This is an automated email from the ASF dual-hosted git repository.
juzhiyuan pushed a commit to branch docs-202108
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/docs-202108 by this push:
new 05615db fix: lint
05615db is described below
commit 05615db908eef0e6e59a8b8a9c2a810621d569c1
Author: juzhiyuan <[email protected]>
AuthorDate: Fri Oct 29 23:44:01 2021 +0800
fix: lint
---
...ache-APISIX-and-Envoy-performance-comparison.md | 2 +-
website/blog/2021/08/10/apisix-nginx.md | 26 +++----
website/blog/2021/08/11/interview-TuZhengsong.md | 18 ++---
...onnect-Plugin-for-Centralized-Authentication.md | 86 +++++++++++-----------
website/blog/2021/08/17/interview-airwallex.md | 8 +-
.../2021/08/19/go-makes-Apache-APISIX-better.md | 18 ++---
website/blog/2021/08/21/shanghai-meetup.md | 14 ++--
website/blog/2021/08/23/ApacheCon-Asia-2021.md | 46 ++++++------
website/blog/2021/08/24/shanghai-meetup-recap.md | 12 +--
...onnect-Plugin-for-Centralized-Authentication.md | 24 +++---
website/blog/2021/08/30/Ingress-Meeting.md | 4 +-
website/blog/2021/08/30/weekly-report.md | 4 +-
...a-better-gateway-and-K8S-Ingress-Controller.md" | 28 +++----
.../2021/08/10/apisix-nginx.md | 4 +-
14 files changed, 147 insertions(+), 147 deletions(-)
diff --git
a/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
b/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
index 430ae93..a6f2579 100644
--- a/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
+++ b/website/blog/2021/06/10/Apache-APISIX-and-Envoy-performance-comparison.md
@@ -155,7 +155,7 @@ Latency: Latency per request, the smaller the value the
better. It represents ho
We can see that the difference between the two metrics in the single-worker
thread|process mode, QPS and Latency is not large, but with the increase in the
number of threads|processes their gap is gradually enlarged, here I analyze
that there may be two reasons, NGINX in the high concurrency scenario with
multiple workers and the system IO model for interaction is not more
advantageous, on the other hand, also On the other hand, NGINX itself may be
more “stingy” in terms of memory and CP [...]
-## 总结
+## Summary
In general, Apache APISIX is slightly better than Envoy in terms of response
latency and QPS, and due to NGINX’s multi-worker collaboration method, which is
more advantageous in high concurrency scenarios, Apache APISIX’s performance
improvement is more obvious than Envoy’s after opening multiple worker
processes. The bus design of Envoy gives it a unique advantage in handling
east-west traffic, while the performance and latency of Apache APISIX gives it
a massive throughput capability i [...]
Apache APISIX
diff --git a/website/blog/2021/08/10/apisix-nginx.md
b/website/blog/2021/08/10/apisix-nginx.md
index 885d694..6b63b46 100644
--- a/website/blog/2021/08/10/apisix-nginx.md
+++ b/website/blog/2021/08/10/apisix-nginx.md
@@ -89,7 +89,7 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
The `ngx_event_expire_timers` function calls the handler method of all timeout
events. In fact, the timer is implemented by a [red-black
tree](https://zh.wikipedia.org/zh-hans/%E7%BA%A2%E9%BB%91%E6%A0%91) (a balanced
ordered binary tree), where the key is the absolute expiration time of each
event. This way, expired events can be found quickly by comparing the minimum
node with the current time.
-Lua timer for ### OpenResty
+### Lua timer for OpenResty
Of course, the above C functions are very inefficient to develop. Therefore,
OpenResty wraps the Lua interface and exposes the C function `ngx_timer_add` to
the Lua language via
[ngx.timer.at](https://github.com/openresty/lua-nginx-module#ngxtimerat).
@@ -142,7 +142,7 @@ Apache APISIX uses only eight of these hooks (note that
APISIX does not use `set
Once we have the above knowledge ready, we can answer how Apache APISIX
receives updates to etcd data.
-How #### nginx.conf is generated
+#### How nginx.conf is generated
Each Nginx worker process starts a timer in the ``init_worker_by_lua`` phase
with the ``http_init_worker`` function.
@@ -168,9 +168,9 @@ local function init(env)
ngxconf)
```
-Of course, Apache APISIX allows you to modify some of the data in the
nginx.conf template by modifying the conf/config.yaml configuration in a way
that mimics the syntax of conf/config-default.yaml. See the *read_yaml_conf*
function for an example of how to do this.
+Of course, Apache APISIX allows you to modify some of the data in the
nginx.conf template by modifying the conf/config.yaml configuration in a way
that mimics the syntax of conf/config-default.yaml. See the `read_yaml_conf`
function for an example of how to do this.
-```conf
+```lua
function _M.read_yaml_conf(apisix_home)
local local_conf_path = profile:yaml_path("config-default")
local default_conf_yaml, err = util.read_file(local_conf_path)
@@ -386,8 +386,8 @@ curl "http://127.0.0.1:9080/apisix/admin/upstreams/1"; -H
"X-API-KEY: edd1c9f0343
> "nodes": {
> "httpbin.org:80": 1
> }
-> }'
-{ "action": "set", "node":{"key":"\/apisix\/upstreams\/1", "value":{"hash_on":
"vars", "nodes":{"httpbin.org:80":1}, "create_time": 1627982128,
"update_time":1627982128, "scheme": "http", "type": "roundrobin", "pass_host":
"pass", "id": "1"}}}
+> }
+{"action":"set","node":{"key":"\/apisix\/upstreams\/1","value":{"hash_on":"vars","nodes":{"httpbin.org:80":1},"create_time":1627982128,"update_time":1627982128,"scheme":"http","type":"roundrobin","pass_host":"pass","id":"1"}}}'
```
You will see the following log in error.log (to see this line, you must set
the nginx_config.error_log_level in config.yaml to INFO)
@@ -433,14 +433,14 @@ local resources = {
}
```
-Therefore, the above curl request will be processed by the ``put`` function in
the /apisix/admin/upstreams.lua file, see the implementation of the ``put``
function as follows
+Therefore, the above curl request will be processed by the ``put`` function in
the /apisix/admin/upstreams.lua file, see the implementation of the ``put``
function as follows:
```lua
-- /apisix/admin/upstreams.lua file
function _M.put(id, conf)
-- check the legitimacy of the requested data
local id, err = check_conf(id, conf, true)
- local key = "/upstreams/" ... id
+ local key = "/upstreams/" .. id
core.log.info("key: ", key)
-- Generate configuration data in etcd
local ok, err = utils.inject_conf_with_prev_conf("upstream", key, conf)
@@ -466,7 +466,7 @@ Let's look at how the Nginx worker process takes effect
immediately after the ad
The open source version of Nginx matches requests based on three different
containers.
-1. the `server_name` configuration in the static hash table is matched to the
requested `Host` domain name
+1. The `server_name` configuration in the static hash table is matched to the
requested `Host` domain name
2. Next, the location in the static Trie prefix tree is configured to match
the requested URI
@@ -477,14 +477,14 @@ Although these procedures are very efficient, they are
written to die in the fin
As you can see in nginx.conf, requests to any domain name, URI, or domain name
will match the `http_access_phase` lua function.
-```conf
+```lua
server {
server_name _;
location / {
access_by_lua_block {
apisix.http_access_phase()
- access_by_lua_block { apisix.http_access_phase() }
- proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
+ }
+ proxy_pass $upstream_scheme://apisix_backend$upstream_uri;
}
}
```
@@ -513,4 +513,4 @@ The key to dynamically modifying the Nginx configuration is
2 things: the Lua la
Apache APISIX has many good designs, and this article only discusses the
dynamic management of Nginx clusters.
