diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 35fb8ee510d3..e40dc174c908 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -22,11 +22,11 @@ apisix: # node_listen: 9080 # APISIX listening port. node_listen: # APISIX listening ports. - 9080 - # - port: 9081 - # enable_http2: true # If not set, default to `false`. - # - ip: 127.0.0.2 # If not set, default to `0.0.0.0` - # port: 9082 - # enable_http2: true + # - port: 9081 + # enable_http2: true # If not set, default to `false`. + # - ip: 127.0.0.2 # If not set, default to `0.0.0.0` + # port: 9082 + # enable_http2: true enable_admin: true # Admin API enable_dev_mode: false # If true, set nginx `worker_processes` to 1. enable_reuseport: true # If true, enable nginx SO_REUSEPORT option. @@ -137,45 +137,54 @@ apisix: # with the new key. Removing the old keys directly can render the data # unrecoverable. -nginx_config: # config for render the template to generate nginx.conf - #user: root # specifies the execution user of the worker process. - # the "user" directive makes sense only if the master process runs with super-user privileges. - # if you're not root user,the default is current user. - error_log: logs/error.log - error_log_level: warn # warn,error - worker_processes: auto # if you want use multiple cores in container, you can inject the number of cpu as environment variable "APISIX_WORKER_PROCESSES" - enable_cpu_affinity: false # disable CPU affinity by default, if APISIX is deployed on a physical machine, it can be enabled and work well. - worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections - worker_shutdown_timeout: 240s # timeout for a graceful shutdown of worker processes - - max_pending_timers: 16384 # increase it if you see "too many pending timers" error - max_running_timers: 4096 # increase it if you see "lua_max_running_timers are not enough" error +nginx_config: # Config for render the template to generate nginx.conf + # user: root # Set the execution user of the worker process. This is only + # effective if the master process runs with super-user privileges. + error_log: logs/error.log # Location of the error log. + error_log_level: warn # Logging level: info, debug, notice, warn, error, crit, alert, or emerg. + worker_processes: auto # Automatically determine the optimal number of worker processes based + # on the available system resources. + # If you want use multiple cores in container, you can inject the number of + # CPU cores as environment variable "APISIX_WORKER_PROCESSES". + enable_cpu_affinity: false # Disable CPU affinity by default as worker_cpu_affinity affects the + # behavior of APISIX in containers. For example, multiple instances could + # be bound to one CPU core, which is not desirable. + # If APISIX is deployed on a physical machine, CPU affinity can be enabled. + worker_rlimit_nofile: 20480 # The number of files a worker process can open. + # The value should be larger than worker_connections. + worker_shutdown_timeout: 240s # Timeout for a graceful shutdown of worker processes. + + max_pending_timers: 16384 # The maximum number of pending timers that can be active at any given time. + # Error "too many pending timers" indicates the threshold is reached. + max_running_timers: 4096 # The maximum number of running timers that can be active at any given time. + # Error "lua_max_running_timers are not enough" error indicates the + # threshold is reached. event: worker_connections: 10620 - #envs: # allow to get a list of environment variables + + # envs: # Get environment variables. # - TEST_ENV meta: - lua_shared_dict: + lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k. prometheus-metrics: 15m stream: - enable_access_log: false # enable access log or not, default false - access_log: logs/access_stream.log - access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" - # create your custom log format by visiting http://nginx.org/en/docs/varindex.html - access_log_format_escape: default # allows setting json or default characters escaping in variables - lua_shared_dict: + enable_access_log: false # Enable stream proxy access logging. + access_log: logs/access_stream.log # Location of the stream access log. + access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html + access_log_format_escape: default # Escape default or json characters in variables. + lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k. etcd-cluster-health-check-stream: 10m lrucache-lock-stream: 10m plugin-limit-conn-stream: 10m worker-events-stream: 10m tars-stream: 1m - # As user can add arbitrary configurations in the snippet, - # it is user's responsibility to check the configurations - # don't conflict with APISIX. + # Add other custom Nginx configurations. + # Users are