This is an automated email from the ASF dual-hosted git repository. kayx23 pushed a commit to branch doc/remove-stale-admin-key-default in repository https://gitbox.apache.org/repos/asf/apisix.git
commit 6cdaa7655dd9fb6f1e017c75eee599344f6b53df Author: kayx23 <[email protected]> AuthorDate: Thu May 28 18:33:50 2026 +0800 docs: remove stale admin key default examples --- docs/en/latest/FAQ.md | 16 ++++++++-------- docs/en/latest/admin-api.md | 18 +++++++++--------- docs/en/latest/certificate.md | 2 +- docs/en/latest/dashboard.md | 4 ++-- docs/en/latest/plugins/authz-casdoor.md | 11 ++++++++++- docs/en/latest/plugins/csrf.md | 2 +- docs/en/latest/terminology/plugin-config.md | 2 +- docs/en/latest/tutorials/cache-api-responses.md | 4 ++-- docs/en/latest/tutorials/client-to-apisix-mtls.md | 22 +++++++++++----------- docs/en/latest/tutorials/expose-api.md | 17 +++++++++++++---- .../latest/tutorials/monitor-api-health-check.md | 15 ++++++++++++--- .../latest/tutorials/websocket-authentication.md | 13 +++++++++++-- docs/zh/latest/FAQ.md | 6 +++--- docs/zh/latest/admin-api.md | 10 +++++----- docs/zh/latest/certificate.md | 2 +- docs/zh/latest/dashboard.md | 4 ++-- docs/zh/latest/plugins/authz-casdoor.md | 12 +++++++++++- docs/zh/latest/plugins/csrf.md | 2 +- docs/zh/latest/plugins/gm.md | 2 +- docs/zh/latest/tutorials/cache-api-responses.md | 4 ++-- docs/zh/latest/tutorials/client-to-apisix-mtls.md | 14 ++++++++++++-- docs/zh/latest/tutorials/expose-api.md | 17 +++++++++++++---- 22 files changed, 132 insertions(+), 67 deletions(-) diff --git a/docs/en/latest/FAQ.md b/docs/en/latest/FAQ.md index faa0e5adb..96c3f3a0c 100644 --- a/docs/en/latest/FAQ.md +++ b/docs/en/latest/FAQ.md @@ -447,17 +447,17 @@ HTTP/1.1 200 OK ## What is the `X-API-KEY` of the Admin API? Can it be modified? -`X-API-KEY` of the Admin API refers to the `apisix.admin_key.key` in your `conf/config.yaml` file. It is the access token for the Admin API. +`X-API-KEY` of the Admin API refers to `deployment.admin.admin_key[0].key` in your `conf/config.yaml` file. It is the access token for the Admin API. -By default, it is set to `edd1c9f034335f136f87ad84b625c8f1` and can be modified by changing the parameter in your `conf/config.yaml` file: +In the default configuration, this field is empty. APISIX generates a random Admin API key during initialization and writes it back to `conf/config.yaml`. You can also set the key explicitly by changing the parameter in your `conf/config.yaml` file: ```yaml -apisix: - admin_key - - - name: "admin" - key: newkey - role: admin +deployment: + admin: + admin_key: + - name: "admin" + key: newkey + role: admin ``` Now, to access the Admin API: diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md index 21f416b71..31496f1aa 100644 --- a/docs/en/latest/admin-api.md +++ b/docs/en/latest/admin-api.md @@ -54,7 +54,7 @@ deployment: admin: admin_key: - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has security risk, please update it when you deploy to production environment + key: your-admin-key # set a secure Admin API key; if left empty, APISIX will generate one during initialization and write it back to this file role: admin allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 127.0.0.0/24 @@ -92,7 +92,7 @@ deployment: admin: admin_key: - name: admin - key: ${{ADMIN_KEY:=edd1c9f034335f136f87ad84b625c8f1}} + key: ${{ADMIN_KEY:=your-admin-key}} role: admin allow_admin: - 127.0.0.0/24 @@ -101,7 +101,7 @@ deployment: port: 9180 ``` -This will find the environment variable `ADMIN_KEY` first, and if it does not exist, it will use `edd1c9f034335f136f87ad84b625c8f1` as the default value. +This will find the environment variable `ADMIN_KEY` first, and