You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by ju...@apache.org on 2021/10/29 15:44:14 UTC
[apisix-website] branch docs-202108 updated: fix: lint
This is an automated email from the ASF dual-hosted git repository.
juzhiyuan pushed a commit to branch docs-202108
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/docs-202108 by this push:
new 05615db fix: lint
05615db is described below
commit 05615db908eef0e6e59a8b8a9c2a810621d569c1
Author: juzhiyuan <ju...@apache.org>
AuthorDate: Fri Oct 29 23:44:01 2021 +0800
fix: lint
---
...ache-APISIX-and-Envoy-performance-comparison.md | 2 +-
website/blog/2021/08/10/apisix-nginx.md | 26 +++----
website/blog/2021/08/11/interview-TuZhengsong.md | 18 ++---
...onnect-Plugin-for-Centralized-Authentication.md | 86 +++++++++++-----------
website/blog/2021/08/17/interview-airwallex.md | 8 +-
.../2021/08/19/go-makes-Apache-APISIX-better.md | 18 ++---
website/blog/2021/08/21/shanghai-meetup.md | 14 ++--
website/blog/2021/08/23/ApacheCon-Asia-2021.md | 46 ++++++------
website/blog/2021/08/24/shanghai-meetup-recap.md | 12 +--
...onnect-Plugin-for-Centralized-Authentication.md | 24 +++---
website/blog/2021/08/30/Ingress-Meeting.md | 4 +-
website/blog/2021/08/30/weekly-report.md | 4 +-
...a-better-gateway-and-K8S-Ingress-Controller.md" | 28 +++----
.../2021/08/10/apisix-nginx.md | 4 +-
14 files changed, 147 insertions(+), 147 deletions(-)
diff --git a/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md b/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
index 430ae93..a6f2579 100644
--- a/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
+++ b/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
@@ -155,7 +155,7 @@ Latency: Latency per request, the smaller the value the better. It represents ho
We can see that the difference between the two metrics in the single-worker thread|process mode, QPS and Latency is not large, but with the increase in the number of threads|processes their gap is gradually enlarged, here I analyze that there may be two reasons, NGINX in the high concurrency scenario with multiple workers and the system IO model for interaction is not more advantageous, on the other hand, also On the other hand, NGINX itself may be more “stingy” in terms of memory and CP [...]
-## 总结
+## Summary
In general, Apache APISIX is slightly better than Envoy in terms of response latency and QPS, and due to NGINX’s multi-worker collaboration method, which is more advantageous in high concurrency scenarios, Apache APISIX’s performance improvement is more obvious than Envoy’s after opening multiple worker processes. The bus design of Envoy gives it a unique advantage in handling east-west traffic, while the performance and latency of Apache APISIX gives it a massive throughput capability i [...]
Apache APISIX
diff --git a/website/blog/2021/08/10/apisix-nginx.md b/website/blog/2021/08/10/apisix-nginx.md
index 885d694..6b63b46 100644
--- a/website/blog/2021/08/10/apisix-nginx.md
+++ b/website/blog/2021/08/10/apisix-nginx.md
@@ -89,7 +89,7 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
The `ngx_event_expire_timers` function calls the handler method of all timeout events. In fact, the timer is implemented by a [red-black tree](https://zh.wikipedia.org/zh-hans/%E7%BA%A2%E9%BB%91%E6%A0%91) (a balanced ordered binary tree), where the key is the absolute expiration time of each event. This way, expired events can be found quickly by comparing the minimum node with the current time.
-Lua timer for ### OpenResty
+### Lua timer for OpenResty
Of course, the above C functions are very inefficient to develop. Therefore, OpenResty wraps the Lua interface and exposes the C function `ngx_timer_add` to the Lua language via [ngx.timer.at](https://github.com/openresty/lua-nginx-module#ngxtimerat).
@@ -142,7 +142,7 @@ Apache APISIX uses only eight of these hooks (note that APISIX does not use `set
Once we have the above knowledge ready, we can answer how Apache APISIX receives updates to etcd data.
-How #### nginx.conf is generated
+#### How nginx.conf is generated
Each Nginx worker process starts a timer in the ``init_worker_by_lua`` phase with the ``http_init_worker`` function.
@@ -168,9 +168,9 @@ local function init(env)
ngxconf)
```
-Of course, Apache APISIX allows you to modify some of the data in the nginx.conf template by modifying the conf/config.yaml configuration in a way that mimics the syntax of conf/config-default.yaml. See the *read_yaml_conf* function for an example of how to do this.
+Of course, Apache APISIX allows you to modify some of the data in the nginx.conf template by modifying the conf/config.yaml configuration in a way that mimics the syntax of conf/config-default.yaml. See the `read_yaml_conf` function for an example of how to do this.
-```conf
+```lua
function _M.read_yaml_conf(apisix_home)
local local_conf_path = profile:yaml_path("config-default")
local default_conf_yaml, err = util.read_file(local_conf_path)
@@ -386,8 +386,8 @@ curl "http://127.0.0.1:9080/apisix/admin/upstreams/1" -H "X-API-KEY: edd1c9f0343
> "nodes": {
> "httpbin.org:80": 1
> }
-> }'
-{ "action": "set", "node":{"key":"\/apisix\/upstreams\/1", "value":{"hash_on": "vars", "nodes":{"httpbin.org:80":1}, "create_time": 1627982128, "update_time":1627982128, "scheme": "http", "type": "roundrobin", "pass_host": "pass", "id": "1"}}}
+> }
+{"action":"set","node":{"key":"\/apisix\/upstreams\/1","value":{"hash_on":"vars","nodes":{"httpbin.org:80":1},"create_time":1627982128,"update_time":1627982128,"scheme":"http","type":"roundrobin","pass_host":"pass","id":"1"}}}'
```
You will see the following log in error.log (to see this line, you must set the nginx_config.error_log_level in config.yaml to INFO)
@@ -433,14 +433,14 @@ local resources = {
}
```
-Therefore, the above curl request will be processed by the ``put`` function in the /apisix/admin/upstreams.lua file, see the implementation of the ``put`` function as follows
+Therefore, the above curl request will be processed by the ``put`` function in the /apisix/admin/upstreams.lua file, see the implementation of the ``put`` function as follows:
```lua
-- /apisix/admin/upstreams.lua file
function _M.put(id, conf)
-- check the legitimacy of the requested data
local id, err = check_conf(id, conf, true)
- local key = "/upstreams/" ... id
+ local key = "/upstreams/" .. id
core.log.info("key: ", key)
-- Generate configuration data in etcd
local ok, err = utils.inject_conf_with_prev_conf("upstream", key, conf)
@@ -466,7 +466,7 @@ Let's look at how the Nginx worker process takes effect immediately after the ad
The open source version of Nginx matches requests based on three different containers.
-1. the `server_name` configuration in the static hash table is matched to the requested `Host` domain name
+1. The `server_name` configuration in the static hash table is matched to the requested `Host` domain name
2. Next, the location in the static Trie prefix tree is configured to match the requested URI
@@ -477,14 +477,14 @@ Although these procedures are very efficient, they are written to die in the fin
As you can see in nginx.conf, requests to any domain name, URI, or domain name will match the `http_access_phase` lua function.
