You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apisix.apache.org by Ming Wen <we...@apache.org> on 2020/12/01 02:41:54 UTC
Re: Proposal: reorganize config file
Hi Jan,
Apache APISIX supports nginx configuration snippet[1], is this can reslove
your problem?
[1] https://github.com/apache/apisix/pull/2803
Thanks,
Ming Wen, Apache APISIX PMC Chair
Twitter: _WenMing
Jan Li <ja...@airwallex.com> 于2020年11月30日周一 下午7:41写道:
> No, it should not make config.yaml too complicated. And please consider
> what it brings to us, it enables us to use apisix dynamic features along
> with any flavor of nginx configurations.
>
>
> The "server" concept is from nginx, with which people from this community
> are familiar.
>
> A sample config file after this feature looks like this:
>
> apisix:
> node_listen: 80
> ssl_listen: 443
> ...
> server:
> proxy_protocol_listen: 8080
> proxy_protocol_ssl_listen: 8443
> real_ip_header: proxy_protocol # we only override this property
> since for all others we don't need to change for the proxy protocol server
>
>
>
> On Wed, Nov 25, 2020 at 1:19 PM YuanSheng Wang <me...@apache.org>
> wrote:
>
> > On Tue, Nov 24, 2020 at 7:20 PM Jan Li <ja...@airwallex.com> wrote:
> >
> > > For example,
> > >
> > > You want apisix to listen on 4 ports:
> > >
> > > - 80 for http
> > > - 443 for https
> > > - 8080 for http with proxy protocol
> > > - 8443 for https with proxy protocol
> > >
> >
> > Supporting this configuration method seems to make the file `
> > conf/config.yaml` more complicated.
> >
> > It is not easy to support this feature now.
> >
> >
> > >
> > > And on 80 and 443 you want to configure real_ip_header with
> > > "x-forwarded-for",
> > > while for 8080 and 8443 you want to configure real_ip_header with
> > > "proxy_protocol".
> > >
> > > Under the current apisix configuration structure, 4 ports are all under
> > the
> > > same nginx server.
> > > And you cannot configure multiple real_ip_headers under the same
> server.
> > > Although you can configure real_ip_header in the context of location,
> but
> > > since in this scenario
> > > the real_ip_header should only be bound to the listening port.
> > >
> > > On Tue, Nov 24, 2020 at 6:14 PM YuanSheng Wang <me...@apache.org>
> > > wrote:
> > >
> > > > @Jan Li
> > > >
> > > > Can you provide some examples? I think the community needs them for
> > > > understanding.
> > > >
> > > >
> > > > On Tue, Nov 24, 2020 at 2:03 PM Jan Li <ja...@airwallex.com> wrote:
> > > >
> > > > > Hi community,
> > > > >
> > > > > APISIX is using config file and apisix bin file to generate
> > nginx
> > > > > config file.
> > > > >
> > > > > This provides APISIX the capability of overriding nginx's
> > default
> > > > > configurations, but also introduces some problems:
> > > > >
> > > > > 1. There is only one nginx server which supports the dynamic
> > > features
> > > > of
> > > > > APISIX.
> > > > > 2. Due to point 1, all listening ports are configured in the
> only
> > > > > server.
> > > > > 3. As a consequence of this setting, some features from nginx
> can
> > be
> > > > > difficult to support in APISIX. For example,
> > > > > 1. Configuring mTLS is easy in nginx
> > > > > 1. It's easy to configure a new server in apisix bin
> > > > > 2. The new server will lose all the dynamic features of
> > > APISIX.
> > > > > 2. Using proxy protocol and real ip module along with normal
> > > > requests
> > > > > with a different real ip header
> > > > > 1. If we use proxy protocol, normally the real ip header
> > will
> > > be
> > > > > configured proxy_protocol
> > > > > 2. The normal requests normally use x-forwarded-for or
> > > x-real-ip
> > > > > as real ip header
> > > > > 3. It's impossible to configure both x-forwarded-for and
> > > > > proxy_protocol in apisix
> > > > >
> > > > > So I want to propose:
> > > > >
> > > > > 1. Introduce a new kind of configuration in config.yaml:
> "server"
> > > > under
> > > > > "apisix".
> > > > > 1. "server" is almost the same as nginx's server.
> > > > > 2. If a server is configured a port is necessary, no matter
> if
> > > it's
> > > > > http, https or proxy protocol http...
> > > > > 3. "location" should not be included here since being dynamic
> > > often
> > > > > means dynamic to locations.
