因为APISIX常用的存储数据的方式是使用ETCD, 所以首先需要一个ETCD服务
因为我的环境上已经存在了一个ETCD服务, 它可以直接docker运行, 别的APISIX服务和Dashboard可以直接使用docker-compose编排
使用下面命令创建一个docker网络
docker network create cy --driver bridge
编写ETCD的docker启动脚本 run.sh
注意我这里用的是zsh
#!/usr/bin/env zsh
#2379进行http通信
#2380与etcd其他节点进行通信
# ETCD_ADVERTISE_CLIENT_URLS 广播给集群中其他成员自己的客户端地址列表
# ETCD_LISTEN_CLIENT_URLS 该节点与客户端通信时监听的地址列表
docker run -d --name etcd \\
-p 2379:2379 \\
-p 2380:2380 \\
--network cy \\
--env ETCD_ENABLE_V2=true \\
--env ALLOW_NONE_AUTHENTICATION=yes \\
--env ETCD_ADVERTISE_CLIENT_URLS=http://0.0.0.0:2379 \\
--env ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 \\
bitnami/etcd:latest
使用 chmod +x run.sh
增加运行权限
使用 ./run.sh
启动ETCD服务
注意编辑完成之后要修改权限 chmod 666 config.yaml
不然在外面修改之后docker内部不会同步
apisix:
# apisix监听的端口, 注意apisix不支持动态监听, 所以修改之后需要apisix reload刷新配置
node_listen:
- port: 9080
#enable_http2: true
- port: 9443
#enable_http2: true # APISIX listening port
enable_ipv6: false
# 配置哪些ip可以管理apisix
allow_admin: # <http://nginx.org/en/docs/http/ngx_http_access_module.html#allow>
- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
# apisix的用户列表, 以及密码和角色
admin_key:
- name: "admin"
key: admin
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
- name: "viewer"
key: viewer
role: viewer
enable_control: true
control:
ip: "0.0.0.0"
port: 9092
# 因为都在同一个docker网络中, 所以直接使用name就可以访问etcd
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "<http://etcd:2379>" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
# 配置插件属性, prometheus是一个流量监控插件
plugin_attr:
prometheus:
export_addr:
ip: "0.0.0.0"
port: 9091
# 因为有部署静态文件的需求, 所以需要在nginx.conf中额外增加配置片段
# 注意这里面listen的端口和server_name不要与node_listen冲突
nginx_config:
http_configuration_snippet: |
server {
listen 8001;
server_name _;
location /app {
alias /usr/local/apisix/static;
try_files $uri $uri/ /index.html?$query_string;
index index.html;
}
}
在config.yaml的同级目录下新建文件dashboard_conf.yaml
需要注意的就是对外提供的端口, 以及etcd的url, 还有访问用户的用户名和密码
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
allow_list: # If we don't set any IP list, then any IP access is allowed by default.
- 0.0.0.0/0
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- "<http://etcd:2379>"
# yamllint disable rule:comments-indentation
# etcd basic auth info
# username: "root" # ignore etcd username if not enable etcd auth
# password: "123456" # ignore etcd password if not enable etcd auth
mtls:
key_file: "" # Path of your self-signed client side key
cert_file: "" # Path of your self-signed client side cert
ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
# prefix: /apisix # apisix config's prefix in etcd, /apisix by default
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
access_log:
file_path:
logs/access.log # supports relative path, absolute path, standard output
# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start, it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users: # yamllint enable rule:comments-indentation
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
plugins: # plugin list (sorted in alphabetical order)
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
# - dubbo-proxy
- echo
# - error-log-logger
# - example-plugin
- fault-injection
- grpc-transcode
- hmac-auth
- http-logger
- ip-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
# - log-rotate
# - node-status
- openid-connect
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
# - skywalking
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- server-info
- traffic-split
在config.yaml的同级目录下新建文件docker-compose.yml