-```conf
+```lua
server {
server_name _;
location / {
access_by_lua_block {
apisix.http_access_phase()
- access_by_lua_block { apisix.http_access_phase() }
- proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
+ }
+ proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
}
}
```
@@ -513,4 +513,4 @@ The key to dynamically modifying the Nginx configuration is 2 things: the Lua la
Apache APISIX has many good designs, and this article only discusses the dynamic management of Nginx clusters.
-[click here for the link to the original article](https://www.taohui.tech/2021/08/10/%E5%BC%80%E6%BA%90%E7%BD%91%E5%85%B3APISIX%E6%9E%B6%E6%9E%84%E5%88%86%E6%9E%90/#more )
+[click here for the link to the original article](https://www.taohui.tech/2021/08/10/%E5%BC%80%E6%BA%90%E7%BD%91%E5%85%B3APISIX%E6%9E%B6%E6%9E%84%E5%88%86%E6%9E%90/#more)
diff --git a/website/blog/2021/08/11/interview-TuZhengsong.md b/website/blog/2021/08/11/interview-TuZhengsong.md
index 9b880fc..f75fd2d 100644
--- a/website/blog/2021/08/11/interview-TuZhengsong.md
+++ b/website/blog/2021/08/11/interview-TuZhengsong.md
@@ -33,9 +33,9 @@ On an uneventful afternoon, we chatted with Zhengsong by phone. Because of the e
> When I was in college, I studied communication engineering, and the happiest thing I did every day was to play soccer. Now sometimes I think that it would be nice to go back to my college days with the memories I have now.
-Zhengsong actually didn't have much contact with programming during his college years, he actually had a C programming class, but he failed it because he was too busy playing soccer. However, he failed a make-up exam after failing the class, resulting in a retake. The most embarrassing thing is that he failed the retake as well, so what did he do afterwards? There was a graduation clearing exam before graduation. This can not be failed again, so Masatsu went to the library to borrow a C [...]
+Zhengsong actually didn't have much contact with programming during his college years, he actually had a C programming class, but he failed it because he was too busy playing soccer. However, he failed a make-up exam after failing the class, resulting in a retake. The most embarrassing thing is that he failed the retake as well, so what did he do afterwards? There was a graduation clearing exam before graduation. This can not be failed again, so Zhengsong went to the library to borrow a [...]
-"I was thinking, "Is C really that hard?" Masamatsu said.
+"I was thinking, "Is C really that hard?" Zhengsong said.
Then he kept reading and reading and reading, and suddenly he realized that programming seemed to have some meaning, and he understood it! He finally passed the exam before graduating. After graduation, he found a job as a programmer.
@@ -47,7 +47,7 @@ At that time, he probably wouldn't have thought that today he would be the devel
> In industry, the real business scenario is very different from what you learn in school.
-Masatsu's first job was at a wearable device startup, working on the development of smart bracelets. Masamatsu and his former colleagues had to process various sensor data from the smart bracelet to monitor the user's heart rate, exercise, blood pressure and so on.
+Zhengsong's first job was at a wearable device startup, working on the development of smart bracelets. Zhengsong and his former colleagues had to process various sensor data from the smart bracelet to monitor the user's heart rate, exercise, blood pressure and so on.
"It was fun because in industry, the real business scenario is very different from what you learn in school, and a lot of things have to be learned from scratch," Masatsu said.
@@ -59,7 +59,7 @@ Then, Masatsu went to another company to engage in back-end business development
"In this big company, I did a little bit far from the business, more technically oriented. "Masatsu said.
-Masatsu's contact with Apache APISIX was in September 2020, when his team was using Kong, but Kong was not fully meeting their needs, so they redid the technical selection of the gateway to try to find a better solution. Masatsu was in charge of this technical selection, so he came across the Apache Foundation's top project, Apache APISIX, and was introduced to the Apache APISIX community.
+Zhengsong's contact with Apache APISIX was in September 2020, when his team was using Kong, but Kong was not fully meeting their needs, so they redid the technical selection of the gateway to try to find a better solution. Masatsu was in charge of this technical selection, so he came across the Apache Foundation's top project, Apache APISIX, and was introduced to the Apache APISIX community.
At that time, he had already graduated more than three years ago.
@@ -67,12 +67,12 @@ At that time, he had already graduated more than three years ago.
> I can submit code to the Apache Foundation's top projects! As a technical worker, that's a lot of technical confidence.
-Masatsu's first PR in the open source community was an enhancement type PR, which enabled Apache APISIX to support multi-port listening.
+Zhengsong's first PR in the open source community was an enhancement type PR, which enabled Apache APISIX to support multi-port listening.
- issue: https://github.com/apache/apisix/issues/1195
- PR: https://github.com/apache/apisix/pull/2409
-This feature is needed by Masatsu and has been mentioned in the issue area for a long time, but for some reason it has been unclaimed. Before that, Masamatsu happened to know something about this, so he thought, "I can propose a PR to Apache APISIX to fix this problem. "So he volunteered to have the issue assigned to him in the issue.
+This feature is needed by Masatsu and has been mentioned in the issue area for a long time, but for some reason it has been unclaimed. Before that, Zhengsong happened to know something about this, so he thought, "I can propose a PR to Apache APISIX to fix this problem. "So he volunteered to have the issue assigned to him in the issue.
He says, "I had a strong urge to get involved in the community, and then I looked at the Apache APISIX community's Beginner's Guide and was as excited to get involved as if I were coming out of the Beginner's Village with a weapon."
@@ -84,7 +84,7 @@ Masatsu was very excited and immediately followed the guide to bring up the PR.
"I was very excited and felt like I was finally substantially involved in the open source community. I could submit code to the Apache Foundation's top projects! As a technical worker, it was a technical confidence."
-**This is Masatsu's first PR in the open source world.**
+**This is Zhengsong's first PR in the open source world.**
## Things that impressed me in the community
@@ -102,13 +102,13 @@ In April this year, one of our partners submitted a PR to etcd, which finally so
> We're all working together differently, but we're all contributing to open source.
-Masamatsu says that when he first started participating in the community, he went through most of the APISIX documentation he could see at the time. So when he was working in his company, his colleagues asked him questions, and although he was not very clear, he knew the distribution of the project's documentation, so he could look it up directly and know roughly what the problem was. He believes that reading the documentation is an appropriate way to get familiar with the project.
+Zhengsong says that when he first started participating in the community, he went through most of the APISIX documentation he could see at the time. So when he was working in his company, his colleagues asked him questions, and although he was not very clear, he knew the distribution of the project's documentation, so he could look it up directly and know roughly what the problem was. He believes that reading the documentation is an appropriate way to get familiar with the project.
The Apache APISIX project website has a good guide for newcomers, including how to raise PR. If you want to participate in the community, you can first read the main documentation on the website and Github to get a basic understanding of the project and the distribution of the project's documentation, and then index the documentation as needed.
If you want to contribute to the code, or participate in the design, some knowledge of Ngnix or OpenResty is necessary. This includes looking at their official documentation and code, and learning about their implementation of relevant features.
-Masamatsu said, "I think this step is impossible to skip."
+Zhengsong said, "I think this step is impossible to skip."
