# added initial build script for Docker, including a base config folder.
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2a8b5f2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+api-gateway-config/target
+api-gateway-config/target/*
+api-gateway-config/conf.d/includes/resolvers.conf
+*.iml
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..3d33aa5
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,84 @@
+# api-platform-box
+#
+# VERSION 1.9.3.1
+#
+# From https://hub.docker.com/_/alpine/
+#
+FROM alpine:latest
+
+RUN apk update \
+ && apk add gcc tar libtool zlib jemalloc jemalloc-dev perl \
+ make musl-dev openssl-dev pcre-dev g++ zlib-dev
+
+ENV OPENRESTY_VERSION 1.9.3.1
+ENV NAXSI_VERSION 0.53-2
+ENV PCRE_VERSION 8.37
+ENV HMAC_LUA_VERSION 1.0.0
+ENV REQUEST_VALIDATION_VERSION 1.0.0
+
+RUN mkdir -p /tmp/api-gateway/
+ADD https://github.com/nbs-system/naxsi/archive/${NAXSI_VERSION}.tar.gz /tmp/api-gateway/naxsi-${NAXSI_VERSION}.tar.gz
+ADD http://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz /tmp/api-gateway/prce-${PCRE_VERSION}.tar.gz
+ADD http://openresty.org/download/ngx_openresty-${OPENRESTY_VERSION}.tar.gz /tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION}.tar.gz
+ADD https://github.com/apiplatform/api-gateway-request-validation/archive/${REQUEST_VALIDATION_VERSION}.tar.gz /tmp/api-gateway/api-gateway-request-validation-${REQUEST_VALIDATION_VERSION}.tar.gz
+ADD https://github.com/apiplatform/api-gateway-hmac/archive/${HMAC_LUA_VERSION}.tar.gz /tmp/api-gateway/api-gateway-hmac-${HMAC_LUA_VERSION}.tar.gz
+
+RUN cd /tmp/api-gateway/ \
+ && tar -xf ./ngx_openresty-${OPENRESTY_VERSION}.tar.gz \
+ && tar -xf ./prce-${PCRE_VERSION}.tar.gz \
+ && tar -xf ./naxsi-${NAXSI_VERSION}.tar.gz \
+ && cd /tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION} \
+ && readonly NPROC=$(grep -c ^processor /proc/cpuinfo 2>/dev/null || 1) \
+ && echo "using up to $NPROC threads" \
+ && _prefix="/usr/local" \
+ && _exec_prefix="$_prefix" \
+ && _localstatedir="/var" \
+ && _sysconfdir="/etc" \
+ && _sbindir="$_exec_prefix/sbin" \
+ && ./configure \
+ --prefix=${_exec_prefix}/api-gateway \
+ --sbin-path=${_sbindir}/api-gateway \
+ --conf-path=${_sysconfdir}/api-gateway/api-gateway.conf \
+ --error-log-path=${_localstatedir}/log/api-gateway/error.log \
+ --http-log-path=${_localstatedir}/log/api-gateway/access.log \
+ --pid-path=${_localstatedir}/run/api-gateway.pid \
+ --lock-path=${_localstatedir}/run/api-gateway.lock \
+ --add-module=../naxsi-${NAXSI_VERSION}/naxsi_src/ \
+ --with-pcre=../pcre-${PCRE_VERSION}/ --with-pcre-jit \
+ --with-http_ssl_module \
+ --with-http_stub_status_module \
+ --with-luajit \
+ --without-http_ssi_module \
+ --without-http_userid_module \
+ --without-http_uwsgi_module \
+ --without-http_scgi_module \
+ -j${NPROC} \
+ && make -j${NPROC} \
+ && make install \
+ && echo " ... installing api-gateway-hmac ..." \
+ && tar -xf /tmp/api-gateway/api-gateway-hmac-${HMAC_LUA_VERSION}.tar.gz -C /tmp/api-gateway/ \
+ && cd /tmp/api-gateway/api-gateway-hmac-${REQUEST_VALIDATION_VERSION} \
+ && make install \
+ LUA_LIB_DIR=${_exec_prefix}/api-gateway/lualib \
+ INSTALL=/tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION}/build/install \
+ && echo " ... installing api-gateway-request-validation ..." \
+ && tar -xf /tmp/api-gateway/api-gateway-request-validation-${REQUEST_VALIDATION_VERSION}.tar.gz -C /tmp/api-gateway/ \
+ && cd /tmp/api-gateway/api-gateway-request-validation-${REQUEST_VALIDATION_VERSION} \
+ && make install \
+ LUA_LIB_DIR=${_exec_prefix}/api-gateway/lualib \
+ INSTALL=/tmp/api-gateway/ngx_openresty-${OPENRESTY_VERSION}/build/install
+# && rm -rf /var/cache/apk/* \
+# && rm -rf /tmp/api-gateway
+
+
+COPY init.sh /etc/init-container.sh
+ONBUILD COPY init.sh /etc/init-container.sh
+
+# add the default configuration for the Gateway
+COPY api-gateway-config /etc/api-gateway
+RUN adduser -S nginx-api-gateway \
+ && addgroup -S nginx-api-gateway
+ONBUILD COPY api-gateway-config /etc/api-gateway
+
+
+CMD ["/etc/init-container.sh"]
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..09e2379
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,23 @@
+DOCKER_TAG ?= snapshot-`date +'%Y%m%d-%H%M'`
+DOCKER_REGISTRY ?= ''
+
+docker:
+ docker build -t apiplatform/apigateway .
