| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| master_process on; |
| |
| worker_processes 1; |
| |
| error_log logs/error.log warn; |
| pid logs/nginx.pid; |
| |
| worker_rlimit_nofile 20480; |
| |
| events { |
| worker_connections 10620; |
| } |
| |
| worker_shutdown_timeout 3; |
| |
| http { |
| lua_package_path "$prefix/lua/?.lua;;"; |
| |
| log_format main '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time'; |
| access_log logs/access.log main buffer=16384 flush=5; |
| |
| init_by_lua_block { |
| require "resty.core" |
| apisix = require("apisix") |
| apisix.http_init() |
| } |
| |
| init_worker_by_lua_block { |
| apisix.http_init_worker() |
| } |
| |
| upstream apisix_backend { |
| server 0.0.0.1; |
| balancer_by_lua_block { |
| apisix.http_balancer_phase() |
| } |
| |
| keepalive 320; |
| } |
| |
| server { |
| listen 9443 ssl; |
| ssl_certificate cert/apisix.crt; |
| ssl_certificate_key cert/apisix.key; |
| ssl_session_cache shared:SSL:1m; |
| |
| listen 9080; |
| |
| server_tokens off; |
| more_set_headers 'Server: APISIX web server'; |
| |
| location = /apisix/nginx_status { |
| allow 127.0.0.0/24; |
| access_log off; |
| stub_status; |
| } |
| |
| location /apisix/admin { |
| allow 127.0.0.0/24; |
| content_by_lua_block { |
| apisix.http_admin() |
| } |
| } |
| |
| ssl_certificate_by_lua_block { |
| apisix.http_ssl_phase() |
| } |
| |
| location / { |
| set $upstream_scheme 'http'; |
| set $upstream_host $http_host; |
| set $upstream_upgrade ''; |
| set $upstream_connection ''; |
| set $upstream_uri ''; |
| |
| access_by_lua_block { |
| apisix.http_access_phase() |
| } |
| |
| proxy_http_version 1.1; |
| proxy_set_header Host $upstream_host; |
| proxy_set_header Upgrade $upstream_upgrade; |
| proxy_set_header Connection $upstream_connection; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_pass_header Server; |
| proxy_pass_header Date; |
| |
| ### the following x-forwarded-* headers is to send to upstream server |
| |
| set $var_x_forwarded_for $remote_addr; |
| set $var_x_forwarded_proto $scheme; |
| set $var_x_forwarded_host $host; |
| set $var_x_forwarded_port $server_port; |
| |
| if ($http_x_forwarded_for != "") { |
| set $var_x_forwarded_for "${http_x_forwarded_for}, ${realip_remote_addr}"; |
| } |
| if ($http_x_forwarded_proto != "") { |
| set $var_x_forwarded_proto $http_x_forwarded_proto; |
| } |
| if ($http_x_forwarded_host != "") { |
| set $var_x_forwarded_host $http_x_forwarded_host; |
| } |
| if ($http_x_forwarded_port != "") { |
| set $var_x_forwarded_port $http_x_forwarded_port; |
| } |
| |
| proxy_set_header X-Forwarded-For $var_x_forwarded_for; |
| proxy_set_header X-Forwarded-Proto $var_x_forwarded_proto; |
| proxy_set_header X-Forwarded-Host $var_x_forwarded_host; |
| proxy_set_header X-Forwarded-Port $var_x_forwarded_port; |
| |
| # proxy pass |
| proxy_pass $upstream_scheme://apisix_backend$upstream_uri; |
| |
| header_filter_by_lua_block { |
| apisix.http_header_filter_phase() |
| } |
| |
| body_filter_by_lua_block { |
| apisix.http_body_filter_phase() |
| } |
| |
| log_by_lua_block { |
| apisix.http_log_phase() |
| } |
| } |
| } |
| } |