| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| # yamllint disable rule:comments-indentation |
| conf: |
| listen: |
| # host: 127.0.0.1 # the address on which the `Manager API` should listen. |
| # The default value is 0.0.0.0, if want to specify, please enable it. |
| # This value accepts IPv4, IPv6, and hostname. |
| port: 9000 # The port on which the `Manager API` should listen. |
| |
| # ssl: |
| # host: 127.0.0.1 # the address on which the `Manager API` should listen for HTTPS. |
| # The default value is 0.0.0.0, if want to specify, please enable it. |
| # port: 9001 # The port on which the `Manager API` should listen for HTTPS. |
| # cert: "/tmp/cert/example.crt" # Path of your SSL cert. |
| # key: "/tmp/cert/example.key" # Path of your SSL key. |
| |
| allow_list: # If we don't set any IP list, then any IP access is allowed by default. |
| - 127.0.0.1 # The rules are checked in sequence until the first match is found. |
| - ::1 # In this example, access is allowed only for IPv4 network 127.0.0.1, and for IPv6 network ::1. |
| # It also support CIDR like 192.168.1.0/24 and 2001:0db8::/32 |
| etcd: |
| endpoints: # supports defining multiple etcd host addresses for an etcd cluster |
| - 127.0.0.1:2379 |
| # yamllint disable rule:comments-indentation |
| # etcd basic auth info |
| # username: "root" # ignore etcd username if not enable etcd auth |
| # password: "123456" # ignore etcd password if not enable etcd auth |
| mtls: |
| key_file: "" # Path of your self-signed client side key |
| cert_file: "" # Path of your self-signed client side cert |
| ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates |
| # prefix: /apisix # apisix config's prefix in etcd, /apisix by default |
| log: |
| error_log: |
| level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal |
| file_path: |
| logs/error.log # supports relative path, absolute path, standard output |
| # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr |
| # such as absolute path on Windows: winfile:///C:\error.log |
| access_log: |
| file_path: |
| logs/access.log # supports relative path, absolute path, standard output |
| # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr |
| # such as absolute path on Windows: winfile:///C:\access.log |
| # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} |
| max_cpu: 0 # supports tweaking with the number of OS threads are going to be used for parallelism. Default value: 0 [will use max number of available cpu cores considering hyperthreading (if any)]. If the value is negative, is will not touch the existing parallelism profile. |
| # security: |
| # access_control_allow_origin: "http://httpbin.org" |
| # access_control_allow_credentials: true # support using custom cors configration |
| # access_control_allow_headers: "Authorization" |
| # access_control-allow_methods: "*" |
| # x_frame_options: "deny" |
| # content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel. |
| |
| authentication: |
| secret: |
| secret # secret for jwt token generation. |
| # NOTE: Highly recommended to modify this value to protect `manager api`. |
| # if it's default value, when `manager api` start, it will generate a random string to replace it. |
| expire_time: 3600 # jwt token expire time, in second |
| users: # yamllint enable rule:comments-indentation |
| - username: admin # username and password for login `manager api` |
| password: admin |
| - username: user |
| password: user |
| |
| oidc: |
| enabled: false |
| expire_time: 3600 |
| client_id: dashboard |
| client_secret: dashboard |
| auth_url: http://172.17.0.1:8080/auth/realms/master/protocol/openid-connect/auth |
| token_url: http://172.17.0.1:8080/auth/realms/master/protocol/openid-connect/token |
| user_info_url: http://172.17.0.1:8080/auth/realms/master/protocol/openid-connect/userinfo |
| redirect_url: http://127.0.0.1:9000/apisix/admin/oidc/callback |
| scope: openid |
| |
| plugins: |
| - api-breaker |
| - authz-casbin |
| - authz-casdoor |
| - authz-keycloak |
| - aws-lambda |
| - azure-functions |
| - basic-auth |
| # - batch-requests |
| - clickhouse-logger |
| - client-control |
| - consumer-restriction |
| - cors |
| - csrf |
| - datadog |
| # - dubbo-proxy |
| - echo |
| - error-log-logger |
| # - example-plugin |
| - ext-plugin-post-req |
| - ext-plugin-post-resp |
| - ext-plugin-pre-req |
| - fault-injection |
| - file-logger |
| - forward-auth |
| - google-cloud-logging |
| - grpc-transcode |
| - grpc-web |
| - gzip |
| - hmac-auth |
| - http-logger |
| - ip-restriction |
| - jwt-auth |
| - kafka-logger |
| - kafka-proxy |
| - key-auth |
| - ldap-auth |
| - limit-conn |
| - limit-count |
| - limit-req |
| - loggly |
| # - log-rotate |
| - mocking |
| # - node-status |
| - opa |
| - openid-connect |
| - opentelemetry |
| - openwhisk |
| - prometheus |
| - proxy-cache |
| - proxy-control |
| - proxy-mirror |
| - proxy-rewrite |
| - public-api |
| - real-ip |
| - redirect |
| - referer-restriction |
| - request-id |
| - request-validation |
| - response-rewrite |
| - rocketmq-logger |
| - server-info |
| - serverless-post-function |
| - serverless-pre-function |
| - skywalking |
| - skywalking-logger |
| - sls-logger |
| - splunk-hec-logging |
| - syslog |
| - tcp-logger |
| - traffic-split |
| - ua-restriction |
| - udp-logger |
| - uri-blocker |
| - wolf-rbac |
| - zipkin |