This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 0bc65ea9a docs: change the file name to 'create-ssl.py'.If 'ssl.py' is
used as … (#8623)
0bc65ea9a is described below
commit 0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d
Author: 十斤降世 <[email protected]>
AuthorDate: Sun Feb 12 20:13:47 2023 +0800
docs: change the file name to 'create-ssl.py'.If 'ssl.py' is used as …
(#8623)
---
docs/en/latest/certificate.md | 11 +++++------
docs/en/latest/mtls.md | 14 ++++++--------
docs/zh/latest/certificate.md | 11 +++++------
docs/zh/latest/mtls.md | 14 ++++++--------
4 files changed, 22 insertions(+), 28 deletions(-)
diff --git a/docs/en/latest/certificate.md b/docs/en/latest/certificate.md
index f5f9c8cce..4faf62ceb 100644
--- a/docs/en/latest/certificate.md
+++ b/docs/en/latest/certificate.md
@@ -33,10 +33,9 @@ It is most common for an SSL certificate to contain only one
domain. We can crea
We will use the Python script below to simplify the example:
-```python
+```python title="create-ssl.py"
#!/usr/bin/env python
# coding: utf-8
-# save this file as ssl.py
import sys
# sudo pip install requests
import requests
@@ -63,7 +62,7 @@ print(resp.text)
```shell
# create SSL object
-./ssl.py t.crt t.key test.com
+./create-ssl.py t.crt t.key test.com
# create Router object
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
@@ -109,7 +108,7 @@ that means it can accept more than one domain, eg:
`www.test.com` or `mail.test.
Here is an example, note that the value we pass as `sni` is `*.test.com`.
```shell
-./ssl.py t.crt t.key '*.test.com'
+./create-ssl.py t.crt t.key '*.test.com'
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
{
@@ -204,7 +203,7 @@ The following table details the configurations involved in
this example and what
1. Create CA bundle files
-```
+```shell
cat /path/to/foo_ca.crt /path/to/bar_ca.crt > apisix.ca-bundle
```
@@ -227,7 +226,7 @@ goreman -f Procfile-single-enable-mtls start > goreman.log
2>&1 &
3. Update `config.yaml`
-```yaml
+```yaml title="conf/config.yaml"
deployment:
admin:
admin_key
diff --git a/docs/en/latest/mtls.md b/docs/en/latest/mtls.md
index 5f5a627bf..c1d6664f1 100644
--- a/docs/en/latest/mtls.md
+++ b/docs/en/latest/mtls.md
@@ -35,7 +35,7 @@ The clients will provide their certificates to the server and
the server will ch
2. Modify configuration items in `conf/config.yaml`:
-```yaml
+```yaml title="conf/config.yaml"
admin_listen:
ip: 127.0.0.1
port: 9180
@@ -70,7 +70,7 @@ curl --cacert /data/certs/mtls_ca.crt --key
/data/certs/mtls_client.key --cert /
You need to build
[APISIX-Base](./FAQ.md#how-do-i-build-the-apisix-base-environment) and
configure `etcd.tls` section if you want APISIX to work on an etcd cluster with
mTLS enabled.
-```yaml
+```yaml title="conf/config.yaml"
deployment:
role: traditional
role_traditional:
@@ -83,7 +83,7 @@ deployment:
If APISIX does not trust the CA certificate that used by etcd server, we need
to set up the CA certificate.