> > > > > 2. All configurations configured directly under "apisix" are
> > global
> > > > > configurations which will apply to all servers.
> > > > > 3. All configurations can be overridden inside the server, the
> > > > > configuration is the same as under "apisix".
> > > > >
> > > > > With this, we can better embrace the features from both
> apisix
> > > and
> > > > > nginx.
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > *MembPhis*
> > > > My GitHub: https://github.com/membphis
> > > > Apache APISIX: https://github.com/apache/apisix
> > > >
> > >
> >
> >
> > --
> >
> > *MembPhis*
> > My GitHub: https://github.com/membphis
> > Apache APISIX: https://github.com/apache/apisix
> >
>
Re: Proposal: reorganize config file
Posted by 王三 <tz...@gmail.com>.
just like the include directive in nginx.conf
Jan Li <ja...@airwallex.com> 于2020年12月1日周二 上午11:36写道:
> Hi Ming,
>
> From my understanding the answer is no.
> Supporting nginx configuration snippets is adding custom stuff to the
> existing structure.
> The problem I mentioned is not that we cannot add custom stuff to the
> nginx.conf.
> The problem is that we cannot configure apisix to listen on ports
> with different configurations.
>
> For example, we want to configure this:
> 80 http
> 443 https
> 8080 http with proxy protocol # for this we need to use a different
> real_ip_header
> 8443 https with proxy protocol # for this we need to use a different
> real_ip_header
> 9443 https with mtls
>
> On Tue, Dec 1, 2020 at 10:42 AM Ming Wen <we...@apache.org> wrote:
>
> > Hi Jan,
> > Apache APISIX supports nginx configuration snippet[1], is this can
> reslove
> > your problem?
> >
> > [1] https://github.com/apache/apisix/pull/2803
> >
> > Thanks,
> > Ming Wen, Apache APISIX PMC Chair
> > Twitter: _WenMing
> >
> >
> > Jan Li <ja...@airwallex.com> 于2020年11月30日周一 下午7:41写道:
> >
> > > No, it should not make config.yaml too complicated. And please consider
> > > what it brings to us, it enables us to use apisix dynamic features
> along
> > > with any flavor of nginx configurations.
> > >
> > >
> > > The "server" concept is from nginx, with which people from this
> community
> > > are familiar.
> > >
> > > A sample config file after this feature looks like this:
> > >
> > > apisix:
> > > node_listen: 80
> > > ssl_listen: 443
> > > ...
> > > server:
> > > proxy_protocol_listen: 8080
> > > proxy_protocol_ssl_listen: 8443
> > > real_ip_header: proxy_protocol # we only override this property
> > > since for all others we don't need to change for the proxy protocol
> > server
> > >
> > >
> > >
> > > On Wed, Nov 25, 2020 at 1:19 PM YuanSheng Wang <me...@apache.org>
> > > wrote:
> > >
> > > > On Tue, Nov 24, 2020 at 7:20 PM Jan Li <ja...@airwallex.com> wrote:
> > > >
> > > > > For example,
> > > > >
> > > > > You want apisix to listen on 4 ports:
> > > > >
> > > > > - 80 for http
> > > > > - 443 for https
> > > > > - 8080 for http with proxy protocol
> > > > > - 8443 for https with proxy protocol
> > > > >
> > > >
> > > > Supporting this configuration method seems to make the file `
> > > > conf/config.yaml` more complicated.
> > > >
> > > > It is not easy to support this feature now.
> > > >
> > > >
> > > > >
> > > > > And on 80 and 443 you want to configure real_ip_header with
> > > > > "x-forwarded-for",
> > > > > while for 8080 and 8443 you want to configure real_ip_header with
> > > > > "proxy_protocol".
> > > > >
> > > > > Under the current apisix configuration structure, 4 ports are all
> > under
> > > > the
> > > > > same nginx server.
> > > > > And you cannot configure multiple real_ip_headers under the same
> > > server.
> > > > > Although you can configure real_ip_header in the context of
> location,
> > > but
> > > > > since in this scenario
> > > > > the real_ip_header should only be bound to the listening port.
> > > > >
> > > > > On Tue, Nov 24, 2020 at 6:14 PM YuanSheng Wang <
> membphis@apache.org>
> > > > > wrote:
> > > > >
> > > > > > @Jan Li
> > > > > >
> > > > > > Can you provide some examples? I think the community needs them
> for
> > > > > > understanding.
