LLLLimbo opened a new issue #4555:
URL: https://github.com/apache/apisix/issues/4555
My ```Docker-Compose``` file:
```apisix-dashboard```
```yaml
version: "3"
services:
apisix-dashboard:
image: apache/apisix-dashboard:2.7
restart: always
volumes:
- ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
ports:
- "9000:9000"
networks:
apisix:
apisix:
image: apache/apisix:2.6-alpine
restart: always
volumes:
- ./apisix_log:/usr/local/apisix/logs
- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
-
./apisix_plugins/seeiner-auth.lua:/usr/local/apisix/apisix/plugins/seeiner-auth.lua
##network_mode: host
ports:
- "9080:9080/tcp"
- "9443:9443/tcp"
- "9091:9091/tcp"
networks:
apisix:
networks:
apisix:
driver: bridge
```
```Apisix` Configuration file``
```yaml
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for
security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
etcd:
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
- "http://192.168.3.131:2379"; # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
discovery: # service discovery center
eureka:
host: # it's possible to define multiple
eureka hosts addresses of the same eureka cluster.
- "http://192.168.2.102:10100";
prefix: "/eureka/"
fetch_interval: 30 # default 30s
weight: 100 # default weight for node
timeout:
connect: 2000 # default 2000ms
send: 2000 # default 2000ms
read: 5000 # default 5000ms
extra_lua_path: "/usr/local/apisix/apisix/plugins/seeiner-auth.lua"
plugins: # plugin list (sorted in alphabetical
order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
# - skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
nginx_config: # config for render the template to
genarate nginx.conf
error_log: "logs/error.log"
error_log_level: "warn" # warn,error
worker_processes: auto # one worker will get best performance,
you can use "auto", but remember it is just work well only on physical machine
# no more than 8 workers, otherwise
competition between workers will consume a lot of resources
# if you want use multiple cores in
container, you can inject the number of cpu as environment variable
"APISIX_WORKER_PROCESSES"
enable_cpu_affinity: true # enbale cpu affinity, this is just work
well only on physical machine
worker_rlimit_nofile: 20480 # the number of files a worker process can
open, should be larger than worker_connections
worker_shutdown_timeout: 240s # timeout for a graceful shutdown of
worker processes
event:
worker_connections: 10620
#envs: # allow to get a list of environment
variables
# - TEST_ENV
# As user can add arbitrary configurations in the snippet,
# it is user's responsibility to check the configurations
# don't conflict with APISIX.
main_configuration_snippet: |
# Add custom Nginx main configuration to nginx.conf.
# The configuration should be well indented!
http_configuration_snippet: |
server
{
listen 80;
server_name apisix-dashboard.test.seeiner.cn;
location / {
proxy_pass http://localhost:9000;
}
}
server
{
listen 80;
server_name gateway.test.seeiner.cn;
location / {
proxy_pass http://localhost:9000;
}
}
# Add custom Nginx http configuration to nginx.conf.
# The configuration should be well indented!
http_server_configuration_snippet: |
# Add custom Nginx http server configuration to nginx.conf.
# The configuration should be well indented!
http_admin_configuration_snippet: |
# Add custom Nginx admin server configuration to nginx.conf.
# The configuration should be well indented!
stream_configuration_snippet: |
# Add custom Nginx stream configuration to nginx.conf.
# The configuration should be well indented!
http:
enable_access_log: true # enable access log or not, default true
access_log: "logs/access.log"
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host
\"$request\" $status $body_bytes_sent $request_time \"$http_referer\"
\"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time
\"$upstream_scheme://$upstream_host$upstream_uri\""
access_log_format_escape: default # allows setting json or default
characters escaping in variables
keepalive_timeout: 60s # timeout during which a keep-alive
client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request
header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request
body, then 408 (Request Time-out) error is returned to the client
client_max_body_size: 0 # The maximum allowed size of the client
request body.
# If exceeded, the 413 (Request Entity
Too Large) error is returned to the client.
# Note that unlike Nginx, we don't limit
the body size by default.
send_timeout: 10s # timeout for transmitting a response to
the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores
in client request header fields
real_ip_header: "X-Real-IP" #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_from: #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- 'unix:'
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format:
`cache-key: cache-size`
```
```Apisix Dashboard Configuration file```
```yaml
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is
allowed by default.
- 0.0.0.0/0
etcd:
endpoints: # supports defining multiple etcd host addresses for
an etcd cluster
- "http://192.168.3.131:2379";
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is
used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by
default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info,
warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard
output
# such as: logs/error.log, /tmp/logs/error.log,
/dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard
output
# such as: logs/access.log, /tmp/logs/access.log,
/dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO
filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host":
"127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId":
"3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1",
"method": "PUT", "errs": []}
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to
protect `manager api`.
# if it's default value, when `manager api` start,
it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
plugins: # plugin list (sorted in alphabetical
order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
# - skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
```
Run command
```bash
docker-compose -p docker-apisix up -d
```
And then enable prometheus plugin in dashboard.
```
[root@localhost ~]# curl -i http://127.0.0.1:9091/apisix/prometheus/metrics
curl: (56) Recv failure: Connection reset by peer
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
