apisix下自定义 Nginx 配置

2023-12-13 15:40:02


APISIX 会通过 apisix/cli/ngx_tpl.lua 这个模板和 conf/config-default.yaml 加 conf/config.yaml 的配置生成 Nginx 配置文件。
在执行完 ./bin/apisix start,你可以在 conf/nginx.conf 看到生成的 Nginx 配置文件。
在自定义 Nginx 配置文件之前,烦请仔细阅读 conf/config-default.yaml。你可以在 conf/config.yaml 里面覆盖掉默认值。举个例子,你可以通过 xxx_snippet 之类的配置,在 conf/nginx.conf 里面注入你的自定义配置:
注意nginx_config及其子项的格式缩进,在执行./bin/apisix start时,错误的缩进将导致更新conf/nginx.conf文件失败。

在apisix配置文件/conf/config.yaml中添加nginx配置。

以下是config-default.yaml中的nginx默认配置,可以添加到config.yaml中:

nginx_config:                     # Config for render the template to generate nginx.conf
  # user: root                    # Set the execution user of the worker process. This is only
                                  # effective if the master process runs with super-user privileges.
  error_log: logs/error.log       # Location of the error log.
  error_log_level:  warn          # Logging level: info, debug, notice, warn, error, crit, alert, or emerg.
  worker_processes: auto          # Automatically determine the optimal number of worker processes based
                                  # on the available system resources.
                                  # If you want use multiple cores in container, you can inject the number of
                                  # CPU cores as environment variable "APISIX_WORKER_PROCESSES".
  enable_cpu_affinity: false      # Disable CPU affinity by default as worker_cpu_affinity affects the
                                  # behavior of APISIX in containers. For example, multiple instances could
                                  # be bound to one CPU core, which is not desirable.
                                  # If APISIX is deployed on a physical machine, CPU affinity can be enabled.
  worker_rlimit_nofile: 20480     # The number of files a worker process can open.
                                  # The value should be larger than worker_connections.
  worker_shutdown_timeout: 240s   # Timeout for a graceful shutdown of worker processes.

  max_pending_timers: 16384       # The maximum number of pending timers that can be active at any given time.
                                  # Error "too many pending timers" indicates the threshold is reached.
  max_running_timers: 4096        # The maximum number of running timers that can be active at any given time.
                                  # Error "lua_max_running_timers are not enough" error indicates the
                                  # threshold is reached.

  event:
    worker_connections: 10620

  # envs:                         # Get environment variables.
  #  - TEST_ENV

  meta:
    lua_shared_dict:              # Nginx Lua shared memory zone. Size units are m or k.
      prometheus-metrics: 15m

  stream:
    enable_access_log: false                 # Enable stream proxy access logging.
    access_log: logs/access_stream.log       # Location of the stream access log.
    access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html
    access_log_format_escape: default        # Escape default or json characters in variables.
    lua_shared_dict:                         # Nginx Lua shared memory zone. Size units are m or k.
      etcd-cluster-health-check-stream: 10m
      lrucache-lock-stream: 10m
      plugin-limit-conn-stream: 10m
      worker-events-stream: 10m
      tars-stream: 1m

  # Add other custom Nginx configurations.
  # Users are responsible for validating the custom configurations
  # to ensure they are not in conflict with APISIX configurations.
  main_configuration_snippet: |
    # Add custom Nginx main configuration to nginx.conf.
    # The configuration should be well indented!
  http_configuration_snippet: |
    # Add custom Nginx http configuration to nginx.conf.
    # The configuration should be well indented!
  http_server_configuration_snippet: |
    # Add custom Nginx http server configuration to nginx.conf.
    # The configuration should be well indented!
  http_server_location_configuration_snippet: |
    # Add custom Nginx http server location configuration to nginx.conf.
    # The configuration should be well indented!
  http_admin_configuration_snippet: |
    # Add custom Nginx admin server configuration to nginx.conf.
    # The configuration should be well indented!
  http_end_configuration_snippet: |
    # Add custom Nginx http end configuration to nginx.conf.
    # The configuration should be well indented!
  stream_configuration_snippet: |
    # Add custom Nginx stream configuration to nginx.conf.
    # The configuration should be well indented!