Of course, you can get involved in the community as a user. For example, if you think there is something wrong with the documentation, or if you follow the documentation and find that it is not the case, you can also raise some issues to point out these problems.
diff --git a/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md b/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
index ba02206..30af81b 100644
--- a/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
+++ b/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
@@ -4,16 +4,16 @@ author: "Peter Zhu"
authorURL: "https://github.com/starsz"
authorImageURL: "https://avatars.githubusercontent.com/u/25628854?v=4"
keywords:
-- API gateway
-- APISIX
-- Apache APISIX
-- Okta
-- Centralized Authentication
+ - API gateway
+ - APISIX
+ - Apache APISIX
+ - Okta
+ - Centralized Authentication
description: This blog shows the procedures of using Apache APISIX OpenID Connect Plugin for Okta Centralized Authentication. This blog contains conceptual introductions of Apache APISIX and Okta Centralized Authentication, and detailed step-by-step instructions.
tags: [Practical Case]
---
-> This blog shows the procedures of using Apache APISIX OpenID Connect Plugin for Okta Centralized Authentication. This blog contains conceptual introductions of Apache APISIX and Okta Centralized Authentication, and detailed step-by-step instructions.
+> This blog shows the procedures of using Apache APISIX OpenID Connect Plugin for Okta Centralized Authentication. This blog contains conceptual introductions of Apache APISIX and Okta Centralized Authentication, and detailed step-by-step instructions.
<!--truncate-->
@@ -58,7 +58,7 @@ Compared with the traditional authentication mode, centralized identity mode has
## What is OpenID Connect
-OpenID Connect (OIDC) is a centralized identity authentication mode. The benefit of using OpenID Connect is that users only need to register and log in with one OpenID Connect identity provider's website and use one account’s password information to access different applications. [Okta](https://developer.okta.com/) is a common OpenID Connect identity provider, and the Apache APISIX OpenID Connect plugin supports OpenID. As a result, the plugin can replace traditional authentication mode [...]
+OpenID Connect (OIDC) is a centralized identity authentication mode. The benefit of using OpenID Connect is that users only need to register and log in with one OpenID Connect identity provider's website and use one account’s password information to access different applications. [Okta](https://developer.okta.com/) is a common OpenID Connect identity provider, and the Apache APISIX OpenID Connect plugin supports OpenID. As a result, the plugin can replace traditional authentication mode [...]
### OpenID Authentication Process
@@ -70,7 +70,7 @@ OpenID Connect (OIDC) is a centralized identity authentication mode. The benefit
4. APISIX requests the Identity Provider with the Code extracted from the request parameters.
5. The Identity Provider sends an answer message to APISIX with the ID Token and Access Token.
6. APISIX sends the Access Token to the Identity Provider's User Endpoint for authentication.
-7. After passing the authentication, the User Endpoint sends the User Info to APISIX to complete authentication.
+7. After passing the authentication, the User Endpoint sends the User Info to APISIX to complete authentication.
## How to Configure Okta Authentication Using the Apache APISIX OpenID Connect Plug-in
@@ -83,13 +83,13 @@ Have an Okta account ready for use.
### Step 1: Configuring Okta
1. Log in to your Okta account and click "Create App Integration" to create an Okta application.
- 
-2. Select "OIDC-OpenID Connect" for the Sign-in method, and select "Web Application" for the Application type.
- 
+ 
+2. Select "OIDC-OpenID Connect" for the Sign-in method, and select "Web Application" for the Application type.
+ 
3. Set the redirect URL for login and logout. The "Sign-in redirect URIs" are links a user can go to after a successful login, and the "Sign-out redirect URIs" are links a user goes to after a successful logout. In this example, we set both sign-in and sign-out redirect URIs to `http://127.0.0.1:9080/`.
- 
+ 
4. After finishing the settings, click "Save" to save the changes.
- 
+ 
5. Visit the General page of the application to obtain the following configuration, which is required to configure Apache APISIX OpenID Connect.
- Client ID: OAuth client ID, the application ID, which corresponds to client_id and {YOUR_CLIENT_ID} below.
@@ -136,7 +136,7 @@ mkdir apisix-2.7
wget https://downloads.apache.org/apisix/2.7/apache-apisix-2.7-src.tgz
```
- You can also download the Apache APISIX release source package from the Apache APISIX website. The [Apache APISIX Official Website - Download Page](https://apisix.apache.org/downloads/) also provides source packages for Apache APISIX, APISIX Dashboard, and APISIX Ingress Controller.
+You can also download the Apache APISIX release source package from the Apache APISIX website. The [Apache APISIX Official Website - Download Page](https://apisix.apache.org/downloads/) also provides source packages for Apache APISIX, APISIX Dashboard, and APISIX Ingress Controller.
3. Unzip the Apache APISIX Release source package.
@@ -174,26 +174,26 @@ apisix start
The OpenID Connect configuration fields are listed below:
-|Field|Default Value|Description|
-| :------| :------------ | :------- |
-|client_id|""|OAuth client ID.|
-|client_secret|""|OAuth client secret.|
-|discovery|""|Service discovery endpoints for identity providers.|
-|scope|openid|Scope of resources to be accessed.|
-|relm|apisix|Specify the WWW-Authenticate response header authentication information.|
-|bearer_only|false|Whether to check the token in the request header.|
-|logout_path|/logout|Log out URI.|
-|redirect_uri|request_uri|The URI that the identity provider redirects back to, defaulting to the request address.|
-|timeout|3|Request timeout time, the unit is defined in seconds.|
-|ssl_verify|false|Verify the identity provider's SSL certificate.|
-|introspection_endpoint|""|The URL of the identity provider's token authentication endpoint, which will be extracted from the discovery, response if left blank.|
-|introspection_endpoint_auth_method|client_secret_basic|Name of the authentication method for token introspection.|
-|public_key|""|Public key for an authentication token.|
-|token_signing_alg_values_expected|""|Algorithm for authentication tokens.|
-|set_access_token_header|true|Whether to carry the access token in the request header.|
-|access_token_in_authorization_header|false|Whether to put an access token in the Authorization header. The access token is placed in the Authorization header when this value is set to true and in the X-Access-Token header when it is set to false.|
-|set_id_token_header|true|Whether to carry the ID token in the X-ID-Token request header.|
-|set_userinfo_header|true|Whether to carry user information in the X-Userinfo request header.|
+| Field | Default Value | Description |
+| :----------------------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| client_id | "" | OAuth client ID. |
+| client_secret | "" | OAuth client secret. |
+| discovery | "" | Service discovery endpoints for identity providers. |
+| scope | openid | Scope of resources to be accessed. |
+| relm | apisix | Specify the WWW-Authenticate response header authentication information. |
+| bearer_only | false | Whether to check the token in the request header. |
+| logout_path | /logout | Log out URI. |
+| redirect_uri | request_uri | The URI that the identity provider redirects back to, defaulting to the request address. |
+| timeout | 3 | Request timeout time, the unit is defined in seconds. |
+| ssl_verify | false | Verify the identity provider's SSL certificate. |
+| introspection_endpoint | "" | The URL of the identity provider's token authentication endpoint, which will be extracted from the discovery, response if left blank. |
+| introspection_endpoint_auth_method | client_secret_basic | Name of the authentication method for token introspection. |
+| public_key | "" | Public key for an authentication token. |
+| token_signing_alg_values_expected | "" | Algorithm for authentication tokens. |
+| set_access_token_header | true | Whether to carry the access token in the request header. |
+| access_token_in_authorization_header | false | Whether to put an access token in the Authorization header. The access token is placed in the Authorization header when this value is set to true and in the X-Access-Token header when it is set to false. |
+| set_id_token_header | true | Whether to carry the ID token in the X-ID-Token request header. |
+| set_userinfo_header | true | Whether to carry user information in the X-Userinfo request header. |
```shell
curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H "X-Api-Key: edd1c9f034335f136f87ad84b625c8f1" -d '{
@@ -222,15 +222,15 @@ curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H "X-Api-Key: edd1c9f034335f136
### Step 4: Access Apache APISIX
1. Visit "http://127.0.0.1:9080/get" and the page is redirected to the Okta login page because the OpenID Connect plugin is enabled.
