You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/05/29 05:18:12 UTC
[GitHub] [incubator-apisix] zhaosuqi opened a new issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
zhaosuqi opened a new issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626
点击左侧所有菜单界面可以显示,但是报403错误,nginx日志错误信息如下:
172.16.56.54 - - [29/May/2020:04:34:33 +0000] 11.11.3.36:9080 "GET /apisix/admin/services HTTP/1.1" 403 552 0.000 "http://11.11.3.36:9080/apisix/dashboard" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Edg/83.0.478.37" - - -
config.yaml
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true # Admin API support CORS response headers.
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml`
#proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin.
# This port can only receive http request with proxy protocol, but node_listen & port_admin
# can only receive http request. If you enable proxy protocol, you must use this port to
# receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache, administrator can be specify
# which cache to use by name in the admin api
memory_size: 50m # The size of shared memory, it's used to store the cache index
disk_size: 1G # The size of disk, it's used to store the cache data
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
cache_levels: "1:2" # The hierarchy levels of a cache
# - name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # If we don't set any IP list, then any IP access is allowed by default.
# - "::/64"
# port_admin: 9180 # use a separate port
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
-
name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
router:
http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree)
# radixtree_host_uri: match route by host + uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree)
# stream_proxy: # TCP/UDP proxy
# tcp: # TCP proxy port list
# - 9100
# - 9101
# udp: # UDP proxy port list
# - 9200
# - 9211
# dns_resolver: # If not set, read from `/etc/resolv.conf`
# - 1.1.1.1
# - 8.8.8.8
dns_resolver_valid: 30 # valid time for dns result 30 seconds
resolver_timeout: 5 # resolver timeout
ssl:
enable: true
enable_http2: true
listen_port: 9443
ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
nginx_config: # config for render the template to genarate nginx.conf
error_log: "logs/error.log"
error_log_level: "warn" # warn,error
worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections
event:
worker_connections: 10620
http:
access_log: "logs/access.log"
keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores in client request header fields
real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size`
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://127.0.0.1:2379" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 3 # 3 seconds
plugins: # plugin list
- example-plugin
- limit-req
- limit-count
- limit-conn
- key-auth
- basic-auth
- prometheus
- node-status
- jwt-auth
- zipkin
- ip-restriction
- grpc-transcode
- serverless-pre-function
- serverless-post-function
- openid-connect
- proxy-rewrite
- redirect
- response-rewrite
- fault-injection
- udp-logger
- wolf-rbac
- proxy-cache
- tcp-logger
- proxy-mirror
- kafka-logger
- cors
- syslog
- batch-requests
stream_plugins:
- mqtt-proxy
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] houshunwei removed a comment on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
houshunwei removed a comment on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635819232
> > 但是我遇到另外的问题,请求admin不通,报 no route to host:
> > [root@e55e6d0dc93b apisix]# curl "http://127.0.0.1:9080/apisix/admin/services/" -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
> > {"error_msg":"no route to host"}
>
> Have you enabled a separate port for admin api?
>
> https://github.com/apache/incubator-apisix/blob/master/conf/config.yaml#L56
我搞通了。
原因比较傻:我本地无法访问etcd的镜像()。所以我改成了bitnami的etcd镜像,这个镜像需要对应修改yaml文件。
这样改就可以了:
` etcd:
# if you are in the mainland China, please use Azure China mirror:
#image: gcr.azk8s.cn/etcd-development/etcd:v3.3.12
image: bitnami/etcd:3.3.15
#image: gcr.io/etcd-development/etcd:v3.3.12
#command: /usr/local/bin/etcd --advertise-client-urls http://0.0.0.0:2379 --listen-client-urls http://0.0.0.0:2379
restart: always
volumes:
- ./etcd_data:/etcd_data
- ./etcd_conf/etcd.conf.yml:/opt/bitnami/etcd/conf/etcd.conf.yml
environment:
ETCD_DATA_DIR: /etcd_data
ALLOW_NONE_AUTHENTICATION: 'yes'
ports:
- "2379:2379/tcp"
- "2380:2380/tcp"
networks:
apisix:
ipv4_address: 172.18.5.10`
相关日志:
docker pull gcr.azk8s.cn/etcd-development/etcd:v3.3.12
Error response from daemon: error parsing HTTP 403 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx/1.14.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n"`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] houshunwei commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
houshunwei commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635802904
我用的1.2镜像,存在同样问题。
跟着下面的教程做的:
https://github.com/apache/incubator-apisix/blob/master/doc/getting-started-cn.md
403的问题,我已经解决了,需要设置 allow_admin: 中请求端的ip(比如我的宿主机ip 172.18.0.1/24)。
但是我遇到另外的问题,请求admin不通,报 no route to host:
[root@e55e6d0dc93b apisix]# curl "http://127.0.0.1:9080/apisix/admin/services/" -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
{"error_msg":"no route to host"}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] houshunwei commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
houshunwei commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635819232
> > 但是我遇到另外的问题,请求admin不通,报 no route to host:
> > [root@e55e6d0dc93b apisix]# curl "http://127.0.0.1:9080/apisix/admin/services/" -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
> > {"error_msg":"no route to host"}
>
> Have you enabled a separate port for admin api?