  http:
    enable_access_log: true             # Enable HTTP proxy access logging.
    access_log: logs/access.log         # Location of the access log.
    access_log_buffer: 16384            # buffer size of access log.
    access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
    # Customize log format: http://nginx.org/en/docs/varindex.html
    access_log_format_escape: default   # Escape default or json characters in variables.
    keepalive_timeout: 60s              # Set the maximum time for which TCP connection keeps alive.
    client_header_timeout: 60s          # Set the maximum time waiting for client to send the entire HTTP
                                        # request header before closing the connection.
    client_body_timeout: 60s            # Set the maximum time waiting for client to send the request body.
    client_max_body_size: 0             # Set the maximum allowed size of the client request body.
                                        # Default to 0, unlimited.
                                        # Unlike Nginx, APISIX does not limit the body size by default.
                                        # If exceeded, the 413 (Request Entity Too Large) error is returned.
    send_timeout: 10s   # Set the maximum time for transmitting a response to the client before closing.
    underscores_in_headers: "on"  # Allow HTTP request headers to contain underscores in their names.
    real_ip_header: X-Real-IP     # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
    real_ip_recursive: "off" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
    real_ip_from:            # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
      - 127.0.0.1
      - "unix:"

    # custom_lua_shared_dict:     # Custom Nginx Lua shared memory zone for nginx.conf. Size units are m or k.
    #  ipc_shared_dict: 100m      # Custom shared cache, format: `cache-key: cache-size`

    proxy_ssl_server_name: true   # Send the server name in the SNI extension when establishing an SSL/TLS
                                  # connection with the upstream server, allowing the upstream server to
                                  # select the appropriate SSL/TLS certificate and configuration based on
                                  # the requested server name.

    upstream:
      keepalive: 320              # Set the maximum time of keep-alive connections to the upstream servers.
                                  # When the value is exceeded, the least recently used connection is closed.
      keepalive_requests: 1000    # Set the maximum number of requests that can be served through one
                                  # keep-alive connection.
                                  # After the maximum number of requests is made, the connection is closed.
      keepalive_timeout: 60s      # Set the maximum time for which TCP connection keeps alive.
    charset: utf-8                # Add the charset to the "Content-Type" response header field.
                                  # See http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
    variables_hash_max_size: 2048 # Set the maximum size of the variables hash table.

    lua_shared_dict:              # Nginx Lua shared memory zone. Size units are m or k.
      internal-status: 10m
      plugin-limit-req: 10m
      plugin-limit-count: 10m
      prometheus-metrics: 10m
      plugin-limit-conn: 10m
      upstream-healthcheck: 10m
      worker-events: 10m
      lrucache-lock: 10m
      balancer-ewma: 10m
      balancer-ewma-locks: 10m
      balancer-ewma-last-touched-at: 10m
      plugin-limit-count-redis-cluster-slot-lock: 1m
      tracing_buffer: 10m
      plugin-api-breaker: 10m
      etcd-cluster-health-check: 10m
      discovery: 1m
      jwks: 1m
      introspection: 10m
      access-tokens: 1m
      ext-plugin: 1m
      tars: 1m
      cas-auth: 10m

生成的nginx.conf配置文件如下:

# Configuration File - Nginx Server Configs
# This is a read-only file, do not try to modify it.
master_process on;

worker_processes auto;