- 
+ 
2. Enter the username and password for the user's Okta account and click "Sign In" to log in to your Okta account.
3. After successful login, you can access the get page in "httpbin.org". The "httpbin.org/get" page will return the requested data with X-Access-Token,X-Id-Token, and X-Userinfo as follows.
-
- ```sh
- "X-Access-Token": "******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb***.****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josfap3 [...]
- "X-Id-Token": "******aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0IjoxN [...]
- "X-Userinfo": "*****lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl****"
- ```
+
+```sh
+"X-Access-Token": "******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb***.****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josfap38n [...]
+"X-Id-Token": "******aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0IjoxNjI [...]
+"X-Userinfo": "*****lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl****"
+```
**X-Access-Token**: Apache APISIX puts the access token obtained from the user provider into the X-Access-Token request header, optionally via the access_token_in_authorization_header in the plugin configuration Authorization request header.
@@ -256,8 +256,8 @@ Okta is a customizable, secure, and drop-in solution to add authentication and a
Apache APISIX is a dynamic, real-time, high-performance API gateway. Apache APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. You can use Apache APISIX to handle traditional north-south traffic, as well as east-west traffic between services. It can also be used as a k8s ingress controller.
-Hundreds of companies worldwide have used Apache APISIX, covering finance, internet, manufacturing, retail, operators, such as NASA, the European Union’s Digital Factory, TravelSky, Tencent, Huawei, Weibo, China Mobile, Taikang, 360 , etc.
+Hundreds of companies worldwide have used Apache APISIX, covering finance, internet, manufacturing, retail, operators, such as NASA, the European Union’s Digital Factory, TravelSky, Tencent, Huawei, Weibo, China Mobile, Taikang, 360 , etc.
-Github: https://github.com/apache/apisix
+Github: https://github.com/apache/apisix
Website: https://apisix.apache.org
diff --git a/website/blog/2021/08/17/interview-airwallex.md b/website/blog/2021/08/17/interview-airwallex.md
index 3b3b909..da70feb 100644
--- a/website/blog/2021/08/17/interview-airwallex.md
+++ b/website/blog/2021/08/17/interview-airwallex.md
@@ -22,11 +22,11 @@ We had a chance to interview Yang Li, the technical platform leader of Airwallex
Airwallex is a global financial technology company that empowers businesses of all sizes to operate across borders, thereby helping to grow the global economy. With technology at its core, Airwallex has built a proprietary global financial infrastructure platform with a global payment network covering more than 50 currencies in over 130 countries and regions, providing digital fintech products for businesses of all sizes to help them grow at high speed around the world in a more efficien [...]
-
+
**Q: What made you/your technical team choose to use Apache APISIX when making the technology selection?**
-**LiYang**: API gateway is an extremely important basic technology component, and we compared the main gateway products in 6 main dimensions during the technology selection.
+**Yang**: API gateway is an extremely important basic technology component, and we compared the main gateway products in 6 main dimensions during the technology selection.
- **Stability**: The stability of the API gateway is critical. 62.1% of the top 1000 websites in the world are Nginx-based, which means that the Nginx-based web server has been tested in complex and diverse scenarios in production environments; Apache APISIX's fully dynamic design also allows it to modify routes without having to reload, and the client's long links are maintained. The fully dynamic design of Apache APISIX also allows it to maintain long links to clients without having to [...]
@@ -42,13 +42,13 @@ Airwallex is a global financial technology company that empowers businesses of a
**Q: What scenarios is Apache APISIX used in? What problems have been solved?**
-**Yang Lee**: We use Apache APISIX as a core component of our microservice gateway model, which is deployed at the edge of the network to provide common gateway functionality for all traffic coming into Airwallex, solving problems such as
+**Yang**: We use Apache APISIX as a core component of our microservice gateway model, which is deployed at the edge of the network to provide common gateway functionality for all traffic coming into Airwallex, solving problems such as
- Data sovereignty issues: Data sovereignty is a very critical regulatory requirement for financial infrastructures that operate across borders. To this end, we developed a regulatory compliant dynamic routing plug-in using the Apache APISIX dynamic upstream selection feature. Dynamic routing can intelligently select upstreams for request distribution based on the characteristics of user requests, abstracting the complex multi-data center collaboration problem from the service layer to t [...]
- Microservice Isolation: Airwallex wants the engineering teams of each microservice to have autonomous control over their own services, effectively reducing the cost of communication and coordination and improving engineering effectiveness. This architectural concept requires that infrastructure components shared by teams, such as API Gateway, support multi-tenant isolation. While ensuring the robustness and cost control of the whole system, it allows business teams to configure and ext [...]
-- Tenant-level flow restriction: In a multi-tenant environment, the traffic characteristics of each tenant are different. The same flow restriction for different tenants cannot meet the business needs, and tenant-level flow restriction can do more appropriate flow restriction based on user characteristics.
+- Tenant-level flow limit: In a multi-tenant environment, the traffic characteristics of each tenant are different. The same flow restriction for different tenants cannot meet the business needs, and tenant-level flow restriction can do more appropriate flow restriction based on user characteristics.
- Tenant-level whitelisting: In a multi-tenant environment, each tenant's access IP is different. Single whitelist control cannot meet the needs of tenant-level security management. Tenant-level whitelisting allows each tenant to control its own whitelist and not worry about other users in the whitelist accessing its own resources.
diff --git a/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md b/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
index c3ba914..b65ac40 100644
--- a/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
+++ b/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
@@ -40,9 +40,9 @@ cmd/go-runner
│ ├── say.go
│ └── say_test.go
└── version.go
-ðŸ™' ðŸ™'
+```
-Above is the directory structure of the official example. ``main.go`` is the entry point, where the most critical part is.
+Above is the directory structure of the official example. `main.go` is the entry point, where the most critical part is.
```go
cfg := runner.RunnerConfig{}
@@ -59,7 +59,7 @@ Open `plugins/say.go`.
```go
func init() {
err := plugin.RegisterPlugin(&Say{})
- if err ! = nil {
+ if err != nil {
log.Fatalf("failed to register plugin say: %s", err)
}
}
@@ -87,7 +87,7 @@ func (p *Say) Name() string {
}
```
-ParseConf will be called when the plugin configuration changes, parsing the configuration and returning a plugin-specific configuration context.
+`ParseConf` will be called when the plugin configuration changes, parsing the configuration and returning a plugin-specific configuration context.
```go
func (p *Say) ParseConf(in []byte) (interface{}, error) {
@@ -105,7 +105,7 @@ type SayConf struct {
}
```
-Filter is executed on every request with the say plugin configured.
