charles1503 opened a new issue #4897:
URL: https://github.com/apache/apisix/issues/4897
### Issue description
### when i use docker image apache/apisix:2.8-centos or
apache/apisix:2.8-alpine to run apisix, start failed,the error log content:
```
2021/08/25 14:48:35 [error] 45#45: init_worker_by_lua error:
/usr/local/apisix/apisix/plugin.lua:235: attempt to index upvalue 'local_conf'
(a nil value)
stack traceback:
/usr/local/apisix/apisix/plugin.lua:235: in function 'load'
/usr/local/apisix/apisix/plugin.lua:489: in function 'init_worker'
/usr/local/apisix/apisix/init.lua:115: in function 'http_init_worker'
init_worker_by_lua:2: in main chunk
2021/08/25 14:48:35 [warn] 49#49: *2 [lua] plugin.lua:150: load(): new
plugins:
{"wolf-rbac":true,"jwt-auth":true,"fault-injection":true,"proxy-mirror":true,"syslog":true,"ext-plugin-pre-req":true,"ext-plugin-post-req":true,"openid-connect":true,"grpc-transcode":true,"tcp-logger":true,"serverless-pre-function":true,"uri-blocker":true,"server-info":true,"consumer-restriction":true,"request-validation":true,"limit-conn":true,"hmac-auth":true,"api-breaker":true,"prometheus":true,"referer-restriction":true,"example-plugin":true,"cors":true,"serverless-post-function":true,"zipkin":true,"echo":true,"udp-logger":true,"kafka-logger":true,"limit-count":true,"key-auth":true,"limit-req":true,"basic-auth":true,"sls-logger":true,"client-control":true,"traffic-split":true,"http-logger":true,"authz-keycloak":true,"proxy-rewrite":true,"request-id":true,"proxy-cache":true,"redirect":true,"ip-restriction":true,"response-rewrite":true,"batch-requests":true},
context: init_worker_by_lua*
2021/08/25 14:48:35 [error] 46#46: init_worker_by_lua error:
/usr/local/apisix/apisix/plugin.lua:235: attempt to index upvalue 'local_conf'
(a nil value)
stack traceback:
/usr/local/apisix/apisix/plugin.lua:235: in function 'load'
/usr/local/apisix/apisix/plugin.lua:489: in function 'init_worker'
/usr/local/apisix/apisix/init.lua:115: in function 'http_init_worker'
init_worker_by_lua:2: in main chunk
2021/08/25 14:48:35 [warn] 49#49: *2 [lua] plugin.lua:192: load_stream():
new plugins: {"limit-conn":true,"mqtt-proxy":true}, context: init_worker_by_lua*
```
- server
- ip: 10.207.91.9
- os: Linux version 3.10.0-1127.13.1.el7.x86_64
([email protected]) (gcc version 4.8.5 20150623 (Red Hat
4.8.5-39) (GCC) ) #1 SMP Tue Jun 23 15:46:38 UTC 2020
- etcd
```
docker run -d --name etcd-server \
-p 3379:2379 \
-p 3380:2380 \
-v /app/apisix/etcd/config.yml:/opt/bitnami/etcd/conf/etcd.conf.yml \
-v /app/apisix/etcd/data:/opt/bitnami/etcd/data \
--env ALLOW_NONE_AUTHENTICATION=yes \
bitnami/etcd:3.4.9
```
- apisix
```
docker run --name apisix \
-v /app/apisix/apisix-config.yaml:/usr/local/apisix/conf/config.yaml \
-v /app/apisix/apisix-logs:/usr/local/apisix/logs \
-p 80:9080 \
-p 443:9443 \
-d apache/apisix:2.7-alpine
```
- apisix-config.yaml
```
apisix:
node_listen: 9080 # APISIX listening port
enable_admin: true
enable_admin_cors: true # Admin API support CORS response headers.
enable_debug: false
enable_dev_mode: false # Sets nginx worker_processes to 1 if set
to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set
to true.
enable_ipv6: true
config_center: etcd # etcd: use etcd to store the config value
# yaml: fetch the config value from local
yaml file `/your_path/conf/apisix.yaml`
#proxy_protocol: # Proxy Protocol configuration
#listen_http_port: 9181 # The port with proxy protocol for http,
it differs from node_listen and port_admin.
# This port can only receive http request
with proxy protocol, but node_listen & port_admin
# can only receive http request. If you
enable proxy protocol, you must use this port to
# receive http request with proxy protocol
#listen_https_port: 9182 # The port with proxy protocol for https
#enable_tcp_pp: true # Enable the proxy protocol for tcp
proxy, it works for stream_proxy.tcp option
#enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the
upstream server
enable_server_tokens: true # Whether the APISIX version number
should be shown in Server header.
# It's enabled by default.
# configurations to load third party code and/or override the builtin one.
extra_lua_path: "" # extend lua_package_path to load third
party code
extra_lua_cpath: "" # extend lua_package_cpath to load third
party code
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the
upstream does not specify the cache time
zones: # The parameters of a cache
- name: disk_cache_one # The name of the cache, administrator
can be specify
# which cache to use by name in the admin
api
memory_size: 50m # The size of shared memory, it's used to
store the cache index
disk_size: 1G # The size of disk, it's used to store
the cache data
disk_path: /tmp/disk_cache_one # The path to store the cache data
cache_levels: 1:2 # The hierarchy levels of a cache
#- name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
#- 127.0.0.0/24 # If we don't set any IP list, then any IP
access is allowed by default.
#- "::/64"
#port_admin: 9180 # use a separate port
#https_admin: true # enable HTTPS when use a separate port for
Admin API.
# Admin API will use
conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate.
admin_api_mtls: # Depends on `port_admin` and `https_admin`.
admin_ssl_cert: "" # Path of your self-signed server side cert.
admin_ssl_cert_key: "" # Path of your self-signed server side key.
admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is
used to sign all admin api callers' certificates.
# Default token when use API to call for Admin API.
# *NOTE*: Highly recommended to modify this value to protect APISIX's
Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
admin_key:
-
name: admin
key: edd1c9f094553f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
-
name: viewer
key: 40549f09455344346cd3f287985e76a2
role: viewer
delete_uri_tail_slash: false # delete the '/' at the end of the URI
global_rule_skip_internal_api: true # does not run global rule in
internal apis
# api that path starts with
"/apisix" is considered to be internal api
router:
http: radixtree_uri # radixtree_uri: match route by uri(base on
radixtree)
# radixtree_host_uri: match route by host
+ uri(base on radixtree)
# radixtree_uri_with_parameter: like
radixtree_uri but match uri with parameters,
# see
https://github.com/api7/lua-resty-radixtree/#parameters-in-path for
# more details.
ssl: radixtree_sni # radixtree_sni: match route by SNI(base on
radixtree)
#stream_proxy: # TCP/UDP proxy
# only: true # use stream proxy only, don't enable HTTP
stuff
# tcp: # TCP proxy port list
# - addr: 9100
# tls: true
# - addr: "127.0.0.1:9101"
# udp: # UDP proxy port list
# - 9200
# - "127.0.0.1:9201"
#dns_resolver: # If not set, read from `/etc/resolv.conf`
# - 1.1.1.1
# - 8.8.8.8
#dns_resolver_valid: 30 # if given, override the TTL of the valid
records. The unit is second.
resolver_timeout: 5 # resolver timeout
enable_resolv_search_opt: true # enable search option in resolv.conf
ssl:
enable: true
enable_http2: true
listen_port: 9443
#ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with
trusted CA certificates in the PEM format
# used to verify the
certificate when APISIX needs to do SSL/TLS handshaking
# with external services
(e.g. etcd)
ssl_protocols: TLSv1.2 TLSv1.3
ssl_ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_session_tickets: false # disable ssl_session_tickets
by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
# ref:
https://github.com/mozilla/server-side-tls/issues/135
key_encrypt_salt: edd1c9f0985e76a2 # If not set, will save origin
ssl key into etcd.
# If set this, must be a string
of length 16. And it will encrypt ssl key with AES-128-CBC
# !!! So do not change it after
saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
enable_control: true
#control:
# ip: 127.0.0.1
# port: 9090
disable_sync_configuration_during_start: false # safe exit. Remove this
once the feature is stable
nginx_config: # config for render the template to
generate nginx.conf
#user: root # specifies the execution user of the
worker process.
# the "user" directive makes sense only if
the master process runs with super-user privileges.
# if you're not root user,the default is
current user.
error_log: logs/error.log
error_log_level: warn # warn,error
worker_processes: auto # if you want use multiple cores in
container, you can inject the number of cpu as environment variable
"APISIX_WORKER_PROCESSES"
enable_cpu_affinity: true # enable cpu affinity, this is just work
well only on physical machine
worker_rlimit_nofile: 20480 # the number of files a worker process can
open, should be larger than worker_connections
worker_shutdown_timeout: 240s # timeout for a graceful shutdown of
worker processes
event:
worker_connections: 10620
#envs: # allow to get a list of environment
variables
# - TEST_ENV
stream:
lua_shared_dict:
