You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/12/15 09:20:56 UTC
[GitHub] [apisix] ziyou434 opened a new issue #3054: bug: {"error_msg":"404 Route Not Found"}
ziyou434 opened a new issue #3054:
URL: https://github.com/apache/apisix/issues/3054
### Issue description
Because the security problem about prometheus, I had to upgrade to 2.1 version. #2658
But the terriby mistake occurred.
whatever operators I do , show me {"error_msg":"404 Route Not Found"}
example:
```
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/hmac",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"http://172.xx.xx.xx:8080": 1
}
}
}'
{"error_msg":"404 Route Not Found"}
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
{"error_msg":"404 Route Not Found"}
```
APISIX seems to can't work in any way.
### Environment
* apisix version (cmd: `apisix version`): 2.1
* OS: k8s centos
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745163906
apisix start
sh: lsof: command not found
WARNING: using fixed Admin API token has security risk.
Please modify "admin_key" in conf/config.yaml .
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: still could not bind()
nginx: [emerg] still could not bind()
If admin port have some wrong?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745171792
>
>
> I find I can't ping 127.0.0.1:9080
> ping: 127.0.0.1:9080: Name or service not known
Should not ping with port. The ICMP protocol has its fixed port.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745693961
I have got the reason, open the admin port, the admin api should use http://127.0.0.1:9180/apisix/admin.
I will close the issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745183882
```
# Configuration File - Nginx Server Configs
# This is a read-only file, do not try to modify it.
master_process on;
worker_processes auto;
worker_cpu_affinity auto;
error_log /dev/stdout warn;
pid logs/nginx.pid;
worker_rlimit_nofile 20480;
events {
accept_mutex off;
worker_connections 10620;
}
worker_rlimit_core 16G;
worker_shutdown_timeout 240s;
env APISIX_PROFILE;
# main configuration snippet starts
# main configuration snippet ends
http {
lua_package_path "$prefix/deps/share/lua/5.1/?.lua;$prefix/deps/share/lua/5.1/?/init.lua;/usr/local/apisix/?.lua;/usr/local/apisix/?/init.lua;;/usr/local/apisix/?.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua;";
lua_package_cpath "$prefix/deps/lib64/lua/5.1/?.so;$prefix/deps/lib/lua/5.1/?.so;;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;";
lua_shared_dict plugin-limit-req 10m;
lua_shared_dict plugin-limit-count 10m;
lua_shared_dict prometheus-metrics 10m;
lua_shared_dict plugin-limit-conn 10m;
lua_shared_dict upstream-healthcheck 10m;
lua_shared_dict worker-events 10m;
lua_shared_dict lrucache-lock 10m;
lua_shared_dict skywalking-tracing-buffer 100m;
lua_shared_dict balancer_ewma 10m;
lua_shared_dict balancer_ewma_locks 10m;
lua_shared_dict balancer_ewma_last_touched_at 10m;
lua_shared_dict plugin-limit-count-redis-cluster-slot-lock 1m;
lua_shared_dict tracing_buffer 10m; # plugin: skywalking
lua_shared_dict plugin-api-breaker 10m;
# for openid-connect plugin
lua_shared_dict discovery 1m; # cache for discovery metadata documents
lua_shared_dict jwks 1m; # cache for JWKs
lua_shared_dict introspection 10m; # cache for JWT verification results
# for custom shared dict
# for proxy cache
proxy_cache_path /tmp/disk_cache_one levels=1:2 keys_zone=disk_cache_one:50m inactive=1d max_size=1G use_temp_path=off;
# for proxy cache
map $upstream_cache_zone $upstream_cache_zone_info {
disk_cache_one /tmp/disk_cache_one,1:2;
}
lua_ssl_verify_depth 5;
ssl_session_timeout 86400;
underscores_in_headers on;
lua_socket_log_errors off;
resolver 172.20.0.10 valid=30;
resolver_timeout 5;
lua_http10_buffering off;
lua_regex_match_limit 100000;
lua_regex_cache_max_entries 8192;
log_format main escape=default '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time';
access_log /dev/stdout main buffer=16384 flush=3;
open_file_cache max=1000 inactive=60;
client_max_body_size 0;
keepalive_timeout 60s;
client_header_timeout 60s;
client_body_timeout 60s;
send_timeout 10s;