responsible for validating the custom configurations + # to ensure they are not in conflict with APISIX configurations. main_configuration_snippet: | # Add custom Nginx main configuration to nginx.conf. # The configuration should be well indented! @@ -199,41 +208,47 @@ nginx_config: # config for render the template to generate n # The configuration should be well indented! http: - enable_access_log: true # enable access log or not, default true - access_log: logs/access.log + enable_access_log: true # Enable HTTP proxy access logging. + access_log: logs/access.log # Location of the access log. access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"" - access_log_format_escape: default # allows setting json or default characters escaping in variables - keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. - client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client - client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client - client_max_body_size: 0 # The maximum allowed size of the client request body. - # If exceeded, the 413 (Request Entity Too Large) error is returned to the client. - # Note that unlike Nginx, we don't limit the body size by default. - - send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed - underscores_in_headers: "on" # default enables the use of underscores in client request header fields - real_ip_header: X-Real-IP # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header - real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive - real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from + # Customize log format: http://nginx.org/en/docs/varindex.html + access_log_format_escape: default # Escape default or json characters in variables. + keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive. + client_header_timeout: 60s # Set the maximum time waiting for client to send the entire HTTP + # request header before closing the connection. + client_body_timeout: 60s # Set the maximum time waiting for client to send the request body. + client_max_body_size: 0 # Set the maximum allowed size of the client request body. + # Default to 0, unlimited. + # Unlike Nginx, APISIX does not limit the body size by default. + # If exceeded, the 413 (Request Entity Too Large) error is returned. + send_timeout: 10s # Set the maximum time for transmitting a response to the client before closing. + underscores_in_headers: "on" # Allow HTTP request headers to contain underscores in their names. + real_ip_header: X-Real-IP # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header + real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive + real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from - 127.0.0.1 - "unix:" - #custom_lua_shared_dict: # add custom shared cache to nginx.conf - # ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size` - # Enables or disables passing of the server name through TLS Server Name Indication extension (SNI, RFC 6066) - # when establishing a connection with the proxied HTTPS server. - proxy_ssl_server_name: true + # custom_lua_shared_dict: # Custom Nginx Lua shared memory zone for nginx.conf. Size units are m or k. + # ipc_shared_dict: 100m # Custom shared cache, format: `cache-key: cache-size` + + proxy_ssl_server_name: true # Send the server name in the SNI extension when establishing an SSL/TLS + # connection with the upstream server, allowing the upstream server to + # select the appropriate SSL/TLS certificate and configuration based on + # the requested server name. + upstream: - keepalive: 320 # Sets the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. - # When this number is exceeded, the least recently used connections are closed. - keepalive_requests: 1000 # Sets the maximum number of requests that can be served through one keepalive connection. - # After the maximum number of requests is made, the connection is closed. - keepalive_timeout: 60s # Sets a timeout during which an idle keepalive connection to an upstream server will stay open. - charset: utf-8 # Adds the specified charset to the "Content-Type" response header field, see - # http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset - variables_hash_max_size: 2048 # Sets the maximum size of the variables hash table. - - lua_shared_dict: + keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers. + # When the value is exceeded, the least recently used connection is closed. + keepalive_requests: 1000 # Set the maximum number of requests that can be served through one + # keep-alive connection. + # After the maximum number of requests is made, the connection is closed. + keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive. + charset: utf-8 # Add the charset to the "Content-Type" response header