etcd-cluster-health-check-stream: 10m
lrucache-lock-stream: 10m
plugin-limit-conn-stream: 10m
# As user can add arbitrary configurations in the snippet,
# it is user's responsibility to check the configurations
# don't conflict with APISIX.
main_configuration_snippet: |
# Add custom Nginx main configuration to nginx.conf.
# The configuration should be well indented!
http_configuration_snippet: |
# Add custom Nginx http configuration to nginx.conf.
# The configuration should be well indented!
http_server_configuration_snippet: |
# Add custom Nginx http server configuration to nginx.conf.
# The configuration should be well indented!
http_admin_configuration_snippet: |
# Add custom Nginx admin server configuration to nginx.conf.
# The configuration should be well indented!
http_end_configuration_snippet: |
# Add custom Nginx http end configuration to nginx.conf.
# The configuration should be well indented!
stream_configuration_snippet: |
# Add custom Nginx stream configuration to nginx.conf.
# The configuration should be well indented!
http:
enable_access_log: true # enable access log or not, default true
access_log: logs/access.log
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host
\"$request\" $status $body_bytes_sent $request_time \"$http_referer\"
\"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time
\"$upstream_scheme://$upstream_host$upstream_uri\""
access_log_format_escape: default # allows setting json or default
characters escaping in variables
keepalive_timeout: 60s # timeout during which a keep-alive
client connection will stay open on the server side.
client_header_timeout: 60s # timeout for reading client request
header, then 408 (Request Time-out) error is returned to the client
client_body_timeout: 60s # timeout for reading client request
body, then 408 (Request Time-out) error is returned to the client
client_max_body_size: 0 # The maximum allowed size of the client
request body.
# If exceeded, the 413 (Request Entity
Too Large) error is returned to the client.
# Note that unlike Nginx, we don't limit
the body size by default.
send_timeout: 10s # timeout for transmitting a response to
the client.then the connection is closed
underscores_in_headers: "on" # default enables the use of underscores
in client request header fields
real_ip_header: X-Real-IP #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_recursive: "off" #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
real_ip_from: #
http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- "unix:"
#lua_shared_dicts: # add custom shared cache to nginx.conf
# ipc_shared_dict: 100m # custom shared cache, format:
`cache-key: cache-size`
# Enables or disables passing of the server name through TLS Server Name
Indication extension (SNI, RFC 6066)
# when establishing a connection with the proxied HTTPS server.
proxy_ssl_server_name: true
upstream:
keepalive: 320 # Sets the maximum number of idle
keepalive connections to upstream servers that are preserved in the cache of
each worker process.
# When this number is exceeded, the least
recently used connections are closed.
keepalive_requests: 1000 # Sets the maximum number of requests
that can be served through one keepalive connection.
# After the maximum number of requests is
made, the connection is closed.
keepalive_timeout: 60s # Sets a timeout during which an idle
keepalive connection to an upstream server will stay open.
charset: utf-8 # Adds the specified charset to the
"Content-Type" response header field, see
#
http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
variables_hash_max_size: 2048 # Sets the maximum size of the variables
hash table.
lua_shared_dict:
internal-status: 10m
plugin-limit-req: 10m
plugin-limit-count: 10m
prometheus-metrics: 10m
plugin-limit-conn: 10m
upstream-healthcheck: 10m
worker-events: 10m
lrucache-lock: 10m
balancer-ewma: 10m
balancer-ewma-locks: 10m
balancer-ewma-last-touched-at: 10m
plugin-limit-count-redis-cluster-slot-lock: 1m
tracing_buffer: 10m
plugin-api-breaker: 10m
etcd-cluster-health-check: 10m
discovery: 1m
jwks: 1m
introspection: 10m
access-tokens: 1m
etcd:
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
- "http://10.207.91.9:3379"; # multiple etcd address, if your etcd
cluster enables TLS, please use https scheme,
# e.g. https://127.0.0.1:2379.
prefix: /apisix # apisix configurations prefix
timeout: 30 # 30 seconds
#resync_delay: 5 # when sync failed and a rest is needed,
resync after the configured seconds plus 50% random jitter
#health_check_timeout: 10 # etcd retry the unhealthy nodes after the
configured seconds
#user: root # root username for etcd
#password: 5tHkHhYkjr6cQY # root password for etcd
tls:
# To enable etcd client certificate you need to build APISIX-Openresty,
see
#
http://apisix.apache.org/docs/apisix/how-to-build#6-build-openresty-for-apisix
#cert: /path/to/cert # path of certificate used by the etcd
client
#key: /path/to/key # path of key used by the etcd client
verify: true # whether to verify the etcd endpoint
certificate when setup a TLS connection to etcd,
# the default value is true, e.g. the
certificate will be verified strictly.
#discovery: # service discovery center
# dns:
# servers:
# - "127.0.0.1:8600" # use the real address of your dns server
# eureka:
# host: # it's possible to define multiple eureka
hosts addresses of the same eureka cluster.