> > > > > >
> > > > > >
> > > > > > On Tue, Nov 24, 2020 at 2:03 PM Jan Li <ja...@airwallex.com>
> > wrote:
> > > > > >
> > > > > > > Hi community,
> > > > > > >
> > > > > > > APISIX is using config file and apisix bin file to
> generate
> > > > nginx
> > > > > > > config file.
> > > > > > >
> > > > > > > This provides APISIX the capability of overriding nginx's
> > > > default
> > > > > > > configurations, but also introduces some problems:
> > > > > > >
> > > > > > > 1. There is only one nginx server which supports the dynamic
> > > > > features
> > > > > > of
> > > > > > > APISIX.
> > > > > > > 2. Due to point 1, all listening ports are configured in the
> > > only
> > > > > > > server.
> > > > > > > 3. As a consequence of this setting, some features from
> nginx
> > > can
> > > > be
> > > > > > > difficult to support in APISIX. For example,
> > > > > > > 1. Configuring mTLS is easy in nginx
> > > > > > > 1. It's easy to configure a new server in apisix bin
> > > > > > > 2. The new server will lose all the dynamic features
> of
> > > > > APISIX.
> > > > > > > 2. Using proxy protocol and real ip module along with
> > normal
> > > > > > requests
> > > > > > > with a different real ip header
> > > > > > > 1. If we use proxy protocol, normally the real ip
> header
> > > > will
> > > > > be
> > > > > > > configured proxy_protocol
> > > > > > > 2. The normal requests normally use x-forwarded-for or
> > > > > x-real-ip
> > > > > > > as real ip header
> > > > > > > 3. It's impossible to configure both x-forwarded-for
> and
> > > > > > > proxy_protocol in apisix
> > > > > > >
> > > > > > > So I want to propose:
> > > > > > >
> > > > > > > 1. Introduce a new kind of configuration in config.yaml:
> > > "server"
> > > > > > under
> > > > > > > "apisix".
> > > > > > > 1. "server" is almost the same as nginx's server.
> > > > > > > 2. If a server is configured a port is necessary, no
> matter
> > > if
> > > > > it's
> > > > > > > http, https or proxy protocol http...
> > > > > > > 3. "location" should not be included here since being
> > dynamic
> > > > > often
> > > > > > > means dynamic to locations.
> > > > > > > 2. All configurations configured directly under "apisix" are
> > > > global
> > > > > > > configurations which will apply to all servers.
> > > > > > > 3. All configurations can be overridden inside the server,
> the
> > > > > > > configuration is the same as under "apisix".
> > > > > > >
> > > > > > > With this, we can better embrace the features from both
> > > apisix
> > > > > and
> > > > > > > nginx.
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > *MembPhis*
> > > > > > My GitHub: https://github.com/membphis
> > > > > > Apache APISIX: https://github.com/apache/apisix
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > *MembPhis*
> > > > My GitHub: https://github.com/membphis
> > > > Apache APISIX: https://github.com/apache/apisix
> > > >
> > >
> >
>
Re: Proposal: reorganize config file
Posted by Jan Li <ja...@airwallex.com>.
Hi Ming,
From my understanding the answer is no.
Supporting nginx configuration snippets is adding custom stuff to the
existing structure.
The problem I mentioned is not that we cannot add custom stuff to the
nginx.conf.
The problem is that we cannot configure apisix to listen on ports
with different configurations.
For example, we want to configure this:
80 http
443 https
8080 http with proxy protocol # for this we need to use a different
real_ip_header
8443 https with proxy protocol # for this we need to use a different
real_ip_header
9443 https with mtls
On Tue, Dec 1, 2020 at 10:42 AM Ming Wen <we...@apache.org> wrote:
> Hi Jan,
> Apache APISIX supports nginx configuration snippet[1], is this can reslove
> your problem?
>
> [1] https://github.com/apache/apisix/pull/2803
>
> Thanks,
> Ming Wen, Apache APISIX PMC Chair
> Twitter: _WenMing
>
>
> Jan Li <ja...@airwallex.com> 于2020年11月30日周一 下午7:41写道:
>
> > No, it should not make config.yaml too complicated. And please consider
> > what it brings to us, it enables us to use apisix dynamic features along
> > with any flavor of nginx configurations.
> >
> >
> > The "server" concept is from nginx, with which people from this community
> > are familiar.
> >
> > A sample config file after this feature looks like this:
> >
> > apisix:
> > node_listen: 80
> > ssl_listen: 443
> > ...