+
+.PHONY: docker-ssh
+docker-ssh:
+ docker run -ti --entrypoint='bash' apiplatform/apigateway:latest
+
+.PHONY: docker-run
+docker-run:
+ docker run --rm --name="apigateway" -p 8080:80 -p 8001:6001 apiplatform/apigateway:latest ${DOCKER_ARGS}
+
+.PHONY: docker-attach
+docker-attach:
+ docker exec -i -t apigateway bash
+
+.PHONY: docker-stop
+docker-stop:
+ docker stop apigateway
+ docker rm apigateway
+
diff --git a/README.md b/README.md
index 30928df..4089eb4 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,103 @@
-# apigateway
-A Performant API Gateway based on Openresty and Nginx
+ apigateway
+=============
+A performant API Gateway based on Openresty and Nginx.
+
+
+### Developer guide
+
+ To build the docker image locally use:
+ ```
+ make docker
+ ```
+
+ To SSH into the newly built image use ( note that this is not the running image):
+ ```
+ make docker-ssh
+ ```
+
+#### Running and Stopping the Docker image
+ ```
+ make docker-run
+ ```
+ The main API Gateway process is exposed to port 8080. To test that the Gateway works see its `health-check`:
+ ```
+ $ curl http://192.168.59.103:8080/health-check
+ API-Platform is running!
+ ```
+ If you're up for a quick performance test, you can play with Apache Benchmark via Docker:
+
+ ```
+ docker run jordi/ab ab -k -n 200000 -c 500 http://192.168.59.103:8080/health-check
+ ```
+
+ When done stop the image:
+ ```
+ make docker-stop
+ ```
+
+### SSH into the running image
+
+```
+make docker-attach
+```
+
+#### Running the container in Mesos with Marathon
+
+Make an HTTP POST on `http://<marathon-host>/v2/apps` with the following payload.
+For optimal performance leave the `network` on `HOST` mode. To learn more about the network modes visit the Docker [documentation](https://docs.docker.com/articles/networking/#how-docker-networks-a-container).
+
+```javascript
+{
+ "id": "api-gateway",
+ "container": {
+ "type": "DOCKER",
+ "docker": {
+ "image": "apiplatform/apigateway:latest",
+ "forcePullImage": true,
+ "network": "HOST"
+ }
+ },
+ "cpus": 4,
+ "mem": 4096.0,
+ "env": {
+ "MARATHON_HOST": "http://<marathon_host>:<marathon_port>"
+ },
+ "constraints": [
+ [
+ "hostname",
+ "UNIQUE"
+ ]
+ ],
+ "acceptedResourceRoles": ["slave_public"],
+ "ports": [
+ 80
+ ],
+ "healthChecks": [
+ {
+ "protocol": "HTTP",
+ "portIndex": 0,
+ "path": "/health-check",
+ "gracePeriodSeconds": 3,
+ "intervalSeconds": 10,
+ "timeoutSeconds": 10
+ }
+ ],
+ "instances": 1
+}
+```
+
+##### Auto-discover and register Marathon tasks in the Gateway
+
+To enable auto-discovery in a Mesos with Marathon framework define the following Environment Variables:
+```
+MARATHON_URL=http://<marathon-url-1>
+MARATHON_TASKS=ws-.* ( NOT USED NOW. TBD IF THERE'S A NEED TO FILTER OUT SOME TASKS )
+```
+
+So the Docker command is now :
+```
+docker run -p 8080:80 \
+ -e "MARATHON_HOST=http://<marathon_host>:<marathon_port>" \
+ -v `pwd`/api-gateway-config:/etc/api-gateway apiplatform/api-platform-box:latest
+```
+
diff --git a/api-gateway-config/api-gateway-reload-config.sh b/api-gateway-config/api-gateway-reload-config.sh
new file mode 100755
index 0000000..1bbe01f
--- /dev/null
+++ b/api-gateway-config/api-gateway-reload-config.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# this script checks to see if there's any modification to the configuration files in the past 2 minutes
+# to automatically reload the configuration.
+
+# The script may be executed as part of a cronjob running every minute like
+# * * * * * /etc/api-gateway/api-gateway-reload-config.sh 1>&2 > /var/log/api-gateway/reload-config-cron.log
+
+LOG_DIR=/var/log/api-gateway
+LOG_FILE=$LOG_DIR/reload-config.log
+
+function do_log()
+{
+ local _MSG=$1
+ echo "[`date +'%Y-%m-%d-%H:%M:%S'`] - ${_MSG}"
+}
+
+function fatal_error()
+{
+ local _MSG=$1
+ do_log "ERROR: ${_MSG}"
+ exit 255
+}
+
+function info_log()
+{
+ local _MSG=$1
+ do_log "${_MSG}"
+}
+
+
+find /etc/api-gateway -type f -newermt '2 minutes ago' | xargs -r sh -c 'service api-gateway configtest && service api-gateway reload | tee -a $LOG_FILE'
+
+if [ $? = 0 ];
+then
+ info_log "api-gateway config check"
+else
+ fatal_error "failed to reload api-gateway. Check configs. RC=$?"
