kayx23 commented on code in PR #9658: URL: https://github.com/apache/apisix/pull/9658#discussion_r1230345455
########## conf/config-default.yaml: ########## @@ -497,132 +510,131 @@ plugins: # plugin list (sorted by priority) - ext-plugin-post-req # priority: -3000 - ext-plugin-post-resp # priority: -4000 -stream_plugins: # sorted by priority +stream_plugins: # stream plugin list (sorted by priority) - ip-restriction # priority: 3000 - limit-conn # priority: 1003 - mqtt-proxy # priority: 1000 #- prometheus # priority: 500 - syslog # priority: 401 # <- recommend to use priority (0, 100) for your custom plugins -#wasm: - #plugins: - #- name: wasm_log - #priority: 7999 - #file: t/wasm/log/main.go.wasm - -#xrpc: - #protocols: - #- name: pingpong - -plugin_attr: - log-rotate: - interval: 3600 # rotate interval (unit: second) - max_kept: 168 # max number of log files will be kept - max_size: -1 # max size bytes of log files to be rotated, size check would be skipped with a value less than 0 - enable_compression: false # enable log file compression(gzip) or not, default false - skywalking: - service_name: APISIX - service_instance_name: APISIX Instance Name - endpoint_addr: http://127.0.0.1:12800 - opentelemetry: - trace_id_source: x-request-id +# wasm: +# plugins: +# - name: wasm_log +# priority: 7999 +# file: t/wasm/log/main.go.wasm + +# xrpc: +# protocols: +# - name: pingpong + +plugin_attr: # Plugin attributes + log-rotate: # Plugin: log-rotate + interval: 3600 # Set the log rotate interval in seconds. + max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted. + max_size: -1 # Set the maximum size of log files in bytes before a rotation. + # Skip size check if max_size is less than 0. + enable_compression: false # Compress (gzip) log files. Require tar to be available. + skywalking: # Plugin: skywalking + service_name: APISIX # Set the service name for SkyWalking reporter. + service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter. + endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint. + opentelemetry: # Plugin: opentelemetry + trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces. resource: - service.name: APISIX + service.name: APISIX # Set the service name for OpenTelemetry traces. collector: - address: 127.0.0.1:4318 - request_timeout: 3 - request_headers: - Authorization: token + address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to. + request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds. + request_headers: # Set the headers to include in requests to the OpenTelemetry collector. + Authorization: token # Set the authorization header to include an access token. batch_span_processor: - drop_on_queue_full: false - max_queue_size: 1024 - batch_timeout: 2 - inactive_timeout: 1 - max_export_batch_size: 16 - prometheus: - export_uri: /apisix/prometheus/metrics - metric_prefix: apisix_ - enable_export_server: true - export_addr: - ip: 127.0.0.1 - port: 9091 - #metrics: + drop_on_queue_full: false # Drop spans when the export queue is full. + max_queue_size: 1024 # Set the maximum size of the span export queue. + batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before + # being sent. + inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent, + # if the queue is not full. + max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the + # OpenTelemetry collector. + prometheus: # Plugin: prometheus + export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint. + metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX. + enable_export_server: true # Enable the Prometheus export server. + export_addr: # Set the address for the Prometheus export server. + ip: 127.0.0.1 # Set the IP. + port: 9091 # Set the port. + # metrics: # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html # http_status: - # # extra labels from nginx variables # extra_labels: - # # the label name doesn't need to be the same as variable name - # # below labels are only examples, you could add any valid variables as you need # - upstream_addr: $upstream_addr - # - upstream_status: $upstream_status + # - status: $upstream_status # The label name does not need to be the same as the variable name. # http_latency: # extra_labels: # - upstream_addr: $upstream_addr # bandwidth: # extra_labels: # - upstream_addr: $upstream_addr - server-info: - report_ttl: 60 # live time for server info in etcd (unit: second) - dubbo-proxy: - upstream_multiplex_count: 32 - request-id: - snowflake: - enable: false - snowflake_epoc: 1609459200000 # the starting timestamp is expressed in milliseconds - data_machine_bits: 12 # data machine bit, maximum 31, because Lua cannot do bit operations greater than 31 - sequence_bits: 10 # each machine generates a maximum of (1 << sequence_bits) serial numbers per millisecond - data_machine_ttl: 30 # live time for data_machine in etcd (unit: second) - data_machine_interval: 10 # lease renewal interval in etcd (unit: second) - proxy-mirror: - timeout: # proxy timeout in mirrored sub-request + server-info: # Plugin: server-info + report_ttl: 60 # Set the TTL in seconds for server info in etcd. + # Maximum: 86400. Minimum: 3. + dubbo-proxy: # Plugin: dubbo-proxy + upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over + # a single network connection between the Dubbo Proxy and the upstream + # Dubbo services. + request-id: # Plugin: request-id + snowflake: # Snowflake