-[click here for the link to the original
article](https://www.taohui.tech/2021/08/10/%E5%BC%80%E6%BA%90%E7%BD%91%E5%85%B3APISIX%E6%9E%B6%E6%9E%84%E5%88%86%E6%9E%90/#more
)
+[click here for the link to the original
article](https://www.taohui.tech/2021/08/10/%E5%BC%80%E6%BA%90%E7%BD%91%E5%85%B3APISIX%E6%9E%B6%E6%9E%84%E5%88%86%E6%9E%90/#more)
diff --git a/website/blog/2021/08/11/interview-TuZhengsong.md
b/website/blog/2021/08/11/interview-TuZhengsong.md
index 9b880fc..f75fd2d 100644
--- a/website/blog/2021/08/11/interview-TuZhengsong.md
+++ b/website/blog/2021/08/11/interview-TuZhengsong.md
@@ -33,9 +33,9 @@ On an uneventful afternoon, we chatted with Zhengsong by
phone. Because of the e
> When I was in college, I studied communication engineering, and the happiest
> thing I did every day was to play soccer. Now sometimes I think that it
> would be nice to go back to my college days with the memories I have now.
-Zhengsong actually didn't have much contact with programming during his
college years, he actually had a C programming class, but he failed it because
he was too busy playing soccer. However, he failed a make-up exam after failing
the class, resulting in a retake. The most embarrassing thing is that he failed
the retake as well, so what did he do afterwards? There was a graduation
clearing exam before graduation. This can not be failed again, so Masatsu went
to the library to borrow a C [...]
+Zhengsong actually didn't have much contact with programming during his
college years, he actually had a C programming class, but he failed it because
he was too busy playing soccer. However, he failed a make-up exam after failing
the class, resulting in a retake. The most embarrassing thing is that he failed
the retake as well, so what did he do afterwards? There was a graduation
clearing exam before graduation. This can not be failed again, so Zhengsong
went to the library to borrow a [...]
-"I was thinking, "Is C really that hard?" Masamatsu said.
+"I was thinking, "Is C really that hard?" Zhengsong said.
Then he kept reading and reading and reading, and suddenly he realized that
programming seemed to have some meaning, and he understood it! He finally
passed the exam before graduating. After graduation, he found a job as a
programmer.
@@ -47,7 +47,7 @@ At that time, he probably wouldn't have thought that today he
would be the devel
> In industry, the real business scenario is very different from what you
> learn in school.
-Masatsu's first job was at a wearable device startup, working on the
development of smart bracelets. Masamatsu and his former colleagues had to
process various sensor data from the smart bracelet to monitor the user's heart
rate, exercise, blood pressure and so on.
+Zhengsong's first job was at a wearable device startup, working on the
development of smart bracelets. Zhengsong and his former colleagues had to
process various sensor data from the smart bracelet to monitor the user's heart
rate, exercise, blood pressure and so on.
"It was fun because in industry, the real business scenario is very different
from what you learn in school, and a lot of things have to be learned from
scratch," Masatsu said.
@@ -59,7 +59,7 @@ Then, Masatsu went to another company to engage in back-end
business development
"In this big company, I did a little bit far from the business, more
technically oriented. "Masatsu said.
-Masatsu's contact with Apache APISIX was in September 2020, when his team was
using Kong, but Kong was not fully meeting their needs, so they redid the
technical selection of the gateway to try to find a better solution. Masatsu
was in charge of this technical selection, so he came across the Apache
Foundation's top project, Apache APISIX, and was introduced to the Apache
APISIX community.
+Zhengsong's contact with Apache APISIX was in September 2020, when his team
was using Kong, but Kong was not fully meeting their needs, so they redid the
technical selection of the gateway to try to find a better solution. Masatsu
was in charge of this technical selection, so he came across the Apache
Foundation's top project, Apache APISIX, and was introduced to the Apache
APISIX community.
At that time, he had already graduated more than three years ago.
@@ -67,12 +67,12 @@ At that time, he had already graduated more than three
years ago.
> I can submit code to the Apache Foundation's top projects! As a technical
> worker, that's a lot of technical confidence.
-Masatsu's first PR in the open source community was an enhancement type PR,
which enabled Apache APISIX to support multi-port listening.
+Zhengsong's first PR in the open source community was an enhancement type PR,
which enabled Apache APISIX to support multi-port listening.
- issue: https://github.com/apache/apisix/issues/1195
- PR: https://github.com/apache/apisix/pull/2409
-This feature is needed by Masatsu and has been mentioned in the issue area for
a long time, but for some reason it has been unclaimed. Before that, Masamatsu
happened to know something about this, so he thought, "I can propose a PR to
Apache APISIX to fix this problem. "So he volunteered to have the issue
assigned to him in the issue.
+This feature is needed by Masatsu and has been mentioned in the issue area for
a long time, but for some reason it has been unclaimed. Before that, Zhengsong
happened to know something about this, so he thought, "I can propose a PR to
Apache APISIX to fix this problem. "So he volunteered to have the issue
assigned to him in the issue.
He says, "I had a strong urge to get involved in the community, and then I
looked at the Apache APISIX community's Beginner's Guide and was as excited to
get involved as if I were coming out of the Beginner's Village with a weapon."
@@ -84,7 +84,7 @@ Masatsu was very excited and immediately followed the guide
to bring up the PR.
"I was very excited and felt like I was finally substantially involved in the
open source community. I could submit code to the Apache Foundation's top
projects! As a technical worker, it was a technical confidence."
-**This is Masatsu's first PR in the open source world.**
+**This is Zhengsong's first PR in the open source world.**
## Things that impressed me in the community
@@ -102,13 +102,13 @@ In April this year, one of our partners submitted a PR to
etcd, which finally so
> We're all working together differently, but we're all contributing to open
> source.
-Masamatsu says that when he first started participating in the community, he
went through most of the APISIX documentation he could see at the time. So when
he was working in his company, his colleagues asked him questions, and although
he was not very clear, he knew the distribution of the project's documentation,
so he could look it up directly and know roughly what the problem was. He
believes that reading the documentation is an appropriate way to get familiar
with the project.
+Zhengsong says that when he first started participating in the community, he
went through most of the APISIX documentation he could see at the time. So when
he was working in his company, his colleagues asked him questions, and although
he was not very clear, he knew the distribution of the project's documentation,
so he could look it up directly and know roughly what the problem was. He
believes that reading the documentation is an appropriate way to get familiar
with the project.
The Apache APISIX project website has a good guide for newcomers, including
how to raise PR. If you want to participate in the community, you can first
read the main documentation on the website and Github to get a basic
understanding of the project and the distribution of the project's
documentation, and then index the documentation as needed.
If you want to contribute to the code, or participate in the design, some
knowledge of Ngnix or OpenResty is necessary. This includes looking at their
official documentation and code, and learning about their implementation of
relevant features.
-Masamatsu said, "I think this step is impossible to skip."
+Zhengsong said, "I think this step is impossible to skip."
Of course, you can get involved in the community as a user. For example, if
you think there is something wrong with the documentation, or if you follow the
documentation and find that it is not the case, you can also raise some issues
to point out these problems.
diff --git
a/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
b/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
index ba02206..30af81b 100644
---
a/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
+++
b/website/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
@@ -4,16 +4,16 @@ author: "Peter Zhu"
authorURL: "https://github.com/starsz";
authorImageURL: "https://avatars.githubusercontent.com/u/25628854?v=4";
keywords:
-- API gateway
-- APISIX
-- Apache APISIX
-- Okta
-- Centralized Authentication
+ - API gateway
+ - APISIX
+ - Apache APISIX
+ - Okta
+ - Centralized Authentication
description: This blog shows the procedures of using Apache APISIX OpenID
Connect Plugin for Okta Centralized Authentication. This blog contains
conceptual introductions of Apache APISIX and Okta Centralized Authentication,
and detailed step-by-step instructions.
tags: [Practical Case]
---
-> This blog shows the procedures of using Apache APISIX OpenID Connect Plugin
for Okta Centralized Authentication. This blog contains conceptual
introductions of Apache APISIX and Okta Centralized Authentication, and
detailed step-by-step instructions.