+fi
diff --git a/api-gateway-config/api-gateway.conf b/api-gateway-config/api-gateway.conf
new file mode 100644
index 0000000..0e1b17a
--- /dev/null
+++ b/api-gateway-config/api-gateway.conf
@@ -0,0 +1,44 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+user nginx-api-gateway;
+worker_processes auto;
+worker_rlimit_nofile 524288; # 100000
+
+events {
+ use epoll;
+ # the actual number of simultaneous connections cannot exceed the current limit on the maximum number of open files,
+ # which can be changed by worker_rlimit_nofile.
+ worker_connections 50000;
+ multi_accept on;
+}
+
+error_log /var/log/api-gateway/error.log warn;
+
+http {
+ default_type text/plain;
+
+ include /etc/api-gateway/environment.conf.d/api-gateway-env.http.conf;
+ # include all APIs being proxied
+ include /etc/api-gateway/conf.d/*.conf;
+ include /etc/api-gateway/generated-conf.d/*.conf;
+}
diff --git a/api-gateway-config/conf.d/api_gateway_init.conf b/api-gateway-config/conf.d/api_gateway_init.conf
new file mode 100644
index 0000000..4b92c0b
--- /dev/null
+++ b/api-gateway-config/conf.d/api_gateway_init.conf
@@ -0,0 +1,51 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+include /etc/api-gateway/naxsi_core.rules;
+
+
+server_names_hash_bucket_size 128;
+
+# Sendfile copies data between one FD and other from within the kernel.
+# More efficient than read() + write(), since the requires transferring data to and from the user space.
+sendfile on;
+
+# Tcp_nopush causes nginx to attempt to send its HTTP response head in one packet,
+# instead of using partial frames. This is useful for prepending headers before calling sendfile,
+# or for throughput optimization.
+tcp_nopush on;
+
+# Caches information about open FDs, freqently accessed files.
+open_file_cache max=200000 inactive=20s;
+open_file_cache_valid 30s;
+open_file_cache_min_uses 2;
+open_file_cache_errors on;
+
+# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
+reset_timedout_connection on;
+
+#gzip on;
+
+
+# be prepared to load any custom lua scripts from /etc/api-gateway/scripts
+lua_package_path '/etc/api-gateway/scripts/?.lua;;';
+init_worker_by_lua_file /etc/api-gateway/scripts/api_gateway_init.lua;
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/api_gateway_logging.conf b/api-gateway-config/conf.d/api_gateway_logging.conf
new file mode 100644
index 0000000..0189f87
--- /dev/null
+++ b/api-gateway-config/conf.d/api_gateway_logging.conf
@@ -0,0 +1,32 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+
+log_format platform '$remote_addr - $remote_user [$time_local] request="$request" api_key="$api_key" '
+ 'status=$status bbs=$body_bytes_sent rl=$request_length rt=$request_time hr="$http_referer" '
+ 'ua="$http_user_agent" xfwdf="$http_x_forwarded_for" '
+ 'upadd="$upstream_addr" upstat=$upstream_status uprt="$upstream_response_time" '
+ 'sid="$service_id" sname="$service_name" reqid=$requestId';
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/blacklist.conf b/api-gateway-config/conf.d/blacklist.conf
new file mode 100644
index 0000000..2af6ddd
--- /dev/null
+++ b/api-gateway-config/conf.d/blacklist.conf
@@ -0,0 +1,31 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+geo $http_x_forwarded_for $blacklist {
+default 0;
+# include here any IPs you want to blacklist
+}
+
+# use it in configuration files like the following block
+# if ( $blacklist ) {
+# return 403;
+# }
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/commons/common-headers.conf b/api-gateway-config/conf.d/commons/common-headers.conf
new file mode 100644
index 0000000..03eb963
--- /dev/null
+++ b/api-gateway-config/conf.d/commons/common-headers.conf
@@ -0,0 +1,58 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+# -------------------------
+# add X-Request-Id header
+# -------------------------
+set $requestId $http_x_request_id;
+set_secure_random_alphanum $requestId_random 32;
+set_if_empty $requestId $requestId_random;
+add_header X-Request-Id $requestId;
+proxy_set_header X-Request-Id $requestId;
+
+# -----------
+# X-Real-IP
+# -----------
+set $proxy_remote_addr $http_x_real_ip;
+set_if_empty $proxy_remote_addr $remote_addr;
+proxy_set_header X-Real-IP $proxy_remote_addr;
+
+# -----------------
+# X-Forwarded-For
+# X-Forwarded-Host
+# -----------------
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Host $host;
+
+# -----------------
+# X-Forwarded-Port
+# -----------------
+set $proxy_forwarded_port $http_x_forwarded_port;
+set_if_empty $proxy_forwarded_port $server_port;
+proxy_set_header X-Forwarded-Port $proxy_forwarded_port;
+
+# ------------------
+# X-Forwarded-Proto
+# ------------------
+set $proxy_forwarded_proto $http_x_forwarded_proto;
+set_if_empty $proxy_forwarded_proto $scheme;
+proxy_set_header X-forwarded-Proto $proxy_forwarded_proto;
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/default.conf b/api-gateway-config/conf.d/default.conf
new file mode 100644
index 0000000..45468e7
--- /dev/null
+++ b/api-gateway-config/conf.d/default.conf
@@ -0,0 +1,57 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+server {
+ listen 80 default_server;
+
+ server_tokens off;
+
+
+ # config to don't allow the browser to render the page inside an frame or iframe
+ # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
+ # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
+ # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
+ add_header X-Frame-Options SAMEORIGIN;
+
+ # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
+ # to disable content-type sniffing on some browsers.
+ # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+ # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
+ # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
+ # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
+ add_header X-Content-Type-Options nosniff;
+
+ # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
+ # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
+ # this particular website if it was disabled by the user.
+ # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+ add_header X-XSS-Protection "1; mode=block";
+
+ #turn off the uninitialized_variable_warn ,as it writes to error_log , hence io
+ uninitialized_variable_warn off;
+
+ # default locations exposed on the default VHost and port
+ include /etc/api-gateway/conf.d/includes/*.conf;
+
+ # include environment variables
+ include /etc/api-gateway/environment.conf.d/api-gateway-env-vars.server.conf;
+}
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/includes/analytics_endpoints.conf b/api-gateway-config/conf.d/includes/analytics_endpoints.conf
new file mode 100644
index 0000000..2c4ea0c
--- /dev/null
+++ b/api-gateway-config/conf.d/includes/analytics_endpoints.conf
@@ -0,0 +1,42 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+#
+# This location exposes the metrics gathered by the legacy.metrics class
+#
+location /api-gateway-stats {
+ allow 127.0.0.1;
+ deny all;
+ content_by_lua '
+ local MetricsCls = require "legacy.metrics"
+ local metrics = MetricsCls:new()
+ local json = assert( metrics:toJson(), "Could not read metrics")
+ ngx.say( json )
+ ';
+}
+
+location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+}
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/includes/api_key_service.conf b/api-gateway-config/conf.d/includes/api_key_service.conf
new file mode 100644
index 0000000..bbe7604
--- /dev/null
+++ b/api-gateway-config/conf.d/includes/api_key_service.conf
@@ -0,0 +1,112 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+# This is a sample file containing a basic API for Managing API-KEYs with Redis
+
+# sample query: curl -i http://localhost/cache/redis_query?KEYS%20*cachedkey*
+# Sample query to list all keys;
+# curl http://localhost/cache/redis_query?KEYS%20*cachedkey* | grep cachedkey | awk -F ":" '{printf "%+ 32s %+ 20s \n",$2,$3}' | sort
+location /cache/redis_query {
+ allow 127.0.0.1;
+ deny all;
+ set_unescape_uri $query $query_string;
+ redis2_raw_query '$query\r\n';
+ redis2_pass cache_rw_backend;
+}
+
+location ~ /cache/api_key/set {
+ internal;
+
+ limit_except POST OPTIONS {
+ deny all;
+ }
+
+ set $key $arg_key;
+ set $key_secret $arg_secret;
+ set $realm $arg_realm;
+ set $service_id $arg_service_id;
+ set $service_name $arg_service_name;
+ set $consumer_org_name $arg_consumer_org_name;
+ set $app_name $arg_app_name;
+ set $plan_name $arg_plan_name;
+
+ set_if_empty $key_secret '-';
+ set_if_empty $realm sandbox;
+ set_if_empty $service_id _undefined_;
+ set_if_empty $service_name _undefined_;
+ set_if_empty $consumer_org_name _undefined_;
+ set_if_empty $app_name _undefined_;
+ set_if_empty $plan_name _undefined_;
+
+
+ set $redis_cmd "HMSET cachedkey:$key:$service_id key_secret $key_secret service-id $service_id service-name $service_name realm $realm consumer-org-name $consumer_org_name app-name $app_name plan-name $plan_name";
+
+ proxy_pass http://api_gateway_redis/cache/redis_query?$redis_cmd;
+}
+
+location ~ /cache/api_key/del {
+ internal;
+
+ limit_except DELETE {
+ deny all;
+ }
+
+ set $key $arg_key;
+ set $service_id $arg_service_id;
+
+ set $redis_cmd "DEL cachedkey:$key:$service_id";
+
+ # limit_except OPTIONS
+ proxy_pass http://127.0.0.1:9191/cache/redis_query?$redis_cmd;
+}
+
+location ~ /cache/api_key/get {
+ internal;
+
+ limit_except GET OPTIONS {
+ deny all;
+ }
+
+ set $api_key $arg_key;
+ set $service_id $arg_service_id;
+
+ content_by_lua 'ngx.apiGateway.validation.validateApiKey()';
+}
+
+# pure REST API URI where POST goes to /set, GET to /get, DELETE to /del through internal redirect
+location = /cache/api_key {
+ uninitialized_variable_warn off;
+ # allow 127.0.0.1;
+ # deny all;
+
+ if ($request_method = POST) {
+ rewrite ^/cache/api_key(.*)$ /cache/api_key/set$1 last;
+ }
+
+ if ($request_method = DELETE) {
+ rewrite ^/cache/api_key(.*)$ /cache/api_key/del$1 last;
+ }
+
+ if ($request_method ~* ^(GET|OPTIONS)$ ) {
+ rewrite ^/cache/api_key(.*)$ /cache/api_key/get$1 last;
+ }
+}
diff --git a/api-gateway-config/conf.d/includes/basic_endpoints.conf b/api-gateway-config/conf.d/includes/basic_endpoints.conf
new file mode 100644
index 0000000..9356865
--- /dev/null
+++ b/api-gateway-config/conf.d/includes/basic_endpoints.conf
@@ -0,0 +1,61 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+location / {
+ LearningMode; #learning mode enabled, will not block requests, used for generating whitelists
+ SecRulesEnabled;
+ DeniedUrl "/RequestDenied";
+
+
+ CheckRule "$SQL >= 8" BLOCK;
+ CheckRule "$RFI >= 8" BLOCK;
+ CheckRule "$XSS >= 8" BLOCK;
+ CheckRule "$TRAVERSAL >= 8" BLOCK;
+ CheckRule "$EVADE >= 8" BLOCK;
+ root /etc/api-gateway/html;
+ index index.html index.htm;
+}
+
+
+location /health-check {
+ access_log off;
+ content_by_lua '
+ ngx.say("API-Platform is running!")
