You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/08/22 01:33:44 UTC
[apisix] branch master updated: change: drop support for enable_http2 and listen_port in apisix.ssl (#7717)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 167b65562 change: drop support for enable_http2 and listen_port in apisix.ssl (#7717)
167b65562 is described below
commit 167b655620b20c025cc156e30a31d21c9bd893a8
Author: tzssangglass <tz...@gmail.com>
AuthorDate: Mon Aug 22 09:33:37 2022 +0800
change: drop support for enable_http2 and listen_port in apisix.ssl (#7717)
---
apisix/cli/file.lua | 4 ---
apisix/cli/ngx_tpl.lua | 2 +-
apisix/cli/ops.lua | 52 +++++++++++++-------------------------
apisix/cli/schema.lua | 19 ++++++++++++++
apisix/plugins/redirect.lua | 5 ----
conf/config-default.yaml | 7 ++---
docs/en/latest/FAQ.md | 11 ++++----
docs/en/latest/plugins/redirect.md | 2 +-
docs/zh/latest/FAQ.md | 11 ++++----
docs/zh/latest/plugins/redirect.md | 2 +-
t/cli/test_main.sh | 13 ++++++----
t/plugin/redirect.t | 5 ++--
12 files changed, 64 insertions(+), 69 deletions(-)
diff --git a/apisix/cli/file.lua b/apisix/cli/file.lua
index 85207233b..dae9504dc 100644
--- a/apisix/cli/file.lua
+++ b/apisix/cli/file.lua
@@ -133,10 +133,6 @@ local function path_is_multi_type(path, type_val)
return true
end
- if path == "apisix->ssl->listen_port" and type_val == "number" then
- return true
- end
-
return false
end
diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua
index 56f1d497a..295b7cf09 100644
--- a/apisix/cli/ngx_tpl.lua
+++ b/apisix/cli/ngx_tpl.lua
@@ -583,7 +583,7 @@ http {
listen {* proxy_protocol.listen_http_port *} default_server proxy_protocol;
{% end %}
{% if proxy_protocol and proxy_protocol.listen_https_port then %}
- listen {* proxy_protocol.listen_https_port *} ssl default_server {% if ssl.enable_http2 then %} http2 {% end %} proxy_protocol;
+ listen {* proxy_protocol.listen_https_port *} ssl default_server proxy_protocol;
{% end %}
server_name _;
diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index 0fb2d083b..0fe8c8875 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -425,46 +425,28 @@ Please modify "admin_key" in conf/config.yaml .
local ssl_listen = {}
-- listen in https, support multiple ports, support specific IP
for _, value in ipairs(yaml_conf.apisix.ssl.listen) do
- if type(value) == "number" then
- listen_table_insert(ssl_listen, "https", "0.0.0.0", value,
- yaml_conf.apisix.ssl.enable_http2, yaml_conf.apisix.enable_ipv6)
- elseif type(value) == "table" then
- local ip = value.ip
- local port = value.port
- local enable_ipv6 = false
- local enable_http2 = (value.enable_http2 or yaml_conf.apisix.ssl.enable_http2)
-
- if ip == nil then
- ip = "0.0.0.0"
- if yaml_conf.apisix.enable_ipv6 then
- enable_ipv6 = true
- end
- end
-
- if port == nil then
- port = 9443
- end
-
- if enable_http2 == nil then
- enable_http2 = false
+ local ip = value.ip
+ local port = value.port
+ local enable_ipv6 = false
+ local enable_http2 = value.enable_http2
+
+ if ip == nil then
+ ip = "0.0.0.0"
+ if yaml_conf.apisix.enable_ipv6 then
+ enable_ipv6 = true
end
+ end
- listen_table_insert(ssl_listen, "https", ip, port,
- enable_http2, enable_ipv6)
+ if port == nil then
+ port = 9443
end
- end
- -- listen in https, compatible with the original style