+> This blog shows the procedures of using Apache APISIX OpenID Connect Plugin
for Okta Centralized Authentication. This blog contains conceptual
introductions of Apache APISIX and Okta Centralized Authentication, and
detailed step-by-step instructions.
<!--truncate-->
@@ -58,7 +58,7 @@ Compared with the traditional authentication mode,
centralized identity mode has
## What is OpenID Connect
-OpenID Connect (OIDC) is a centralized identity authentication mode. The
benefit of using OpenID Connect is that users only need to register and log in
with one OpenID Connect identity provider's website and use one account’s
password information to access different applications.
[Okta](https://developer.okta.com/) is a common OpenID Connect identity
provider, and the Apache APISIX OpenID Connect plugin supports OpenID. As a
result, the plugin can replace traditional authentication mode [...]
+OpenID Connect (OIDC) is a centralized identity authentication mode. The
benefit of using OpenID Connect is that users only need to register and log in
with one OpenID Connect identity provider's website and use one account’s
password information to access different applications.
[Okta](https://developer.okta.com/) is a common OpenID Connect identity
provider, and the Apache APISIX OpenID Connect plugin supports OpenID. As a
result, the plugin can replace traditional authentication mode [...]
### OpenID Authentication Process
@@ -70,7 +70,7 @@ OpenID Connect (OIDC) is a centralized identity
authentication mode. The benefit
4. APISIX requests the Identity Provider with the Code extracted from the
request parameters.
5. The Identity Provider sends an answer message to APISIX with the ID Token
and Access Token.
6. APISIX sends the Access Token to the Identity Provider's User Endpoint for
authentication.
-7. After passing the authentication, the User Endpoint sends the User Info to
APISIX to complete authentication.
+7. After passing the authentication, the User Endpoint sends the User Info to
APISIX to complete authentication.
## How to Configure Okta Authentication Using the Apache APISIX OpenID Connect
Plug-in
@@ -83,13 +83,13 @@ Have an Okta account ready for use.
### Step 1: Configuring Okta
1. Log in to your Okta account and click "Create App Integration" to create an
Okta application.
- 
-2. Select "OIDC-OpenID Connect" for the Sign-in method, and select "Web
Application" for the Application type.
- 
+ 
+2. Select "OIDC-OpenID Connect" for the Sign-in method, and select "Web
Application" for the Application type.
+ 
3. Set the redirect URL for login and logout. The "Sign-in redirect URIs" are
links a user can go to after a successful login, and the "Sign-out redirect
URIs" are links a user goes to after a successful logout. In this example, we
set both sign-in and sign-out redirect URIs to `http://127.0.0.1:9080/`.
- 
+ 
4. After finishing the settings, click "Save" to save the changes.
- 
+ 
5. Visit the General page of the application to obtain the following
configuration, which is required to configure Apache APISIX OpenID Connect.
- Client ID: OAuth client ID, the application ID, which corresponds to
client_id and {YOUR_CLIENT_ID} below.
@@ -136,7 +136,7 @@ mkdir apisix-2.7
wget https://downloads.apache.org/apisix/2.7/apache-apisix-2.7-src.tgz
```
- You can also download the Apache APISIX release source package from the
Apache APISIX website. The [Apache APISIX Official Website - Download
Page](https://apisix.apache.org/downloads/) also provides source packages for
Apache APISIX, APISIX Dashboard, and APISIX Ingress Controller.
+You can also download the Apache APISIX release source package from the Apache
APISIX website. The [Apache APISIX Official Website - Download
Page](https://apisix.apache.org/downloads/) also provides source packages for
Apache APISIX, APISIX Dashboard, and APISIX Ingress Controller.
3. Unzip the Apache APISIX Release source package.
@@ -174,26 +174,26 @@ apisix start
The OpenID Connect configuration fields are listed below:
-|Field|Default Value|Description|
-| :------| :------------ | :------- |
-|client_id|""|OAuth client ID.|
-|client_secret|""|OAuth client secret.|
-|discovery|""|Service discovery endpoints for identity providers.|
-|scope|openid|Scope of resources to be accessed.|
-|relm|apisix|Specify the WWW-Authenticate response header authentication
information.|
-|bearer_only|false|Whether to check the token in the request header.|
-|logout_path|/logout|Log out URI.|
-|redirect_uri|request_uri|The URI that the identity provider redirects back
to, defaulting to the request address.|
-|timeout|3|Request timeout time, the unit is defined in seconds.|
-|ssl_verify|false|Verify the identity provider's SSL certificate.|
-|introspection_endpoint|""|The URL of the identity provider's token
authentication endpoint, which will be extracted from the discovery, response
if left blank.|
-|introspection_endpoint_auth_method|client_secret_basic|Name of the
authentication method for token introspection.|
-|public_key|""|Public key for an authentication token.|
-|token_signing_alg_values_expected|""|Algorithm for authentication tokens.|
-|set_access_token_header|true|Whether to carry the access token in the request
header.|
-|access_token_in_authorization_header|false|Whether to put an access token in
the Authorization header. The access token is placed in the Authorization
header when this value is set to true and in the X-Access-Token header when it
is set to false.|
-|set_id_token_header|true|Whether to carry the ID token in the X-ID-Token
request header.|
-|set_userinfo_header|true|Whether to carry user information in the X-Userinfo
request header.|
+| Field | Default Value | Description
|
+| :----------------------------------- | :------------------ |
:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
+| client_id | "" | OAuth client
ID.
|
+| client_secret | "" | OAuth client
secret.
|
+| discovery | "" | Service
discovery endpoints for identity providers.
|
+| scope | openid | Scope of
resources to be accessed.
|
+| relm | apisix | Specify the
WWW-Authenticate response header authentication information.
|
+| bearer_only | false | Whether to
check the token in the request header.
|
+| logout_path | /logout | Log out URI.
|
+| redirect_uri | request_uri | The URI that
the identity provider redirects back to, defaulting to the request address.
|
+| timeout | 3 | Request timeout
time, the unit is defined in seconds.
|
+| ssl_verify | false | Verify the
identity provider's SSL certificate.
|
+| introspection_endpoint | "" | The URL of the
identity provider's token authentication endpoint, which will be extracted from
the discovery, response if left blank.
|
+| introspection_endpoint_auth_method | client_secret_basic | Name of the
authentication method for token introspection.
|
+| public_key | "" | Public key for
an authentication token.
|
+| token_signing_alg_values_expected | "" | Algorithm for
authentication tokens.
|
+| set_access_token_header | true | Whether to
carry the access token in the request header.
|
+| access_token_in_authorization_header | false | Whether to put
an access token in the Authorization header. The access token is placed in the
Authorization header when this value is set to true and in the X-Access-Token
header when it is set to false. |
+| set_id_token_header | true | Whether to
carry the ID token in the X-ID-Token request header.
|
+| set_userinfo_header | true | Whether to
carry user information in the X-Userinfo request header.
|
```shell
curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H "X-Api-Key:
edd1c9f034335f136f87ad84b625c8f1" -d '{
@@ -222,15 +222,15 @@ curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H
"X-Api-Key: edd1c9f034335f136
### Step 4: Access Apache APISIX
1. Visit "http://127.0.0.1:9080/get"; and the page is redirected to the Okta
login page because the OpenID Connect plugin is enabled.
- 
+ 
2. Enter the username and password for the user's Okta account and click "Sign
In" to log in to your Okta account.
