spacewander commented on a change in pull request #4856:
URL: https://github.com/apache/apisix/pull/4856#discussion_r693005197
##########
File path: conf/config-default.yaml
##########
@@ -113,8 +116,14 @@ apisix:
enable_resolv_search_opt: true # enable search option in resolv.conf
ssl:
enable: true
- enable_http2: true
- listen_port: 9443
+ listen:
+ - 9443
+ - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
+ port: 9444
+ enable_http2: true # If not set, the default value is `false`.
+ #port: 9081
+ #enable_http2: true
Review comment:
Why comment it out?
##########
File path: conf/config-default.yaml
##########
@@ -20,7 +20,10 @@
#
apisix:
- node_listen: 9080 # APISIX listening port
Review comment:
Ditto
##########
File path: conf/config-default.yaml
##########
@@ -20,7 +20,10 @@
#
apisix:
- node_listen: 9080 # APISIX listening port
+ node_listen: # APISIX listening port
+ - 9080
+ - ip: 127.0.0.2 # Specific IP, If not set, the default
value is `0.0.0.0`.
Review comment:
Please comment out the example
##########
File path: apisix/cli/ops.lua
##########
@@ -461,45 +461,238 @@ Please modify "admin_key" in conf/config.yaml .
end
end
- -- support multiple ports listen, compatible with the original style
+ local ip_port_to_check = {}
+
+ -- support multiple ports listen, support specific IP, compatible with the
original style
if type(yaml_conf.apisix.node_listen) == "number" then
if ports_to_check[yaml_conf.apisix.node_listen] ~= nil then
util.die("node_listen port ", yaml_conf.apisix.node_listen,
" conflicts with ",
ports_to_check[yaml_conf.apisix.node_listen], "\n")
end
- local node_listen = {{port = yaml_conf.apisix.node_listen}}
+ local node_listen = {}
+ table_insert(node_listen, {ip = "0.0.0.0", port =
yaml_conf.apisix.node_listen})
+ if yaml_conf.apisix.enable_ipv6 then
+ table_insert(node_listen, {ip = "[::]", port =
yaml_conf.apisix.node_listen})
+ end
yaml_conf.apisix.node_listen = node_listen
elseif type(yaml_conf.apisix.node_listen) == "table" then
local node_listen = {}
- for index, value in ipairs(yaml_conf.apisix.node_listen) do
+ for _, value in ipairs(yaml_conf.apisix.node_listen) do
+ local ip = "0.0.0.0"
+ local port = 9080
+ local enable_ipv6 = false
+
if type(value) == "number" then
+ port = value
- if ports_to_check[value] ~= nil then
- util.die("node_listen port ", value, " conflicts with ",
- ports_to_check[value], "\n")
+ if yaml_conf.apisix.enable_ipv6 then
+ enable_ipv6 = true
end
- table_insert(node_listen, index, {port = value})
elseif type(value) == "table" then
- if type(value.port) == "number" and ports_to_check[value.port]
~= nil then
- util.die("node_listen port ", value.port, " conflicts with
",
- ports_to_check[value.port], "\n")
+ ip = value.ip
+
+ if ip == nil then
+ ip = "0.0.0.0"
+ if yaml_conf.apisix.enable_ipv6 then
+ enable_ipv6 = true
+ end
end
- table_insert(node_listen, index, value)
+ if type(ip) ~= "string" then
+ util.die("node_listen ip format error: ", ip, "\n")
+ end
+
+ port = value.port
+
+ if port == nil then
+ port = 9080
+ end
+
+ if type(port) ~= "number" then
+ util.die("node_listen port format error: ", port, "\n")
+ end
+
+ end
+
+ if ports_to_check[port] ~= nil then
+ util.die("node_listen port ", port, " conflicts with ",
+ ports_to_check[port], "\n")
+ end
+
+ local addr = ip .. ":" .. port
+
+ if ip_port_to_check[addr] == nil then
+ table_insert(node_listen, {ip = ip, port = port})
+ ip_port_to_check[addr] = true
+ end
+
+ if enable_ipv6 then
+ ip = "[::]"
+ addr = ip .. ":" .. port
+
+ if ip_port_to_check[addr] == nil then
+ table_insert(node_listen, {ip = ip, port = port})
+ ip_port_to_check[addr] = true
+ end
end
end
yaml_conf.apisix.node_listen = node_listen
end
+
+ local total_ssl_listen = {}
+ -- support specific IP listen in https
+ if type(yaml_conf.apisix.ssl.listen) == "number" then
+ local ip = "0.0.0.0"
+ local port = yaml_conf.apisix.ssl.listen
+
+ if ports_to_check[port] ~= nil then
+ util.die("ssl listen port ", port,
+ " conflicts with ", ports_to_check[port], "\n")
+ end
+
+ local addr = ip .. ":" .. port
+
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = "0.0.0.0", port = port,
enable_http2 = false})
+ end
+
+ if yaml_conf.apisix.enable_ipv6 then
+ ip = "[::]"
+ addr = ip .. ":" .. port
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = "[::]", port = port,
enable_http2 = false})
+ end
+ end
+ elseif type(yaml_conf.apisix.ssl.listen) == "table" then
+ for _, value in ipairs(yaml_conf.apisix.ssl.listen) do
+ local ip = "0.0.0.0"
+ local port = 9443
+ local enable_http2 = false
+ local enable_ipv6 = false
+
+ if type(value) == "number" then
+ port = value
+
+ if yaml_conf.apisix.enable_ipv6 then
+ enable_ipv6 = true
+ end
+
