bearchess commented on issue #10422:
URL: https://github.com/apache/apisix/issues/10422#issuecomment-1786507270
About 20% of the requests are access the old IP address.
route config
```
{
"uri": "/micro-user/*",
"name": "micro-user",
"desc": "用户服务",
"methods": [
"GET",
"POST",
"HEAD",
"PUT",
"PATCH",
"DELETE",
"OPTIONS",
"TRACE",
"CONNECT"
],
"plugins": {
"request-validation": {
"header_schema": {
"properties": {},
"type": "object"
}
}
},
"upstream": {
"timeout": {
"connect": 60,
"send": 60,
"read": 60
},
"type": "roundrobin",
"scheme": "http",
"discovery_type": "nacos",
"discovery_args": {
"group_name": "DEFAULT_GROUP",
"namespace_id": "a2f5c588-a038-444f-b220-162d40172886"
},
"pass_host": "pass",
"service_name": "micro-user",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
},
"status": 1
}
```
apisix config
```
apiVersion: v1
data:
config.yaml: |-
apisix:
node_listen: 9080 # APISIX listening port
enable_heartbeat: true
enable_admin: true
enable_admin_cors: true
enable_debug: false
enable_dev_mode: false # Sets nginx
worker_processes to 1 if set to true
enable_reuseport: true # Enable nginx
SO_REUSEPORT switch if set to true.
enable_ipv6: true # Enable nginx IPv6 resolver
config_center: etcd # etcd: use etcd to store
the config value
# yaml: fetch the config
value from local yaml file `/your_path/conf/apisix.yaml`
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the
upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache,
administrator can be specify
# which cache to use by name in the
admin api
memory_size: 50m # The size of shared memory, it's
used to store the cache index
disk_size: 1G # The size of disk, it's used to
store the cache data
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
cache_levels: "1:2" # The hierarchy levels of a cache
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0
port_admin: 9180
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's
Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
# admin: can everything for configuration data
- name: "admin"
key:
role: admin
# viewer: only can view configuration data
- name: "viewer"
key:
role: viewer
router:
http: 'radixtree_uri' # radixtree_uri: match route by
uri(base on radixtree)
# radixtree_host_uri: match route by
host + uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by
SNI(base on radixtree)
dns_resolver_valid: 30
resolver_timeout: 5
ssl:
enable: false
enable_http2: true
listen_port: 9443
ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
ssl_ciphers:
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
nginx_config: # config for render the template to
genarate nginx.conf
error_log: "/dev/stderr"
error_log_level: "warn" # warn,error
worker_rlimit_nofile: 20480 # the number of files a worker process
can open, should be larger than worker_connections
event:
worker_connections: 10620
http:
enable_access_log: true
access_log: "/dev/stdout"
access_log_format: "$remote_addr - $remote_user [$time_local]
$http_host \"$request\" $status $body_bytes_sent $request_time
\"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status
$upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
access_log_format_escape: default
keepalive_timeout: 60s # timeout during which a keep-alive
client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request
header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request
body, then 408 (Request Time-out) error is returned to the client
send_timeout: 10s # timeout for transmitting a response
to the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of
underscores in client request header fields
real_ip_header: "X-Real-IP" #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
etcd:
host: # it's possible to define
multiple etcd hosts addresses of the same etcd cluster.
- "http://apisix-etcd.sre-production.svc.cluster.local:2379";
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
discovery:
nacos:
host:
- "http://172.17.98.204:8848";
prefix: "/nacos/v1/"
fetch_interval: 10 # default 30 sec
weight: 100 # default 100
timeout:
connect: 2000 # default 2000 ms
send: 2000 # default 2000 ms
read: 5000 # default 5000 msx
plugins: # plugin list
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- ua-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- authz-casbin
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
- gzip
- real-ip
- ext-plugin-pre-req
- ext-plugin-post-req
stream_plugins:
- mqtt-proxy
- ip-restriction
- limit-conn
kind: ConfigMap
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
