ziyou434 opened a new issue #2786:
URL: https://github.com/apache/apisix/issues/2786
### Issue description
I used configmap as config-default.yaml and it ran well.
But I find the document forbid change config-default, so I change to
mountPath: /usr/local/apisix/conf/config.yaml.
There are some problems.
```
/usr/local/openresty/luajit/bin/luajit: /usr/bin/apisix:619: attempt to
index local 'base' (a nil value)
stack traceback:
/usr/bin/apisix:619: in function 'merge_conf'
/usr/bin/apisix:616: in function 'merge_conf'
/usr/bin/apisix:616: in function 'merge_conf'
/usr/bin/apisix:660: in function 'read_yaml_conf'
/usr/bin/apisix:826: in function </usr/bin/apisix:819>
/usr/bin/apisix:1166: in main chunk
[C]: at 0x00404c00
```
config.yaml(Hide sensitive information)
```yaml
apisix:
node_listen: 9080 # APISIX listening port
enable_admin: true
enable_admin_cors: true # Admin API support CORS response headers.
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set
to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set
to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local
yaml file `/your_path/conf/apisix.yaml`
#proxy_protocol: # Proxy Protocol configuration
# listen_http_port: 9181 # The port with proxy protocol for http,
it differs from node_listen and port_admin.
# This port can only receive http request
with proxy protocol, but node_listen & port_admin
# can only receive http request. If you
enable proxy protocol, you must use this port to
# receive http request with proxy protocol
# listen_https_port: 9182 # The port with proxy protocol for https
# enable_tcp_pp: true # Enable the proxy protocol for tcp
proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the
upstream server
enable_server_tokens: true # Whether the APISIX version number
should be shown in Server header.
# It's enabled by default.
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the
upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache, administrator
can be specify
# which cache to use by name in the admin
api
memory_size: 50m # The size of shared memory, it's used to
store the cache index
disk_size: 1G # The size of disk, it's used to store
the cache data
disk_path: "/tmp/disk_cache_one" # The path to store the cache data
cache_levels: "1:2" # The hierarchy levels of a cache
# - name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # If we don't set any IP list, then any IP
access is allowed by default.
# - "::/64"
# port_admin: 9180 # use a separate port
# https_admin: true # enable HTTPS when use a separate port
for Admin API.
# Admin API will use
conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate.
admin_api_mtls: # Depends on `port_admin` and `https_admin`.
admin_ssl_cert: "" # Path of your self-signed server side
cert.
admin_ssl_cert_key: "" # Path of your self-signed server side
key.
admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA
is used to sign all admin api callers' certificates.
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's
Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
-
name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
delete_uri_tail_slash: false # delete the '/' at the end of the URI
router:
http: 'radixtree_uri' # radixtree_uri: match route by uri(base
on radixtree)
# radixtree_host_uri: match route by host
+ uri(base on radixtree)
ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base
on radixtree)
# stream_proxy: # TCP/UDP proxy
# tcp: # TCP proxy port list
# - 9100
# - 9101
# udp: # UDP proxy port list
# - 9200
# - 9211
# dns_resolver: # If not set, read from
`/etc/resolv.conf`
# - 1.1.1.1
# - 8.8.8.8
dns_resolver_valid: 30 # valid time for dns result 30 seconds
resolver_timeout: 5 # resolver timeout
ssl:
enable: true
enable_http2: true
listen_port: 9443
# ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with
trusted CA certificates in the PEM format
# used to verify the
certificate when APISIX needs to do SSL/TLS handshaking
# with external services
(e.g. etcd)
ssl_protocols: "TLSv1.2 TLSv1.3"
ssl_ciphers:
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_session_tickets: false # disable ssl_session_tickets
by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
# ref:
https://github.com/mozilla/server-side-tls/issues/135
key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin
ssl key into etcd.
# If set this, must be a string
of length 16. And it will encrypt ssl key with AES-128-CBC
# !!! So do not change it after
saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
nginx_config: # config for render the template to
genarate nginx.conf
error_log: "/dev/stdout"
error_log_level: "warn" # warn,error
worker_processes: auto # one worker will get best performance,
you can use "auto", but remember it is just work well only on physical machine
# no more than 8 workers, otherwise
competition between workers will consume a lot of resources
# if you want use multiple cores in
container, you can inject the number of cpu as environment variable
"APISIX_WORKER_PROCESSES"
enable_cpu_affinity: true # enbale cpu affinity, this is just work
well only on physical machine
worker_rlimit_nofile: 20480 # the number of files a worker process can
open, should be larger than worker_connections
worker_shutdown_timeout: 240s # timeout for a graceful shutdown of
worker processes
event:
worker_connections: 10620
#envs: # allow to get a list of environment
variables
# - TEST_ENV
http:
access_log: "/dev/stdout"
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host
\"$request\" $status $body_bytes_sent $request_time \"$http_referer\"
\"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time"
access_log_format_escape: default # allows setting json or default
characters escaping in variables
keepalive_timeout: 60s # timeout during which a keep-alive
client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request
header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request
body, then 408 (Request Time-out) error is returned to the client
client_max_body_size: 0 # The maximum allowed size of the client
request body.
# If exceeded, the 413 (Request Entity
Too Large) error is returned to the client.
# Note that unlike Nginx, we don't limit
the body size by default.
send_timeout: 10s # timeout for transmitting a response to
the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores
in client request header fields
real_ip_header: "X-Real-IP" #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format:
`cache-key: cache-size`
etcd:
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
- "http://x.x.x.x:2379"; # multiple etcd address, if your etcd
cluster enables TLS, please use https scheme,
# e.g. "https://127.0.0.1:2379";.
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
# user: root # root username for etcd
# password: 5tHkHhYkjr6cQY # root password for etcd
tls:
verify: true # whether to verify the etcd endpoint
certificate when setup a TLS connection to etcd,
# the default value is true, e.g. the
certificate will be verified strictly.
# discovery: # service discovery center
# eureka:
# host: # it's possible to define multiple
eureka hosts addresses of the same eureka cluster.
# - "http://127.0.0.1:8761";
# prefix: "/eureka/"
# fetch_interval: 30 # default 30s
# weight: 100 # default weight for node
# timeout:
# connect: 2000 # default 2000ms
# send: 2000 # default 2000ms
# read: 5000 # default 5000ms
plugins: # plugin list
#- example-plugin
- limit-req
- limit-count
- limit-conn
- key-auth
- basic-auth
- prometheus
- node-status
- jwt-auth
- zipkin
- ip-restriction
- referer-restriction
- grpc-transcode
- serverless-pre-function
- serverless-post-function
- openid-connect
- proxy-rewrite
- redirect
- response-rewrite
- fault-injection
- udp-logger
- wolf-rbac
- tcp-logger
- kafka-logger
- cors
- consumer-restriction
- syslog
- batch-requests
- http-logger
- skywalking
- echo
- authz-keycloak
- uri-blocker
- request-validation
- proxy-cache
- proxy-mirror
- request-id
- hmac-auth
#- api-breaker
stream_plugins:
- mqtt-proxy
plugin_attr:
log-rotate:
interval: 3600 # rotate interval (unit: second)
max_kept: 168 # max number of log files will be kept
skywalking:
service_name: APISIX
service_instance_name: "APISIX Instance Name"
endpoint_addr: http://xxx.xxx.svc.cluster.local:12800
```
### Environment
* apisix version (cmd: `apisix version`):2.0
* OS: k8s
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