if it does not exist, it will use the fallback value you provided in the configuration. You can also specify environment variables in yaml keys. This is specifically useful in the `standalone` [mode](./deployment-modes.md#standalone) where you can specify the upstream nodes as follows: @@ -752,7 +752,7 @@ Example configuration: ```shell curl http://127.0.0.1:9180/apisix/admin/services/201 \ - -H'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -i -d ' + -H'X-API-KEY: your-admin-key' -X PATCH -i -d ' { "upstream": { "nodes": { @@ -780,7 +780,7 @@ Example configuration: ```shell curl http://127.0.0.1:9180/apisix/admin/services/201 \ - -H'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -i -d ' + -H'X-API-KEY: your-admin-key' -X PATCH -i -d ' { "upstream": { "nodes": { @@ -807,7 +807,7 @@ Example configuration: ```shell curl http://127.0.0.1:9180/apisix/admin/services/201/upstream/nodes \ - -H'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -i -d ' + -H'X-API-KEY: your-admin-key' -X PATCH -i -d ' { "127.0.0.1:1982": 1 }' @@ -1125,7 +1125,7 @@ Example Configuration: ```shell curl http://127.0.0.1:9180/apisix/admin/upstreams/100 \ - -H'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -i -d ' + -H'X-API-KEY: your-admin-key' -X PATCH -i -d ' { "nodes": { "127.0.0.1:1981": 10 @@ -1489,7 +1489,7 @@ The plugin can be filtered on subsystem so that the ({plugin_name}) is searched ```shell curl "http://127.0.0.1:9180/apisix/admin/plugins/list"; \ --H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' +-H 'X-API-KEY: your-admin-key' ``` ```shell @@ -1497,7 +1497,7 @@ curl "http://127.0.0.1:9180/apisix/admin/plugins/list"; \ ``` ```shell -curl "http://127.0.0.1:9180/apisix/admin/plugins/key-auth?subsystem=http" -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' +curl "http://127.0.0.1:9180/apisix/admin/plugins/key-auth?subsystem=http" -H 'X-API-KEY: your-admin-key' ``` ```json diff --git a/docs/en/latest/certificate.md b/docs/en/latest/certificate.md index 8916b667b..8d18bc5a4 100644 --- a/docs/en/latest/certificate.md +++ b/docs/en/latest/certificate.md @@ -237,7 +237,7 @@ deployment: admin: admin_key - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 + key: your-admin-key role: admin admin_listen: ip: 127.0.0.1 diff --git a/docs/en/latest/dashboard.md b/docs/en/latest/dashboard.md index 27239c701..f12a4bf79 100644 --- a/docs/en/latest/dashboard.md +++ b/docs/en/latest/dashboard.md @@ -73,8 +73,8 @@ deployment: - name: admin role: admin - # Using a simple Admin API Key poses security risks. Please update it when deploying to production - key: edd1c9f034335f136f87ad84b625c8f1 + # Set a secure Admin API Key. If left empty, APISIX will generate one during initialization and write it back to this file. + key: your-admin-key ``` Configuration via environment variables is also supported: diff --git a/docs/en/latest/plugins/authz-casdoor.md b/docs/en/latest/plugins/authz-casdoor.md index e85ef186e..a61e7a8de 100644 --- a/docs/en/latest/plugins/authz-casdoor.md +++ b/docs/en/latest/plugins/authz-casdoor.md @@ -59,8 +59,17 @@ The `callback_url` must belong to the URI of your Route. See the code snippet be You can enable the Plugin on a specific Route as shown below: +:::note +You can fetch the `admin_key` from `config.yaml` and save to an environment variable with the following command: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```shell -curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "methods": ["GET"], "uri": "/anything/*", diff --git a/docs/en/latest/plugins/csrf.md b/docs/en/latest/plugins/csrf.md index 2f45e23b6..411b1b41d 100644 --- a/docs/en/latest/plugins/csrf.md +++ b/docs/en/latest/plugins/csrf.md @@ -63,7 +63,7 @@ curl -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" - "uri": "/hello", "plugins": { "csrf": { - "key": "edd1c9f034335f136f87ad84b625c8f1" + "key": "csrf-secret-key" } }, "upstream": { diff --git a/docs/en/latest/terminology/plugin-config.md b/docs/en/latest/terminology/plugin-config.md index 88476d44a..da2a1379a 100644 --- a/docs/en/latest/terminology/plugin-config.md +++ b/docs/en/latest/terminology/plugin-config.md @@ -62,7 +62,7 @@ curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 \ ```shell curl http://127.0.0.1:9180/apisix/admin/routes/1 \ --H 'X-API-KEY:edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' +-H "X-API-KEY: $admin_key" -X PUT -i -d ' { "uris": ["/index.html"], "plugin_config_id": 1, diff --git a/docs/en/latest/tutorials/cache-api-responses.md b/docs/en/latest/tutorials/cache-api-responses.md index 9ee23f888..717d44512 100644 --- a/docs/en/latest/tutorials/cache-api-responses.md +++ b/docs/en/latest/tutorials/cache-api-responses.md @@ -116,7 +116,7 @@ curl http://127.0.0.1:9180/apisix/admin/plugins/reload -H "X-API-KEY: $admin_key Then, we run two more curl commands to configure an Upstream and Route for the `/api/products` endpoint. The following command creates a sample upstream (that's our API Server): ``` shell -curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "type": "roundrobin", "nodes": { @@ -128,7 +128,7 @@ curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: edd1c9f0343 Next, we will add a new route with caching ability by setting `proxy-cache` plugin in `plugins` property and giving a reference to the upstream service by its unique id to forward requests to the API server: ``` shell -curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d '{ +curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: $admin_key" -X PUT -d '{ "name": "Route for API Caching", "methods": [ "GET" diff --git a/docs/en/latest/tutorials/client-to-apisix-mtls.md b/docs/en/latest/tutorials/client-to-apisix-mtls.md index ef0ac7149..9bd7f9d6f 100644 --- a/docs/en/latest/tutorials/client-to-apisix-mtls.md +++ b/docs/en/latest/tutorials/client-to-apisix-mtls.md @@ -74,9 +74,18 @@ Note that the newline character in the certificate needs to be replaced with its ::: +:::note +You can fetch the `admin_key` from `config.yaml` and save it to an environment variable with the following command: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```shell curl -X PUT 'http://127.0.0.1:9180/apisix/admin/ssls/1' \ ---header 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ +--header 'X-API-KEY: $admin_key' \ --header 'Content-Type: application/json' \ --data-raw '{ "sni": "test.com", @@ -99,7 +108,7 @@ Use the `curl` command to request the APISIX Admin API to create a route. ```shell curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/1' \ ---header 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ +--header 'X-API-KEY: $admin_key' \ --header 'Content-Type: application/json' \ --data-raw '{ "uri": "/anything", @@ -206,15 +215,6 @@ instead of alert error in the SSL handshake phase, if the client certificate is ### Example -:::note -You can fetch the `admin_key` from `config.yaml` and save to an environment variable with the following command: - -```bash -admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') -``` - -::: - 1. Configure route and ssl via admin API ```bash diff --git a/docs/en/latest/tutorials/expose-api.md b/docs/en/latest/tutorials/expose-api.md index cab143a25..69eb4ea74 100644 --- a/docs/en/latest/tutorials/expose-api.md +++ b/docs/en/latest/tutorials/expose-api.md @@ -56,9 +56,18 @@ Please make sure you have [installed Apache APISIX](../installation-guide.md) be