undying commented on PR #12187:
URL: https://github.com/apache/apisix/pull/12187#issuecomment-3143880073
> This new feature is not safe, we can wait for more voice from the
community.
We can consider Nginx as an unsafe web server because it allows us to enable
such features out of the box. I believe it's the user's choice how to use such
a feature, so its presence is much better than its absence.
> For me, `one upstream` work for `one service`, much safer.
It's safer, but it's not convenient when you have hundreds of microservices
with simple domain/service mapping. The "safe" method requires you to manually
copy and paste configurations for every such service, which results in a
massive configuration that negatively affects performance and maintainability.
> Here is a bad example:
Actually, it's a very good example because this is how the feature works.
You create a single configuration with simple mapping. For additional security,
you can further refine the configuration and extract the service name not
directly from the header, but from a special map that serves as an allow list
for services.
Example:
```nginx
map $http_host $service {
hostnames;
default ""; # or some dummy upstream that returns a more valuable
response
service-a.* service_a;
service-b.* service_b;
}
```
```sh
$ curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY:
$admin_key" -X PUT -i -d '
{
"uri": "/*",
"upstream": {
"service_name": "${service}",
"discovery_type": "eureka"
}
}'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