3. After successful login, you can access the get page in "httpbin.org". The
"httpbin.org/get" page will return the requested data with
X-Access-Token,X-Id-Token, and X-Userinfo as follows.
-
- ```sh
- "X-Access-Token":
"******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb***.****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josfap3
[...]
- "X-Id-Token":
"******aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0IjoxN
[...]
- "X-Userinfo":
"*****lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl****"
- ```
+
+```sh
+"X-Access-Token":
"******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb***.****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josfap38n
[...]
+"X-Id-Token":
"******aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0IjoxNjI
[...]
+"X-Userinfo":
"*****lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl****"
+```
**X-Access-Token**: Apache APISIX puts the access token obtained from the user
provider into the X-Access-Token request header, optionally via the
access_token_in_authorization_header in the plugin configuration Authorization
request header.
@@ -256,8 +256,8 @@ Okta is a customizable, secure, and drop-in solution to add
authentication and a
Apache APISIX is a dynamic, real-time, high-performance API gateway. Apache
APISIX provides rich traffic management features such as load balancing,
dynamic upstream, canary release, circuit breaking, authentication,
observability, and more. You can use Apache APISIX to handle traditional
north-south traffic, as well as east-west traffic between services. It can also
be used as a k8s ingress controller.
-Hundreds of companies worldwide have used Apache APISIX, covering finance,
internet, manufacturing, retail, operators, such as NASA, the European Union’s
Digital Factory, TravelSky, Tencent, Huawei, Weibo, China Mobile, Taikang, 360
, etc.
+Hundreds of companies worldwide have used Apache APISIX, covering finance,
internet, manufacturing, retail, operators, such as NASA, the European Union’s
Digital Factory, TravelSky, Tencent, Huawei, Weibo, China Mobile, Taikang, 360
, etc.
-Github: https://github.com/apache/apisix
+Github: https://github.com/apache/apisix
Website: https://apisix.apache.org
diff --git a/website/blog/2021/08/17/interview-airwallex.md
b/website/blog/2021/08/17/interview-airwallex.md
index 3b3b909..da70feb 100644
--- a/website/blog/2021/08/17/interview-airwallex.md
+++ b/website/blog/2021/08/17/interview-airwallex.md
@@ -22,11 +22,11 @@ We had a chance to interview Yang Li, the technical
platform leader of Airwallex
Airwallex is a global financial technology company that empowers businesses of
all sizes to operate across borders, thereby helping to grow the global
economy. With technology at its core, Airwallex has built a proprietary global
financial infrastructure platform with a global payment network covering more
than 50 currencies in over 130 countries and regions, providing digital fintech
products for businesses of all sizes to help them grow at high speed around the
world in a more efficien [...]
-
+
**Q: What made you/your technical team choose to use Apache APISIX when making
the technology selection?**
-**LiYang**: API gateway is an extremely important basic technology component,
and we compared the main gateway products in 6 main dimensions during the
technology selection.
+**Yang**: API gateway is an extremely important basic technology component,
and we compared the main gateway products in 6 main dimensions during the
technology selection.
- **Stability**: The stability of the API gateway is critical. 62.1% of the
top 1000 websites in the world are Nginx-based, which means that the
Nginx-based web server has been tested in complex and diverse scenarios in
production environments; Apache APISIX's fully dynamic design also allows it to
modify routes without having to reload, and the client's long links are
maintained. The fully dynamic design of Apache APISIX also allows it to
maintain long links to clients without having to [...]
@@ -42,13 +42,13 @@ Airwallex is a global financial technology company that
empowers businesses of a
**Q: What scenarios is Apache APISIX used in? What problems have been solved?**
-**Yang Lee**: We use Apache APISIX as a core component of our microservice
gateway model, which is deployed at the edge of the network to provide common
gateway functionality for all traffic coming into Airwallex, solving problems
such as
+**Yang**: We use Apache APISIX as a core component of our microservice gateway
model, which is deployed at the edge of the network to provide common gateway
functionality for all traffic coming into Airwallex, solving problems such as
- Data sovereignty issues: Data sovereignty is a very critical regulatory
requirement for financial infrastructures that operate across borders. To this
end, we developed a regulatory compliant dynamic routing plug-in using the
Apache APISIX dynamic upstream selection feature. Dynamic routing can
intelligently select upstreams for request distribution based on the
characteristics of user requests, abstracting the complex multi-data center
collaboration problem from the service layer to t [...]
- Microservice Isolation: Airwallex wants the engineering teams of each
microservice to have autonomous control over their own services, effectively
reducing the cost of communication and coordination and improving engineering
effectiveness. This architectural concept requires that infrastructure
components shared by teams, such as API Gateway, support multi-tenant
isolation. While ensuring the robustness and cost control of the whole system,
it allows business teams to configure and ext [...]
-- Tenant-level flow restriction: In a multi-tenant environment, the traffic
characteristics of each tenant are different. The same flow restriction for
different tenants cannot meet the business needs, and tenant-level flow
restriction can do more appropriate flow restriction based on user
characteristics.
+- Tenant-level flow limit: In a multi-tenant environment, the traffic
characteristics of each tenant are different. The same flow restriction for
different tenants cannot meet the business needs, and tenant-level flow
restriction can do more appropriate flow restriction based on user
characteristics.
- Tenant-level whitelisting: In a multi-tenant environment, each tenant's
access IP is different. Single whitelist control cannot meet the needs of
tenant-level security management. Tenant-level whitelisting allows each tenant
to control its own whitelist and not worry about other users in the whitelist
accessing its own resources.
diff --git a/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
b/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
index c3ba914..b65ac40 100644
--- a/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
+++ b/website/blog/2021/08/19/go-makes-Apache-APISIX-better.md
@@ -40,9 +40,9 @@ cmd/go-runner
│ ├── say.go
│ └── say_test.go
└── version.go
-ðŸ™' ðŸ™'
+```
-Above is the directory structure of the official example. ``main.go`` is the
entry point, where the most critical part is.
+Above is the directory structure of the official example. `main.go` is the
entry point, where the most critical part is.
```go
cfg := runner.RunnerConfig{}
@@ -59,7 +59,7 @@ Open `plugins/say.go`.
```go
func init() {
err := plugin.RegisterPlugin(&Say{})
- if err ! = nil {
+ if err != nil {
log.Fatalf("failed to register plugin say: %s", err)
}
}
@@ -87,7 +87,7 @@ func (p *Say) Name() string {
}
```
-ParseConf will be called when the plugin configuration changes, parsing the
configuration and returning a plugin-specific configuration context.
+`ParseConf` will be called when the plugin configuration changes, parsing the
configuration and returning a plugin-specific configuration context.
```go
func (p *Say) ParseConf(in []byte) (interface{}, error) {
@@ -105,7 +105,7 @@ type SayConf struct {
}
```
-Filter is executed on every request with the say plugin configured.
+`Filter` is executed on every request with the say plugin configured.
```go
func (p *Say) Filter(conf interface{}, w http.ResponseWriter, r
pkgHTTP.Request) {
@@ -116,7 +116,7 @@ func (p *Say) Filter(conf interface{}, w
http.ResponseWriter, r pkgHTTP.Request)
w.Header().Add("X-Resp-A6-Runner", "Go")
_, err := w.Write([]byte(body))
- if err ! = nil {
+ if err != nil {
log.Errorf("failed to write: %s", err)
}
}
@@ -131,10 +131,10 @@ After building the application (`make build` in the
example), you need to set tw
1. `APISIX_LISTEN_ADDRESS=unix:/tmp/runner.sock`
2. `APISIX_CONF_EXPIRE_TIME=3600`
-Like this.
+Like this:
```go
-APISIX_LISTEN_ADDRESS=unix:/tmp/runner.sock APISIX_CONF_EXPIRE_TIME=3600 .