Create an Upstream service containing `httpbin.org` that you can use for testing. This is a return service that will return the parameters we passed in the request. +:::note +You can fetch the `admin_key` from `config.yaml` and save it to an environment variable with the following command: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ``` curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; \ --H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +-H "X-API-KEY: $admin_key" -X PUT -d ' { "type": "roundrobin", "nodes": { @@ -67,7 +76,7 @@ curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; \ }' ``` -In this command, we specify the Admin API Key of Apache APISIX as `edd1c9f034335f136f87ad84b625c8f1`, use `roundrobin` as the load balancing mechanism, and set `httpbin.org:80` as the upstream service. To bind this upstream to a route, `upstream_id` needs to be set to `1` here. Here you can specify multiple upstreams under `nodes` to achieve load balancing. +In this command, we use the Admin API key stored in `$admin_key`, use `roundrobin` as the load balancing mechanism, and set `httpbin.org:80` as the upstream service. To bind this upstream to a route, `upstream_id` needs to be set to `1` here. Here you can specify multiple upstreams under `nodes` to achieve load balancing. For more information, please refer to [Upstream](../terminology/upstream.md). @@ -75,7 +84,7 @@ For more information, please refer to [Upstream](../terminology/upstream.md). ```shell curl "http://127.0.0.1:9180/apisix/admin/routes/1"; \ --H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +-H "X-API-KEY: $admin_key" -X PUT -d ' { "methods": ["GET"], "host": "example.com", @@ -90,7 +99,7 @@ Adding an `upstream` object to your route can achieve the above effect. ```shell curl "http://127.0.0.1:9180/apisix/admin/routes/1"; \ --H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +-H "X-API-KEY: $admin_key" -X PUT -d ' { "methods": ["GET"], "host": "example.com", diff --git a/docs/en/latest/tutorials/monitor-api-health-check.md b/docs/en/latest/tutorials/monitor-api-health-check.md index 84edad340..bd812074f 100644 --- a/docs/en/latest/tutorials/monitor-api-health-check.md +++ b/docs/en/latest/tutorials/monitor-api-health-check.md @@ -52,8 +52,17 @@ To check API health periodically, APISIX needs an HTTP path of the health endpoi This process involves checking the operational status of the 'upstream' nodes. APISIX provides two types of health checks: **Active checks** and **Passive Checks** respectively. Read more about Health Checks and how to enable them [here](https://apisix.apache.org/docs/apisix/tutorials/health-check/). Use the [Admin API](https://apisix.apache.org/docs/apisix/admin-api/) to create an Upstream object. Here is an example of creating an [Upstream](https://apisix.apache.org/docs/apisix/termino [...] +:::note +You can fetch the `admin_key` from `config.yaml` and save it to an environment variable with the following command: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```bash -curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "nodes":{ "web1:80":1, @@ -86,7 +95,7 @@ This example configures an active health check on the **`/health`** endpoint of Create a global rule to enable the `prometheus` plugin on all routes by adding `"prometheus": {}` in the plugins option. APISIX gathers internal runtime metrics and exposes them through port `9091` and URI path `/apisix/prometheus/metrics` by default that Prometheus can scrape. It is also possible to customize the export port and **URI path**, **add** **extra labels, the frequency of these scrapes, and other parameters** by configuring them in the Prometheus