# main configuration snippet starts

# main configuration snippet ends

error_log logs/error.log warn;
pid logs/nginx.pid;

worker_rlimit_nofile 20480;

events {
    accept_mutex off;
    worker_connections 10620;
}

worker_rlimit_core  16G;

worker_shutdown_timeout 240s;

env APISIX_PROFILE;
env PATH; # for searching external plugin runner's binary

# reserved environment variables for configuration
env APISIX_DEPLOYMENT_ETCD_HOST;


thread_pool grpc-client-nginx-module threads=1;

lua {
}




http {
    # put extra_lua_path in front of the builtin path
    # so user can override the source code
    lua_package_path  "$prefix/deps/share/lua/5.1/?.lua;$prefix/deps/share/lua/5.1/?/init.lua;/usr/local/apisix/?.lua;/usr/local/apisix/?/init.lua;;/usr/local/apisix/?.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua;;";
    lua_package_cpath "$prefix/deps/lib64/lua/5.1/?.so;$prefix/deps/lib/lua/5.1/?.so;;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;";

    lua_max_pending_timers 16384;
    lua_max_running_timers 4096;

    lua_shared_dict internal-status 10m;
    lua_shared_dict upstream-healthcheck 10m;
    lua_shared_dict worker-events 10m;
    lua_shared_dict lrucache-lock 10m;
    lua_shared_dict balancer-ewma 10m;
    lua_shared_dict balancer-ewma-locks 10m;
    lua_shared_dict balancer-ewma-last-touched-at 10m;
    lua_shared_dict etcd-cluster-health-check 10m; # etcd health check

    # for discovery shared dict


    lua_shared_dict plugin-limit-conn 10m;

    lua_shared_dict plugin-limit-req 10m;

    lua_shared_dict plugin-limit-count 10m;
    lua_shared_dict plugin-limit-count-redis-cluster-slot-lock 1m;
    lua_shared_dict plugin-limit-count-reset-header 10m;

    lua_shared_dict prometheus-metrics 10m;


    lua_shared_dict plugin-api-breaker 10m;

    # for openid-connect and authz-keycloak plugin
    lua_shared_dict discovery 1m; # cache for discovery metadata documents

    # for openid-connect plugin
    lua_shared_dict jwks 1m; # cache for JWKs
    lua_shared_dict introspection 10m; # cache for JWT verification results

    lua_shared_dict cas_sessions 10m;

    # for authz-keycloak
    lua_shared_dict access-tokens 1m; # cache for service account access tokens

    lua_shared_dict ext-plugin 1m; # cache for ext-plugin


    # for custom shared dict


    lua_ssl_verify_depth 5;
    ssl_session_timeout 86400;

    underscores_in_headers on;

    lua_socket_log_errors off;

    resolver 127.0.0.11 ipv6=off;
    resolver_timeout 5;

    lua_http10_buffering off;

    lua_regex_match_limit 100000;
    lua_regex_cache_max_entries 8192;

    log_format main escape=default '$remote_addr - $remote_user [$time_local] $http_host "$request" $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time "$upstream_scheme://$upstream_host$upstream_uri"';
    uninitialized_variable_warn off;

    access_log logs/apisix-access.log main buffer=16384 flush=3;
    open_file_cache  max=1000 inactive=60;
    client_max_body_size 0;
    keepalive_timeout 60s;
    client_header_timeout 60s;
    client_body_timeout 60s;
    send_timeout 10s;
    variables_hash_max_size 2048;

    server_tokens off;

    include mime.types;
    charset utf-8;

    real_ip_header X-Real-IP;

    real_ip_recursive off;

    set_real_ip_from 127.0.0.1;
    set_real_ip_from unix:;


    # http configuration snippet starts
    
    # http configuration snippet ends

    upstream apisix_backend {
        server 0.0.0.1;

        keepalive 320;
        keepalive_requests 1000;
        keepalive_timeout 60s;
        # we put the static configuration above so that we can override it in the Lua code

        balancer_by_lua_block {
            apisix.http_balancer_phase()
        }
    }


    apisix_delay_client_max_body_check on;
    apisix_mirror_on_demand on;


    init_by_lua_block {
        require "resty.core"
        apisix = require("apisix")

        local dns_resolver = { "127.0.0.11", }
        local args = {
            dns_resolver = dns_resolver,
        }
        apisix.http_init(args)

