just like the include directive in nginx.conf Jan Li <jan...@airwallex.com> 于2020年12月1日周二 上午11:36写道:
> Hi Ming, > > From my understanding the answer is no. > Supporting nginx configuration snippets is adding custom stuff to the > existing structure. > The problem I mentioned is not that we cannot add custom stuff to the > nginx.conf. > The problem is that we cannot configure apisix to listen on ports > with different configurations. > > For example, we want to configure this: > 80 http > 443 https > 8080 http with proxy protocol # for this we need to use a different > real_ip_header > 8443 https with proxy protocol # for this we need to use a different > real_ip_header > 9443 https with mtls > > On Tue, Dec 1, 2020 at 10:42 AM Ming Wen <wenm...@apache.org> wrote: > > > Hi Jan, > > Apache APISIX supports nginx configuration snippet[1], is this can > reslove > > your problem? > > > > [1] https://github.com/apache/apisix/pull/2803 > > > > Thanks, > > Ming Wen, Apache APISIX PMC Chair > > Twitter: _WenMing > > > > > > Jan Li <jan...@airwallex.com> 于2020年11月30日周一 下午7:41写道: > > > > > No, it should not make config.yaml too complicated. And please consider > > > what it brings to us, it enables us to use apisix dynamic features > along > > > with any flavor of nginx configurations. > > > > > > > > > The "server" concept is from nginx, with which people from this > community > > > are familiar. > > > > > > A sample config file after this feature looks like this: > > > > > > apisix: > > > node_listen: 80 > > > ssl_listen: 443 > > > ... > > > server: > > > proxy_protocol_listen: 8080 > > > proxy_protocol_ssl_listen: 8443 > > > real_ip_header: proxy_protocol # we only override this property > > > since for all others we don't need to change for the proxy protocol > > server > > > > > > > > > > > > On Wed, Nov 25, 2020 at 1:19 PM YuanSheng Wang <membp...@apache.org> > > > wrote: > > > > > > > On Tue, Nov 24, 2020 at 7:20 PM Jan Li <jan...@airwallex.com> wrote: > > > > > > > > > For example, > > > > > > > > > > You want apisix to listen on 4 ports: > > > > > > > > > > - 80 for http > > > > > - 443 for https > > > > > - 8080 for http with proxy protocol > > > > > - 8443 for https with proxy protocol > > > > > > > > > > > > > Supporting this configuration method seems to make the file ` > > > > conf/config.yaml` more complicated. > > > > > > > > It is not easy to support this feature now. > > > > > > > > > > > > > > > > > > And on 80 and 443 you want to configure real_ip_header with > > > > > "x-forwarded-for", > > > > > while for 8080 and 8443 you want to configure real_ip_header with > > > > > "proxy_protocol". > > > > > > > > > > Under the current apisix configuration structure, 4 ports are all > > under > > > > the > > > > > same nginx server. > > > > > And you cannot configure multiple real_ip_headers under the same > > > server. > > > > > Although you can configure real_ip_header in the context of > location, > > > but > > > > > since in this scenario > > > > > the real_ip_header should only be bound to the listening port. > > > > > > > > > > On Tue, Nov 24, 2020 at 6:14 PM YuanSheng Wang < > membp...@apache.org> > > > > > wrote: > > > > > > > > > > > @Jan Li > > > > > > > > > > > > Can you provide some examples? I think the community needs them > for > > > > > > understanding. > > > > > > > > > > > > > > > > > > On Tue, Nov 24, 2020 at 2:03 PM Jan Li <jan...@airwallex.com> > > wrote: > > > > > > > > > > > > > Hi community, > > > > > > > > > > > > > > APISIX is using config file and apisix bin file to > generate > > > > nginx > > > > > > > config file. > > > > > > > > > > > > > > This provides APISIX the capability of overriding nginx's > > > > default > > > > > > > configurations, but also introduces some problems: > > > > > > > > > > > > > > 1. There is only one nginx server which supports the dynamic > > > > > features > > > > > > of > > > > > > > APISIX. > > > > > > > 2. Due to point 1, all listening ports are configured in the > > > only > > > > > > > server. > > > > > > > 3. As a consequence of this setting, some features from > nginx > > > can > > > > be > > > > > > > difficult to support in APISIX. For example, > > > > > > > 1. Configuring mTLS is easy in nginx > > > > > > > 1. It's easy to configure a new server in apisix bin > > > > > > > 2. The new server will lose all the dynamic features > of > > > > > APISIX. > > > > > > > 2. Using proxy protocol and real ip module along with > > normal > > > > > > requests > > > > > > > with a different real ip header > > > > > > > 1. If we use proxy protocol, normally the real ip > header > > > > will > > > > > be > > > > > > > configured proxy_protocol > > > > > > > 2. The normal requests normally use x-forwarded-for or > > > > > x-real-ip > > > > > > > as real ip header > > > > > > > 3. It's impossible to configure both x-forwarded-for > and > > > > > > > proxy_protocol in apisix > > > > > > > > > > > > > > So I want to propose: > > > > > > > > > > > > > > 1. Introduce a new kind of configuration in config.yaml: > > > "server" > > > > > > under > > > > > > > "apisix". > > > > > > > 1. "server" is almost the same as nginx's server. > > > > > > > 2. If a server is configured a port is necessary, no > matter > > > if > > > > > it's > > > > > > > http, https or proxy protocol http... > > > > > > > 3. "location" should not be included here since being > > dynamic > > > > > often > > > > > > > means dynamic to locations. > > > > > > > 2. All configurations configured directly under "apisix" are > > > > global > > > > > > > configurations which will apply to all servers. > > > > > > > 3. All configurations can be overridden inside the server, > the > > > > > > > configuration is the same as under "apisix". > > > > > > > > > > > > > > With this, we can better embrace the features from both > > > apisix > > > > > and > > > > > > > nginx. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > *MembPhis* > > > > > > My GitHub: https://github.com/membphis > > > > > > Apache APISIX: https://github.com/apache/apisix > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > *MembPhis* > > > > My GitHub: https://github.com/membphis > > > > Apache APISIX: https://github.com/apache/apisix > > > > > > > > > >