+ if jit then
+ ngx.say("LuaJIT-" .. jit.version);
+ else
+ ngx.say("LuaJIT is not enabled");
+ end
+ ';
+}
+
+
+
+location /RequestDenied {
+ return 500;
+}
+error_page 500 501 502 503 504 /50x.html;
+
+location /50x.html {
+ more_set_headers 'Content-Type: application/json';
+ return 500 '{"code":$status, "message":"Oops. Something went wrong. Check your URI and try again."}\n';
+}
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/includes/default_validators.conf b/api-gateway-config/conf.d/includes/default_validators.conf
new file mode 100644
index 0000000..ff01054
--- /dev/null
+++ b/api-gateway-config/conf.d/includes/default_validators.conf
@@ -0,0 +1,108 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+# the following variable are set by request_validator.lua
+set $validate_request_status 'na';
+set $validate_request_response_body 'na';
+set $validate_request_response_time -1;
+# where to redirect to send an error response
+set $validation_error_page '@handle_gateway_validation_error';
+
+# the next vars are automatically set from the api_key values
+# here they are initialized just so that they can be set later on by api_key_validator.lua
+set $publisher_org_name TBD;
+set $realm TBD;
+# service_id should be set by each individual service
+# set $service_id TBD;
+set $key_secret TBD;
+set $service_name TBD;
+set $consumer_org_name TBD;
+set $app_name TBD;
+set $plan_name TBD;
+set $service_env 'sandbox';
+
+#
+# default request validation impl
+#
+location /validate-request {
+ internal;
+ content_by_lua 'ngx.apiGateway.validation.defaultValidateRequestImpl()';
+}
+
+#
+# default api-key validator impl
+#
+location /validate_api_key {
+ internal;
+ content_by_lua 'ngx.apiGateway.validation.validateApiKey()';
+}
+
+location /validate_hmac_signature {
+ internal;
+ content_by_lua 'ngx.apiGateway.validation.validateHmacSignature()';
+}
+
+#
+# default OAuth Token validator impl along with the nginx variables it sets
+#
+set $oauth_token_scope '';
+set $oauth_token_client_id '';
+set $oauth_token_user_id '';
+location /validate_oauth_token {
+ internal;
+ content_by_lua 'ngx.apiGateway.validation.validateOAuthToken()';
+}
+
+#
+# default user Profile validator impl along with the nginx variables it sets
+#
+set $user_email '';
+set $user_country_code '';
+set $user_region '';
+set $user_name '';
+location /validate_user_profile {
+ internal;
+ content_by_lua 'ngx.apiGateway.validation.validateUserProfile()';
+}
+
+#
+# default validator for service plans that looks for Blocking rules to see if they match the requst
+#
+location /validate_service_plan {
+ internal;
+ content_by_lua 'ngx.apiGateway.tracking.validateServicePlan()';
+}
+
+# Error handler for validation errors
+# NOTE: this endpoint assumes that $validate_request_status and $validate_request_response_body is set before
+location @handle_gateway_validation_error {
+ internal;
+ content_by_lua '
+ local ErrorDecorator = require "api-gateway.validation.validatorsHandlerErrorDecorator"
+ local decorator = ErrorDecorator:new()
+ decorator:setUserDefinedResponsesFromJson(ngx.var.validator_custom_error_responses)
+ decorator:decorateResponse(ngx.var.validate_request_status, ngx.var.validate_request_response_body)
+ ';
+
+ # Capture the metrics for invalid api requests
+ # log_by_lua_file /path/to/log_metrics.lua;
+}
\ No newline at end of file
diff --git a/api-gateway-config/conf.d/includes/protected_locations.conf b/api-gateway-config/conf.d/includes/protected_locations.conf
new file mode 100644
index 0000000..3e23be3
--- /dev/null
+++ b/api-gateway-config/conf.d/includes/protected_locations.conf
@@ -0,0 +1,46 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+location /protected-with-api-key {
+ set $api_key $http_x_api_key;
+ set_if_empty $api_key $arg_api_key;
+
+ # ----------------------------------
+ # add X-Request-Id header
+ # ----------------------------------
+ set $requestId $http_x_request_id;
+ set_secure_random_alphanum $requestId_random 32;
+ set_if_empty $requestId $requestId_random;
+ # add_header X-Request-Id $requestId;
+ proxy_set_header X-Request-Id $requestId;
+
+ # TBD
+}
+
+location /protected-with-oauth-token {
+ # TBD
+}
+
+location /protected-with-api-key-and-token {
+ # TBD
+}
+
diff --git a/api-gateway-config/conf.d/includes/resolvers.conf b/api-gateway-config/conf.d/includes/resolvers.conf
new file mode 100644
index 0000000..8f010d7
--- /dev/null
+++ b/api-gateway-config/conf.d/includes/resolvers.conf
@@ -0,0 +1 @@
+resolver 10.0.2.3;
diff --git a/api-gateway-config/conf.d/marathon_apis.conf b/api-gateway-config/conf.d/marathon_apis.conf
new file mode 100644
index 0000000..44aef0f
--- /dev/null