- if type(yaml_conf.apisix.ssl.listen_port) == "number" then
- listen_table_insert(ssl_listen, "https", "0.0.0.0", yaml_conf.apisix.ssl.listen_port,
- yaml_conf.apisix.ssl.enable_http2, yaml_conf.apisix.enable_ipv6)
- elseif type(yaml_conf.apisix.ssl.listen_port) == "table" then
- for _, value in ipairs(yaml_conf.apisix.ssl.listen_port) do
- if type(value) == "number" then
- listen_table_insert(ssl_listen, "https", "0.0.0.0", value,
- yaml_conf.apisix.ssl.enable_http2, yaml_conf.apisix.enable_ipv6)
- end
+ if enable_http2 == nil then
+ enable_http2 = false
end
+
+ listen_table_insert(ssl_listen, "https", ip, port,
+ enable_http2, enable_ipv6)
end
yaml_conf.apisix.ssl.listen = ssl_listen
diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
index 54b2a402e..c384fa4ed 100644
--- a/apisix/cli/schema.lua
+++ b/apisix/cli/schema.lua
@@ -205,6 +205,25 @@ local config_schema = {
properties = {
ssl_trusted_certificate = {
type = "string",
+ },
+ listen = {
+ type = "array",
+ items = {
+ type = "object",
+ properties = {
+ ip = {
+ type = "string",
+ },
+ port = {
+ type = "integer",
+ minimum = 1,
+ maximum = 65535
+ },
+ enable_http2 = {
+ type = "boolean",
+ }
+ }
+ }
}
}
},
diff --git a/apisix/plugins/redirect.lua b/apisix/plugins/redirect.lua
index d858b9c86..421007d20 100644
--- a/apisix/plugins/redirect.lua
+++ b/apisix/plugins/redirect.lua
@@ -166,11 +166,6 @@ local function get_port(attr)
return port
end
- port = ssl["listen_port"]
- if port then
- return port
- end
-
local ports = ssl["listen"]
if ports and #ports > 0 then
local idx = math_random(1, #ports)
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index b93e5a81c..9e42add2b 100755
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -132,14 +132,11 @@ apisix:
ssl:
enable: true
listen: # APISIX listening port in https.
- - 9443
- # - port: 9444
- # enable_http2: true # If not set, the default value is `false`.
+ - port: 9443
+ enable_http2: true
# - ip: 127.0.0.3 # Specific IP, If not set, the default value is `0.0.0.0`.
# port: 9445
# enable_http2: true
- enable_http2: true # Not recommend: This parameter should be set via the `listen`.
- # listen_port: 9443 # Not recommend: This parameter should be set via the `listen`.
#ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format
# used to verify the certificate when APISIX needs to do SSL/TLS handshaking
# with external services (e.g. etcd)
diff --git a/docs/en/latest/FAQ.md b/docs/en/latest/FAQ.md
index 1d12787d2..c694869b5 100644
--- a/docs/en/latest/FAQ.md
+++ b/docs/en/latest/FAQ.md
@@ -267,15 +267,16 @@ To configure Apache APISIX to listen on multiple ports, you can:
- 9082
```
- Similarly for HTTPS requests, modify the parameter `ssl.listen_port` in `conf/config.yaml`:
+ Similarly for HTTPS requests, modify the parameter `ssl.listen` in `conf/config.yaml`:
```
apisix:
ssl:
- listen_port:
- - 9443
- - 9444
- - 9445
+ enable: true
+ listen:
+ - port: 9443
+ - port: 9444
+ - port: 9445
```
2. Reload or restart Apache APISIX.
diff --git a/docs/en/latest/plugins/redirect.md b/docs/en/latest/plugins/redirect.md
index e772894a0..4ded8bc48 100644
--- a/docs/en/latest/plugins/redirect.md
+++ b/docs/en/latest/plugins/redirect.md
@@ -47,7 +47,7 @@ The `redirect` Plugin can be used to configure redirects.