> > server:
> > proxy_protocol_listen: 8080
> > proxy_protocol_ssl_listen: 8443
> > real_ip_header: proxy_protocol # we only override this property
> > since for all others we don't need to change for the proxy protocol
> server
> >
> >
> >
> > On Wed, Nov 25, 2020 at 1:19 PM YuanSheng Wang <me...@apache.org>
> > wrote:
> >
> > > On Tue, Nov 24, 2020 at 7:20 PM Jan Li <ja...@airwallex.com> wrote:
> > >
> > > > For example,
> > > >
> > > > You want apisix to listen on 4 ports:
> > > >
> > > > - 80 for http
> > > > - 443 for https
> > > > - 8080 for http with proxy protocol
> > > > - 8443 for https with proxy protocol
> > > >
> > >
> > > Supporting this configuration method seems to make the file `
> > > conf/config.yaml` more complicated.
> > >
> > > It is not easy to support this feature now.
> > >
> > >
> > > >
> > > > And on 80 and 443 you want to configure real_ip_header with
> > > > "x-forwarded-for",
> > > > while for 8080 and 8443 you want to configure real_ip_header with
> > > > "proxy_protocol".
> > > >
> > > > Under the current apisix configuration structure, 4 ports are all
> under
> > > the
> > > > same nginx server.
> > > > And you cannot configure multiple real_ip_headers under the same
> > server.
> > > > Although you can configure real_ip_header in the context of location,
> > but
> > > > since in this scenario
> > > > the real_ip_header should only be bound to the listening port.
> > > >
> > > > On Tue, Nov 24, 2020 at 6:14 PM YuanSheng Wang <me...@apache.org>
> > > > wrote:
> > > >
> > > > > @Jan Li
> > > > >
> > > > > Can you provide some examples? I think the community needs them for
> > > > > understanding.
> > > > >
> > > > >
> > > > > On Tue, Nov 24, 2020 at 2:03 PM Jan Li <ja...@airwallex.com>
> wrote:
> > > > >
> > > > > > Hi community,
> > > > > >
> > > > > > APISIX is using config file and apisix bin file to generate
> > > nginx
> > > > > > config file.
> > > > > >
> > > > > > This provides APISIX the capability of overriding nginx's
> > > default
> > > > > > configurations, but also introduces some problems:
> > > > > >
> > > > > > 1. There is only one nginx server which supports the dynamic
> > > > features
> > > > > of
> > > > > > APISIX.
> > > > > > 2. Due to point 1, all listening ports are configured in the
> > only
> > > > > > server.
> > > > > > 3. As a consequence of this setting, some features from nginx
> > can
> > > be
> > > > > > difficult to support in APISIX. For example,
> > > > > > 1. Configuring mTLS is easy in nginx
> > > > > > 1. It's easy to configure a new server in apisix bin
> > > > > > 2. The new server will lose all the dynamic features of
> > > > APISIX.
> > > > > > 2. Using proxy protocol and real ip module along with
> normal
> > > > > requests
> > > > > > with a different real ip header
> > > > > > 1. If we use proxy protocol, normally the real ip header
> > > will
> > > > be
> > > > > > configured proxy_protocol
> > > > > > 2. The normal requests normally use x-forwarded-for or
> > > > x-real-ip
> > > > > > as real ip header
> > > > > > 3. It's impossible to configure both x-forwarded-for and
> > > > > > proxy_protocol in apisix
> > > > > >
> > > > > > So I want to propose:
> > > > > >
> > > > > > 1. Introduce a new kind of configuration in config.yaml:
> > "server"
> > > > > under
> > > > > > "apisix".
> > > > > > 1. "server" is almost the same as nginx's server.
> > > > > > 2. If a server is configured a port is necessary, no matter
> > if
> > > > it's
> > > > > > http, https or proxy protocol http...
> > > > > > 3. "location" should not be included here since being
> dynamic
> > > > often
> > > > > > means dynamic to locations.
> > > > > > 2. All configurations configured directly under "apisix" are
> > > global
> > > > > > configurations which will apply to all servers.
> > > > > > 3. All configurations can be overridden inside the server, the
> > > > > > configuration is the same as under "apisix".
> > > > > >
> > > > > > With this, we can better embrace the features from both
> > apisix
> > > > and
> > > > > > nginx.
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > *MembPhis*
> > > > > My GitHub: https://github.com/membphis
> > > > > Apache APISIX: https://github.com/apache/apisix
> > > > >
> > > >
> > >
> > >
> > > --
> > >
> > > *MembPhis*
> > > My GitHub: https://github.com/membphis
> > > Apache APISIX: https://github.com/apache/apisix
> > >
> >
>