algorithm + enable: false # Enable Snowflake algorithm + snowflake_epoc: 1609459200000 # Set the starting timestamp in milliseconds. + data_machine_bits: 12 # Set the data machine bit. + # Maximum 31 as Lua cannot do bit operations greater than 31. + sequence_bits: 10 # Set the sequence bits. Each machine generates a maximum of + # (1 << sequence_bits) serial numbers per millisecond. + data_machine_ttl: 30 # Set the TTL for data_machine in etcd in seconds. + data_machine_interval: 10 # Set the lease renewal interval in etcd in seconds. + proxy-mirror: # Plugin: proxy-mirror + timeout: # Set the timeout for mirrored requests. connect: 60s read: 60s send: 60s -# redirect: -# https_port: 8443 # the default port for use by HTTP redirects to HTTPS - inspect: - delay: 3 # in seconds - hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" - -deployment: - role: traditional + # redirect: # Plugin: redirect + # https_port: 8443 # Set the default port used to redirect HTTP to HTTPS. + inspect: # Plugin: inspect + delay: 3 # Set the delay in seconds for the frequency of checking the hooks file. + hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines + # hooks. Only administrators should have + # write access to this file for security. + +deployment: # Deployment configurations + role: traditional # Set deployment mode: traditional, control_plane, data_plane. role_traditional: - config_provider: etcd - admin: - # Admin API authentication is enabled by default. - # Set it false in the production environment will cause a serious security issue. - # admin_key_required: true - - # Default token when use API to call for Admin API. - # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. - # Disabling this configuration item means that the Admin API does not - # require any authentication. + config_provider: etcd # Set the configuration center. + admin: # Admin API + admin_key_required: true # Enable Admin API authentication by default for security. admin_key: - - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 - role: admin # admin: manage all configuration data - # viewer: only can view configuration data + name: admin # admin: write access to configurations. + key: edd1c9f034335f136f87ad84b625c8f1 # Set API key for the admin of Admin API. + role: admin - - name: viewer - key: 4054f7cf07e344346cd3f287985e76a2 + name: viewer # viewer: read-only to configurations. + key: 4054f7cf07e344346cd3f287985e76a2 # Set API key for the viewer of Admin API. role: viewer - enable_admin_cors: true # Admin API support CORS response headers. - allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - - 127.0.0.0/24 # If we don't set any IP list, then any IP access is allowed by default. - #- "::/64" - admin_listen: # use a separate port - ip: 0.0.0.0 # Specific IP, if not set, the default value is `0.0.0.0`. - port: 9180 # Specific port, which must be different from node_listen's port. - - #https_admin: true # enable HTTPS when use a separate port for Admin API. - # Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate. - - admin_api_mtls: # Depends on `admin_listen` and `https_admin`. - admin_ssl_cert: "" # Path of your self-signed server side cert. - admin_ssl_cert_key: "" # Path of your self-signed server side key. - admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates. + enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`. + allow_admin: # Limit Admin API access by IP addresses. + - 127.0.0.0/24 # If not set, any IP address is allowed. + # - "::/64" + admin_listen: # Set the Admin API listening addresses. + ip: 0.0.0.0 # Set listening IP. + port: 9180 # Set listening port. Beware of port conflict with node_listen. + + # https_admin: true # Enable SSL for Admin API on IP and port specified in admin_listen. + # Use admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert_key. + # admin_api_mtls: # Set this if `https_admin` is true. + # admin_ssl_cert: "" # Set path to SSL/TLS certificate. + # admin_ssl_cert_key: "" # Set path to SSL/TLS key. + # admin_ssl_ca_cert: "" # Set path to CA certificate used to sign client certificates. Review Comment: Updated ``` #https_admin: true # enable HTTPS when use a separate port for Admin API. # Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate. admin_api_mtls: # Depends on `admin_listen` and `https_admin`. admin_ssl_cert: "" # Path of your self-signed server side cert. admin_ssl_cert_key: "" # Path of your self-signed server side key. admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates. ``` to ``` # https_admin: true # Enable SSL for Admin API on IP and port specified in admin_listen. # Use admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert_key. # admin_api_mtls: # Set this if `https_admin` is true. # admin_ssl_cert: "" # Set path to SSL/TLS certificate. # admin_ssl_cert_key: "" # Set path to SSL/TLS key. # admin_ssl_ca_cert: "" # Set path to CA certificate used to sign client certificates. ``` with reference to `ngx_tpl.lua`: ``` server { {%if https_admin then%} listen {* admin_server_addr *} ssl; ssl_certificate {* admin_api_mtls.admin_ssl_cert *}; ssl_certificate_key {* admin_api_mtls.admin_ssl_cert_key *}; {%if admin_api_mtls.admin_ssl_ca_cert and admin_api_mtls.admin_ssl_ca_cert ~= "" then%} ssl_verify_client on; ssl_client_certificate {* admin_api_mtls.admin_ssl_ca_cert *}; {% end %} ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