/go-runner run
+APISIX_LISTEN_ADDRESS=unix:/tmp/runner.sock APISIX_CONF_EXPIRE_TIME=3600
./go-runner run
```
The application will listen to `/tmp/runner.sock` when it runs.
@@ -178,7 +178,7 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H
'X-API-KEY: edd1c9f034335f13
"plugins": {
"ext-plugin-pre-req": {
"conf": [
- { "name": "say", "value":"{\"body\":\"hello\"}"}
+ {"name": "say", "value":"{\"body\":\"hello\"}"}
]
}
},
diff --git a/website/blog/2021/08/21/shanghai-meetup.md
b/website/blog/2021/08/21/shanghai-meetup.md
index 1d267d6..ef5fcab 100644
--- a/website/blog/2021/08/21/shanghai-meetup.md
+++ b/website/blog/2021/08/21/shanghai-meetup.md
@@ -5,11 +5,11 @@ keywords:
- APISIX
- Apache APISIX
- Meetup
-description: This Meetup was initiated by api7.ai https://www.apiseven.com/,
and invited partners such as Aiki and Air CloudHub to present it. Apache APISIX
PMC members, contributors, and community technical experts gathered to discuss
Apache APISIX community development, industry practices, and other topics.
+description: This Meetup was initiated by api7.ai https://www.apiseven.com/,
and invited partners such as iQiYi and Airwallex to present it. Apache APISIX
PMC members, contributors, and community technical experts gathered to discuss
Apache APISIX community development, industry practices, and other topics.
tags: [Events]
---
-> This Meetup is initiated by [api7.ai](https://www.apiseven.com/), and
invited partners such as Aiki and Air CloudHub to present it. Apache APISIX PMC
members, contributors, and community technical experts gathered to discuss
Apache APISIX community development, industry practices, and other topics.
+> This Meetup is initiated by [api7.ai](https://www.apiseven.com/), and
invited partners such as iQiYi and Airwallex to present it. Apache APISIX PMC
members, contributors, and community technical experts gathered to discuss
Apache APISIX community development, industry practices, and other topics.
<! --truncate-->
@@ -21,7 +21,7 @@ tags: [Events]
- Discuss the past and present of the Apache APISIX community
- Hear from Akiyo scientists about how Akiyo uses Apache APISIX to support a
service with 10 million calls
-- How AirCloudHub uses Apache APISIX to balance user experience, clean
architecture and data sovereignty
+- How Airwallex uses Apache APISIX to balance user experience, clean
architecture and data sovereignty
- Learn about the benefits of centralized authentication and how to do it on
APISIX
If you're interested, don't miss it, **scan the event poster for QR code to
register!**
@@ -34,11 +34,11 @@ The event schedule
## Introduction to the topic
-### Apache APISIX based, Aiki API gateway implementation practice
+### Apache APISIX based, iQiYi API gateway implementation practice
#### Sharing Guests
-Wenjie Jiang / Scientist, Aiki
+Wenjie Jiang / Scientist, iQiYi
#### Topic Details
@@ -58,7 +58,7 @@ Authentication is a very important part of zero-trust
architecture. APISIX is a
#### Sharing Guests
-Yang Li / Head of AirCloudHub Technology Platform
+Yang Li / Head of Airwallex Technology Platform
#### Topic Details
@@ -76,7 +76,7 @@ Apache APISIX has been growing as a community since the first
day of open source
## Peripheral Benefits
-Join the Meetup, interact with the instructors, and get a chance to win the
latest Apache APISIX peripherals: oversized mouse pads, delicate mugs, Apache
APISIX badges, and custom umbrellas.
+Join the Meetup, interact with the instructors, and get a chance to win the
latest Apache APISIX gifts: mouse pads, coffee mugs, Apache APISIX badges, and
umbrellas.
diff --git a/website/blog/2021/08/23/ApacheCon-Asia-2021.md
b/website/blog/2021/08/23/ApacheCon-Asia-2021.md
index 3a88d9a..0b317e1 100644
--- a/website/blog/2021/08/23/ApacheCon-Asia-2021.md
+++ b/website/blog/2021/08/23/ApacheCon-Asia-2021.md
@@ -21,15 +21,15 @@ Shared by: Junxu Chen
Nginx is often the first thing that comes to mind when it comes to limiting
speed. However, Nginx is implemented through a configuration file, which
requires reloading every time you make a change, making it extremely cumbersome
to run and maintain. On the other hand, speed limiting conditions are limited
to Nginx variables, making it difficult to achieve fine-grained speed limiting
for business purposes. This session will show how to use Apache APISIX to
achieve dynamic, fine-grained, a [...]
-[**View Share**](/articles/Speed-Limiting-With-Apache-APISIX)
+[**View**](/articles/Speed-Limiting-With-Apache-APISIX)
## Testing Apache APISIX resilience with Chaos Mesh
-Shared by: Yang Wu Shu
+Shared by: Shuyang Wu
Apache APISIX is one of the leading API gateways OSS. To make sure everything
is going as planned, APISIX uses different kinds of tests, including unit, e2e,
and fuzzy tests. However, we are still not sure how APISIX will behave when
some abnormal but unavoidable circumstances occur, such as network failure, IO
stress or Pods failure. So here we use Chaos Mesh, a Kubernetes-based chaos
engineering platform that can smoothly inject different kinds of chaos and
integrate them into our CI p [...]
-[**View Share**](/articles/Test-Apache-APISIX-Resilience-With-Chaos-Mesh)
+[**View**](/articles/Test-Apache-APISIX-Resilience-With-Chaos-Mesh)
## Authentication and authorization with Apache APISIX
@@ -37,39 +37,39 @@ Shared by: Xinxin Zhu
Authentication and authorization are very essential features in API gateways.
This way, services located behind the gateway are protected from unauthorized
or malicious access, data leakage, and hacking. Apache APISIX is a dynamic,
real-time, high-performance API gateway. And it offers a number of plug-ins,
including authentication and authorization like key-auth, Open-ID, wolf-RBAC,
etc. This proposal describes how to use APISIX for authentication and
authorization.
-[**View
Share**](/articles/Using-Apache-APISIX-To-Do-Authentication-and-Authorization)
+[**View**](/articles/Using-Apache-APISIX-To-Do-Authentication-and-Authorization)
-## Relying on the community to get Apache APISIX up to speed
+## Relying on the community to let Apache APISIX grow fast
-Shared by: Wang Yansheng
+Shared by: Yuansheng Wang
In the past year, APISIX has become the most active API gateway project in the
world, not only because of its advanced technology, but also because of the
highly active community. As of today, there are 225 contributors from all over
the world, and the number is still growing rapidly. This session will introduce
APISIX's experience in practicing "community over code". As an idealistic
startup, how to combine with Apache culture to make the startup grow fast.
-[**View
Share**](/articles/Relying-On-The-Community-To-Get-Apache-APISIX-Up-Speed)
+[**View**](/articles/Relying-On-The-Community-To-Get-Apache-APISIX-Up-Speed)
## Apache APISIX from open source project to the road to commercialization
-Shared by: Wen Ming
+Shared by: Ming Wen
Ming Wen, Founder of api7.ai, Chairman of Apache APISIX PMC, and member of
Apache Foundation, will speak on "Apache APISIX from Open Source to
Commercialization".
-[**View Share**](/articles/Apache-APISIX-From-OpenSource-Commercialization)
+[**View**](/articles/Apache-APISIX-From-OpenSource-Commercialization)
## Using Echarts to render renderings of community events
-Shared by: Sun Yi
+Shared by: Yi Sun
The open source repository was analyzed by 1. contributor growth curve; 2.
monthly contributor activity; 3. to reflect the health of the open source
project, here we share some experiences and some interesting things about how
to make these two graphs.