+`Filter` is executed on every request with the say plugin configured.
```go
func (p *Say) Filter(conf interface{}, w http.ResponseWriter, r pkgHTTP.Request) {
@@ -116,7 +116,7 @@ func (p *Say) Filter(conf interface{}, w http.ResponseWriter, r pkgHTTP.Request)
w.Header().Add("X-Resp-A6-Runner", "Go")
_, err := w.Write([]byte(body))
- if err ! = nil {
+ if err != nil {
log.Errorf("failed to write: %s", err)
}
}
@@ -131,10 +131,10 @@ After building the application (`make build` in the example), you need to set tw
1. `APISIX_LISTEN_ADDRESS=unix:/tmp/runner.sock`
2. `APISIX_CONF_EXPIRE_TIME=3600`
-Like this.
+Like this:
```go
-APISIX_LISTEN_ADDRESS=unix:/tmp/runner.sock APISIX_CONF_EXPIRE_TIME=3600 . /go-runner run
+APISIX_LISTEN_ADDRESS=unix:/tmp/runner.sock APISIX_CONF_EXPIRE_TIME=3600 ./go-runner run
```
The application will listen to `/tmp/runner.sock` when it runs.
@@ -178,7 +178,7 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
"plugins": {
"ext-plugin-pre-req": {
"conf": [
- { "name": "say", "value":"{\"body\":\"hello\"}"}
+ {"name": "say", "value":"{\"body\":\"hello\"}"}
]
}
},
diff --git a/website/blog/2021/08/21/shanghai-meetup.md b/website/blog/2021/08/21/shanghai-meetup.md
index 1d267d6..ef5fcab 100644
--- a/website/blog/2021/08/21/shanghai-meetup.md
+++ b/website/blog/2021/08/21/shanghai-meetup.md
@@ -5,11 +5,11 @@ keywords:
- APISIX
- Apache APISIX
- Meetup
-description: This Meetup was initiated by api7.ai https://www.apiseven.com/, and invited partners such as Aiki and Air CloudHub to present it. Apache APISIX PMC members, contributors, and community technical experts gathered to discuss Apache APISIX community development, industry practices, and other topics.
+description: This Meetup was initiated by api7.ai https://www.apiseven.com/, and invited partners such as iQiYi and Airwallex to present it. Apache APISIX PMC members, contributors, and community technical experts gathered to discuss Apache APISIX community development, industry practices, and other topics.
tags: [Events]
---
-> This Meetup is initiated by [api7.ai](https://www.apiseven.com/), and invited partners such as Aiki and Air CloudHub to present it. Apache APISIX PMC members, contributors, and community technical experts gathered to discuss Apache APISIX community development, industry practices, and other topics.
+> This Meetup is initiated by [api7.ai](https://www.apiseven.com/), and invited partners such as iQiYi and Airwallex to present it. Apache APISIX PMC members, contributors, and community technical experts gathered to discuss Apache APISIX community development, industry practices, and other topics.
<! --truncate-->
@@ -21,7 +21,7 @@ tags: [Events]
- Discuss the past and present of the Apache APISIX community
- Hear from Akiyo scientists about how Akiyo uses Apache APISIX to support a service with 10 million calls
-- How AirCloudHub uses Apache APISIX to balance user experience, clean architecture and data sovereignty
+- How Airwallex uses Apache APISIX to balance user experience, clean architecture and data sovereignty
- Learn about the benefits of centralized authentication and how to do it on APISIX
If you're interested, don't miss it, **scan the event poster for QR code to register!**
@@ -34,11 +34,11 @@ The event schedule
## Introduction to the topic
-### Apache APISIX based, Aiki API gateway implementation practice
+### Apache APISIX based, iQiYi API gateway implementation practice
#### Sharing Guests
-Wenjie Jiang / Scientist, Aiki
+Wenjie Jiang / Scientist, iQiYi
#### Topic Details
@@ -58,7 +58,7 @@ Authentication is a very important part of zero-trust architecture. APISIX is a
#### Sharing Guests
-Yang Li / Head of AirCloudHub Technology Platform
+Yang Li / Head of Airwallex Technology Platform
#### Topic Details
@@ -76,7 +76,7 @@ Apache APISIX has been growing as a community since the first day of open source
## Peripheral Benefits
-Join the Meetup, interact with the instructors, and get a chance to win the latest Apache APISIX peripherals: oversized mouse pads, delicate mugs, Apache APISIX badges, and custom umbrellas.
+Join the Meetup, interact with the instructors, and get a chance to win the latest Apache APISIX gifts: mouse pads, coffee mugs, Apache APISIX badges, and umbrellas.
diff --git a/website/blog/2021/08/23/ApacheCon-Asia-2021.md b/website/blog/2021/08/23/ApacheCon-Asia-2021.md
index 3a88d9a..0b317e1 100644
--- a/website/blog/2021/08/23/ApacheCon-Asia-2021.md
+++ b/website/blog/2021/08/23/ApacheCon-Asia-2021.md
@@ -21,15 +21,15 @@ Shared by: Junxu Chen
Nginx is often the first thing that comes to mind when it comes to limiting speed. However, Nginx is implemented through a configuration file, which requires reloading every time you make a change, making it extremely cumbersome to run and maintain. On the other hand, speed limiting conditions are limited to Nginx variables, making it difficult to achieve fine-grained speed limiting for business purposes. This session will show how to use Apache APISIX to achieve dynamic, fine-grained, a [...]
-[**View Share**](/articles/Speed-Limiting-With-Apache-APISIX)
+[**View**](/articles/Speed-Limiting-With-Apache-APISIX)
## Testing Apache APISIX resilience with Chaos Mesh
-Shared by: Yang Wu Shu
+Shared by: Shuyang Wu
Apache APISIX is one of the leading API gateways OSS. To make sure everything is going as planned, APISIX uses different kinds of tests, including unit, e2e, and fuzzy tests. However, we are still not sure how APISIX will behave when some abnormal but unavoidable circumstances occur, such as network failure, IO stress or Pods failure. So here we use Chaos Mesh, a Kubernetes-based chaos engineering platform that can smoothly inject different kinds of chaos and integrate them into our CI p [...]
-[**View Share**](/articles/Test-Apache-APISIX-Resilience-With-Chaos-Mesh)
+[**View**](/articles/Test-Apache-APISIX-Resilience-With-Chaos-Mesh)
## Authentication and authorization with Apache APISIX
@@ -37,39 +37,39 @@ Shared by: Xinxin Zhu
Authentication and authorization are very essential features in API gateways. This way, services located behind the gateway are protected from unauthorized or malicious access, data leakage, and hacking. Apache APISIX is a dynamic, real-time, high-performance API gateway. And it offers a number of plug-ins, including authentication and authorization like key-auth, Open-ID, wolf-RBAC, etc. This proposal describes how to use APISIX for authentication and authorization.