        -- set apisix_lua_home into constans module
        -- it may be used by plugins to determine the work path of apisix
        local constants = require("apisix.constants")
        constants.apisix_lua_home = "/usr/local/apisix"
    }

    init_worker_by_lua_block {
        apisix.http_init_worker()
    }

    exit_worker_by_lua_block {
        apisix.http_exit_worker()
    }

    server {
        listen 0.0.0.0:9092;

        access_log off;

        location / {
            content_by_lua_block {
                apisix.http_control()
            }
        }
    }

    server {
            listen 127.0.0.1:9091 enable_process=privileged_agent;

        access_log off;

        location / {
            content_by_lua_block {
                local prometheus = require("apisix.plugins.prometheus.exporter")
                prometheus.export_metrics()
            }
        }

        location = /apisix/nginx_status {
            allow 127.0.0.0/24;
            deny all;
            stub_status;
        }
    }

    server {
        listen 0.0.0.0:9180;
        log_not_found off;

        # admin configuration snippet starts
        
        # admin configuration snippet ends

        set $upstream_scheme             'http';
        set $upstream_host               $http_host;
        set $upstream_uri                '';

        location /apisix/admin {
                allow 0.0.0.0/0;
                deny all;

            content_by_lua_block {
                apisix.http_admin()
            }
        }
    }

    upstream apisix_conf_backend {
    server 0.0.0.0:80;
    balancer_by_lua_block {
        local conf_server = require("apisix.conf_server")
        conf_server.balancer()
    }
    keepalive 320;
    keepalive_requests 1000;
    keepalive_timeout 60s;
}


server {
    listen unix:/usr/local/apisix/conf/config_listen.sock;

    access_log off;

    set $upstream_host '';

    access_by_lua_block {
        local conf_server = require("apisix.conf_server")
        conf_server.access()
    }

    location / {
        proxy_pass http://apisix_conf_backend;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_set_header Host $upstream_host;
        proxy_next_upstream error timeout non_idempotent
            http_500 http_502 http_503 http_504;
    }

    log_by_lua_block {
        local conf_server = require("apisix.conf_server")
        conf_server.log()
    }
}



    # for proxy cache
    proxy_cache_path /tmp/disk_cache_one levels=1:2 keys_zone=disk_cache_one:50m inactive=1d max_size=1G use_temp_path=off;
    lua_shared_dict memory_cache 50m;

    map $upstream_cache_zone $upstream_cache_zone_info {
        disk_cache_one /tmp/disk_cache_one,1:2;
    }

    server {
        listen 0.0.0.0:9080 default_server reuseport;
        listen 0.0.0.0:9443 ssl default_server http2 reuseport;

        server_name _;

        ssl_certificate      cert/ssl_PLACE_HOLDER.crt;
        ssl_certificate_key  cert/ssl_PLACE_HOLDER.key;
        ssl_session_cache    shared:SSL:20m;
        ssl_session_timeout 10m;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers on;
        ssl_session_tickets off;


        # http server configuration snippet starts
        
        # http server configuration snippet ends

        location = /apisix/nginx_status {
            allow 127.0.0.0/24;
            deny all;
            access_log off;
            stub_status;
        }

        ssl_client_hello_by_lua_block {
            apisix.http_ssl_client_hello_phase()
        }

        ssl_certificate_by_lua_block {
            apisix.http_ssl_phase()
        }

        proxy_ssl_name $upstream_host;
        proxy_ssl_server_name on;

        location / {
            set $upstream_mirror_host        '';
            set $upstream_mirror_uri         '';
            set $upstream_upgrade            '';
            set $upstream_connection         '';

            set $upstream_scheme             'http';
            set $upstream_host               $http_host;
            set $upstream_uri                '';
            set $ctx_ref                     '';


            # http server location configuration snippet starts
            
            # http server location configuration snippet ends


            access_by_lua_block {
                apisix.http_access_phase()
            }

            proxy_http_version 1.1;
            proxy_set_header   Host              $upstream_host;
            proxy_set_header   Upgrade           $upstream_upgrade;
            proxy_set_header   Connection        $upstream_connection;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_pass_header  Date;