field. + # See http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset + variables_hash_max_size: 2048 # Set the maximum size of the variables hash table. + + lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k. internal-status: 10m plugin-limit-req: 10m plugin-limit-count: 10m @@ -257,93 +272,92 @@ nginx_config: # config for render the template to generate n tars: 1m cas-auth: 10m -#discovery: # service discovery center +# discovery: # Service Discovery # dns: # servers: -# - "127.0.0.1:8600" # use the real address of your dns server -# order: # order in which to try different dns record types when resolving -# - last # "last" will try the last previously successful type for a hostname. +# - "127.0.0.1:8600" # Replace with the address of your DNS server. +# order: # Resolve DNS records this order. +# - last # Try the latest successful type for a hostname. # - SRV # - A # - AAAA # - CNAME -# eureka: -# host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. +# eureka: # Eureka +# host: # Eureka address(es) # - "http://127.0.0.1:8761" # prefix: /eureka/ -# fetch_interval: 30 # default 30s -# weight: 100 # default weight for node +# fetch_interval: 30 # Default 30s +# weight: 100 # Default weight for node # timeout: -# connect: 2000 # default 2000ms -# send: 2000 # default 2000ms -# read: 5000 # default 5000ms -# nacos: -# host: +# connect: 2000 # Default 2000ms +# send: 2000 # Default 2000ms +# read: 5000 # Default 5000ms +# nacos: # Nacos +# host: # Nacos address(es) # - "http://${username}:${password}@${host1}:${port1}" # prefix: "/nacos/v1/" -# fetch_interval: 30 # default 30 sec -# weight: 100 # default 100 +# fetch_interval: 30 # Default 30s +# weight: 100 # Default 100 # timeout: -# connect: 2000 # default 2000 ms -# send: 2000 # default 2000 ms -# read: 5000 # default 5000 ms -# consul_kv: -# servers: +# connect: 2000 # Default 2000ms +# send: 2000 # Default 2000ms +# read: 5000 # Default 5000ms +# consul_kv: # Consul KV +# servers: # Consul KV address(es) # - "http://127.0.0.1:8500" # - "http://127.0.0.1:8600" # prefix: "upstreams" -# skip_keys: # if you need to skip special keys +# skip_keys: # Skip special keys # - "upstreams/unused_api/" # timeout: -# connect: 2000 # default 2000 ms -# read: 2000 # default 2000 ms -# wait: 60 # default 60 sec -# weight: 1 # default 1 -# fetch_interval: 3 # default 3 sec, only take effect for keepalive: false way -# keepalive: true # default true, use the long pull way to query consul servers -# default_server: # you can define default server when missing hit +# connect: 2000 # Default 2000ms +# read: 2000 # Default 2000ms +# wait: 60 # Default 60s +# weight: 1 # Default 1 +# fetch_interval: 3 # Default 3s. Effective only when keepalive is false. +# keepalive: true # Default to true. Use long pull to query Consul. +# default_server: # Define default server to route traffic to. # host: "127.0.0.1" # port: 20999 # metadata: -# fail_timeout: 1 # default 1 ms -# weight: 1 # default 1 -# max_fails: 1 # default 1 -# dump: # if you need, when registered nodes updated can dump into file -# path: "logs/consul_kv.dump" -# expire: 2592000 # unit sec, here is 30 day -# consul: -# servers: # make sure service name is unique in these consul servers -# - "http://127.0.0.1:8500" # `http://127.0.0.1:8500` and `http://127.0.0.1:8600` are different clusters +# fail_timeout: 1 # Default 1ms +# weight: 1 # Default 1 +# max_fails: 1 # Default 1 +# dump: # Dump the Consul key-value (KV) store to a file. +# path: "logs/consul_kv.dump" # Location of the dump file. +# expire: 2592000 # Specify the expiration time of the dump file in units of seconds. +# consul: # Consul +# servers: # Consul address(es) +# - "http://127.0.0.1:8500" # - "http://127.0.0.1:8600" -# skip_services: # if you need to skip special services -# - "service_a" # `consul` service is default skip service +# skip_services: # Skip services during service discovery. +# - "service_a" # timeout: -# connect: 2000 # default 2000 ms -# read: 2000 # default 2000 ms -# wait: 60 # default 60 sec -# weight: 1 # default 1 -# fetch_interval: 3 # default 3 sec, only take effect for keepalive: false way -# keepalive: true # default true, use the long pull way to query consul servers -# default_service: # you can define default server when missing hit +# connect: 2000 # Default 2000ms +# read: 2000 # Default 2000ms +# wait: 60 # Default 60s +# weight: 1 # Default 1 +# fetch_interval: 3 # Default 3s. Effective only when keepalive is false. +# keepalive: true # Default to true. Use long pull to query Consul. +# default_service: # Define the default service to route traffic to. # host: "127.0.0.1" # port: 20999 # metadata: -# fail_timeout: 1 # default 1 ms -# weight: 1 # default 1 -# max_fails: 