server_tokens off;
include mime.types;
charset utf-8;
real_ip_header X-Real-IP;
set_real_ip_from 127.0.0.1;
set_real_ip_from unix:;
# http configuration snippet starts
# http configuration snippet ends
upstream apisix_backend {
server 0.0.0.1;
balancer_by_lua_block {
apisix.http_balancer_phase()
}
keepalive 320;
}
init_by_lua_block {
require "resty.core"
apisix = require("apisix")
local dns_resolver = { "172.20.0.10", }
local args = {
dns_resolver = dns_resolver,
}
apisix.http_init(args)
}
init_worker_by_lua_block {
apisix.http_init_worker()
}
server {
listen 9080 reuseport;
listen [::]:9080 reuseport;
# http server configuration snippet starts
# http server configuration snippet ends
set $upstream_scheme 'http';
set $upstream_host $host;
set $upstream_uri '';
location = /apisix/nginx_status {
allow 127.0.0.0/24;
deny all;
access_log off;
stub_status;
}
location /apisix/admin {
allow 0.0.0.0/0;
deny all;
content_by_lua_block {
apisix.http_admin()
}
}
location /apisix/dashboard {
allow 0.0.0.0/0;
deny all;
alias dashboard/;
try_files $uri $uri/index.html /index.html =404;
}
location / {
set $upstream_mirror_host '';
set $upstream_upgrade '';
set $upstream_connection '';
access_by_lua_block {
apisix.http_access_phase()
}
proxy_http_version 1.1;
proxy_set_header Host $upstream_host;
proxy_set_header Upgrade $upstream_upgrade;
proxy_set_header Connection $upstream_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_header Date;
### the following x-forwarded-* headers is to send to upstream server
set $var_x_forwarded_for $remote_addr;
set $var_x_forwarded_proto $scheme;
set $var_x_forwarded_host $host;
set $var_x_forwarded_port $server_port;
if ($http_x_forwarded_for != "") {
set $var_x_forwarded_for "${http_x_forwarded_for}, ${realip_remote_addr}";
}
if ($http_x_forwarded_proto != "") {
set $var_x_forwarded_proto $http_x_forwarded_proto;
}
if ($http_x_forwarded_host != "") {
set $var_x_forwarded_host $http_x_forwarded_host;
}
if ($http_x_forwarded_port != "") {
set $var_x_forwarded_port $http_x_forwarded_port;
}
proxy_set_header X-Forwarded-For $var_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $var_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $var_x_forwarded_host;
proxy_set_header X-Forwarded-Port $var_x_forwarded_port;
### the following configuration is to cache response content from upstream server
set $upstream_cache_zone off;
set $upstream_cache_key '';
set $upstream_cache_bypass '';
set $upstream_no_cache '';
set $upstream_hdr_expires '';
set $upstream_hdr_cache_control '';
proxy_cache $upstream_cache_zone;
proxy_cache_valid any 10s;
proxy_cache_min_uses 1;
proxy_cache_methods GET HEAD;
proxy_cache_lock_timeout 5s;
proxy_cache_use_stale off;
proxy_cache_key $upstream_cache_key;
proxy_no_cache $upstream_no_cache;
proxy_cache_bypass $upstream_cache_bypass;
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
add_header Cache-Control $upstream_hdr_cache_control;
add_header Expires $upstream_hdr_expires;
add_header Apisix-Cache-Status $upstream_cache_status always;
proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
mirror /proxy_mirror;
header_filter_by_lua_block {
apisix.http_header_filter_phase()
}
body_filter_by_lua_block {
apisix.http_body_filter_phase()
}
log_by_lua_block {
apisix.http_log_phase()
}
}
location @grpc_pass {
access_by_lua_block {
apisix.grpc_access_phase()
}
grpc_set_header Content-Type application/grpc;
grpc_socket_keepalive on;
grpc_pass grpc://apisix_backend;
header_filter_by_lua_block {
apisix.http_header_filter_phase()
}
body_filter_by_lua_block {
apisix.http_body_filter_phase()
}
log_by_lua_block {
apisix.http_log_phase()
}
}
location = /proxy_mirror {
internal;
if ($upstream_mirror_host = "") {
return 200;
}
proxy_http_version 1.1;
proxy_set_header Host $upstream_host;
proxy_pass $upstream_mirror_host$request_uri;
}
}
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 removed a comment on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 removed a comment on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745163906
apisix start
sh: lsof: command not found
WARNING: using fixed Admin API token has security risk.