-[**View Share**](/articles/Using-Apache-APISIX-To-Do-Authentication-and-Authorization)
+[**View**](/articles/Using-Apache-APISIX-To-Do-Authentication-and-Authorization)
-## Relying on the community to get Apache APISIX up to speed
+## Relying on the community to let Apache APISIX grow fast
-Shared by: Wang Yansheng
+Shared by: Yuansheng Wang
In the past year, APISIX has become the most active API gateway project in the world, not only because of its advanced technology, but also because of the highly active community. As of today, there are 225 contributors from all over the world, and the number is still growing rapidly. This session will introduce APISIX's experience in practicing "community over code". As an idealistic startup, how to combine with Apache culture to make the startup grow fast.
-[**View Share**](/articles/Relying-On-The-Community-To-Get-Apache-APISIX-Up-Speed)
+[**View**](/articles/Relying-On-The-Community-To-Get-Apache-APISIX-Up-Speed)
## Apache APISIX from open source project to the road to commercialization
-Shared by: Wen Ming
+Shared by: Ming Wen
Ming Wen, Founder of api7.ai, Chairman of Apache APISIX PMC, and member of Apache Foundation, will speak on "Apache APISIX from Open Source to Commercialization".
-[**View Share**](/articles/Apache-APISIX-From-OpenSource-Commercialization)
+[**View**](/articles/Apache-APISIX-From-OpenSource-Commercialization)
## Using Echarts to render renderings of community events
-Shared by: Sun Yi
+Shared by: Yi Sun
The open source repository was analyzed by 1. contributor growth curve; 2. monthly contributor activity; 3. to reflect the health of the open source project, here we share some experiences and some interesting things about how to make these two graphs.
-[**View Share**](/articles/Rendering-Community-Events-Using-ECharts)
+[**View**](/articles/Rendering-Community-Events-Using-ECharts)
## Running an open source commercialization company according to the Apache Way, does it work
-Shared by: Wen Ming
+Shared by: Ming Wen
The Apache Way is a proven community success for countless open source projects, so does the Apache Way work for open source commercial companies? Does it work in the business world? Through 2 years of operating as an open source commercial company, Tributary Technologies hopes to answer this question with the company's personal experience.
-[**View Share**](/articles/Apache-APISIX-From-OpenSource-Commercialization-by-Apache-Way)
+[**View**](/articles/Apache-APISIX-From-OpenSource-Commercialization-by-Apache-Way)
## The appeal of open source
@@ -77,7 +77,7 @@ Shared by: Ju Zhiyuan
The Apache Software Foundation's top project, Apache APISIX, and its subprojects have merged 250+ PRs in the last 30 days, and the contributor trend is very positive. In addition, the high quality mailing list, active QQ groups and GitHub are attracting a lot of community attention. As the Apache APISIX PMC, what are some of the things Apache APISIX has done to catalyze an active community from my perspective?
-[**View Share**](/articles/The-Appeal-of-OpenSource)
+[**View**](/articles/The-Appeal-of-OpenSource)
## Apache APISIX Application and Practice in Mobile Cloud Object Storage EOS
@@ -85,7 +85,7 @@ Shared by: Yanshan Chen
This talk is about the application and practice of Apache APISIX in China Mobile's public cloud object storage EOS. Firstly, we introduced China Mobile's public cloud construction plan and the evolution of object storage products, then we explained why we chose Apache APISIX as the load balancing gateway, and introduced the three phases of EOS traffic management architecture evolution in detail. At the same time, we also share what practical production problems we have solved based on Ap [...]
-[**View Share**](/articles/Apache-APISIX-in-China-Mobile-Cloud)
+[**View**](/articles/Apache-APISIX-in-China-Mobile-Cloud)
## How to extend Apache APISIX as a service grid side car
@@ -93,28 +93,28 @@ Shared by: Chao Zhang
In this topic, I will introduce the apisix-mesh-agent project, which has some capabilities to extend Apache APISIX as a sidecar program in a service grid scenario, and more importantly, it uses the xDS protocol to get configuration from control planes like Istio, Kuma, etc. After that, I will present future plans and expectations regarding the use of Apache APISIX in service grids.
-[**View Share**](/articles/How-To-Extend-Apache-APISIX-into-a-Service-Mesh-Sidecar)
+[**View**](/articles/How-To-Extend-Apache-APISIX-into-a-Service-Mesh-Sidecar)
## The Evolution of Apache APISIX
-Shared by: Luo Zexuan
+Shared by: Zexuan Luo
In this topic, I will introduce the evolution of Apache APISIX, including: 1. The good decisions we made; 2. The bad decisions we made; 3. Our future plans
-[**View Share**](/articles/The-Evolution-of-Apache-APISIX)
+[**View**](/articles/The-Evolution-of-Apache-APISIX)
## Implementation of Kubernetes Ingress based on Apache APISIX
-Shared by: Jin Wei
+Shared by: Wei Jin
Introducing the advantages of Apache APISIX-based Kubernetes Ingress and the features of Apache APISIX Ingress.
-[**View Share**](/articles/Apache-APISIX-Kubernetes-Ingress)
+[**View**](/articles/Apache-APISIX-Kubernetes-Ingress)
-## Apache APISIX's Incubator Tour
+## Apache APISIX's Incubator Journey
-Shared by: Wen Ming
+Shared by: Ming Wen
The Incubator Journey of Apache APISIX
-[**View Share**](/articles/Apache-APISIX-Incubator-Journey)
+[**View**](/articles/Apache-APISIX-Incubator-Journey)
diff --git a/website/blog/2021/08/24/shanghai-meetup-recap.md b/website/blog/2021/08/24/shanghai-meetup-recap.md
index 0e90272..d063b91 100644
--- a/website/blog/2021/08/24/shanghai-meetup-recap.md
+++ b/website/blog/2021/08/24/shanghai-meetup-recap.md
@@ -13,17 +13,17 @@ tags: [Events]
<! --truncate-->
-Apache APISIX Meetup Shanghai was successfully held last Saturday (August 21) 🎉🎉🎉🎉
+Apache APISIX Meetup Shanghai was successfully held last Saturday (August 21st) 🎉🎉🎉🎉
-The Meetup was initiated by [API7.AI](https://www.apiseven.com/zh), and invited partners such as Akiyon, AirWallex, and other partners to come together with Apache APISIX technical experts, Apache APISIX PMC members, and community technical experts to discuss about The conference was a great opportunity to discuss Apache APISIX community development, industry practices and other topics.
+The Meetup was initiated by [API7.AI](https://www.apiseven.com/zh), and invited partners such as iQiyi, AirWallex, and other partners to come together with Apache APISIX technical experts, Apache APISIX PMC members, and community technical experts to discuss about The conference was a great opportunity to discuss Apache APISIX community development, industry practices and other topics.
Let's take a look back at some of the most memorable talks from the conference!
## Apache APISIX-based Aiki API Gateway Implementation Practice
-**Instructor**: He Cong
+**Instructor**: Cong He
-**Personal Introduction**: Senior R&D Engineer, IIG Infrastructure Department - Compute Cloud, mainly responsible for Aikii Gateway development and operation and maintenance.
+**Personal Introduction**: Senior R&D Engineer, IIG Infrastructure Department - Compute Cloud, mainly responsible for iQiyi Gateway development and operation and maintenance.
**Detail of Topic**: API gateway has become an indispensable part of the microservice architecture. It bears the sole gateway for services to the outside world, but also needs to meet the common functions of many applications. As an online video company, Aikiy has to carry tens of millions of calls every day, and has extremely strict requirements for data security, user request response time, and system stability, so the company needs to build a high-performance, highly available API gat [...]