+++ b/api-gateway-config/conf.d/marathon_apis.conf
@@ -0,0 +1,96 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+
+#
+# NOTE: THIS CONFIG FILE ASSUMES ALL HOST NAMES ARE IN FORMAT <app_name>.api.any.domain
+#
+
+#import the list of upstreams
+include /etc/api-gateway/environment.conf.d/api-gateway-upstreams.http.conf;
+
+server {
+ server_name ~hello-world.api.(?<domain>.+);
+}
+
+server {
+ listen 80;
+# listen 8080;
+
+ # listenes on <app_name>.api.any.domain with the assumption that the app_name has been defined in marathon. TBD what to do when the app is not found
+ server_name ~^(?<app_name>.[^\.]+)\.api\.(?<domain>.+);
+
+ server_tokens off;
+
+ #turn off the uninitialized_variable_warn ,as it writes to error_log , hence io
+ uninitialized_variable_warn off;
+
+ # block ips of embargoed countries
+ if ( $blacklist ) {
+ return 403;
+ }
+
+ include /etc/api-gateway/conf.d/commons/common-headers.conf;
+ include /etc/api-gateway/conf.d/includes/resolvers.conf;
+
+ # Log locations with service name
+ access_log /var/log/api-gateway/access.log platform;
+ error_log /var/log/api-gateway/marathon_error.log debug;
+
+ # include environment variables
+ include /etc/api-gateway/environment.conf.d/api-gateway-env-vars.server.conf;
+
+ error_page 500 501 502 503 504 /50x.html;
+
+ location /50x.html {
+ more_set_headers 'Content-Type: application/json';
+ more_set_headers 'X-Request-Id: $requestId';
+ return 500 '{"code":$status, "message":"Oops. Something went wrong. Check your URI and try again."}\n';
+ }
+
+ location / {
+ # ----------------------------------
+ # add X-Request-Id header
+ # ----------------------------------
+ set $requestId $http_x_request_id;
+ set_secure_random_alphanum $requestId_random 32;
+ set_if_empty $requestId $requestId_random;
+ # add_header X-Request-Id $requestId;
+ proxy_set_header X-Request-Id $requestId;
+
+ proxy_connect_timeout 10s; # timeout for establishing a connection with a proxied server
+
+ proxy_read_timeout 10s; # Defines a timeout for reading a response from the proxied server.
+ # The timeout is set only between two successive read operations,
+ # not for the transmission of the whole response.
+
+ proxy_send_timeout 10s; # Sets a timeout for transmitting a request to the proxied server.
+ # The timeout is set only between two successive write operations,
+ # not for the transmission of the whole request.
+ keepalive_timeout 10s; # timeout during which a keep-alive client connection will stay open on the server side
+ proxy_buffering off; # enables or disables buffering of responses from the proxied server.
+ proxy_http_version 1.1; # Version 1.1 is recommended for use with keepalive connections.
+ proxy_set_header Connection "";
+
+ proxy_pass http://$app_name$request_uri;
+ }
+}
\ No newline at end of file
diff --git a/api-gateway-config/environment.conf.d/api-gateway-env-vars.server.conf b/api-gateway-config/environment.conf.d/api-gateway-env-vars.server.conf
new file mode 100644
index 0000000..aa250b6
--- /dev/null
+++ b/api-gateway-config/environment.conf.d/api-gateway-env-vars.server.conf
@@ -0,0 +1,29 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+
+# NOTE: TO BE INCLUDED FOR EACH VHOST
+# Use this file to overwrite any nginx variables based on the environment
+
+set $cache_ro_backend 127.0.0.1;
+set $redis_backend 127.0.0.1;
+set $redis_backend_rw 127.0.0.1;
\ No newline at end of file
diff --git a/api-gateway-config/environment.conf.d/api-gateway-env.http.conf b/api-gateway-config/environment.conf.d/api-gateway-env.http.conf
new file mode 100644
index 0000000..11f7c8e
--- /dev/null
+++ b/api-gateway-config/environment.conf.d/api-gateway-env.http.conf
@@ -0,0 +1,31 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+
+# TO BE INCLUDED ON HTTP BLOCK
+
+upstream cache_rw_backend {
+ server 127.0.0.1:6379;
+}
+upstream cache_read_only_backend { # Default config for redis health check test
+ server 127.0.0.1:6379;
+}
\ No newline at end of file
diff --git a/api-gateway-config/environment.conf.d/api-gateway-upstreams.http.conf b/api-gateway-config/environment.conf.d/api-gateway-upstreams.http.conf
new file mode 100644
index 0000000..700da13
--- /dev/null
+++ b/api-gateway-config/environment.conf.d/api-gateway-upstreams.http.conf
@@ -0,0 +1 @@
+# placeholder - this file is automatically created by marathon-service-discovery.sh
\ No newline at end of file
diff --git a/api-gateway-config/html/index.html b/api-gateway-config/html/index.html
new file mode 100644
index 0000000..91dc178
--- /dev/null
+++ b/api-gateway-config/html/index.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<!--
+ ~ Copyright (c) 2015 Adobe Systems Incorporated. All rights reserved.
