test/apisix
1
0
Fork 0
mirror of https://gitee.com/iresty/apisix.git synced 2024-12-15 01:11:58 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
bbe481987e
apisix/conf/nginx.conf
WenMing bbe481987e
bugfix: fixed wrong of allow and deny in nginx.conf. (#330) 
only has the allow is useless, which is must works with deny. it's security problem.
2019-07-29 18:07:10 +08:00

135 lines
3.5 KiB
Nginx Configuration File
Raw Blame History

master_process on;
worker_processes 1;
error_log logs/error.log warn;
pid logs/nginx.pid;
worker_rlimit_nofile 20480;
events {
accept_mutex off;
worker_connections 10620;
}
worker_rlimit_core 500M;
working_directory /tmp/apisix_cores/;
worker_shutdown_timeout 3;
http {
lua_package_path "$prefix/deps/share/lua/5.1/?.lua;$prefix/lua/?.lua;/usr/share/lua/5.1/?.lua;;";
lua_package_cpath "$prefix/deps/lib64/lua/5.1/?.so;$prefix/deps/lib/lua/5.1/?.so;/usr/lib64/lua/5.1/?.so;;";
lua_shared_dict plugin-limit-req 10m;
lua_shared_dict plugin-limit-count 10m;
lua_shared_dict prometheus-metrics 10m;
lua_shared_dict plugin-limit-conn 10m;
lua_shared_dict upstream-healthcheck 10m;
lua_shared_dict worker-events 10m;
lua_ssl_verify_depth 5;
ssl_session_timeout 86400;
lua_socket_log_errors off;
resolver ipv6=off local=on;
resolver_timeout 5;
lua_http10_buffering off;
lua_regex_match_limit 100000;
lua_regex_cache_max_entries 8192;
log_format main '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time';
access_log logs/access.log main buffer=32768 flush=3;
open_file_cache max=1000 inactive=60;
client_max_body_size 0;
server_tokens off;
more_set_headers 'Server: APISIX web server';
real_ip_header X-Real-IP;
set_real_ip_from 127.0.0.1;
set_real_ip_from unix:;
upstream apisix_backend {
server 0.0.0.1;
balancer_by_lua_block {
apisix.http_balancer_phase()
}
keepalive 32;
}
init_by_lua_block {
require "resty.core"
apisix = require("apisix")
apisix.http_init()
}
init_worker_by_lua_block {
apisix.http_init_worker()
}
server {
listen 9080;
listen 9443 ssl;
ssl_certificate cert/apisix.crt;
ssl_certificate_key cert/apisix.key;
ssl_session_cache shared:SSL:1m;
include mime.types;
location = /apisix/nginx_status {
allow 127.0.0.0/24;
deny all;
access_log off;
stub_status;
}
location /apisix/admin {
allow 127.0.0.0/24;
deny all;
content_by_lua_block {
apisix.http_admin()
}
}
ssl_certificate_by_lua_block {
apisix.http_ssl_phase()
}
location / {
set $upstream_scheme 'http';
set $upstream_host $host;
set $upstream_upgrade '';
set $upstream_connection '';
set $upstream_uri '';
access_by_lua_block {
apisix.http_access_phase()
}
proxy_http_version 1.1;
proxy_set_header Host $upstream_host;
proxy_set_header Upgrade $upstream_upgrade;
proxy_set_header Connection $upstream_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_header Server;
proxy_pass_header Date;
proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
header_filter_by_lua_block {
apisix.http_header_filter_phase()
}
log_by_lua_block {
apisix.http_log_phase()
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink