使用Docker Desktop部署Apache APISIX
说明
-
测试系统:Windows 11 专业版 23H2
-
Docker:Docker Desktop v4.29.0+
-
关于路径,“/e/Soft/conf/apisix/conf/config.yaml”代表windows系统下的文件“E:\Soft\conf\apisix\conf\config.yaml”
-
Windows使用PowerShell运行Docker的Run命令换行使用```
-
本文仅供学习和测试
开始
docker network create `
--driver=bridge `
--subnet=172.18.0.0/16 `
--ip-range=172.18.5.0/24 `
--gateway=172.18.5.254 `
apisix
安装etcd
docker pull bitnami/etcd:latest
运行etcd
有配置文件。新建文件“E:\Soft\conf\etcd_conf\etcd.conf.yml”
docker run -it --name etcd-server `
-v /e/Soft/conf/etcd_conf/etcd.conf.yml:/opt/bitnami/etcd/conf/etcd.conf.yml `
-p 2379:2379 `
-p 2380:2380 `
--network apisix `
--ip 172.18.5.10 `
--env ALLOW_NONE_AUTHENTICATION=yes `
--env ETCD_DATA_DIR=/etcd_data `
--env ETCD_ENABLE_V2="true" `
--env ETCD_ADVERTISE_CLIENT_URLS="http://172.18.5.10:2379" `
--env ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" `
-d bitnami/etcd
配置文件“E:\Soft\conf\etcd_conf\etcd.conf.yml”
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'default'
# Path to the data directory.
data-dir:
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://172.18.5.10:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://172.18.5.10:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://172.18.5.10:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://172.18.5.10:2379
# Discovery URL used to bootstrap the cluster.
discovery:
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
# DNS domain used to bootstrap initial cluster.
discovery-srv:
# Comma separated string of initial cluster configuration for bootstrapping.
# Example: initial-cluster: "infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380"
initial-cluster:
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
# Enable runtime profiling data via HTTP server
enable-pprof: true
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
client-transport-security:
# Path to the client server TLS cert file.
cert-file:
# Path to the client server TLS key file.
key-file:
# Enable client cert authentication.
client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
trusted-ca-file:
# Client TLS using generated certificates
auto-tls: false
peer-transport-security:
# Path to the peer server TLS cert file.
cert-file:
# Path to the peer server TLS key file.
key-file:
# Enable peer client cert authentication.
client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
trusted-ca-file:
# Peer TLS using generated certificates.
auto-tls: false
# Allowed CN for inter peer authentication.
allowed-cn:
# Allowed TLS hostname for inter peer authentication.
allowed-hostname:
# The validity period of the self-signed certificate, the unit is year.
self-signed-cert-validity: 1
# Enable debug-level logging for etcd.
log-level: debug
logger: zap
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: [stderr]
# Force to create a new one member cluster.
force-new-cluster: false
auto-compaction-mode: periodic
auto-compaction-retention: "1"
# Limit etcd to a specific set of tls cipher suites
cipher-suites: [
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
]
# Limit etcd to specific TLS protocol versions
tls-min-version: 'TLS1.2'
tls-max-version: 'TLS1.3'
验证,浏览器打开http://localhost:2379/version
{
"etcdserver": "3.5.13",
"etcdcluster": "3.5.0"
}
安装apisix
新建文件“E:\Soft\conf\apisix\conf\config.yaml”
新建文件夹“E:\Soft\conf\apisix_log”用于写入相关日志
docker pull apache/apisix
docker run --name test-api-gateway `
-v /e/Soft/conf/apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml `
-v /e/Soft/conf/apisix_log:/usr/local/apisix/logs `
-p 9080:9080 `
-p 9091:9091 `
-p 9443:9443 `
--network apisix `
--ip 172.18.5.11 `
-d apache/apisix
“E:\Soft\conf\apisix\conf\config.yaml”配置文件如下:
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# CAUTION: DO NOT MODIFY DEFAULT CONFIGURATIONS IN THIS FILE.
# Keep the custom configurations in conf/config.yaml.
#
apisix:
# node_listen: 9080 # APISIX listening port.
node_listen: # APISIX listening ports.
- 9080
# - port: 9081
# - ip: 127.0.0.2 # If not set, default to `0.0.0.0`
# port: 9082
enable_admin: true # Admin API
enable_dev_mode: false # If true, set nginx `worker_processes` to 1.
enable_reuseport: true # If true, enable nginx SO_REUSEPORT option.
show_upstream_status_in_response_header: false # If true, include the upstream HTTP status code in
# the response header `X-APISIX-Upstream-Status`.
# If false, show `X-APISIX-Upstream-Status` only if
# the upstream response code is 5xx.
enable_ipv6: true
enable_http2: true
# proxy_protocol: # PROXY Protocol configuration
# listen_http_port: 9181 # APISIX listening port for HTTP traffic with PROXY protocol.
# listen_https_port: 9182 # APISIX listening port for HTTPS traffic with PROXY protocol.
# enable_tcp_pp: true # Enable the PROXY protocol when stream_proxy.tcp is set.
# enable_tcp_pp_to_upstream: true # Enable the PROXY protocol.
enable_server_tokens: true # If true, show APISIX version in the `Server` response header.
extra_lua_path: "" # Extend lua_package_path to load third-party code.
extra_lua_cpath: "" # Extend lua_package_cpath to load third-party code.
# lua_module_hook: "my_project.my_hook" # Hook module used to inject third-party code into APISIX.
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time on disk if the upstream does not specify a caching time.
zones:
- name: disk_cache_one # Name of the cache.
memory_size: 50m # Size of the memory to store the cache index.
disk_size: 1G # Size of the disk to store the cache data.
disk_path: /tmp/disk_cache_one # Path to the cache file for disk cache.
cache_levels: 1:2 # Cache hierarchy levels of disk cache.
# - name: disk_cache_two
# memory_size: 50m
# disk_size: 1G
# disk_path: "/tmp/disk_cache_two"
# cache_levels: "1:2"
- name: memory_cache
memory_size: 50m
delete_uri_tail_slash: false # Delete the '/' at the end of the URI
normalize_uri_like_servlet: false # If true, use the same path normalization rules as the Java
# servlet specification. See https://github.com/jakartaee/servlet/blob/master/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization, which is used in Tomcat.
router:
http: radixtree_host_uri # radixtree_host_uri: match route by host and URI
# radixtree_uri: match route by URI
# radixtree_uri_with_parameter: similar to radixtree_uri but match URI with parameters. See https://github.com/api7/lua-resty-radixtree/#parameters-in-path for more details.
ssl: radixtree_sni # radixtree_sni: match route by SNI
# http is the default proxy mode. proxy_mode can be one of `http`, `stream`, or `http&stream`
proxy_mode: http
# stream_proxy: # TCP/UDP L4 proxy
# tcp:
# - addr: 9100 # Set the TCP proxy listening ports.
# tls: true
# - addr: "127.0.0.1:9101"
# udp: # Set the UDP proxy listening ports.
# - 9200
# - "127.0.0.1:9201"
# dns_resolver: # If not set, read from `/etc/resolv.conf`
# - 1.1.1.1
# - 8.8.8.8
# dns_resolver_valid: 30 # Override the default TTL of the DNS records.
resolver_timeout: 5 # Set the time in seconds that the server will wait for a response from the
# DNS resolver before timing out.
enable_resolv_search_opt: true # If true, use search option in the resolv.conf file in DNS lookups.
ssl:
enable: true
listen: # APISIX listening port for HTTPS traffic.
- port: 9443
enable_http3: false # Enable HTTP/3 (with QUIC). If not set default to `false`.
# - ip: 127.0.0.3 # If not set, default to `0.0.0.0`.
# port: 9445
# enable_http3: true
# ssl_trusted_certificate: /path/to/ca-cert # Set the path to CA certificates used to verify client
# certificates in the PEM format.
ssl_protocols: TLSv1.2 TLSv1.3 # TLS versions supported.
ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_session_tickets: false # If true, session tickets are used for SSL/TLS connections.
# Disabled by default because it renders Perfect Forward Secrecy (FPS)
# useless. See https://github.com/mozilla/server-side-tls/issues/135.
# fallback_sni: "my.default.domain" # Fallback SNI to be used if the client does not send SNI during
# # the handshake.
enable_control: true # Control API
# control:
# ip: 127.0.0.1
# port: 9090
disable_sync_configuration_during_start: false # Safe exit. TO BE REMOVED.
data_encryption: # Data encryption settings.
enable_encrypt_fields: true # Whether enable encrypt fields specified in `encrypt_fields` in plugin schema.
keyring: # This field is used to encrypt the private key of SSL and the `encrypt_fields`
# in plugin schema.
- qeddd145sfvddff3 # Set the encryption key for AES-128-CBC. It should be a hexadecimal string
# of length 16.
- edd1c9f0985e76a2 # If not set, APISIX saves the original data into etcd.
# CAUTION: If you would like to update the key, add the new key as the
# first item in the array and keep the older keys below the newly added
# key, so that data can be decrypted with the older keys and encrypted
# with the new key. Removing the old keys directly can render the data
# unrecoverable.
events: # Event distribution module configuration
module: lua-resty-events # Sets the name of the events module used.
# Supported module: lua-resty-worker-events and lua-resty-events
nginx_config: # Config for render the template to generate nginx.conf
# user: root # Set the execution user of the worker process. This is only
# effective if the master process runs with super-user privileges.
error_log: logs/error.log # Location of the error log.
error_log_level: warn # Logging level: info, debug, notice, warn, error, crit, alert, or emerg.
worker_processes: auto # Automatically determine the optimal number of worker processes based
# on the available system resources.
# If you want use multiple cores in container, you can inject the number of
# CPU cores as environment variable "APISIX_WORKER_PROCESSES".
enable_cpu_affinity: false # Disable CPU affinity by default as worker_cpu_affinity affects the
# behavior of APISIX in containers. For example, multiple instances could
# be bound to one CPU core, which is not desirable.
# If APISIX is deployed on a physical machine, CPU affinity can be enabled.
worker_rlimit_nofile: 20480 # The number of files a worker process can open.
# The value should be larger than worker_connections.
worker_shutdown_timeout: 240s # Timeout for a graceful shutdown of worker processes.
max_pending_timers: 16384 # The maximum number of pending timers that can be active at any given time.
# Error "too many pending timers" indicates the threshold is reached.
max_running_timers: 4096 # The maximum number of running timers that can be active at any given time.
# Error "lua_max_running_timers are not enough" error indicates the
# threshold is reached.
event:
worker_connections: 10620
# envs: # Get environment variables.
# - TEST_ENV
meta:
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
prometheus-metrics: 15m
stream:
enable_access_log: false # Enable stream proxy access logging.
access_log: logs/access_stream.log # Location of the stream access log.
access_log_format: |
"$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html
access_log_format_escape: default # Escape default or json characters in variables.
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
etcd-cluster-health-check-stream: 10m
lrucache-lock-stream: 10m
plugin-limit-conn-stream: 10m
worker-events-stream: 10m
tars-stream: 1m
# Add other custom Nginx configurations.
# Users are responsible for validating the custom configurations
# to ensure they are not in conflict with APISIX configurations.
main_configuration_snippet: |
# Add custom Nginx main configuration to nginx.conf.
# The configuration should be well indented!
http_configuration_snippet: |
# Add custom Nginx http configuration to nginx.conf.
# The configuration should be well indented!
http_server_configuration_snippet: |
# Add custom Nginx http server configuration to nginx.conf.
# The configuration should be well indented!
http_server_location_configuration_snippet: |
# Add custom Nginx http server location configuration to nginx.conf.
# The configuration should be well indented!
http_admin_configuration_snippet: |
# Add custom Nginx admin server configuration to nginx.conf.
# The configuration should be well indented!
http_end_configuration_snippet: |
# Add custom Nginx http end configuration to nginx.conf.
# The configuration should be well indented!
stream_configuration_snippet: |
# Add custom Nginx stream configuration to nginx.conf.
# The configuration should be well indented!
http:
enable_access_log: true # Enable HTTP proxy access logging.
access_log: logs/access.log # Location of the access log.
access_log_buffer: 16384 # buffer size of access log.
access_log_format: |
"$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
# Customize log format: http://nginx.org/en/docs/varindex.html
access_log_format_escape: default # Escape default or json characters in variables.
keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
client_header_timeout: 60s # Set the maximum time waiting for client to send the entire HTTP
# request header before closing the connection.
client_body_timeout: 60s # Set the maximum time waiting for client to send the request body.
client_max_body_size: 0 # Set the maximum allowed size of the client request body.
# Default to 0, unlimited.
# Unlike Nginx, APISIX does not limit the body size by default.
# If exceeded, the 413 (Request Entity Too Large) error is returned.
send_timeout: 10s # Set the maximum time for transmitting a response to the client before closing.
underscores_in_headers: "on" # Allow HTTP request headers to contain underscores in their names.
real_ip_header: X-Real-IP # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
- 127.0.0.1
- "unix:"
# custom_lua_shared_dict: # Custom Nginx Lua shared memory zone for nginx.conf. Size units are m or k.
# ipc_shared_dict: 100m # Custom shared cache, format: `cache-key: cache-size`
proxy_ssl_server_name: true # Send the server name in the SNI extension when establishing an SSL/TLS
# connection with the upstream server, allowing the upstream server to
# select the appropriate SSL/TLS certificate and configuration based on
# the requested server name.
upstream:
keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers.
# When the value is exceeded, the least recently used connection is closed.
keepalive_requests: 1000 # Set the maximum number of requests that can be served through one
# keep-alive connection.
# After the maximum number of requests is made, the connection is closed.
keepalive_timeout: 60s # Set the maximum time for which TCP connection keeps alive.
charset: utf-8 # Add the charset to the "Content-Type" response header field.
# See http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
variables_hash_max_size: 2048 # Set the maximum size of the variables hash table.
lua_shared_dict: # Nginx Lua shared memory zone. Size units are m or k.
internal-status: 10m
plugin-limit-req: 10m
plugin-limit-count: 10m
prometheus-metrics: 10m
plugin-limit-conn: 10m
upstream-healthcheck: 10m
worker-events: 10m
lrucache-lock: 10m
balancer-ewma: 10m
balancer-ewma-locks: 10m
balancer-ewma-last-touched-at: 10m
plugin-limit-req-redis-cluster-slot-lock: 1m
plugin-limit-count-redis-cluster-slot-lock: 1m
plugin-limit-conn-redis-cluster-slot-lock: 1m
tracing_buffer: 10m
plugin-api-breaker: 10m
etcd-cluster-health-check: 10m
discovery: 1m
jwks: 1m
introspection: 10m
access-tokens: 1m
ext-plugin: 1m
tars: 1m
cas-auth: 10m
ocsp-stapling: 10m
# discovery: # Service Discovery
# dns:
# servers:
# - "127.0.0.1:8600" # Replace with the address of your DNS server.
# resolv_conf: /etc/resolv.conf # Replace with the path to the local DNS resolv config. Configure either "servers" or "resolv_conf".
# order: # Resolve DNS records this order.
# - last # Try the latest successful type for a hostname.
# - SRV
# - A
# - AAAA
# - CNAME
# eureka: # Eureka
# host: # Eureka address(es)
# - "http://127.0.0.1:8761"
# prefix: /eureka/
# fetch_interval: 30 # Default 30s
# weight: 100 # Default weight for node
# timeout:
# connect: 2000 # Default 2000ms
# send: 2000 # Default 2000ms
# read: 5000 # Default 5000ms
# nacos: # Nacos
# host: # Nacos address(es)
# - "http://${username}:${password}@${host1}:${port1}"
# prefix: "/nacos/v1/"
# fetch_interval: 30 # Default 30s
# `weight` is the `default_weight` that will be attached to each discovered node that
# doesn't have a weight explicitly provided in nacos results
# weight: 100 # Default 100.
# timeout:
# connect: 2000 # Default 2000ms
# send: 2000 # Default 2000ms
# read: 5000 # Default 5000ms
# access_key: "" # Nacos AccessKey ID in Alibaba Cloud, notice that it's for Nacos instances on Microservices Engine (MSE)
# secret_key: "" # Nacos AccessKey Secret in Alibaba Cloud, notice that it's for Nacos instances on Microservices Engine (MSE)
# consul_kv: # Consul KV
# servers: # Consul KV address(es)
# - "http://127.0.0.1:8500"
# - "http://127.0.0.1:8600"
# prefix: "upstreams"
# skip_keys: # Skip special keys
# - "upstreams/unused_api/"
# timeout:
# connect: 2000 # Default 2000ms
# read: 2000 # Default 2000ms
# wait: 60 # Default 60s
# weight: 1 # Default 1
# fetch_interval: 3 # Default 3s. Effective only when keepalive is false.
# keepalive: true # Default to true. Use long pull to query Consul.
# default_server: # Define default server to route traffic to.
# host: "127.0.0.1"
# port: 20999
# metadata:
# fail_timeout: 1 # Default 1ms
# weight: 1 # Default 1
# max_fails: 1 # Default 1
# dump: # Dump the Consul key-value (KV) store to a file.
# path: "logs/consul_kv.dump" # Location of the dump file.
# expire: 2592000 # Specify the expiration time of the dump file in units of seconds.
# consul: # Consul
# servers: # Consul address(es)
# - "http://127.0.0.1:8500"
# - "http://127.0.0.1:8600"
# skip_services: # Skip services during service discovery.
# - "service_a"
# timeout:
# connect: 2000 # Default 2000ms
# read: 2000 # Default 2000ms
# wait: 60 # Default 60s
# weight: 1 # Default 1
# fetch_interval: 3 # Default 3s. Effective only when keepalive is false.
# keepalive: true # Default to true. Use long pull to query Consul.
# default_service: # Define the default service to route traffic to.
# host: "127.0.0.1"
# port: 20999
# metadata:
# fail_timeout: 1 # Default 1ms
# weight: 1 # Default 1
# max_fails: 1 # Default 1
# dump: # Dump the Consul key-value (KV) store to a file.
# path: "logs/consul_kv.dump" # Location of the dump file.
# expire: 2592000 # Specify the expiration time of the dump file in units of seconds.
# load_on_init: true # Default true, load the consul dump file on init
# kubernetes: # Kubernetes service discovery
# ### kubernetes service discovery both support single-cluster and multi-cluster mode
# ### applicable to the case where the service is distributed in a single or multiple kubernetes clusters.
# ### single-cluster mode ###
# service:
# schema: https # apiserver schema, options [http, https], default https
# host: ${KUBERNETES_SERVICE_HOST} # apiserver host, options [ipv4, ipv6, domain, environment variable], default ${KUBERNETES_SERVICE_HOST}
# port: ${KUBERNETES_SERVICE_PORT} # apiserver port, options [port number, environment variable], default ${KUBERNETES_SERVICE_PORT}
# client:
# # serviceaccount token or path of serviceaccount token_file
# token_file: ${KUBERNETES_CLIENT_TOKEN_FILE}
# # token: |-
# # eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEif
# # 6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEifeyJhbGciOiJSUzI1NiIsImtpZCI
# # kubernetes discovery plugin support use namespace_selector
# # you can use one of [equal, not_equal, match, not_match] filter namespace
# namespace_selector:
# # only save endpoints with namespace equal default
# equal: default
# # only save endpoints with namespace not equal default
# #not_equal: default
# # only save endpoints with namespace match one of [default, ^my-[a-z]+$]
# #match:
# #- default
# #- ^my-[a-z]+$
# # only save endpoints with namespace not match one of [default, ^my-[a-z]+$ ]
# #not_match:
# #- default
# #- ^my-[a-z]+$
# # kubernetes discovery plugin support use label_selector
# # for the expression of label_selector, please refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
# label_selector: |-
# first="a",second="b"
# # reserved lua shared memory size,1m memory can store about 1000 pieces of endpoint
# shared_size: 1m #default 1m
# ### single-cluster mode ###
# ### multi-cluster mode ###
# - id: release # a custom name refer to the cluster, pattern ^[a-z0-9]{1,8}
# service:
# schema: https # apiserver schema, options [http, https], default https
# host: ${KUBERNETES_SERVICE_HOST} # apiserver host, options [ipv4, ipv6, domain, environment variable]
# port: ${KUBERNETES_SERVICE_PORT} # apiserver port, options [port number, environment variable]
# client:
# # serviceaccount token or path of serviceaccount token_file
# token_file: ${KUBERNETES_CLIENT_TOKEN_FILE}
# # token: |-
# # eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEif
# # 6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEifeyJhbGciOiJSUzI1NiIsImtpZCI
# # kubernetes discovery plugin support use namespace_selector
# # you can use one of [equal, not_equal, match, not_match] filter namespace
# namespace_selector:
# # only save endpoints with namespace equal default
# equal: default
# # only save endpoints with namespace not equal default
# #not_equal: default
# # only save endpoints with namespace match one of [default, ^my-[a-z]+$]
# #match:
# #- default
# #- ^my-[a-z]+$
# # only save endpoints with namespace not match one of [default, ^my-[a-z]+$ ]
# #not_match:
# #- default
# #- ^my-[a-z]+$
# # kubernetes discovery plugin support use label_selector
# # for the expression of label_selector, please refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
# label_selector: |-
# first="a",second="b"
# # reserved lua shared memory size,1m memory can store about 1000 pieces of endpoint
# shared_size: 1m #default 1m
# ### multi-cluster mode ###
graphql:
max_size: 1048576 # Set the maximum size limitation of graphql in bytes. Default to 1MiB.
# ext-plugin:
# cmd: ["ls", "-l"]
plugins: # plugin list (sorted by priority)
- real-ip # priority: 23000
- ai # priority: 22900
- client-control # priority: 22000
- proxy-control # priority: 21990
- request-id # priority: 12015
- zipkin # priority: 12011
#- skywalking # priority: 12010
#- opentelemetry # priority: 12009
- ext-plugin-pre-req # priority: 12000
- fault-injection # priority: 11000
- mocking # priority: 10900
- serverless-pre-function # priority: 10000
#- batch-requests # priority: 4010
- cors # priority: 4000
- ip-restriction # priority: 3000
- ua-restriction # priority: 2999
- referer-restriction # priority: 2990
- csrf # priority: 2980
- uri-blocker # priority: 2900
- request-validation # priority: 2800
- chaitin-waf # priority: 2700
- multi-auth # priority: 2600
- openid-connect # priority: 2599
- cas-auth # priority: 2597
- authz-casbin # priority: 2560
- authz-casdoor # priority: 2559
- wolf-rbac # priority: 2555
- ldap-auth # priority: 2540
- hmac-auth # priority: 2530
- basic-auth # priority: 2520
- jwt-auth # priority: 2510
- jwe-decrypt # priority: 2509
- key-auth # priority: 2500
- consumer-restriction # priority: 2400
- forward-auth # priority: 2002
- opa # priority: 2001
- authz-keycloak # priority: 2000
#- error-log-logger # priority: 1091
- proxy-cache # priority: 1085
- body-transformer # priority: 1080
- proxy-mirror # priority: 1010
- proxy-rewrite # priority: 1008
- workflow # priority: 1006
- api-breaker # priority: 1005
- limit-conn # priority: 1003
- limit-count # priority: 1002
- limit-req # priority: 1001
#- node-status # priority: 1000
#- brotli # priority: 996
- gzip # priority: 995
- server-info # priority: 990
- traffic-split # priority: 966
- redirect # priority: 900
- response-rewrite # priority: 899
- degraphql # priority: 509
- kafka-proxy # priority: 508
#- dubbo-proxy # priority: 507
- grpc-transcode # priority: 506
- grpc-web # priority: 505
- http-dubbo # priority: 504
- public-api # priority: 501
- prometheus # priority: 500
- datadog # priority: 495
- loki-logger # priority: 414
- elasticsearch-logger # priority: 413
- echo # priority: 412
- loggly # priority: 411
- http-logger # priority: 410
- splunk-hec-logging # priority: 409
- skywalking-logger # priority: 408
- google-cloud-logging # priority: 407
- sls-logger # priority: 406
- tcp-logger # priority: 405
- kafka-logger # priority: 403
- rocketmq-logger # priority: 402
- syslog # priority: 401
- udp-logger # priority: 400
- file-logger # priority: 399
- clickhouse-logger # priority: 398
- tencent-cloud-cls # priority: 397
- inspect # priority: 200
#- log-rotate # priority: 100
# <- recommend to use priority (0, 100) for your custom plugins
- example-plugin # priority: 0
#- gm # priority: -43
#- ocsp-stapling # priority: -44
- aws-lambda # priority: -1899
- azure-functions # priority: -1900
- openwhisk # priority: -1901
- openfunction # priority: -1902
- serverless-post-function # priority: -2000
- ext-plugin-post-req # priority: -3000
- ext-plugin-post-resp # priority: -4000
stream_plugins: # stream plugin list (sorted by priority)
- ip-restriction # priority: 3000
- limit-conn # priority: 1003
- mqtt-proxy # priority: 1000
#- prometheus # priority: 500
- syslog # priority: 401
# <- recommend to use priority (0, 100) for your custom plugins
# wasm:
# plugins:
# - name: wasm_log
# priority: 7999
# file: t/wasm/log/main.go.wasm
# xrpc:
# protocols:
# - name: pingpong
plugin_attr: # Plugin attributes
log-rotate: # Plugin: log-rotate
timeout: 10000 # maximum wait time for a log rotation(unit: millisecond)
interval: 3600 # Set the log rotate interval in seconds.
max_kept: 168 # Set the maximum number of log files to keep. If exceeded, historic logs are deleted.
max_size: -1 # Set the maximum size of log files in bytes before a rotation.
# Skip size check if max_size is less than 0.
enable_compression: false # Enable log file compression (gzip).
skywalking: # Plugin: skywalking
service_name: APISIX # Set the service name for SkyWalking reporter.
service_instance_name: APISIX Instance Name # Set the service instance name for SkyWalking reporter.
endpoint_addr: http://127.0.0.1:12800 # Set the SkyWalking HTTP endpoint.
report_interval: 3 # Set the reporting interval in second.
opentelemetry: # Plugin: opentelemetry
trace_id_source: x-request-id # Specify the source of the trace ID for OpenTelemetry traces.
resource:
service.name: APISIX # Set the service name for OpenTelemetry traces.
collector:
address: 127.0.0.1:4318 # Set the address of the OpenTelemetry collector to send traces to.
request_timeout: 3 # Set the timeout for requests to the OpenTelemetry collector in seconds.
request_headers: # Set the headers to include in requests to the OpenTelemetry collector.
Authorization: token # Set the authorization header to include an access token.
batch_span_processor:
drop_on_queue_full: false # Drop spans when the export queue is full.
max_queue_size: 1024 # Set the maximum size of the span export queue.
batch_timeout: 2 # Set the timeout for span batches to wait in the export queue before
# being sent.
inactive_timeout: 1 # Set the timeout for spans to wait in the export queue before being sent,
# if the queue is not full.
max_export_batch_size: 16 # Set the maximum number of spans to include in each batch sent to the
# OpenTelemetry collector.
set_ngx_var: false # Export opentelemetry variables to NGINX variables.
prometheus: # Plugin: prometheus
export_uri: /apisix/prometheus/metrics # Set the URI for the Prometheus metrics endpoint.
metric_prefix: apisix_ # Set the prefix for Prometheus metrics generated by APISIX.
enable_export_server: true # Enable the Prometheus export server.
export_addr: # Set the address for the Prometheus export server.
ip: 127.0.0.1 # Set the IP.
port: 9091 # Set the port.
# metrics: # Create extra labels from nginx variables: https://nginx.org/en/docs/varindex.html
# http_status:
# extra_labels:
# - upstream_addr: $upstream_addr
# - status: $upstream_status # The label name does not need to be the same as the variable name.
# http_latency:
# extra_labels:
# - upstream_addr: $upstream_addr
# bandwidth:
# extra_labels:
# - upstream_addr: $upstream_addr
# default_buckets:
# - 10
# - 50
# - 100
# - 200
# - 500
# expire: 0 # The expiration time after metrics become inactive, unit: second.
# 0 means the metrics will not expire
# If you need to set the expiration time, it is recommended to use 600, which is 10 minutes.
server-info: # Plugin: server-info
report_ttl: 60 # Set the TTL in seconds for server info in etcd.
# Maximum: 86400. Minimum: 3.
dubbo-proxy: # Plugin: dubbo-proxy
upstream_multiplex_count: 32 # Set the maximum number of connections that can be multiplexed over
# a single network connection between the Dubbo Proxy and the upstream
# Dubbo services.
proxy-mirror: # Plugin: proxy-mirror
timeout: # Set the timeout for mirrored requests.
connect: 60s
read: 60s
send: 60s
# redirect: # Plugin: redirect
# https_port: 8443 # Set the default port used to redirect HTTP to HTTPS.
inspect: # Plugin: inspect
delay: 3 # Set the delay in seconds for the frequency of checking the hooks file.
hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua" # Set the path to the Lua file that defines
# hooks. Only administrators should have
# write access to this file for security.
zipkin: # Plugin: zipkin
set_ngx_var: false # export zipkin variables to nginx variables
deployment: # Deployment configurations
role: traditional # Set deployment mode: traditional, control_plane, or data_plane.
role_traditional:
config_provider: etcd # Set the configuration center.