-```yaml
+```yaml title="conf/config.yaml"
apisix:
ssl:
ssl_trusted_certificate: /path/to/certs/ca-certificates.crt # path
of CA certificate used by the etcd server
@@ -103,10 +103,9 @@ When configuring `ssl`, use parameter `client.ca` and
`client.depth` to configur
Here is an example Python script to create SSL with mTLS (id is `1`, changes
admin API url if needed):
-```py
+```python title="create-ssl.py"
#!/usr/bin/env python
# coding: utf-8
-# save this file as ssl.py
import sys
# sudo pip install requests
import requests
@@ -144,7 +143,7 @@ print(resp.text)
Create SSL:
```bash
-./ssl.py ./server.pem ./server.key 'mtls.test.com' ./client_ca.pem 10
+./create-ssl.py ./server.pem ./server.key 'mtls.test.com' ./client_ca.pem 10
# test it
curl --resolve 'mtls.test.com:<APISIX_HTTPS_PORT>:<APISIX_URL>'
"https://<APISIX_URL>:<APISIX_HTTPS_PORT>/hello" -k --cert ./client.pem --key
./client.key
@@ -166,10 +165,9 @@ This feature requires APISIX to run on
[APISIX-Base](./FAQ/#how-do-i-build-the-a
Here is a similar Python script to patch a existed upstream with mTLS (changes
admin API url if needed):
-```python
+```python title="patch_upstream_mtls.py"
#!/usr/bin/env python
# coding: utf-8
-# save this file as patch_upstream_mtls.py
import sys
# sudo pip install requests
import requests
diff --git a/docs/zh/latest/certificate.md b/docs/zh/latest/certificate.md
index d1322bb65..7c2648458 100644
--- a/docs/zh/latest/certificate.md
+++ b/docs/zh/latest/certificate.md
@@ -35,10 +35,9 @@ SNI(Server Name Indication)是用来改善 SSL 和 TLS 的一项特性,它
为了简化示例,我们会使用下面的 Python 脚本:
-```python
+```python title="create-ssl.py"
#!/usr/bin/env python
# coding: utf-8
-# save this file as ssl.py
import sys
# sudo pip install requests
import requests
@@ -65,7 +64,7 @@ print(resp.text)
```shell
# 创建 SSL 对象
-./ssl.py t.crt t.key test.com
+./create-ssl.py t.crt t.key test.com
# 创建 Router 对象
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
@@ -111,7 +110,7 @@ curl --resolve 'test.com:9443:127.0.0.1'
https://test.com:9443/hello -vvv
看下面这个例子,请注意我们把 `*.test.com` 作为 sni 传递进来:
```shell
-./ssl.py t.crt t.key '*.test.com'
+./create-ssl.py t.crt t.key '*.test.com'
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d '
{
@@ -201,7 +200,7 @@ APISIX 目前支持在多处设置 CA 证书,比如 [保护 Admin API](./mtls.
1. 制作 CA bundle 文件
-```
+```shell
cat /path/to/foo_ca.crt /path/to/bar_ca.crt > apisix.ca-bundle
```
@@ -224,7 +223,7 @@ goreman -f Procfile-single-enable-mtls start > goreman.log
2>&1 &
3. 更新 `config.yaml`
-```yaml
+```yaml title="conf/config.yaml"
deployment:
admin:
admin_key
diff --git a/docs/zh/latest/mtls.md b/docs/zh/latest/mtls.md
index 59fd8d485..1160dcc5d 100644
--- a/docs/zh/latest/mtls.md
+++ b/docs/zh/latest/mtls.md
@@ -35,7 +35,7 @@ title: TLS 双向认证
2. 修改 `conf/config.yaml` 中的配置项:
-```yaml
+```yaml title="conf/config.yaml"
admin_listen:
ip: 127.0.0.1
port: 9180
@@ -70,7 +70,7 @@ curl --cacert /data/certs/mtls_ca.crt --key
/data/certs/mtls_client.key --cert /
你需要构建 [APISIX-Base](./FAQ.md#如何构建-APISIX-Base-环境?),并且需要在配置文件中设定 `etcd.tls` 来使
ETCD 的双向认证功能正常工作。
-```yaml
+```yaml title="conf/config.yaml"
deployment:
role: traditional
role_traditional:
@@ -83,7 +83,7 @@ deployment:
如果 APISIX 不信任 etcd server 使用的 CA 证书,我们需要设置 CA 证书。
-```yaml
+```yaml title="conf/config.yaml"
apisix:
ssl:
ssl_trusted_certificate: /path/to/certs/ca-certificates.crt # path
of CA certificate used by the etcd server
@@ -103,10 +103,9 @@ apisix:
下面是一个可用于生成带双向认证配置的 SSL 资源的 Python 脚本示例。如果需要,可修改 API 地址、API Key 和 SSL 资源的 ID。
-```py
+```python title="create-ssl.py"
#!/usr/bin/env python
# coding: utf-8
-# 保存该文件为 ssl.py
import sys
# sudo pip install requests
import requests
@@ -144,7 +143,7 @@ print(resp.text)
使用上述 Python 脚本创建 SSL 资源:
```bash
-./ssl.py ./server.pem ./server.key 'mtls.test.com' ./client_ca.pem 10
+./create-ssl.py ./server.pem ./server.key 'mtls.test.com' ./client_ca.pem 10
# 测试
curl --resolve 'mtls.test.com:<APISIX_HTTPS_PORT>:<APISIX_URL>'
"https://<APISIX_URL>:<APISIX_HTTPS_PORT>/hello" -k --cert ./client.pem --key
./client.key
@@ -166,10 +165,9 @@ curl --resolve
'mtls.test.com:<APISIX_HTTPS_PORT>:<APISIX_URL>' "https://<APISIX
下面是一个与配置 SSL 时相似的 Python 脚本,可为一个已存在的 upstream 资源配置双向认证。如果需要,可修改 API 地址和 API
Key。
-```python
+```python title="patch_upstream_mtls.py"
#!/usr/bin/env python
# coding: utf-8
-# 保存该文件为 patch_upstream_mtls.py
import sys
# sudo pip install requests
import requests
