yzeng25 commented on code in PR #1689: URL: https://github.com/apache/apisix-website/pull/1689#discussion_r1337167046
########## blog/en/blog/2023/09/20/apisix-3.5-preview.md: ########## @@ -0,0 +1,138 @@ +--- +title: "Discover What's Next: APISIX 3.5 Preview" +authors: + - name: Ming Wen + title: Author + url: https://github.com/moonming + image_url: https://avatars.githubusercontent.com/u/26448043?v=4 + - name: Yilia Lin + title: Technical Writer + url: https://github.com/Yilialinn + image_url: https://avatars.githubusercontent.com/u/114121331?v=4 +keywords: + - Open Source + - API gateway + - Apache APISIX +description: APISIX 3.5 introduces a series of exciting new features that will bring users a higher level of security, performance, and scalability, thereby providing users with more choices and making it more convenient and flexible when building and managing APIs. +tags: [Ecosystem] +image: https://static.apiseven.com/2022/10/19/634f6677742a1.png +--- + +> APISIX 3.5 introduces a series of exciting new features that will bring users a higher level of security, performance, and scalability, thereby providing users with more choices and making it more convenient and flexible when building and managing APIs. +<!--truncate--> + +## Introduction to APISIX + +[Apache APISIX](https://apisix.apache.org/) is a dynamic, real-time, high-performance open-source API gateway that provides rich traffic management functions such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, and observability. Being built based on NGINX and LuaJIT, Apache APISIX has ultra-high performance with a single-core QPS of up to 23,000 and an average delay of only 0.2 milliseconds. It can solve problems in traditional architecture, and at the same time adapt to the needs of the cloud-native era. + +[APISIX](https://github.com/apache/apisix) has an active community and a rich ecosystem, with nearly 100 open-source plugins covering scenarios such as network security, performance optimization, load balancing, monitoring, and traffic management. This provides users with a powerful and flexible API gateway solution. Apache APISIX is now the most active API gateway project on GitHub addressing 1 Trillion+ API calls per day, which is still growing. + + + +APISIX solves two major [pain points of NGINX](https://apisix.apache.org/blog/2022/07/30/why-we-need-apache-apisix/). + +- First, NGINX does not support cluster management. Almost every internet manufacturer has its own NGINX configuration management system. These systems have many similarities but there is no unified solution. + +- The second is that NGINX does not support hot reloading of configurations. If a company modifies the configuration of NGINX, it can take more than half an hour to reload NGINX. And under the Kubernetes system, upstream will change frequently. If NGINX is used, the service needs to be restarted frequently, which is unacceptable for enterprises. + +APISIX supports cluster management and dynamic loading, providing the advantages of high reliability, elastic scaling, flexibility, and seamless updates. + +Being the API Gateway with the highest market share in the Asia-Pacific region, Apache APISIX has a wide range of application scenarios. It can be applied to scenarios such as gateways, Kubernetes Ingress, and service mesh, and can help enterprises quickly and safely process API and microservice traffic. At present, it has been tested and highly recognized by worldwide enterprises and organizations such as Amber Group, [Airwallex](https://apisix.apache.org/blog/2021/11/03/airwallex-usercase/), Lotus Cars, [Lenovo](https://apisix.apache.org/blog/2023/06/02/lenovo-uses-apisix/), vivo, and [WPS](https://apisix.apache.org/blog/2021/09/28/wps-usercase/). + +## New features in APISIX 3.5 + +### Host-level TLS protocol configuration + +This feature refers to configuring the version that supports TLS on the client side by specifying the global version through YAML in the NGINX-specified file. For example, all APIs only support TLS 1.2 and TLS 1.3, but some old clients need to support the earlier version of TLS 1.1. These configurations can take effect at the same time. + +**Key features and benefits:** + +1. Global TLS version configuration: Easily configure global settings for TLS versions on the client side by using YAML in an NGINX specification file. + +2. Compatibility with older clients: By configuring and merging different TLS versions simultaneously, while ensuring that clients support the older TLS 1.1 version, smooth and continuous communication can be guaranteed. + +3. Fine-grained control: APISIX uses OpenResty to dynamically specify different TLS protocols for each host. This granular control enables optimal security and flexibility in TLS configuration based on the unique needs of each API host. + +```yaml +apisix: + ssl: + ssl_protocols: TLSv1.2 TLSv1.3 +``` + +```json5 +// curl http://127.0.0.1:9180/admin/apisix/ssls/1 +{ + "cert": "$cert", + "key": "$key", + "snis": ["test.com"], + "ssl_protocols": [ + "TLSv1.2", + "TLSv1.3" + ] +} +``` + +### Wasm & Coraza WAF + +Among the series of new features launched by APISIX, it is commendable that APISIX integrates the `coraza-proxy-wasm` plugin. APISIX provides robust support for the development of plugins using WebAssembly (Wasm), while Coraza offers a diverse range of Wasm plugins to choose from. As a result, the integration of Coraza with APISIX entails a relatively low cost. The cross-platform nature of Wasm allows APISIX and Coraza to work together seamlessly, eliminating the need for large-scale code modification and adaptation. + +**Key features and benefits:** + +1. Powerful security: The `coraza-proxy-wasm` is a Wasm-based web application firewall (WAF) plugin that can detect and block common web attacks such as SQL injection and cross-site scripting (XSS), Cross-site request forgery (CSRF), etc. by analyzing and monitoring HTTP and HTTPS traffic in real-time. + +2. Flexibility and scalability: You have the flexibility to configure and manage WAF rules, which can be customized to your specific application needs. It supports custom rules and policies, which can be configured according to specific security needs, and can also be integrated with other security tools and systems to provide a more comprehensive security solution. + +APISIX can be used for more applications on Wasm, but asynchronous calls are not currently supported. A version that supports asynchronous calls in Wasm is expected to be launched in early October. Later, you can also use mainstream languages such as Rust or Golang to completely develop APISIX plugins. + +### HTTP/3 & QUIC + +APISIX's support for HTTP/3 and QUIC protocols can bring faster transfer speeds, better network performance, and higher connection efficiency. This will help improve the performance and user experience of the application and enable it to adapt to the evolving network environment. + +APISIX maintains its own version of NGINX, `apisix-base`, and applies HTTP/3 and QUIC patches to it, forming its own release. Review Comment: ```suggestion APISIX maintains its own version of NGINX, `apisix-base`, and applies HTTP/3 and QUIC patches to it, forming its own release. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
