|
}
|
|
|
|
location /apisix/admin {
|
|
|
|
content_by_lua_block {
|
|
apisix.http_admin()
|
|
}
|
|
}
|
|
|
|
location /apisix/dashboard {
|
|
index index.html;
|
|
|
|
alias dashboard/;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Real-PORT $remote_port;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
ssl_certificate_by_lua_block {
|
|
apisix.http_ssl_phase()
|
|
}
|
|
|
|
location / {
|
|
set $upstream_scheme 'http';
|
|
set $upstream_host $host;
|
|
set $upstream_upgrade '';
|
|
set $upstream_connection '';
|
|
set $upstream_uri '';
|
|
|
|
access_by_lua_block {
|
|
apisix.http_access_phase()
|
|
}
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $upstream_host;
|
|
proxy_set_header Upgrade $upstream_upgrade;
|
|
proxy_set_header Connection $upstream_connection;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass_header Server;
|
|
proxy_pass_header Date;
|
|
proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
|
|
|
|
header_filter_by_lua_block {
|
|
apisix.http_header_filter_phase()
|
|
}
|
|
|
|
body_filter_by_lua_block {
|
|
apisix.http_body_filter_phase()
|
|
}
|
|
|
|
log_by_lua_block {
|
|
apisix.http_log_phase()
|
|
}
|
|
}
|
|
|
|
location @grpc_pass {
|
|
|
|
access_by_lua_block {
|
|
apisix.grpc_access_phase()
|
|
}
|
|
|
|
grpc_set_header Content-Type application/grpc;
|
|
grpc_socket_keepalive on;
|
|
grpc_pass grpc://apisix_backend;
|
|
|
|
header_filter_by_lua_block {
|
|
apisix.http_header_filter_phase()
|
|
}
|
|
|
|
body_filter_by_lua_block {
|
|
apisix.http_body_filter_phase()
|
|
}
|
|
|
|
log_by_lua_block {
|
|
apisix.http_log_phase()
|
|
}
|
|
}
|
|
}
|
|
}
|