# - "http://127.0.0.1:8761";
# prefix: /eureka/
# fetch_interval: 30 # default 30s
# weight: 100 # default weight for node
# timeout:
# connect: 2000 # default 2000ms
# send: 2000 # default 2000ms
# read: 5000 # default 5000ms
graphql:
max_size: 1048576 # the maximum size limitation of graphql
in bytes, default 1MiB
#ext-plugin:
#cmd: ["ls", "-l"]
plugins: # plugin list (sorted by priority)
- client-control # priority: 22000
- ext-plugin-pre-req # priority: 12000
- zipkin # priority: 11011
- request-id # priority: 11010
- fault-injection # priority: 11000
- serverless-pre-function # priority: 10000
- batch-requests # priority: 4010
- cors # priority: 4000
- ip-restriction # priority: 3000
- referer-restriction # priority: 2990
- uri-blocker # priority: 2900
- request-validation # priority: 2800
- openid-connect # priority: 2599
- wolf-rbac # priority: 2555
- hmac-auth # priority: 2530
- basic-auth # priority: 2520
- jwt-auth # priority: 2510
- key-auth # priority: 2500
- consumer-restriction # priority: 2400
- authz-keycloak # priority: 2000
#- error-log-logger # priority: 1091
- proxy-mirror # priority: 1010
- proxy-cache # priority: 1009
- proxy-rewrite # priority: 1008
- api-breaker # priority: 1005
- limit-conn # priority: 1003
- limit-count # priority: 1002
- limit-req # priority: 1001
#- node-status # priority: 1000
- server-info # priority: 990
- traffic-split # priority: 966
- redirect # priority: 900
- response-rewrite # priority: 899
#- dubbo-proxy # priority: 507
- grpc-transcode # priority: 506
- prometheus # priority: 500
- echo # priority: 412
- http-logger # priority: 410
- sls-logger # priority: 406
- tcp-logger # priority: 405
- kafka-logger # priority: 403
- syslog # priority: 401
- udp-logger # priority: 400
#- log-rotate # priority: 100
# <- recommend to use priority (0, 100) for your custom plugins
- example-plugin # priority: 0
#- skywalking # priority: -1100
- serverless-post-function # priority: -2000
- ext-plugin-post-req # priority: -3000
stream_plugins: # sorted by priority
- limit-conn # priority: 1003
- mqtt-proxy # priority: 1000
# <- recommend to use priority (0, 100) for your custom plugins
plugin_attr:
log-rotate:
interval: 3600 # rotate interval (unit: second)
max_kept: 168 # max number of log files will be kept
skywalking:
service_name: APISIX
service_instance_name: APISIX Instance Name
endpoint_addr: http://127.0.0.1:12800
prometheus:
export_uri: /apisix/prometheus/metrics
enable_export_server: true
export_addr:
ip: 127.0.0.1
port: 9091
server-info:
report_interval: 60 # server info report interval (unit: second)
report_ttl: 3600 # live time for server info in etcd (unit: second)
dubbo-proxy:
upstream_multiplex_count: 32
```
- docker version
```
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-208.git7d71120.el7_9.x86_64
Go version: go1.10.3
Git commit: 7d71120/1.13.1
Built: Mon Jun 7 15:36:09 2021
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-208.git7d71120.el7_9.x86_64
Go version: go1.10.3
Git commit: 7d71120/1.13.1
Built: Mon Jun 7 15:36:09 2021
OS/Arch: linux/amd64
Experimental: false
```
## when i use another sever or mac, same config and command ,apisix start
success.
- Linux:
- OS:Linux k8s-master 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10
13:32:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
- cat /proc/version:
```
Linux version 3.10.0-1160.31.1.el7.x86_64
([email protected]) (gcc version 4.8.5 20150623 (Red Hat
4.8.5-44) (GCC) ) #1 SMP Thu Jun 10 13:32:12 UTC 2021
```
- docker version:
```
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-208.git7d71120.el7_9.x86_64
Go version: go1.10.3
Git commit: 7d71120/1.13.1
Built: Mon Jun 7 15:36:09 2021
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-208.git7d71120.el7_9.x86_64
Go version: go1.10.3
Git commit: 7d71120/1.13.1
Built: Mon Jun 7 15:36:09 2021
OS/Arch: linux/amd64
Experimental: false
```
- MacOS:
- OS: macOS Big Sur 11.5.1
- docker version:
```
Client:
Cloud integration: 1.0.17
Version: 20.10.7
API version: 1.41
Go version: go1.16.4
Git commit: f0df350
Built: Wed Jun 2 11:56:22 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:54:58 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
```
### Environment
- apisix version (cmd: `apisix version`): apache/apisix:2.8-alpine
- OS (cmd: `uname -a`): Linux crc-dev-comm-zk 3.10.0-1127.13.1.el7.x86_64
#1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
- etcd version, if have (cmd: run `curl
http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
- apisix-dashboard version, if have:
- luarocks version, if the issue is about installation (cmd: `luarocks
--version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