-[**View Share**](/articles/Rendering-Community-Events-Using-ECharts)
+[**View**](/articles/Rendering-Community-Events-Using-ECharts)
## Running an open source commercialization company according to the Apache
Way, does it work
-Shared by: Wen Ming
+Shared by: Ming Wen
The Apache Way is a proven community success for countless open source
projects, so does the Apache Way work for open source commercial companies?
Does it work in the business world? Through 2 years of operating as an open
source commercial company, Tributary Technologies hopes to answer this question
with the company's personal experience.
-[**View
Share**](/articles/Apache-APISIX-From-OpenSource-Commercialization-by-Apache-Way)
+[**View**](/articles/Apache-APISIX-From-OpenSource-Commercialization-by-Apache-Way)
## The appeal of open source
@@ -77,7 +77,7 @@ Shared by: Ju Zhiyuan
The Apache Software Foundation's top project, Apache APISIX, and its
subprojects have merged 250+ PRs in the last 30 days, and the contributor trend
is very positive. In addition, the high quality mailing list, active QQ groups
and GitHub are attracting a lot of community attention. As the Apache APISIX
PMC, what are some of the things Apache APISIX has done to catalyze an active
community from my perspective?
-[**View Share**](/articles/The-Appeal-of-OpenSource)
+[**View**](/articles/The-Appeal-of-OpenSource)
## Apache APISIX Application and Practice in Mobile Cloud Object Storage EOS
@@ -85,7 +85,7 @@ Shared by: Yanshan Chen
This talk is about the application and practice of Apache APISIX in China
Mobile's public cloud object storage EOS. Firstly, we introduced China Mobile's
public cloud construction plan and the evolution of object storage products,
then we explained why we chose Apache APISIX as the load balancing gateway, and
introduced the three phases of EOS traffic management architecture evolution in
detail. At the same time, we also share what practical production problems we
have solved based on Ap [...]
-[**View Share**](/articles/Apache-APISIX-in-China-Mobile-Cloud)
+[**View**](/articles/Apache-APISIX-in-China-Mobile-Cloud)
## How to extend Apache APISIX as a service grid side car
@@ -93,28 +93,28 @@ Shared by: Chao Zhang
In this topic, I will introduce the apisix-mesh-agent project, which has some
capabilities to extend Apache APISIX as a sidecar program in a service grid
scenario, and more importantly, it uses the xDS protocol to get configuration
from control planes like Istio, Kuma, etc. After that, I will present future
plans and expectations regarding the use of Apache APISIX in service grids.
-[**View
Share**](/articles/How-To-Extend-Apache-APISIX-into-a-Service-Mesh-Sidecar)
+[**View**](/articles/How-To-Extend-Apache-APISIX-into-a-Service-Mesh-Sidecar)
## The Evolution of Apache APISIX
-Shared by: Luo Zexuan
+Shared by: Zexuan Luo
In this topic, I will introduce the evolution of Apache APISIX, including: 1.
The good decisions we made; 2. The bad decisions we made; 3. Our future plans
-[**View Share**](/articles/The-Evolution-of-Apache-APISIX)
+[**View**](/articles/The-Evolution-of-Apache-APISIX)
## Implementation of Kubernetes Ingress based on Apache APISIX
-Shared by: Jin Wei
+Shared by: Wei Jin
Introducing the advantages of Apache APISIX-based Kubernetes Ingress and the
features of Apache APISIX Ingress.
-[**View Share**](/articles/Apache-APISIX-Kubernetes-Ingress)
+[**View**](/articles/Apache-APISIX-Kubernetes-Ingress)
-## Apache APISIX's Incubator Tour
+## Apache APISIX's Incubator Journey
-Shared by: Wen Ming
+Shared by: Ming Wen
The Incubator Journey of Apache APISIX
-[**View Share**](/articles/Apache-APISIX-Incubator-Journey)
+[**View**](/articles/Apache-APISIX-Incubator-Journey)
diff --git a/website/blog/2021/08/24/shanghai-meetup-recap.md
b/website/blog/2021/08/24/shanghai-meetup-recap.md
index 0e90272..d063b91 100644
--- a/website/blog/2021/08/24/shanghai-meetup-recap.md
+++ b/website/blog/2021/08/24/shanghai-meetup-recap.md
@@ -13,17 +13,17 @@ tags: [Events]
<! --truncate-->
-Apache APISIX Meetup Shanghai was successfully held last Saturday (August 21)
🎉🎉🎉🎉
+Apache APISIX Meetup Shanghai was successfully held last Saturday (August
21st) 🎉🎉🎉🎉
-The Meetup was initiated by [API7.AI](https://www.apiseven.com/zh), and
invited partners such as Akiyon, AirWallex, and other partners to come together
with Apache APISIX technical experts, Apache APISIX PMC members, and community
technical experts to discuss about The conference was a great opportunity to
discuss Apache APISIX community development, industry practices and other
topics.
+The Meetup was initiated by [API7.AI](https://www.apiseven.com/zh), and
invited partners such as iQiyi, AirWallex, and other partners to come together
with Apache APISIX technical experts, Apache APISIX PMC members, and community
technical experts to discuss about The conference was a great opportunity to
discuss Apache APISIX community development, industry practices and other
topics.
Let's take a look back at some of the most memorable talks from the conference!
## Apache APISIX-based Aiki API Gateway Implementation Practice
-**Instructor**: He Cong
+**Instructor**: Cong He
-**Personal Introduction**: Senior R&D Engineer, IIG Infrastructure Department
- Compute Cloud, mainly responsible for Aikii Gateway development and operation
and maintenance.
+**Personal Introduction**: Senior R&D Engineer, IIG Infrastructure Department
- Compute Cloud, mainly responsible for iQiyi Gateway development and operation
and maintenance.
**Detail of Topic**: API gateway has become an indispensable part of the
microservice architecture. It bears the sole gateway for services to the
outside world, but also needs to meet the common functions of many
applications. As an online video company, Aikiy has to carry tens of millions
of calls every day, and has extremely strict requirements for data security,
user request response time, and system stability, so the company needs to build
a high-performance, highly available API gat [...]
@@ -43,7 +43,7 @@ Let's take a look back at some of the most memorable talks
from the conference!
**Instructor**: Yang Li
-**Personal Introduction**: Head of AirWallex AirCloudHub Technology Platform
+**Personal Introduction**: Head of AirWallex Technology Platform
**Detail of Topic**: Data is everywhere, and massive amounts of data are
processed, transmitted, and stored all over the world every moment. However,
the world of data is not a place outside the law, the collection and processing
of data must comply with the laws of each country. The API gateway has a
special position in the enterprise architecture and therefore plays a special
role in the data sovereignty scenario.
@@ -51,7 +51,7 @@ Let's take a look back at some of the most memorable talks
from the conference!
## The one who travels alone travels fast, the one who travels with many
travels far, Apache APISIX is grateful to have you
-**Instructor**: Wang Yansheng
+**Instructor**: Yuansheng Wang
**Personal Introduction**: Co-founder & CTO of API7.AI
diff --git
a/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
b/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
index fef0f73..3484e3a 100644
---
a/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
+++
b/website/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md
@@ -70,10 +70,10 @@ An Okta account already exists.
### Step 1: Configure Okta
-Login to your Okta account and create an Okta application, select the OIDC
login mode and the Web Application application type.
+1. Login to your Okta account and create an Okta application, select the OIDC
login mode and the Web Application application type.
 2.
-Set the login and logout jump URLs.
+2. Set the login and logout jump URLs.
The "Sign-in redirect URIs" are the links that are allowed to be redirected
after successful login, and the "Sign-out redirect URIs" are the links that are
redirected after logging out. In this example, we set both the sign-in redirect
and sign-out redirect URLs to `http://127.0.0.1:9080/`.