+ ~
+ ~ Permission is hereby granted, free of charge, to any person obtaining a
+ ~ copy of this software and associated documentation files (the "Software"),
+ ~ to deal in the Software without restriction, including without limitation
+ ~ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ ~ and/or sell copies of the Software, and to permit persons to whom the
+ ~ Software is furnished to do so, subject to the following conditions:
+ ~
+ ~ The above copyright notice and this permission notice shall be included in
+ ~ all copies or substantial portions of the Software.
+ ~
+ ~ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ ~ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ ~ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ ~ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ ~ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ ~ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ ~ DEALINGS IN THE SOFTWARE.
+ -->
+
+<html>
+<head>
+<title>Welcome to API Gateway ! An Nginx and Openresty based gateway.</title>
+<style>
+ body {
+ width: 35em;
+ margin: 0 auto;
+ font-family: Tahoma, Verdana, Arial, sans-serif;
+ }
+</style>
+</head>
+<body>
+<h1>Welcome to API Gateway ! </h1>
+<h3>An Nginx and Openresty based API Gateway.</h3>
+<p>If you see this page, the API Gateway is successfully installed and
+working. Further configuration may be required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>,
+ <a href="http://openresty.org/">openresty.org</a>,
+ <a href="https://github.com/nbs-system/naxsi/wiki">Naxsi</a>.<br/>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/api-gateway-config/marathon-service-discovery.sh b/api-gateway-config/marathon-service-discovery.sh
new file mode 100755
index 0000000..3985e21
--- /dev/null
+++ b/api-gateway-config/marathon-service-discovery.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+#
+# Overview:
+# It reads the list of tasks from Marathon and it dynamically generates the Nginx configuration with the upstreams.
+#
+# In order to gather the information the script needs to know where to find Marathon
+# so it looks for the $MARATHON_HOST environment variable.
+#
+
+TMP_FILE=/tmp/api-gateway-upstreams.http.conf
+UPSTREAM_FILE=/etc/api-gateway/environment.conf.d/api-gateway-upstreams.http.conf
+marathon_host=$(echo $MARATHON_HOST)
+
+function do_log() {
+ local _MSG=$1
+ echo "`date +'%Y/%m/%d %H:%M:%S'` - marathon-service-discovery: ${_MSG}"
+}
+
+function fatal_error() {
+ local _MSG=$1
+ do_log "ERROR: ${_MSG}"
+ exit 255
+}
+
+function info_log() {
+ local _MSG=$1
+ do_log "${_MSG}"
+}
+
+# 1. create the new upstream config
+# NOTE: for the moment when tasks expose multiple ports, only the first one is exposed through nginx
+curl -s ${marathon_host}/v2/tasks -H "Accept:text/plain" | awk 'NF>2' | grep -v :0 | awk '!seen[$1]++' | awk ' {s=""; for (f=3; f<=NF; f++) s = s "\n server " $f " fail_timeout=10s;" ; print "upstream " $1 " {" s "\n keepalive 16;\n}" }' > $TMP_FILE
+# 2. diff with an existing one
+cmp -b $TMP_FILE $UPSTREAM_FILE || (info_log "discovered a change..." && cp $TMP_FILE $UPSTREAM_FILE && info_log "reloading gateway ..." && service api-gateway configtest && service api-gateway reload)
\ No newline at end of file
diff --git a/api-gateway-config/naxsi_core.rules b/api-gateway-config/naxsi_core.rules
new file mode 100644
index 0000000..ba2309e
--- /dev/null
+++ b/api-gateway-config/naxsi_core.rules
@@ -0,0 +1,106 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+
+##################################
+## INTERNAL RULES IDS:1-999 ##
+##################################
+#@MainRule "msg:weird request, unable to parse" id:1;
+#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
+#@MainRule "msg:invalid hex encoding, null bytes" id:10;
+#@MainRule "msg:unknown content-type" id:11;
+#@MainRule "msg:invalid formatted url" id:12;
+#@MainRule "msg:invalid POST format" id:13;
+#@MainRule "msg:invalid POST boundary" id:14;
+
+##################################
+## SQL Injections IDs:1000-1099 ##
+##################################
+MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
+MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
+MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
+## Hardcore rules
+MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
+MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
+MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
+MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
+## end of hardcore rules
+MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
+MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
+MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
+MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
+MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
+MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
+MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
+MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
+
+###############################
+## OBVIOUS RFI IDs:1100-1199 ##
+###############################
+MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
+MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
+MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
+MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
+MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
+MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
+MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
+MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
+MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
+MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
+
+#######################################
+## Directory traversal IDs:1200-1299 ##
+#######################################
+MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
+MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
+MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
+MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
+MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
+#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
+
+########################################
+## Cross Site Scripting IDs:1300-1399 ##
+########################################
+MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
+MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
+MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
+MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
+MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
+MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
+MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+
+####################################
+## Evading tricks IDs: 1400-1500 ##
+####################################
+MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
+MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
+MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
+
+#############################
+## File uploads: 1500-1600 ##
+#############################
+MainRule "rx:.ph|.asp|.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
+
+################################
+## Known Attacks: Various IDs ##
+################################
+MainRule "str:() {" "msg:Possible Remote code execution through Bash CVE-2014-6271" "mz:BODY|HEADERS" "s:$ATTACK:8" id:42000393 ;
\ No newline at end of file
diff --git a/api-gateway-config/scripts/api_gateway_init.lua b/api-gateway-config/scripts/api_gateway_init.lua
new file mode 100644
index 0000000..b511058
--- /dev/null
+++ b/api-gateway-config/scripts/api_gateway_init.lua
@@ -0,0 +1,56 @@
+-- Copyright (c) 2015 Adobe Systems Incorporated. All rights reserved.
