No, it should not make config.yaml too complicated. And please consider
what it brings to us, it enables us to use apisix dynamic features along
with any flavor of nginx configurations.
The "server" concept is from nginx, with which people from this community
are familiar.
A sample config file after this feature looks like this:
apisix:
node_listen: 80
ssl_listen: 443
...
server:
proxy_protocol_listen: 8080
proxy_protocol_ssl_listen: 8443
real_ip_header: proxy_protocol # we only override this property
since for all others we don't need to change for the proxy protocol server
On Wed, Nov 25, 2020 at 1:19 PM YuanSheng Wang <membp...@apache.org> wrote:
> On Tue, Nov 24, 2020 at 7:20 PM Jan Li <jan...@airwallex.com> wrote:
>
> > For example,
> >
> > You want apisix to listen on 4 ports:
> >
> > - 80 for http
> > - 443 for https
> > - 8080 for http with proxy protocol
> > - 8443 for https with proxy protocol
> >
>
> Supporting this configuration method seems to make the file `
> conf/config.yaml` more complicated.
>
> It is not easy to support this feature now.
>
>
> >
> > And on 80 and 443 you want to configure real_ip_header with
> > "x-forwarded-for",
> > while for 8080 and 8443 you want to configure real_ip_header with
> > "proxy_protocol".
> >
> > Under the current apisix configuration structure, 4 ports are all under
> the
> > same nginx server.
> > And you cannot configure multiple real_ip_headers under the same server.
> > Although you can configure real_ip_header in the context of location, but
> > since in this scenario
> > the real_ip_header should only be bound to the listening port.
> >
> > On Tue, Nov 24, 2020 at 6:14 PM YuanSheng Wang <membp...@apache.org>
> > wrote:
> >
> > > @Jan Li
> > >
> > > Can you provide some examples? I think the community needs them for
> > > understanding.
> > >
> > >
> > > On Tue, Nov 24, 2020 at 2:03 PM Jan Li <jan...@airwallex.com> wrote:
> > >
> > > > Hi community,
> > > >
> > > > APISIX is using config file and apisix bin file to generate
> nginx
> > > > config file.
> > > >
> > > > This provides APISIX the capability of overriding nginx's
> default
> > > > configurations, but also introduces some problems:
> > > >
> > > > 1. There is only one nginx server which supports the dynamic
> > features
> > > of
> > > > APISIX.
> > > > 2. Due to point 1, all listening ports are configured in the only
> > > > server.
> > > > 3. As a consequence of this setting, some features from nginx can
> be
> > > > difficult to support in APISIX. For example,
> > > > 1. Configuring mTLS is easy in nginx
> > > > 1. It's easy to configure a new server in apisix bin
> > > > 2. The new server will lose all the dynamic features of
> > APISIX.
> > > > 2. Using proxy protocol and real ip module along with normal
> > > requests
> > > > with a different real ip header
> > > > 1. If we use proxy protocol, normally the real ip header
> will
> > be
> > > > configured proxy_protocol
> > > > 2. The normal requests normally use x-forwarded-for or
> > x-real-ip
> > > > as real ip header
> > > > 3. It's impossible to configure both x-forwarded-for and
> > > > proxy_protocol in apisix
> > > >
> > > > So I want to propose:
> > > >
> > > > 1. Introduce a new kind of configuration in config.yaml: "server"
> > > under
> > > > "apisix".
> > > > 1. "server" is almost the same as nginx's server.
> > > > 2. If a server is configured a port is necessary, no matter if
> > it's
> > > > http, https or proxy protocol http...
> > > > 3. "location" should not be included here since being dynamic
> > often
> > > > means dynamic to locations.
> > > > 2. All configurations configured directly under "apisix" are
> global
> > > > configurations which will apply to all servers.
> > > > 3. All configurations can be overridden inside the server, the
> > > > configuration is the same as under "apisix".
> > > >
> > > > With this, we can better embrace the features from both apisix
> > and
> > > > nginx.
> > > >
> > >
> > >
> > > --
> > >
> > > *MembPhis*
> > > My GitHub: https://github.com/membphis
> > > Apache APISIX: https://github.com/apache/apisix
> > >
> >
>
>
> --
>
> *MembPhis*
> My GitHub: https://github.com/membphis
> Apache APISIX: https://github.com/apache/apisix
>