3. Click "Save" to save the changes after finishing the settings.
@@ -192,11 +192,11 @@ curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H
"X-Api-Key: edd1c9f034335f136f
"openid-connect":{
"client_id":"{YOUR_CLIENT_ID}",
"client_secret":"{YOUR_CLIENT_SECRET}",
- "discovery": "https://{YOUR_ISSUER}/.well
known/openid-configuration",
- "scope": "openid profile",
+
"discovery":"https://{YOUR_ISSUER}/.well-known/openid-configuration";,
+ "scope":"openid profile",
"bearer_only":false,
- "realm": "master",
- "introspection_endpoint_auth_method": "client_secret_post",
+ "realm":"master",
+ "introspection_endpoint_auth_method":"client_secret_post",
"redirect_uri": "http://127.0.0.1:9080/";
}
},
@@ -220,12 +220,12 @@ curl -XPOST 127.0.0.1:9080/apisix/admin/routes -H
"X-Api-Key: edd1c9f034335f136f
3. After successful login, you can successfully access the get page in
httpbin.org. The httpbin.org/get page will return the requested data as follows.
```sh
- "X-Access-Token":
"******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***
TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb
***. ****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josf [...]
- "X-Id-Token": "******
aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0Ijox
[...]
- "X-Userinfo": "*****
lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl
****"
+ "X-Access-Token":
"******Y0RPcXRtc0FtWWVuX2JQaFo1ZVBvSlBNdlFHejN1dXY5elV3IiwiYWxnIjoiUlMyNTYifQ.***TVER3QUlPbWZYSVRzWHRxRWh2QUtQMWRzVDVGZHZnZzAiLCJpc3MiOiJodHRwczovL3FxdGVzdG1hbi5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vcXF0ZXN0bWFuLm9rdGEuY29tIiwic3ViIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImlhdCI6MTYyODEyNjIyNSwiZXhwIjoxNjI4MTI5ODI1LCJjaWQiOiIwb2ExMWc4ZDg3TzBGQ0dYZzY5NiIsInVpZCI6IjAwdWEwNWVjZEZmV0tMS3VvNjk1Iiwic2NwIjpbIm9wZW5pZCIsInByb2Zpb***.****iBshIcJhy8QNvzAFD0fV4gh7OAdTXFMu5k0hk0JeIU6Tfg_Mh-josfap3
[...]
+ "X-Id-Token":
"******aTdDRDJnczF5RnlXMUtPZUtuSUpQdyIsImFtciI6WyJwd2QiXSwic3ViIjoiMDB1YTA1ZWNkRmZXS0xLdW82OTUiLCJpc3MiOiJodHRwczpcL1wvcXF0ZXN0bWFuLm9rdGEuY29tIiwiYXVkIjoiMG9hMTFnOGQ4N08wRkNHWGc2OTYiLCJuYW1lIjoiUGV0ZXIgWmh1IiwianRpIjoiSUQuNGdvZWo4OGUyX2RuWUI1VmFMeUt2djNTdVJTQWhGNS0tM2l3Z0p5TTcxTSIsInZlciI6MSwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsImV4cCI6MTYyODEyOTgyNSwiaWRwIjoiMDBvYTA1OTFndHAzMDhFbm02OTUiLCJub25jZSI6ImY3MjhkZDMxMWRjNGY3MTI4YzlmNjViOGYzYjJkMDgyIiwiaWF0IjoxN
[...]
+ "X-Userinfo":
"*****lfbmFtZSI6IlpodSIsImxvY2FsZSI6ImVuLVVTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiMjgzMDE4Nzk5QHFxLmNvbSIsInVwZGF0ZWRfYXQiOjE2MjgwNzA1ODEsInpvbmVpbmZvIjoiQW1lcmljYVwvTG9zX0FuZ2VsZXMiLCJzdWIiOiIwMHVhMDVlY2RGZldLTEt1bzY5NSIsImdpdmVuX25hbWUiOiJQZXRlciIsIm5hbWUiOiJQZXRl****"
```
-where.
+In which:
**X-Access-Token**: Apache APISIX puts the access token obtained from the user
provider into the X-Access-Token request header, which can be optionally put
into the Authorization request header via access_token_in_authorization_header
in the plugin configuration.
@@ -249,9 +249,9 @@ Okta is a customizable, secure centralized authentication
solution. Okta can add
## About Apache APISIX
-Apache APISIX is a dynamic, real-time, high-performance API gateway that
provides load balancing, dynamic upstream, grayscale publishing, service
meltdown, authentication, observability, and other rich traffic management
features. You can use Apache APISIX for traditional north-south traffic, as
well as east-west traffic between services, or as a [Kubernetes Ingress
Controller](https://github.com/apache/apisix-ingress-controller) .
+Apache APISIX is a dynamic, real-time, high-performance API gateway that
provides load balancing, dynamic upstream, grayscale publishing, service
meltdown, authentication, observability, and other rich traffic management
features. You can use Apache APISIX for traditional north-south traffic, as
well as east-west traffic between services, or as a [Kubernetes Ingress
Controller](https://github.com/apache/apisix-ingress-controller).
-Hundreds of enterprises worldwide have used Apache APISIX to handle
business-critical traffic, covering finance, Internet, manufacturing, retail,
carriers, and more, such as NASA, the EU's Digital Factory, China Airlines,
China Mobile, Tencent, Huawei, Weibo, NetEase, Shell Housing, 360, Taikang,
Nespresso's Tea, and more.
+Hundreds of enterprises worldwide have used Apache APISIX to handle
business-critical traffic, covering finance, Internet, manufacturing, retail,
carriers, and more, such as NASA, the EU's Digital Factory, China Airlines,
China Mobile, Tencent, Huawei, Sina Weibo, NetEase, Ke, 360, Taikang, Nayuki,
and more.
Github: https://github.com/apache/apisix
diff --git a/website/blog/2021/08/30/Ingress-Meeting.md
b/website/blog/2021/08/30/Ingress-Meeting.md
index 90293e0..3db0e96 100644
--- a/website/blog/2021/08/30/Ingress-Meeting.md
+++ b/website/blog/2021/08/30/Ingress-Meeting.md
@@ -13,7 +13,7 @@ tags: [Events]
<! --truncate-->
-## Meeting times
+## Meeting Schedule
Every two weeks (Wednesdays) at 2pm, each meeting is about 1 hour.
@@ -33,7 +33,7 @@ You can [this
document](https://docs.qq.com/doc/DSEhMeGJ0UXdydFJy) to leave the
- Experiences and pitfalls in using Apache APISIX Ingress Controller by
yourself or your team
- Testimonials or complaints about Apache APISIX Ingress Controller
-Of course, you are also very welcome to give your opinions or contribute your
ideas to the construction of the Apache APISIX community, if you have
suggestions and ideas for the meeting, please feel free to
[issue](https://github.com/apache/apisix-ingress-controller/issues/) 614) and
reply to it!
+Of course, you are also very welcome to give your opinions or contribute your
ideas to the construction of the Apache APISIX community, if you have
suggestions and ideas for the meeting, please feel free to
[issue](https://github.com/apache/apisix-ingress-controller/issues/614) and
reply to it!
We welcome you to join us to discuss the Apache APISIX Ingress solution, and
we welcome you to join the community of developers to build a better Apache
APISIX Ingress Controller.
diff --git a/website/blog/2021/08/30/weekly-report.md
b/website/blog/2021/08/30/weekly-report.md
index 09b6f1c..ae71c7c 100644
--- a/website/blog/2021/08/30/weekly-report.md
+++ b/website/blog/2021/08/30/weekly-report.md
@@ -60,7 +60,7 @@ We've also put together some issues for those new to the
community! If you are i
**Link**: [Issue #3931](https://github.com/apache/apisix/issues/3931)
-**Issue Description**: http_to_https in the redirect plugin lacks curl tests,
need to add curl tests for http_to_https in the redirect plugin and update the
documentation [Apache APISIX redirect plugin](http://apisix.apache.org/docs/
apisix/plugins/redirect).