+ elseif type(value) == "table" then
+
+ ip = value.ip
+
+ if ip == nil then
+ ip = "0.0.0.0"
+ if yaml_conf.apisix.enable_ipv6 then
+ enable_ipv6 = true
+ end
+ end
+
+ if type(ip) ~= "string" then
+ util.die("ssl listen ip format error: ", ip, "\n")
+ end
+
+ port = value.port
+
+ if port == nil then
+ port = 9443
+ end
+
+ if type(port) ~= "number" then
+ util.die("ssl listen port format error: ", port, "\n")
+ end
+
+ enable_http2 = value.enable_http2
+ if enable_http2 == nil then
+ enable_http2 = false
+ end
+
+ end
+
+ if ports_to_check[port] ~= nil then
+ util.die("ssl listen port ", port, " conflicts with ",
+ ports_to_check[port], "\n")
+ end
+
+ local addr = ip .. ":" .. port
+
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = ip, port = port,
enable_http2 = enable_http2})
+ ip_port_to_check[addr] = true
+ end
+
+ if enable_ipv6 then
+ ip = "[::]"
+ addr = ip .. ":" .. port
+
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = ip, port = port,
enable_http2 = enable_http2})
+ ip_port_to_check[addr] = true
+ end
+ end
+ end
+ end
+
+ -- listen in https, compatible with the original style
if type(yaml_conf.apisix.ssl.listen_port) == "number" then
- local listen_port = {yaml_conf.apisix.ssl.listen_port}
- yaml_conf.apisix.ssl.listen_port = listen_port
+ local ip = "0.0.0.0"
+ local port = yaml_conf.apisix.ssl.listen_port
+
+ if ports_to_check[port] ~= nil then
+ util.die("ssl listen port ", port,
+ " conflicts with ", ports_to_check[port], "\n")
+ end
+
+ local addr = ip .. ":" .. port
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = ip, port = port, enable_http2
= yaml_conf.apisix.ssl.enable_http2})
+ end
+
+ if yaml_conf.apisix.enable_ipv6 then
+ ip = "[::]"
+ addr = ip .. ":" .. port
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = ip, port = port,
enable_http2 = yaml_conf.apisix.ssl.enable_http2})
+ end
+ end
+ elseif type(yaml_conf.apisix.ssl.listen_port) == "table" then
+ for _, value in ipairs(yaml_conf.apisix.ssl.listen_port) do
+ if type(value) == "number" then
+ local ip = "0.0.0.0"
+ local port = value
+
+ if ports_to_check[port] ~= nil then
+ util.die("ssl listen port ", port, " conflicts with ",
+ ports_to_check[port], "\n")
+ end
+
+ local addr = ip .. ":" .. port
+
+ if ip_port_to_check[addr] == nil then
+ table_insert(total_ssl_listen, {ip = ip, port = port,
enable_http2 = yaml_conf.apisix.ssl.enable_http2})
Review comment:
We can refactor the repeated code in a function, which accepts
enable_http2, enable_ipv6 and other arguments
##########
File path: conf/config-default.yaml
##########
@@ -113,8 +116,14 @@ apisix:
enable_resolv_search_opt: true # enable search option in resolv.conf
ssl:
enable: true
- enable_http2: true
- listen_port: 9443
+ listen:
+ - 9443
+ - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
Review comment:
Ditto
##########
File path: conf/config-default.yaml
##########
@@ -113,8 +116,14 @@ apisix:
enable_resolv_search_opt: true # enable search option in resolv.conf
ssl:
enable: true
- enable_http2: true
- listen_port: 9443
+ listen:
+ - 9443
+ - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
+ port: 9444
+ enable_http2: true # If not set, the default value is `false`.
+ #port: 9081
Review comment:
Please remove the irrelative line
##########
File path: conf/config-default.yaml
##########
@@ -113,8 +116,14 @@ apisix:
enable_resolv_search_opt: true # enable search option in resolv.conf
ssl:
enable: true
- enable_http2: true
- listen_port: 9443
+ listen:
+ - 9443
+ - ip: 127.0.0.3 # Specific IP, If not set, the default value
is `0.0.0.0`.
+ port: 9444
+ enable_http2: true # If not set, the default value is `false`.
+ #port: 9081
+ #enable_http2: true
+ #listen_port: 9443
Review comment:
Need to add a comment to show that this way still supports, but is no
longer recommended
##########
File path: apisix/cli/ops.lua
##########
@@ -461,45 +461,238 @@ Please modify "admin_key" in conf/config.yaml .
end
end
- -- support multiple ports listen, compatible with the original style
+ local ip_port_to_check = {}
+
+ -- support multiple ports listen, support specific IP, compatible with the
original style
if type(yaml_conf.apisix.node_listen) == "number" then
if ports_to_check[yaml_conf.apisix.node_listen] ~= nil then
util.die("node_listen port ", yaml_conf.apisix.node_listen,
" conflicts with ",
ports_to_check[yaml_conf.apisix.node_listen], "\n")
end
- local node_listen = {{port = yaml_conf.apisix.node_listen}}
+ local node_listen = {}
+ table_insert(node_listen, {ip = "0.0.0.0", port =
yaml_conf.apisix.node_listen})
Review comment:
Strictly speaking, the default value of "ip" is "*", `listen 80` is
equal to `listen *:80`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