            ### the following x-forwarded-* headers is to send to upstream server

            set $var_x_forwarded_proto      $scheme;
            set $var_x_forwarded_host       $host;
            set $var_x_forwarded_port       $server_port;

            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto    $var_x_forwarded_proto;
            proxy_set_header   X-Forwarded-Host     $var_x_forwarded_host;
            proxy_set_header   X-Forwarded-Port     $var_x_forwarded_port;

            ###  the following configuration is to cache response content from upstream server

            set $upstream_cache_zone            off;
            set $upstream_cache_key             '';
            set $upstream_cache_bypass          '';
            set $upstream_no_cache              '';

            proxy_cache                         $upstream_cache_zone;
            proxy_cache_valid                   any 10s;
            proxy_cache_min_uses                1;
            proxy_cache_methods                 GET HEAD POST;
            proxy_cache_lock_timeout            5s;
            proxy_cache_use_stale               off;
            proxy_cache_key                     $upstream_cache_key;
            proxy_no_cache                      $upstream_no_cache;
            proxy_cache_bypass                  $upstream_cache_bypass;


            proxy_pass      $upstream_scheme://apisix_backend$upstream_uri;

            mirror          /proxy_mirror;

            header_filter_by_lua_block {
                apisix.http_header_filter_phase()
            }

            body_filter_by_lua_block {
                apisix.http_body_filter_phase()
            }

            log_by_lua_block {
                apisix.http_log_phase()
            }
        }

        location @grpc_pass {

            access_by_lua_block {
                apisix.grpc_access_phase()
            }

            # For servers which obey the standard, when `:authority` is missing,
            # `host` will be used instead. When used with apisix-base, we can do
            # better by setting `:authority` directly
            grpc_set_header   ":authority" $upstream_host;
            grpc_set_header   Content-Type application/grpc;
            grpc_set_header   TE trailers;
            grpc_socket_keepalive on;
            grpc_pass         $upstream_scheme://apisix_backend;

            mirror           /proxy_mirror_grpc;

            header_filter_by_lua_block {
                apisix.http_header_filter_phase()
            }

            body_filter_by_lua_block {
                apisix.http_body_filter_phase()
            }

            log_by_lua_block {
                apisix.http_log_phase()
            }
        }


        location = /proxy_mirror {
            internal;



            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            proxy_send_timeout 60s;
            proxy_http_version 1.1;
            proxy_set_header Host $upstream_host;
            proxy_pass $upstream_mirror_uri;
        }

        location = /proxy_mirror_grpc {
            internal;



            grpc_connect_timeout 60s;
            grpc_read_timeout 60s;
            grpc_send_timeout 60s;
            grpc_pass $upstream_mirror_host;
        }
    }

    # http end configuration snippet starts
    
    # http end configuration snippet ends
}

说明:

其中
在config.yaml文件中
main_configuration_snippet: |
http_configuration_snippet: |
http_server_configuration_snippet: |
http_server_location_configuration_snippet: |
http_admin_configuration_snippet: |
http_end_configuration_snippet: |
stream_configuration_snippet: |
下的添加的内容会生成到nginx.conf文件中指定位置,比如http_server_location_configuration_snippet下写的内容会加入在
#http server location configuration snippet starts下
image.png
比如在config.yaml中进行以下配置:

http_server_location_configuration_snippet: |
    proxy_set_header   X-Forwarded-For     off;
    proxy_set_header   X-Forwarded-Proto    $var_x_forwarded_proto;
    proxy_set_header   X-Forwarded-Host     $var_x_forwarded_host;
    proxy_set_header   X-Forwarded-Port     $var_x_forwarded_port;

会在生成的nginx.conf以下位置中添加配置

# http server location configuration snippet starts
                proxy_set_header   X-Forwarded-For     off;
    proxy_set_header   X-Forwarded-Proto    $var_x_forwarded_proto;
    proxy_set_header   X-Forwarded-Host     $var_x_forwarded_host;
    proxy_set_header   X-Forwarded-Port     $var_x_forwarded_port;

文章来源:https://blog.csdn.net/weixin_44671994/article/details/134876367
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。