+**Issue Description**: http_to_https in the redirect plugin lacks curl tests,
need to add curl tests for http_to_https in the redirect plugin and update the
documentation [Apache APISIX redirect
plugin](http://apisix.apache.org/docs/apisix/plugins/redirect).
## Feature highlights of the week
@@ -82,7 +82,7 @@ We've also put together some issues for those new to the
community! If you are i
## Recommended blog posts of the week
-- [Centralized Authentication with the OpenID Connect Plugin for Apache
APISIX](https://apisix.apache.org/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-
for-Centralized-Authentication/): Apache APISIX is a dynamic, real-time,
high-performance API gateway that provides rich traffic management features
such as load balancing, dynamic upstream, grayscale publishing, service
meltdown, authentication, observability, etc. Apache APISIX not only supports
plug-in dynamic changes [...]
+- [Centralized Authentication with the OpenID Connect Plugin for Apache
APISIX](https://apisix.apache.org/blog/2021/08/25/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication/):
Apache APISIX is a dynamic, real-time, high-performance API gateway that
provides rich traffic management features such as load balancing, dynamic
upstream, grayscale publishing, service meltdown, authentication,
observability, etc. Apache APISIX not only supports plug-in dynamic changes a
[...]
- Why did APISIX choose the Nginx + Lua technology stack?]
(https://apisix.apache.org/blog/2021/08/25/Why-Apache-APISIX-chose-Nginx-and-Lua):
Provides the historical background and advantages of the Nginx + Lua
technology stack chosen by APISIX, noting that " High performance +
flexibility" is what makes APISIX stand out from other gateways.
diff --git "a/website/blog/2021/08/31/Apache APISIX \303\227
KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
"b/website/blog/2021/08/31/Apache APISIX \303\227
KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
index b8675c1..3c40245 100644
--- "a/website/blog/2021/08/31/Apache APISIX \303\227
KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
+++ "b/website/blog/2021/08/31/Apache APISIX \303\227
KubeSphere-a-better-gateway-and-K8S-Ingress-Controller.md"
@@ -52,8 +52,8 @@ NAMESPACE: apisix
STATUS: deployed
REVISION: 1
TEST SUITE: None
-NOTES. 1:
-Get the application URL by running these commands:
+NOTES.
+1: Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace apisix -o
jsonpath="{.spec.ports[0].nodePort}" services apisix-gateway)
export NODE_IP=$(kubectl get nodes --namespace apisix -o
jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
@@ -86,12 +86,12 @@ Just select Services - Stateless Services and create it.
You can see the successful deployment in KubeSphere's Services and Loads
interface, or you can check directly in the terminal to see if the deployment
has succeeded.
```shell
-➜ ~ kubectl get pods,svc -l app=httpbin
-NAME READY STATUS RESTARTS AGE
-pod/httpbin-v1-7d6dc7d5f-5lcmg 1/1 Running 0 48s
+~ kubectl get pods,svc -l app=httpbin
+NAME READY STATUS RESTARTS AGE
+pod/httpbin-v1-7d6dc7d5f-5lcmg 1/1 Running 0 48s
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-service/httpbin ClusterIP 10.96.0.5 <none> 80/TCP 48s
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+service/httpbin ClusterIP 10.96.0.5 <none> 80/TCP 48s
```
## Using Apache APISIX as a Gateway Proxy
@@ -99,7 +99,7 @@ service/httpbin ClusterIP 10.96.0.5 <none> 80/TCP 48s
We start by demonstrating how to use Apache APISIX as a gateway to proxy
services in a Kubernetes cluster.
```shell
-root@apisix:~$ kubectl -n apisix exec -it ``kubectl -n apisix get pods -l
app.kubernetes.io/name=apisix -o name` -- bash
+root@apisix:~$ kubectl -n apisix exec -it `kubectl -n apisix get pods -l
app.kubernetes.io/name=apisix -o name` -- bash
bash-5.1# curl httpbin.default/get
{
"args": {},
@@ -129,7 +129,7 @@ bash-5.1# curl
"http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1
}
}
}'
-{"node":{"key":"\/apisix\/routes\/1", "value":{"host": "httpbin.org",
"update_time":1630060883, "uri":"\/*", "create_time":1630060883," priority":0,
"upstream":{"type": "roundrobin", "pass_host": "pass",
"nodes":{"httpbin.default:80":1}, "hash_on": "vars", "scheme": "http"}, "id":
"1", "status":1}}, "action": "set"}
+{"node":{"key":"\/apisix\/routes\/1","value":{"host":"httpbin.org","update_time":1630060883,"uri":"\/*","create_time":1630060883,"priority":0,"upstream":{"type":"roundrobin","pass_host":"pass","nodes":{"httpbin.default:80":1},"hash_on":"vars","scheme":"http"},"id":"1","status":1}},"action":"set"}
```
You'll get output similar to the above, next verify that the proxy is
successful:
@@ -152,10 +152,10 @@ bash-5.1# curl http://127.0.0.1:9080/get -H "HOST:
httpbin.org"
The above output shows that the traffic of the example project has been
proxied through Apache APISIX. Next, let's try to access the sample project
outside the cluster via Apache APISIX.
```shell
-root@apisix:~$ kubectl -n apisix get svc -l app.kubernetes.io/name=apisix
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-apisix-admin ClusterIP 10.96.33.97 <none> 9180/TCP 22m
-apisix-gateway NodePort 10.96.126.83 <none> 80:31441/TCP 22m
+root@apisix:~$ kubectl -n apisix get svc -l app.kubernetes.io/name=apisix
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+apisix-admin ClusterIP 10.96.33.97 <none> 9180/TCP 22m
+apisix-gateway NodePort 10.96.126.83 <none> 80:31441/TCP 22m
```
When deployed using Helm chart, the Apache APISIX port is exposed by default
as a NodePort. We use the Node IP + NodePort port for access testing.
@@ -194,7 +194,7 @@ After saving, you can see the following screen.
Test if the proxy is successful under the terminal.
```shell
-root@apisix:~$ curl http://172.18.0.5:31441/get -H "HOST: http-ing.org" {
"args": {}, "headers": { "Accept": "*/*", "Host": "http-ing.org", "User
-Agent": "curl/7.76.1", "X-Forwarded-Host": "http-ing.org" }, "origin":
"10.244.2.1", "url": "http://http-ing.org/get"}
+root@apisix:~$ curl http://172.18.0.5:31441/get -H "HOST: http-ing.org" {
"args": {}, "headers": { "Accept": "*/*", "Host": "http-ing.org",
"User-Agent": "curl/7.76.1", "X-Forwarded-Host": "http-ing.org" },
"origin": "10.244.2.1", "url": "http://http-ing.org/get"}
```
You can see that it is also proxied properly.
diff --git
a/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
b/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
index f06a1c1..a0b541f 100644
--- a/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
+++ b/website/i18n/zh/docusaurus-plugin-content-blog/2021/08/10/apisix-nginx.md
@@ -170,7 +170,7 @@ local function init(env)
当然,Apache APISIX 允许用户修改 nginx.conf 模板中的部分数据,具体方法是模仿 conf/config-default.yaml
的语法修改 conf/config.yaml 配置。其实现原理参见 `read_yaml_conf` 函数:
-```conf
+```lua
function _M.read_yaml_conf(apisix_home)
local local_conf_path = profile:yaml_path("config-default")
local default_conf_yaml, err = util.read_file(local_conf_path)
@@ -477,7 +477,7 @@ end
从 nginx.conf 中可以看到,访问任意域名、URI 的请求都会匹配到 `http_access_phase` 这个 lua 函数:
-```conf
+```lua
server {
server_name _;
location / {