Please modify "admin_key" in conf/config.yaml .
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: bind() to 0.0.0.0:9180 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:9180 failed (98: Address already in use)
2020/12/15 09:23:43 [emerg] 119#119: still could not bind()
nginx: [emerg] still could not bind()
If admin port have some wrong?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745175284
Please provide the `config-default.yaml` and `config.yaml`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745756940
The admin port was changed to 9180. But the change is reverted before 2.1 release.
I tried both the tag and release from https://downloads.apache.org/apisix/2.1/apache-apisix-2.1-src.tgz, the default admin port is 9080. Maybe you are using the wrong commit.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745182112
Still can't reproduce the issue with your configuration. Check the generated conf/nginx.conf? Is the Nginx listening on 9080 is the APISIX you configure?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745172508
> > I find I can't ping 127.0.0.1:9080
> > ping: 127.0.0.1:9080: Name or service not known
>
> Should not ping with port. The ICMP protocol has its fixed port.
then how can I verify admin
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745174910
I find I open the admin port , close it , all right.
Why admin port can't use?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745170317
I find I can't ping 127.0.0.1:9080
ping: 127.0.0.1:9080: Name or service not known
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 closed issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 closed issue #3054:
URL: https://github.com/apache/apisix/issues/3054
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745169717
Can't reproduce at my side:
```
¥ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
quote> {
quote> "uri": "/hmac",
quote> "plugins": {},
quote> "upstream": {
quote> "type": "roundrobin",
quote> "nodes": {
quote> "http://172.xx.xx.xx:8080": 1
quote> }
quote> }
quote> }'
{"node":{"key":"\/apisix\/routes\/1","value":{"priority":0,"plugins":{},"upstream":{"hash_on":"vars","pass_host":"pass","nodes":{"http:\/\/172.xx.xx.xx:8080":1},"type":"roundrobin"},"id":"1","create_time":1608005468,"update_time":1608024826,"uri":"\/hmac"}},"header":{"raft_term":"124","cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"62163"},"action":"set"}
openresty-1.17.8.2 0
¥ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
{"node":{"value":{"priority":0,"plugins":{},"upstream":{"type":"roundrobin","nodes":{"http:\/\/172.xx.xx.xx:8080":1},"hash_on":"vars","pass_host":"pass"},"id":"1","create_time":1608005468,"uri":"\/hmac","update_time":1608024826},"modifiedIndex":62163,"key":"\/apisix\/routes\/1","createdIndex":62001},"count":"1","action":"get","header":{"raft_term":"124","cluster_id":"14841639068965178418","member_id":"10276657743932975437","revision":"62163"}}
```
Do you enable the admin?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] ziyou434 commented on issue #3054: bug: {"error_msg":"404 Route Not Found"}
Posted by GitBox <gi...@apache.org>.
ziyou434 commented on issue #3054:
URL: https://github.com/apache/apisix/issues/3054#issuecomment-745177773
config.yaml
```
apisix:
node_listen: 9080 # APISIX listening port
enable_admin: true
enable_admin_cors: true # Admin API support CORS response headers.
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
#proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
# This port can only receive http request with proxy protocol, but node_listen & port_admin
# can only receive http request. If you enable proxy protocol, you must use this port to
# receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
enable_server_tokens: true # Whether the APISIX version number should be shown in Server header.
# It's enabled by default.
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache, administrator can be specify
# which cache to use by name in the admin api
memory_size: 50m # The size of shared memory, it's used to store the cache index
disk_size: 1G # The size of disk, it's used to store the cache data
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
cache_levels: "1:2" # The hierarchy levels of a cache
# - name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
# - 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
- 0.0.0.0/0
# - "::/64"
# port_admin: 9180 # use a separate port
# https_admin: true # enable HTTPS when use a separate port for Admin API.
# Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate.
admin_api_mtls: # Depends on `port_admin` and `https_admin`.
admin_ssl_cert: "" # Path of your self-signed server side cert.
admin_ssl_cert_key: "" # Path of your self-signed server side key.
admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates.