@@ -43,7 +43,7 @@ Let's take a look back at some of the most memorable talks from the conference!
**Instructor**: Yang Li
-**Personal Introduction**: Head of AirWallex AirCloudHub Technology Platform
+**Personal Introduction**: Head of AirWallex Technology Platform
**Detail of Topic**: Data is everywhere, and massive amounts of data are processed, transmitted, and stored all over the world every moment. However, the world of data is not a place outside the law, the collection and processing of data must comply with the laws of each country. The API gateway has a special position in the enterprise architecture and therefore plays a special role in the data sovereignty scenario.
@@ -51,7 +51,7 @@ Let's take a look back at some of the most memorable talks from the conference!
## The one who travels alone travels fast, the one who travels with many travels far, Apache APISIX is grateful to have you
-**Instructor**: Wang Yansheng
+**Instructor**: Yuansheng Wang
**Personal Introduction**: Co-founder & CTO of API7.AI
diff --git a/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md b/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
index fef0f73..3484e3a 100644
--- a/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
+++ b/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
@@ -70,10 +70,10 @@ An Okta account already exists.
### Step 1: Configure Okta
-Login to your Okta account and create an Okta application, select the OIDC login mode and the Web Application application type.
+1. Login to your Okta account and create an Okta application, select the OIDC login mode and the Web Application application type.
 2.
-Set the login and logout jump URLs.
+2. Set the login and logout jump URLs.
The "Sign-in redirect URIs" are the links that are allowed to be redirected after successful login, and the "Sign-out redirect URIs" are the links that are redirected after logging out. In this example, we set both the sign-in redirect and sign-out redirect URLs to `http://127.0.0.1:9080/`.
3. Click "Save" to save the changes after finishing the settings.
@@ -192,11 +192,11 @@ curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H "X-Api-Key: edd1c9f034335f136f
"openid-connect":{
"client_id":"{YOUR_CLIENT_ID}",
"client_secret":"{YOUR_CLIENT_SECRET}",
- "discovery": "https://{YOUR_ISSUER}/.well known/openid-configuration",
- "scope": "openid profile",
+ "discovery":"https://{YOUR_ISSUER}/.well-known/openid-configuration",
+ "scope":"openid profile",
"bearer_only":false,
- "realm": "master",
- "introspection_endpoint_auth_method": "client_secret_post",
+ "realm":"master",
+ "introspection_endpoint_auth_method":"client_secret_post",
"redirect_uri": "http://127.0.0.1:9080/"
}
},
@@ -220,12 +220,12 @@ curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H "X-Api-Key: edd1c9f034335f136f
3. After successful login, you can successfully access the get page in httpbin.org. The httpbin.org/get page will return the requested data as follows.
```sh
- "X-Access-Token": "******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.*** TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb ***. ****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josf [...]
- "X-Id-Token": "****** aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0Ijox [...]
- "X-Userinfo": "***** lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl ****"
+ "X-Access-Token": "******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb***.****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josfap3 [...]
+ "X-Id-Token": "******aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0IjoxN [...]
+ "X-Userinfo": "*****lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl****"
```
-where.
+In which:
**X-Access-Token**: Apache APISIX puts the access token obtained from the user provider into the X-Access-Token request header, which can be optionally put into the Authorization request header via access_token_in_authorization_header in the plugin configuration.
@@ -249,9 +249,9 @@ Okta is a customizable, secure centralized authentication solution. Okta can add
## About Apache APISIX
-Apache APISIX is a dynamic, real-time, high-performance API gateway that provides load balancing, dynamic upstream, grayscale publishing, service meltdown, authentication, observability, and other rich traffic management features. You can use Apache APISIX for traditional north-south traffic, as well as east-west traffic between services, or as a [Kubernetes Ingress Controller](https://github.com/apache/apisix-ingress-controller) .
+Apache APISIX is a dynamic, real-time, high-performance API gateway that provides load balancing, dynamic upstream, grayscale publishing, service meltdown, authentication, observability, and other rich traffic management features. You can use Apache APISIX for traditional north-south traffic, as well as east-west traffic between services, or as a [Kubernetes Ingress Controller](https://github.com/apache/apisix-ingress-controller).
-Hundreds of enterprises worldwide have used Apache APISIX to handle business-critical traffic, covering finance, Internet, manufacturing, retail, carriers, and more, such as NASA, the EU's Digital Factory, China Airlines, China Mobile, Tencent, Huawei, Weibo, NetEase, Shell Housing, 360, Taikang, Nespresso's Tea, and more.
+Hundreds of enterprises worldwide have used Apache APISIX to handle business-critical traffic, covering finance, Internet, manufacturing, retail, carriers, and more, such as NASA, the EU's Digital Factory, China Airlines, China Mobile, Tencent, Huawei, Sina Weibo, NetEase, Ke, 360, Taikang, Nayuki, and more.
Github: https://github.com/apache/apisix
diff --git a/website/blog/2021/08/30/Ingress-Meeting.md b/website/blog/2021/08/30/Ingress-Meeting.md
index 90293e0..3db0e96 100644
--- a/website/blog/2021/08/30/Ingress-Meeting.md
+++ b/website/blog/2021/08/30/Ingress-Meeting.md
@@ -13,7 +13,7 @@ tags: [Events]
<! --truncate-->
-## Meeting times
+## Meeting Schedule
Every two weeks (Wednesdays) at 2pm, each meeting is about 1 hour.
@@ -33,7 +33,7 @@ You can [this document](https://docs.qq.com/doc/DSEhMeGJ0UXdydFJy) to leave the
- Experiences and pitfalls in using Apache APISIX Ingress Controller by yourself or your team
- Testimonials or complaints about Apache APISIX Ingress Controller
-Of course, you are also very welcome to give your opinions or contribute your ideas to the construction of the Apache APISIX community, if you have suggestions and ideas for the meeting, please feel free to [issue](https://github.com/apache/apisix-ingress-controller/issues/) 614) and reply to it!
+Of course, you are also very welcome to give your opinions or contribute your ideas to the construction of the Apache APISIX community, if you have suggestions and ideas for the meeting, please feel free to [issue](https://github.com/apache/apisix-ingress-controller/issues/614) and reply to it!
We welcome you to join us to discuss the Apache APISIX Ingress solution, and we welcome you to join the community of developers to build a better Apache APISIX Ingress Controller.
diff --git a/website/blog/2021/08/30/weekly-report.md b/website/blog/2021/08/30/weekly-report.md
index 09b6f1c..ae71c7c 100644
--- a/website/blog/2021/08/30/weekly-report.md
+++ b/website/blog/2021/08/30/weekly-report.md
@@ -60,7 +60,7 @@ We've also put together some issues for those new to the community! If you are i
**Link**: [Issue #3931](https://github.com/apache/apisix/issues/3931)
-**Issue Description**: http_to_https in the redirect plugin lacks curl tests, need to add curl tests for http_to_https in the redirect plugin and update the documentation [Apache APISIX redirect plugin](http://apisix.apache.org/docs/ apisix/plugins/redirect).
+**Issue Description**: http_to_https in the redirect plugin lacks curl tests, need to add curl tests for http_to_https in the redirect plugin and update the documentation [Apache APISIX redirect plugin](http://apisix.apache.org/docs/apisix/plugins/redirect).