* Only one of `http_to_https` and `append_query_string` can be configured.
* When enabling `http_to_https`, the ports in the redirect URL will pick a value in the following order (in descending order of priority)
* Read `plugin_attr.redirect.https_port` from the configuration file (`conf/config.yaml`).
- * If `apisix.ssl` is enabled, read `apisix.ssl.listen_port` first, and if it does not exist, read `apisix.ssl.listen` and select a port randomly from it.
+ * If `apisix.ssl` is enabled, read `apisix.ssl.listen` and select a port randomly from it.
* Use 443 as the default https port.
:::
diff --git a/docs/zh/latest/FAQ.md b/docs/zh/latest/FAQ.md
index 69f707c49..ce97c059a 100644
--- a/docs/zh/latest/FAQ.md
+++ b/docs/zh/latest/FAQ.md
@@ -270,15 +270,16 @@ nginx_config:
- 9082
```
- 处理 HTTPS 请求也类似,修改 `conf/config.yaml` 中 HTTPS 端口监听的参数 `ssl.listen_port`,示例:
+ 处理 HTTPS 请求也类似,修改 `conf/config.yaml` 中 HTTPS 端口监听的参数 `ssl.listen`,示例:
```
apisix:
ssl:
- listen_port:
- - 9443
- - 9444
- - 9445
+ enable: true
+ listen:
+ - port: 9443
+ - port: 9444
+ - port: 9445
```
2. 重启或者重新加载 APISIX。
diff --git a/docs/zh/latest/plugins/redirect.md b/docs/zh/latest/plugins/redirect.md
index dcb05411c..b26b0b4d6 100644
--- a/docs/zh/latest/plugins/redirect.md
+++ b/docs/zh/latest/plugins/redirect.md
@@ -47,7 +47,7 @@ description: 本文介绍了关于 Apache APISIX `redirect` 插件的基本信
* `http_to_https`、和 `append_query_string` 只能配置其中一个属性。
* 当开启 `http_to_https` 时,重定向 URL 中的端口将按如下顺序选取一个值(按优先级从高到低排列)
* 从配置文件(`conf/config.yaml`)中读取 `plugin_attr.redirect.https_port`。
- * 如果 `apisix.ssl` 处于开启状态,先读取 `apisix.ssl.listen_port`,如果没有,再读取 `apisix.ssl.listen` 并从中随机选一个 `port`。
+ * 如果 `apisix.ssl` 处于开启状态,读取 `apisix.ssl.listen` 并从中随机选一个 `port`。
* 使用 443 作为默认 `https port`。
:::
diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh
index 54a7c52c9..4397b8228 100755
--- a/t/cli/test_main.sh
+++ b/t/cli/test_main.sh
@@ -59,7 +59,9 @@ echo "passed: nginx.conf file contains reuseport configuration"
echo "
apisix:
ssl:
- listen_port: 8443
+ listen:
+ - port: 8443
+
" > conf/config.yaml
make init
@@ -87,10 +89,11 @@ apisix:
- 9081
- 9082
ssl:
- listen_port:
- - 9443
- - 9444
- - 9445
+ enable: true
+ listen:
+ - port: 9443
+ - port: 9444
+ - port: 9445
" > conf/config.yaml
make init
diff --git a/t/plugin/redirect.t b/t/plugin/redirect.t
index be8bac807..b46b02c37 100644
--- a/t/plugin/redirect.t
+++ b/t/plugin/redirect.t
@@ -443,12 +443,13 @@ Location: https://foo.com:8443/hello
-=== TEST 19: redirect(port using `apisix.ssl.listen_port`)
+=== TEST 19: redirect(port using `apisix.ssl.listen`)
--- yaml_config
apisix:
ssl:
enable: true
- listen_port: 9445
+ listen:
+ - port: 9445
--- request
GET /hello
--- more_headers