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
-
name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
delete_uri_tail_slash: false # delete the '/' at the end of the URI
router:
http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)
# radixtree_host_uri: match route by host + uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
# stream_proxy: # TCP/UDP proxy
# tcp: # TCP proxy port list
# - 9100
# - 9101
# udp: # UDP proxy port list
# - 9200
# - 9211
# dns_resolver: # If not set, read from `/etc/resolv.conf`
#
# - 1.1.1.1
#
# - 8.8.8.8
#
dns_resolver_valid: 30 # valid time for dns result 30 seconds
resolver_timeout: 5 # resolver timeout
ssl:
enable: false # ssl is disabled by default
# enable it to use your own cert and key
enable_http2: true
listen_port: 9443
# ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format
# used to verify the certificate when APISIX needs to do SSL/TLS handshaking
# with external services (e.g. etcd)
# ssl_cert: /path/to/ssl_cert
# ssl_cert_key: /path/to/ssl_cert_key
ssl_protocols: "TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_session_tickets: false # disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
# ref: https://github.com/mozilla/server-side-tls/issues/135
key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin ssl key into etcd.
# If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC
# !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
nginx_config: # config for render the template to genarate nginx.conf
error_log: "/dev/stdout"
error_log_level: "warn" # warn,error
worker_processes: auto # one worker will get best performance, you can use "auto", but remember it is just work well only on physical machine
# no more than 8 workers, otherwise competition between workers will consume a lot of resources
# if you want use multiple cores in container, you can inject the number of cpu as environment variable "APISIX_WORKER_PROCESSES"
enable_cpu_affinity: true # enbale cpu affinity, this is just work well only on physical machine
worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections
worker_shutdown_timeout: 240s # timeout for a graceful shutdown of worker processes
event:
worker_connections: 10620
#envs: # allow to get a list of environment variables
# - TEST_ENV
http:
access_log: "/dev/stdout"
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time"
access_log_format_escape: default # allows setting json or default characters escaping in variables
keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
client_max_body_size: 0 # The maximum allowed size of the client request body.
# If exceeded, the 413 (Request Entity Too Large) error is returned to the client.
# Note that unlike Nginx, we don't limit the body size by default.
send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores in client request header fields
real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size`
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://172.20.39.61:2379" # multiple etcd address, if your etcd cluster enables TLS, please use https scheme,
# e.g. "https://127.0.0.1:2379".
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
# user: root # root username for etcd
# password: 5tHkHhYkjr6cQY # root password for etcd
tls:
verify: true # whether to verify the etcd endpoint certificate when setup a TLS connection to etcd,
# the default value is true, e.g. the certificate will be verified strictly.
# discovery: # service discovery center
# eureka:
# host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster.
# - "http://127.0.0.1:8761"
# prefix: "/eureka/"
# fetch_interval: 30 # default 30s
# weight: 100 # default weight for node
# timeout:
# connect: 2000 # default 2000ms
# send: 2000 # default 2000ms
# read: 5000 # default 5000ms
plugins: # plugin list
- limit-req
- limit-count
- limit-conn
- key-auth
- basic-auth
- prometheus
- node-status
- jwt-auth
- zipkin
- ip-restriction
- referer-restriction
- grpc-transcode
- serverless-pre-function
- serverless-post-function
- openid-connect
- proxy-rewrite
- redirect
- response-rewrite
- fault-injection
- udp-logger
- wolf-rbac
- tcp-logger
- kafka-logger
- cors
- consumer-restriction
- syslog
- batch-requests
- http-logger
- echo
- authz-keycloak
- uri-blocker
- request-validation
- proxy-cache
- proxy-mirror
- request-id
- hmac-auth
stream_plugins:
- mqtt-proxy
plugin_attr:
log-rotate:
interval: 3600 # rotate interval (unit: second)
max_kept: 168 # max number of log files will be kept
skywalking:
service_name: APISIX
service_instance_name: "APISIX Instance Name"
endpoint_addr: http://127.0.0.1:12800
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org