## Feature highlights of the week
@@ -82,7 +82,7 @@ We've also put together some issues for those new to the community! If you are i
## Recommended blog posts of the week
-- [Centralized Authentication with the OpenID Connect Plugin for Apache APISIX](https://apisix.apache.org/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin- for-Centralized-Authentication/): Apache APISIX is a dynamic, real-time, high-performance API gateway that provides rich traffic management features such as load balancing, dynamic upstream, grayscale publishing, service meltdown, authentication, observability, etc. Apache APISIX not only supports plug-in dynamic changes [...]
+- [Centralized Authentication with the OpenID Connect Plugin for Apache APISIX](https://apisix.apache.org/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication/): Apache APISIX is a dynamic, real-time, high-performance API gateway that provides rich traffic management features such as load balancing, dynamic upstream, grayscale publishing, service meltdown, authentication, observability, etc. Apache APISIX not only supports plug-in dynamic changes a [...]
- Why did APISIX choose the Nginx + Lua technology stack?] (https://apisix.apache.org/blog/2021/08/25/Why-Apache-APISIX-chose-Nginx-and-Lua): Provides the historical background and advantages of the Nginx + Lua technology stack chosen by APISIX, noting that " High performance + flexibility" is what makes APISIX stand out from other gateways.
diff --git "a/website/blog/2021/08/31/Apache APISIX \303\227 KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md" "b/website/blog/2021/08/31/Apache APISIX \303\227 KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
index b8675c1..3c40245 100644
--- "a/website/blog/2021/08/31/Apache APISIX \303\227 KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
+++ "b/website/blog/2021/08/31/Apache APISIX \303\227 KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
@@ -52,8 +52,8 @@ NAMESPACE: apisix
STATUS: deployed
REVISION: 1
TEST SUITE: None
-NOTES. 1:
-Get the application URL by running these commands:
+NOTES.
+1: Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace apisix -o jsonpath="{.spec.ports[0].nodePort}" services apisix-gateway)
export NODE_IP=$(kubectl get nodes --namespace apisix -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
@@ -86,12 +86,12 @@ Just select Services - Stateless Services and create it.
You can see the successful deployment in KubeSphere's Services and Loads interface, or you can check directly in the terminal to see if the deployment has succeeded.
```shell
-➜ ~ kubectl get pods,svc -l app=httpbin
-NAME READY STATUS RESTARTS AGE
-pod/httpbin-v1-7d6dc7d5f-5lcmg 1/1 Running 0 48s
+~ kubectl get pods,svc -l app=httpbin
+NAME READY STATUS RESTARTS AGE
+pod/httpbin-v1-7d6dc7d5f-5lcmg 1/1 Running 0 48s
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-service/httpbin ClusterIP 10.96.0.5 <none> 80/TCP 48s
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+service/httpbin ClusterIP 10.96.0.5 <none> 80/TCP 48s
```
## Using Apache APISIX as a Gateway Proxy
@@ -99,7 +99,7 @@ service/httpbin ClusterIP 10.96.0.5 <none> 80/TCP 48s
We start by demonstrating how to use Apache APISIX as a gateway to proxy services in a Kubernetes cluster.
```shell
-root@apisix:~$ kubectl -n apisix exec -it ``kubectl -n apisix get pods -l app.kubernetes.io/name=apisix -o name` -- bash
+root@apisix:~$ kubectl -n apisix exec -it `kubectl -n apisix get pods -l app.kubernetes.io/name=apisix -o name` -- bash
bash-5.1# curl httpbin.default/get
{
"args": {},
@@ -129,7 +129,7 @@ bash-5.1# curl "http://127.0.0.1:9180/apisix/admin/routes/1" -H "X-API-KEY: edd1
}
}
}'
-{"node":{"key":"\/apisix\/routes\/1", "value":{"host": "httpbin.org", "update_time":1630060883, "uri":"\/*", "create_time":1630060883," priority":0, "upstream":{"type": "roundrobin", "pass_host": "pass", "nodes":{"httpbin.default:80":1}, "hash_on": "vars", "scheme": "http"}, "id": "1", "status":1}}, "action": "set"}
+{"node":{"key":"\/apisix\/routes\/1","value":{"host":"httpbin.org","update_time":1630060883,"uri":"\/*","create_time":1630060883,"priority":0,"upstream":{"type":"roundrobin","pass_host":"pass","nodes":{"httpbin.default:80":1},"hash_on":"vars","scheme":"http"},"id":"1","status":1}},"action":"set"}
```
You'll get output similar to the above, next verify that the proxy is successful:
@@ -152,10 +152,10 @@ bash-5.1# curl http://127.0.0.1:9080/get -H "HOST: httpbin.org"
The above output shows that the traffic of the example project has been proxied through Apache APISIX. Next, let's try to access the sample project outside the cluster via Apache APISIX.
```shell
-root@apisix:~$ kubectl -n apisix get svc -l app.kubernetes.io/name=apisix
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-apisix-admin ClusterIP 10.96.33.97 <none> 9180/TCP 22m
-apisix-gateway NodePort 10.96.126.83 <none> 80:31441/TCP 22m
+root@apisix:~$ kubectl -n apisix get svc -l app.kubernetes.io/name=apisix
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+apisix-admin ClusterIP 10.96.33.97 <none> 9180/TCP 22m
+apisix-gateway NodePort 10.96.126.83 <none> 80:31441/TCP 22m
```
When deployed using Helm chart, the Apache APISIX port is exposed by default as a NodePort. We use the Node IP + NodePort port for access testing.
@@ -194,7 +194,7 @@ After saving, you can see the following screen.
Test if the proxy is successful under the terminal.
```shell
-root@apisix:~$ curl http://172.18.0.5:31441/get -H "HOST: http-ing.org" { "args": {}, "headers": { "Accept": "*/*", "Host": "http-ing.org", "User -Agent": "curl/7.76.1", "X-Forwarded-Host": "http-ing.org" }, "origin": "10.244.2.1", "url": "http://http-ing.org/get"}
+root@apisix:~$ curl http://172.18.0.5:31441/get -H "HOST: http-ing.org" { "args": {}, "headers": { "Accept": "*/*", "Host": "http-ing.org", "User-Agent": "curl/7.76.1", "X-Forwarded-Host": "http-ing.org" }, "origin": "10.244.2.1", "url": "http://http-ing.org/get"}
```
You can see that it is also proxied properly.
diff --git a/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md b/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
index f06a1c1..a0b541f 100644
--- a/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
+++ b/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
@@ -170,7 +170,7 @@ local function init(env)
当然,Apache APISIX 允许用户修改 nginx.conf 模板中的部分数据,具体方法是模仿 conf/config-default.yaml 的语法修改 conf/config.yaml 配置。其实现原理参见 `read_yaml_conf` 函数:
-```conf
+```lua
function _M.read_yaml_conf(apisix_home)
local local_conf_path = profile:yaml_path("config-default")
local default_conf_yaml, err = util.read_file(local_conf_path)
@@ -477,7 +477,7 @@ end
从 nginx.conf 中可以看到,访问任意域名、URI 的请求都会匹配到 `http_access_phase` 这个 lua 函数:
-```conf
+```lua
server {
server_name _;
location / {