>
> https://github.com/apache/incubator-apisix/blob/master/conf/config.yaml#L56
我搞通了。
原因比较傻:我本地无法访问etcd的镜像()。所以我改成了bitnami的etcd镜像,这个镜像需要对应修改yaml文件。
这样改就可以了:
` etcd:
# if you are in the mainland China, please use Azure China mirror:
#image: gcr.azk8s.cn/etcd-development/etcd:v3.3.12
image: bitnami/etcd:3.3.15
#image: gcr.io/etcd-development/etcd:v3.3.12
#command: /usr/local/bin/etcd --advertise-client-urls http://0.0.0.0:2379 --listen-client-urls http://0.0.0.0:2379
restart: always
volumes:
- ./etcd_data:/etcd_data
- ./etcd_conf/etcd.conf.yml:/opt/bitnami/etcd/conf/etcd.conf.yml
environment:
ETCD_DATA_DIR: /etcd_data
ALLOW_NONE_AUTHENTICATION: 'yes'
ports:
- "2379:2379/tcp"
- "2380:2380/tcp"
networks:
apisix:
ipv4_address: 172.18.5.10`
相关日志:
docker pull gcr.azk8s.cn/etcd-development/etcd:v3.3.12
Error response from daemon: error parsing HTTP 403 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx/1.14.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n"`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] zhaosuqi commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
zhaosuqi commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635874879
我要关闭了,问题自己康复了,我下午再看就不报错了,什么都没改,后续部署再看看会不会再次出现
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] houshunwei commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
houshunwei commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635820222
> > 但是我遇到另外的问题,请求admin不通,报 no route to host:
> > [root@e55e6d0dc93b apisix]# curl "http://127.0.0.1:9080/apisix/admin/services/" -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
> > {"error_msg":"no route to host"}
>
> Have you enabled a separate port for admin api?
>
> https://github.com/apache/incubator-apisix/blob/master/conf/config.yaml#L56
我搞通了。
原因比较傻:我本地无法访问etcd的镜像()。所以我改成了bitnami的etcd镜像,这个镜像需要对应修改yaml文件。
这样改就可以了:
> etcd:
# if you are in the mainland China, please use Azure China mirror:
#image: gcr.azk8s.cn/etcd-development/etcd:v3.3.12
image: bitnami/etcd:3.3.15
#image: gcr.io/etcd-development/etcd:v3.3.12
#command: /usr/local/bin/etcd --advertise-client-urls http://0.0.0.0:2379 --listen-client-urls http://0.0.0.0:2379
restart: always
volumes:
- ./etcd_data:/etcd_data
- ./etcd_conf/etcd.conf.yml:/opt/bitnami/etcd/conf/etcd.conf.yml
environment:
ETCD_DATA_DIR: /etcd_data
ALLOW_NONE_AUTHENTICATION: 'yes'
ports:
- "2379:2379/tcp"
- "2380:2380/tcp"
networks:
apisix:
ipv4_address: 172.18.5.10
之前获取镜像失败的日志:
> docker pull gcr.azk8s.cn/etcd-development/etcd:v3.3.12
Error response from daemon: error parsing HTTP 403 response body: invalid character '<' looking for beginning of value: "\r\n<title>403 Forbidden</title>\r\n<body bgcolor="white">
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] jevic edited a comment on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
jevic edited a comment on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635801207
> 配置文件贴进来就长这样,第一次提问,不好意思
你可以尝试改成这样看看:
```
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
- 192.168.0.0/16
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635806986
> 但是我遇到另外的问题,请求admin不通,报 no route to host:
> [root@e55e6d0dc93b apisix]# curl "http://127.0.0.1:9080/apisix/admin/services/" -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'
> {"error_msg":"no route to host"}
Have you enabled a separate port for admin api?
https://github.com/apache/incubator-apisix/blob/master/conf/config.yaml#L56
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] jevic commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
jevic commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635782644
你这样的提问方式 是认真的嘛?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] jevic commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
jevic commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635801207
你可以尝试改成这样看看:
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
- 192.168.0.0/16
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635805852
@zhaosuqi I make a test right now, your `config.yaml` is invalid.
when I try to call `make init`, I got an error message like this:
```
$ make init
./bin/apisix init
lua: /home/resty/git/membphis/apisix/deps/share/lua/5.1/tinyyaml.lua:40: bad argument #1 to 'ssub' (string expected, got table)
stack traceback:
[C]: in function 'string.sub'
/home/resty/git/membphis/apisix/deps/share/lua/5.1/tinyyaml.lua:40: in upvalue 'startswith'
/home/resty/git/membphis/apisix/deps/share/lua/5.1/tinyyaml.lua:468: in upvalue 'parseseq'
/home/resty/git/membphis/apisix/deps/share/lua/5.1/tinyyaml.lua:661: in upvalue 'parsemap'
/home/resty/git/membphis/apisix/deps/share/lua/5.1/tinyyaml.lua:721: in upvalue 'parsedocuments'
/home/resty/git/membphis/apisix/deps/share/lua/5.1/tinyyaml.lua:746: in function 'tinyyaml.parse'
(...tail calls...)
./bin/apisix:649: in field '?'
./bin/apisix:865: in main chunk
[C]: in ?
make: *** [Makefile:75: init] Error 1
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] jevic edited a comment on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
jevic edited a comment on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635801207
> 配置文件贴进来就长这样,第一次提问,不好意思
你可以尝试改成这样看看:
```
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default.
- 192.168.0.0/16
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] zhaosuqi commented on issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
zhaosuqi commented on issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626#issuecomment-635789853
配置文件贴进来就长这样,第一次提问,不好意思
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] zhaosuqi closed issue #1626: 修改config.yaml中admin的允许ip后可以进入dashboard,进入后菜单报错
Posted by GitBox <gi...@apache.org>.
zhaosuqi closed issue #1626:
URL: https://github.com/apache/incubator-apisix/issues/1626
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org