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the "Software"),
+-- to deal in the Software without restriction, including without limitation
+-- the rights to use, copy, modify, merge, publish, distribute, sublicense,
+-- and/or sell copies of the Software, and to permit persons to whom the
+-- Software is furnished to do so, subject to the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included in
+-- all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+-- FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+-- DEALINGS IN THE SOFTWARE.
+
+-- An initialization script on a per worker basis.
+-- User: ddascal
+-- Date: 07/12/14
+-- Time: 16:44
+--
+
+local _M = {}
+
+
+--- Loads a lua gracefully. If the module doesn't exist the exception is caught, logged and the execution continues
+-- @param module path to the module to be loaded
+--
+local function loadrequire(module)
+ ngx.log(ngx.DEBUG, "Loading module [" .. tostring(module) .. "]")
+ local function requiref(module)
+ require(module)
+ end
+
+ local res = pcall(requiref, module)
+ if not (res) then
+ ngx.log(ngx.WARN, "Could not load module [", module, "].")
+ return nil
+ end
+ return require(module)
+end
+
+local function initValidationFactory(parentObject)
+ parentObject.validation = require "api-gateway.validation.factory"
+end
+
+initValidationFactory(_M)
+-- TODO: test health-check with the new version of Openresty
+-- initRedisHealthCheck()
+
+ngx.apiGateway = _M
+
diff --git a/api-gateway-config/tests/test_initialization.t b/api-gateway-config/tests/test_initialization.t
new file mode 100644
index 0000000..f24985e
--- /dev/null
+++ b/api-gateway-config/tests/test_initialization.t
@@ -0,0 +1,105 @@
+#/*
+# * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved.
+# *
+# * Permission is hereby granted, free of charge, to any person obtaining a
+# * copy of this software and associated documentation files (the "Software"),
+# * to deal in the Software without restriction, including without limitation
+# * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# * and/or sell copies of the Software, and to permit persons to whom the
+# * Software is furnished to do so, subject to the following conditions:
+# *
+# * The above copyright notice and this permission notice shall be included in
+# * all copies or substantial portions of the Software.
+# *
+# * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# * DEALINGS IN THE SOFTWARE.
+# *
+# */
+# vim:set ft= ts=4 sw=4 et fdm=marker:
+use lib 'lib';
+use Test::Nginx::Socket::Lua;
+use Cwd qw(cwd);
+
+#worker_connections(1014);
+#master_process_enabled(1);
+#log_level('warn');
+
+repeat_each(2);
+
+plan tests => repeat_each() * (blocks() * 3);
+
+my $pwd = cwd();
+
+our $HttpConfig = <<_EOC_;
+ # lua_package_path "$pwd/lib/?.lua;;";
+# init_by_lua '
+# local v = require "jit.v"
+# v.on("$Test::Nginx::Util::ErrLogFile")
+# require "resty.core"
+# ';
+ include /etc/api-gateway/conf.d/*.conf;
+_EOC_
+
+#no_diff();
+no_long_string();
+run_tests();
+
+__DATA__
+
+=== TEST 1: check that JIT is enabled
+--- http_config eval: $::HttpConfig
+--- config
+ location /jitcheck {
+ content_by_lua '
+ if jit then
+ ngx.say(jit.version);
+ else
+ ngx.say("JIT Not Enabled");
+ end
+ ';
+ }
+--- request
+GET /jitcheck
+--- response_body_like eval
+["LuaJIT 2.1.0-alpha"]
+--- no_error_log
+[error]
+
+=== TEST 2: check health-check page
+--- http_config eval: $::HttpConfig
+--- config
+ location /health-check {
+ access_log off;
+ # MIME type determined by default_type:
+ default_type 'text/plain';
+
+ content_by_lua "ngx.say('API-Platform is running!')";
+ }
+--- request
+GET /health-check
+--- response_body_like eval
+["API-Platform in running!"]
+--- no_error_log
+[error]
+
+=== TEST 3: check nginx_status is enabled
+--- http_config eval: $::HttpConfig
+--- config
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+--- request
+GET /nginx_status
+--- response_body_like eval
+["Active connections: 1"]
+--- no_error_log
+[error]
+
diff --git a/init.sh b/init.sh
new file mode 100755
index 0000000..a58fb51
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+echo "Starting api-gateway"
+/usr/local/sbin/api-gateway -V
+echo "------"
+
+echo resolver $(awk 'BEGIN{ORS=" "} /nameserver/{print $2}' /etc/resolv.conf | sed "s/ $/;/g") > /etc/api-gateway/conf.d/includes/resolvers.conf
+echo " ... with dns $(cat /etc/api-gateway/conf.d/includes/resolvers.conf)"
+
+api-gateway -p /usr/local/api-gateway/ -c /etc/api-gateway/api-gateway.conf -g "daemon off; error_log /dev/stderr info;"
