On Tue, Nov 24, 2020 at 7:20 PM Jan Li <jan...@airwallex.com> wrote: > For example, > > You want apisix to listen on 4 ports: > > - 80 for http > - 443 for https > - 8080 for http with proxy protocol > - 8443 for https with proxy protocol >
Supporting this configuration method seems to make the file ` conf/config.yaml` more complicated. It is not easy to support this feature now. > > And on 80 and 443 you want to configure real_ip_header with > "x-forwarded-for", > while for 8080 and 8443 you want to configure real_ip_header with > "proxy_protocol". > > Under the current apisix configuration structure, 4 ports are all under the > same nginx server. > And you cannot configure multiple real_ip_headers under the same server. > Although you can configure real_ip_header in the context of location, but > since in this scenario > the real_ip_header should only be bound to the listening port. > > On Tue, Nov 24, 2020 at 6:14 PM YuanSheng Wang <membp...@apache.org> > wrote: > > > @Jan Li > > > > Can you provide some examples? I think the community needs them for > > understanding. > > > > > > On Tue, Nov 24, 2020 at 2:03 PM Jan Li <jan...@airwallex.com> wrote: > > > > > Hi community, > > > > > > APISIX is using config file and apisix bin file to generate nginx > > > config file. > > > > > > This provides APISIX the capability of overriding nginx's default > > > configurations, but also introduces some problems: > > > > > > 1. There is only one nginx server which supports the dynamic > features > > of > > > APISIX. > > > 2. Due to point 1, all listening ports are configured in the only > > > server. > > > 3. As a consequence of this setting, some features from nginx can be > > > difficult to support in APISIX. For example, > > > 1. Configuring mTLS is easy in nginx > > > 1. It's easy to configure a new server in apisix bin > > > 2. The new server will lose all the dynamic features of > APISIX. > > > 2. Using proxy protocol and real ip module along with normal > > requests > > > with a different real ip header > > > 1. If we use proxy protocol, normally the real ip header will > be > > > configured proxy_protocol > > > 2. The normal requests normally use x-forwarded-for or > x-real-ip > > > as real ip header > > > 3. It's impossible to configure both x-forwarded-for and > > > proxy_protocol in apisix > > > > > > So I want to propose: > > > > > > 1. Introduce a new kind of configuration in config.yaml: "server" > > under > > > "apisix". > > > 1. "server" is almost the same as nginx's server. > > > 2. If a server is configured a port is necessary, no matter if > it's > > > http, https or proxy protocol http... > > > 3. "location" should not be included here since being dynamic > often > > > means dynamic to locations. > > > 2. All configurations configured directly under "apisix" are global > > > configurations which will apply to all servers. > > > 3. All configurations can be overridden inside the server, the > > > configuration is the same as under "apisix". > > > > > > With this, we can better embrace the features from both apisix > and > > > nginx. > > > > > > > > > -- > > > > *MembPhis* > > My GitHub: https://github.com/membphis > > Apache APISIX: https://github.com/apache/apisix > > > -- *MembPhis* My GitHub: https://github.com/membphis Apache APISIX: https://github.com/apache/apisix
