[GitHub] [apisix-docker] leenux commented on issue #115: Can network use service name instead IP?

[GitBox]

leenux commented on issue #115:
URL: https://github.com/apache/apisix-docker/issues/115#issuecomment-758451946


   docker-compose.yml
   ```
   version: "3"
   
   services:
     apisix:
       image: apache/apisix:2.0-alpine
       # 官网 2.1-alpine 镜像存在ssl无法启动BUG，此处暂用2.0-alpine替代
       #image: apache/apisix:2.1-alpine
       restart: always
       volumes:
         - ./apisix_log:/usr/local/apisix/logs
         - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
       depends_on:
         - etcd
       ##network_mode: host
       ports:
         # 此处分别以80、443替换原配置文件中的9080、9443以便直接配置使用
         - "80:9080/tcp"
         - "443:9443/tcp"
         #- "9080:9080/tcp"
         #- "9443:9443/tcp"
       networks:
         - apisix
   
     etcd:
       image: bitnami/etcd:3.4.9
       user: root
       restart: always
       volumes:
         - ./etcd_data:/etcd_data
       environment:
         ETCD_DATA_DIR: /etcd_data
         ETCD_ENABLE_V2: "true"
         ALLOW_NONE_AUTHENTICATION: "yes"
         ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379";
         ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379";
       ports:
         - "2379:2379/tcp"
       networks:
         - apisix
   
     apisix-dashboard:
       container_name: apisix-dashboard
       # 由于官方未提供镜像，此处暂使用自建镜像
       image: registry.cn-shanghai.aliyuncs.com/qwxingzhe/apisix-dashboard:2.2
       ports:
         - 9000:9000
       volumes:
         - 
./apisix-dashboard/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
       networks:
         - apisix
   
   networks:
     apisix:
       name: apisix
       driver: bridge
   
   ```
   config.yaml
   ```
   apisix:
     node_listen: 9080              # APISIX listening port
     enable_ipv6: false
   
     ssl:
       enable: true                 # ssl is disabled by default
                                     # enable it to use your own cert and key
       enable_http2: true
       listen_port: 9443
       # ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with 
trusted CA certificates in the PEM format
                                                   # used to verify the 
certificate when APISIX needs to do SSL/TLS handshaking
                                                   # with external services 
(e.g. etcd)
       # ssl_cert: /path/to/ssl_cert
       # ssl_cert_key: /path/to/ssl_cert_key
       ssl_protocols: "TLSv1.2 TLSv1.3"
       ssl_ciphers: 
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
       ssl_session_tickets: false              #  disable ssl_session_tickets 
by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
                                               #  ref: 
https://github.com/mozilla/server-side-tls/issues/135
       key_encrypt_salt: "edd1c9f0985e76a2"    #  If not set, will save origin 
ssl key into etcd.
                                               #  If set this, must be a string 
of length 16. And it will encrypt ssl key with AES-128-CBC
                                               #  !!! So do not change it after 
saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
   
     allow_admin:                  # 
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
       - 0.0.0.0/0              # We need to restrict ip access rules for 
security. 0.0.0.0/0 is for test.
   
     admin_key:
       - name: "admin"
         key: edd1c9f034335f136f87ad84b625c8f1
         role: admin                 # admin: manage all configuration data
                                     # viewer: only can view configuration data
       - name: "viewer"
         key: 4054f7cf07e344346cd3f287985e76a2
         role: viewer
   
   etcd:
     host:                           # it's possible to define multiple etcd 
hosts addresses of the same etcd cluster.
       - "http://etcd:2379";     # multiple etcd address
     prefix: "/apisix"               # apisix configurations prefix
     timeout: 30                     # 30 seconds
   ```
   conf.yaml
   ```
   conf:
     listen:
       host: 0.0.0.0 # 允许外网访问
       #host: 127.0.0.1 # `manager api` listening ip or host name
       port: 9000 # `manager api` listening port
     etcd:
       endpoints: # supports defining multiple etcd host addresses for an etcd 
cluster
         - etcd:2379
     log:
       error_log:
         level: warn # supports levels, lower to higher: debug, info, warn, 
error, panic, fatal
         file_path:
           logs/error.log # supports relative path, absolute path, standard 
output
           # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, 
/dev/stderr
   authentication:
     secret:
       secret # secret for jwt token generation.
       # NOTE: Highly recommended to modify this value to protect `manager api`.
       # if it's default value, when `manager api` start , it will generate a 
random string to replace it.
     expire_time: 3600 # jwt token expire time, in second
     users:
       - username: admin # username and password for login `manager api`
         password: admin
       - username: user
         password: user
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org