#role_data_plane: # Set data plane details if role is data_plane.
# config_provider: etcd # Set the configuration center: etcd, xds, or yaml.
#role_control_plane: # Set control plane details if role is control_plane.
# config_provider: etcd # Set the configuration center.
admin: # Admin API
admin_key_required: true # Enable Admin API authentication by default for security.
admin_key:
-
name: admin # admin: write access to configurations.
key: '' # Set API key for the admin of Admin API.
role: admin
-
name: viewer # viewer: read-only to configurations.
key: 4054f7cf07e344346cd3f287985e76a2 # Set API key for the viewer of Admin API.
role: viewer
enable_admin_cors: true # Enable Admin API CORS response header `Access-Control-Allow-Origin`.
allow_admin: # Limit Admin API access by IP addresses.
- 127.0.0.0/24 # If not set, any IP address is allowed.
# - "::/64"
admin_listen: # Set the Admin API listening addresses.
ip: 0.0.0.0 # Set listening IP.
port: 9180 # Set listening port. Beware of port conflict with node_listen.
# https_admin: true # Enable SSL for Admin API on IP and port specified in admin_listen.
# Use admin_api_mtls.admin_ssl_cert and admin_api_mtls.admin_ssl_cert_key.
# admin_api_mtls: # Set this if `https_admin` is true.
# admin_ssl_cert: "" # Set path to SSL/TLS certificate.
# admin_ssl_cert_key: "" # Set path to SSL/TLS key.
# admin_ssl_ca_cert: "" # Set path to CA certificate used to sign client certificates.
admin_api_version: v3 # Set the version of Admin API (latest: v3).
etcd:
host: # Set etcd address(es) in the same etcd cluster.
- "http://172.18.5.10:2379" # If TLS is enabled for etcd, use https://127.0.0.1:2379.
prefix: /apisix # Set etcd prefix.
timeout: 30 # The timeout when connect/read/write to etcd, Set timeout in seconds.
watch_timeout: 50 # The timeout when watch etcd
# resync_delay: 5 # Set resync time in seconds after a sync failure.
# The actual resync time would be resync_delay plus 50% random jitter.
# health_check_timeout: 10 # Set timeout in seconds for etcd health check.
# Default to 10 if not set or a negative value is provided.
startup_retry: 2 # Set the number of retries to etcd on startup. Default to 2.
# user: root # Set the root username for etcd.
# password: 5tHkHhYkjr6cQ # Set the root password for etcd.
tls:
# cert: /path/to/cert # Set the path to certificate used by the etcd client
# key: /path/to/key # Set the path to path of key used by the etcd client
verify: true # Verify the etcd certificate when establishing a TLS connection with etcd.
# sni: # The SNI for etcd TLS requests.
# If not set, the host from the URL is used.
配置文件要特别注意以下几行,其中要改IP为“172.18.5.10”:
...
etcd:
host: # Set etcd address(es) in the same etcd cluster.
- "http://172.18.5.10:2379" # If TLS is enabled for etcd, use https://127.0.0.1:2379.
安装apisix-dashboard
docker pull apache/apisix-dashboard
新建配置文件“E:\Soft\conf\apisix-dashboard\conf.yaml”,注意修改IP为“172.18.5.10”
conf:
listen:
host: 0.0.0.0 # the address on which the `Manager API` should listen.
# The default value is 0.0.0.0, if want to specify, please enable it.
# This value accepts IPv4, IPv6, and hostname.
port: 9000 # The port on which the `Manager API` should listen.
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- 172.18.5.10:2379 # etcd install ip
authentication:
secret:
zQ5w5jkLDh3jZpywJ3sskrw6Yv633ruq
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # dashboard login infomation
password: 961010
- username: user
password: 961010
启动dashboard
docker run --name dashboard `
-p 9000:9000 `
-v /e/Soft/conf/apisix-dashboard/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml `
--network apisix `
--ip 172.18.5.15 `
-d apache/apisix-dashboard
浏览器打开“http://localhost:9000”,使用配置文件的账号密码登录。
清理
测试完成,可以清理服务。
docker rm dashboard
docker rm test-api-gateway
docker rm etcd-server
docker network rm apisix