1 # default 1 -# dump: # if you need, when registered nodes updated can dump into file -# path: "logs/consul.dump" -# expire: 2592000 # unit sec, here is 30 day -# load_on_init: true # default true, load the consul dump file on init -# kubernetes: +# fail_timeout: 1 # Default 1ms +# weight: 1 # Default 1 +# max_fails: 1 # Default 1 +# dump: # Dump the Consul key-value (KV) store to a file. +# path: "logs/consul_kv.dump" # Location of the dump file. +# expire: 2592000 # Specify the expiration time of the dump file in units of seconds. +# load_on_init: true # Default true, load the consul dump file on init +# kubernetes: # Kubernetes service discovery # ### kubernetes service discovery both support single-cluster and multi-cluster mode # ### applicable to the case where the service is distributed in a single or multiple kubernetes clusters. -# # ### single-cluster mode ### # service: -# schema: https #apiserver schema, options [http, https], default https -# host: ${KUBERNETES_SERVICE_HOST} #apiserver host, options [ipv4, ipv6, domain, environment variable], default ${KUBERNETES_SERVICE_HOST} -# port: ${KUBERNETES_SERVICE_PORT} #apiserver port, options [port number, environment variable], default ${KUBERNETES_SERVICE_PORT} +# schema: https # apiserver schema, options [http, https], default https +# host: ${KUBERNETES_SERVICE_HOST} # apiserver host, options [ipv4, ipv6, domain, environment variable], default ${KUBERNETES_SERVICE_HOST} +# port: ${KUBERNETES_SERVICE_PORT} # apiserver port, options [port number, environment variable], default ${KUBERNETES_SERVICE_PORT} # client: # # serviceaccount token or path of serviceaccount token_file # token_file: ${KUBERNETES_CLIENT_TOKEN_FILE} @@ -372,13 +386,12 @@ nginx_config: # config for render the template to generate n # # reserved lua shared memory size,1m memory can store about 1000 pieces of endpoint # shared_size: 1m #default 1m # ### single-cluster mode ### -# # ### multi-cluster mode ### # - id: release # a custom name refer to the cluster, pattern ^[a-z0-9]{1,8} # service: -# schema: https #apiserver schema, options [http, https], default https -# host: ${KUBERNETES_SERVICE_HOST} #apiserver host, options [ipv4, ipv6, domain, environment variable] -# port: ${KUBERNETES_SERVICE_PORT} #apiserver port, options [port number, environment variable] +# schema: https # apiserver schema, options [http, https], default https +# host: ${KUBERNETES_SERVICE_HOST} # apiserver host, options [ipv4, ipv6, domain, environment variable] +# port: ${KUBERNETES_SERVICE_PORT} # apiserver port, options [port number, environment variable] # client: # # serviceaccount token or path of serviceaccount token_file # token_file: ${KUBERNETES_CLIENT_TOKEN_FILE} @@ -409,12 +422,12 @@ nginx_config: # config for render the template to generate n # ### multi-cluster mode ### graphql: - max_size: 1048576 # the maximum size limitation of graphql in bytes, default 1MiB + max_size: 1048576 # Set the maximum size limitation of graphql in bytes. Default to 1MiB. -#ext-plugin: - #cmd: ["ls", "-l"] +# ext-plugin: +# cmd: ["ls", "-l"] -plugins: # plugin list (sorted by priority) +plugins: # plugin list (sorted by priority) - real-ip # priority: 23000 - ai # priority: 22900 - client-control # priority: 22000 @@ -503,7 +516,7 @@ plugins: # plugin list (sorted by priority) - ext-plugin-post-req # priority: -3000 - ext-plugin-post-resp # priority: -4000 -stream_plugins: # sorted by priority +stream_plugins: # stream plugin list (sorted by priority) - ip-restriction # priority: 3000 - limit-conn # priority: 1003 - mqtt-proxy # priority: 1000 @@ -511,57 +524,58 @@ stream_plugins: # sorted by priority - syslog # priority: 401 # <- recommend to use priority (0, 100) for your custom plugins -#wasm: - #plugins: - #- name: wasm_log - #priority: 7999 - #file: t/wasm/log/main.go.wasm - -#xrpc: - #protocols: - #- name: pingpong - -plugin_attr: - log-rotate: - interval: 3600 # rotate interval (unit: second) - max_kept: 168 # max number of log files will be kept - max_size: -1 # max size bytes of log files to be rotated, size check would be skipped with a value less than 0 - enable_compression: false # enable log file compression(gzip) or not, default false - skywalking: - service_name: APISIX - service_instance_name: APISIX Instance Name - endpoint_addr: http://127.0.0.1:12800 - report_interval: 3 - opentelemetry: - trace_id_source: x-request-id + +# wasm: +# plugins: +# - name: wasm_log +# priority: 7999 +# file: t/wasm/log/main.go.wasm + +# xrpc: +# protocols: +# - name: pingpong +plugin_attr: # Plugin attributes + log-rotate: # Plugin: log-rotate + interval: 3600 # Set the log rotate interval in seconds. + max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted. + max_size: -1 # Set the maximum size of log files in bytes before a rotation. + # Skip size check if max_size is less than 0. + enable_compression: false # Enable log file compression (gzip). + skywalking: # Plugin: skywalking + service_name: APISIX # Set the service name for SkyWalking reporter. + service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter. + endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint. + report_interval: 3 # Set the reporting interval in second. + opentelemetry: # Plugin: opentelemetry + trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces. resource: - service.name: APISIX + service.name: APISIX # Set the service name for OpenTelemetry traces. collector: - address: 127.0.0.1:4318 - request_timeout: 3 - request_headers: - Authorization: token + address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to. + request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds. + request_headers: # Set the headers to include in requests to the OpenTelemetry collector. + Authorization: token # Set the authorization header to include an access token. batch_span_processor: - drop_on_queue_full: false - max_queue_size: 1024 - batch_timeout: 2 - inactive_timeout: 1 - max_export_batch_size: 16 - prometheus: - export_uri: /apisix/prometheus/metrics - metric_prefix: apisix_ - enable_export_server: true - export_addr: - ip: 127.0.0.1 - port: 9091 - #metrics: + drop_on_queue_full: false # Drop spans when the export queue is full. + max_queue_size: 1024 # Set the maximum size of the span export queue. + batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before + # being sent. + inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent, + # if the queue is not full. + max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the + # OpenTelemetry collector. + prometheus: # Plugin: prometheus + export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint. + metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX. + enable_export_server: true # Enable the Prometheus export server. + export_addr: # Set the address for the Prometheus export server. + ip: 127.0.0.1 # Set the IP. + port: 9091 # Set the port. + # metrics: # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html # http_status: - # # extra labels from nginx variables # extra_labels: - # # the label name doesn't need to be the same as variable name - # # below labels are only examples, you could add any valid variables as you need # - upstream_addr: $upstream_addr - # - upstream_status: $upstream_status + # - status: $upstream_status # The label name does not need to be the same as the variable name. # http_latency: # extra_labels: # - upstream_addr: $upstream_addr @@ -574,81 +588,76 @@ plugin_attr: # - 100 # - 200 # - 500 - server-info: - report_ttl: 60 # live time for server info in etcd (unit: second) - dubbo-proxy: - upstream_multiplex_count: 32 - proxy-mirror: - timeout: # proxy timeout in mirrored sub-request + server-info: # Plugin: server-info + report_ttl: 60 # Set the TTL in seconds for server info in etcd. + # Maximum: 86400. Minimum: 3. + dubbo-proxy: # Plugin: dubbo-proxy + upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over + # a single network connection between the Dubbo Proxy and the upstream + # Dubbo services. + proxy-mirror: # Plugin: proxy-mirror + timeout: # Set the timeout for mirrored requests. connect: 60s read: 60s send: 60s -# redirect: -# https_port: 8443 # the default port for use by HTTP redirects to HTTPS - inspect: - delay: 3 # in seconds - hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" - -deployment: - role: traditional + # redirect: # Plugin: redirect + # https_port: 8443 # Set the default port used to redirect HTTP to HTTPS. + inspect: # Plugin: inspect + delay: 3 # Set the delay in seconds for the frequency of checking the hooks file. + hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines + # hooks. Only administrators should have + # write access to this file for security. + +deployment: # Deployment configurations + role: traditional # Set deployment mode: traditional, control_plane, data_plane. role_traditional: - config_provider: etcd - admin: - # Admin API authentication is enabled by default. - # Set it false in the production environment will cause a serious security issue. - # admin_key_required: true - - # Default token when use API to call for Admin API. - # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. - # Disabling this configuration item means that the Admin API does not - # require any authentication. + config_provider: etcd # Set the configuration center. + admin: # Admin API + admin_key_required: true # Enable Admin API authentication by default for security. admin_key: - - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 - role: admin # admin: manage all configuration data - # viewer: only can view configuration data + name: admin # admin: write access to configurations. + key: edd1c9f034335f136f87ad84b625c8f1 # Set API key for the admin of Admin API. + role: admin - - name: viewer - key: 4054f7cf07e344346cd3f287985e76a2 + name: viewer # viewer: read-only to configurations. + key: 4054f7cf07e344346cd3f287985e76a2 # Set API key for the viewer of Admin API. role: viewer - enable_admin_cors: true # Admin API support CORS response headers. - allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - - 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default. - #- "::/64" - admin_listen: # use a separate port - ip: 0.0.0.0 # Specific IP, if not set, the default value is `0.0.0.0`. - port: 9180 # Specific port, which must be different from node_listen's port. - - #https_admin: true # enable HTTPS when use a separate port for Admin API. - # Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate. + enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`. + allow_admin: # Limit Admin API access by IP addresses. + - 127.0.0.0/24 # If not set, any IP address is allowed. + # - "::/64" + admin_listen: # Set the Admin API listening addresses. + ip: 0.0.0.0 # Set listening IP. + port: 9180 # Set listening port. Beware of port conflict with node_listen. - admin_api_mtls: # Depends on `admin_listen` and `https_admin`. - admin_ssl_cert: "" # Path of your self-signed server side cert. - admin_ssl_cert_key: "" # Path of your self-signed server side key. - admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates. + # https_admin: true # Enable SSL for Admin API on IP and port specified in admin_listen. + # Use admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert_key. + # admin_api_mtls: # Set this if `https_admin` is true. + # admin_ssl_cert: "" # Set path to SSL/TLS certificate. + # admin_ssl_cert_key: "" # Set path to SSL/TLS key. + # admin_ssl_ca_cert: "" # Set path to CA certificate used to sign client certificates. - admin_api_version: v3 # The version of admin api, latest version is v3. + admin_api_version: v3 # Set the version of Admin API (latest: v3). etcd: - host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - - "http://127.0.0.1:2379" # multiple etcd address, if your etcd cluster enables TLS, please use https scheme, - # e.g. https://127.0.0.1:2379. - prefix: /apisix # configuration prefix in etcd - use_grpc: false # enable the experimental configuration sync via gRPC - timeout: 30 # 30 seconds. Use a much higher timeout (like an hour) if the `use_grpc` is true. - #resync_delay: 5 # when sync failed and a rest is needed, resync after the configured seconds plus 50% random jitter - #health_check_timeout: 10 # etcd retry the unhealthy nodes after the configured seconds - startup_retry: 2 # the number of retry to etcd during the startup, default to 2 - #user: root # root username for etcd - #password: 5tHkHhYkjr6cQY # root password for etcd + host: # Set etcd address(es) in the same etcd cluster. + - "http://127.0.0.1:2379" # If TLS is enabled for etcd, use https://127.0.0.1:2379. + prefix: /apisix # Set prefix in etcd. + use_grpc: false # Use gRPC (experimental) for etcd configuration sync. + timeout: 30 # Set timeout in seconds. + # Set a higher timeout (e.g. an hour) if `use_grpc` is true. + # resync_delay: 5 # Set resync time in seconds after a sync failure. + # The actual resync time would be resync_delay plus 50% random jitter. + # health_check_timeout: 10 # Set timeout in seconds for etcd health check. + # Default to 10 if not set or a negative value is provided. + startup_retry: 2 # Set the number of retries to etcd on startup. Default to 2. + # user: root # Set the root username for etcd. + # password: 5tHkHhYkjr6cQ # Set the root password for etcd. tls: - # To enable etcd client certificate you need to build APISIX-Base, see - # https://apisix.apache.org/docs/apisix/FAQ#how-do-i-build-the-apisix-base-environment - #cert: /path/to/cert # path of certificate used by the etcd client - #key: /path/to/key # path of key used by the etcd client - - verify: true # whether to verify the etcd endpoint certificate when setup a TLS connection to etcd, - # the default value is true, e.g. the certificate will be verified strictly. - #sni: # the SNI for etcd TLS requests. If missed, the host part of the URL will be used. + # cert: /path/to/cert # Set the path to certificate used by the etcd client + # key: /path/to/key # Set the path to path of key used by the etcd client + verify: true # Verify the etcd certificate when establishing a TLS connection with etcd. + # sni: # The SNI for etcd TLS requests. + # If not set, the host from the URL is used.