configuration `/prometheus_co [...] ```bash -curl "http://127.0.0.1:9180/apisix/admin/global_rules"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/global_rules"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "id":"rule-for-metrics", "plugins":{ @@ -101,7 +110,7 @@ curl "http://127.0.0.1:9180/apisix/admin/global_rules"; -H "X-API-KEY: edd1c9f034 Create a [Route](https://apisix.apache.org/docs/apisix/terminology/route/) object to route incoming requests to upstream nodes: ```bash -curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "name":"backend-service-route", "methods":[ diff --git a/docs/en/latest/tutorials/websocket-authentication.md b/docs/en/latest/tutorials/websocket-authentication.md index f77d466a8..5b74891c4 100644 --- a/docs/en/latest/tutorials/websocket-authentication.md +++ b/docs/en/latest/tutorials/websocket-authentication.md @@ -79,9 +79,18 @@ Since the Upstream uses wss protocol, the scheme is set to `https`. We should al In this tutorial, we will use the [key-auth](https://apisix.apache.org/docs/apisix/plugins/key-auth/) Plugin. This would work similarly for other authentication methods: +:::note +You can fetch the `admin_key` from `config.yaml` and save it to an environment variable with the following command: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```shell curl --location --request PUT 'http://127.0.0.1:9180/apisix/admin/routes/1' \ ---header 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ +--header 'X-API-KEY: $admin_key' \ --header 'Content-Type: application/json' \ --data-raw '{ "uri": "/*", @@ -106,7 +115,7 @@ We will now create a [Consumer](https://apisix.apache.org/docs/apisix/terminolog ```sh curl --location --request PUT 'http://127.0.0.1:9180/apisix/admin/consumers/jack' \ ---header 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ +--header 'X-API-KEY: $admin_key' \ --header 'Content-Type: application/json' \ --data-raw '{ "username": "jack", diff --git a/docs/zh/latest/FAQ.md b/docs/zh/latest/FAQ.md index 5dcb639ea..2d58dec59 100644 --- a/docs/zh/latest/FAQ.md +++ b/docs/zh/latest/FAQ.md @@ -450,14 +450,14 @@ curl http://127.0.0.1:9080/ip -i ## Admin API 的 `X-API-KEY` 指的是什么?是否可以修改? -Admin API 的 `X-API-KEY` 指的是 `./conf/config.yaml` 文件中的 `deployment.admin.admin_key.key`,默认值是 `edd1c9f034335f136f87ad84b625c8f1`。它是 Admin API 的访问 token。 +Admin API 的 `X-API-KEY` 指的是 `./conf/config.yaml` 文件中的 `deployment.admin.admin_key[0].key`。它是 Admin API 的访问 token。 -默认情况下,它被设置为 `edd1c9f034335f136f87ad84b625c8f1`,也可以通过修改 `./conf/conf/config` 中的参数来修改,如下示例: +在默认配置中,该字段为空。APISIX 会在初始化时自动生成一个随机的 Admin API Key,并将其写回 `./conf/config.yaml`。你也可以通过修改 `./conf/config.yaml` 中的参数来显式设置该 Key,如下示例: ```yaml deployment: admin: - admin_key + admin_key: - name: "admin" key: newkey role: admin diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md index 62ea51a1f..a57d30188 100644 --- a/docs/zh/latest/admin-api.md +++ b/docs/zh/latest/admin-api.md @@ -56,7 +56,7 @@ deployment: admin: admin_key: - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 # 使用默认的 Admin API Key 存在安全风险,部署到生产环境时请及时更新 + key: your-admin-key # 设置安全的 Admin API Key;如果留空,APISIX 会在初始化时自动生成并写回此文件 role: admin allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 127.0.0.0/24 @@ -94,7 +94,7 @@ deployment: admin: admin_key: - name: admin - key: ${{ADMIN_KEY:=edd1c9f034335f136f87ad84b625c8f1}} + key: ${{ADMIN_KEY:=your-admin-key}} role: admin allow_admin: - 127.0.0.0/24 @@ -103,7 +103,7 @@ deployment: port: 9180 ``` -首先查找环境变量 `ADMIN_KEY`,如果该环境变量不存在,它将使用 `edd1c9f034335f136f87ad84b625c8f1` 作为默认值。 +首先查找环境变量 `ADMIN_KEY`,如果该环境变量不存在,它将使用你在配置中提供的兜底值。 您还可以在 yaml 键中指定环境变量。这在 `standalone` 模式 中特别有用,您可以在其中指定上游节点,如下所示: @@ -1493,7 +1493,7 @@ Plugin 资源请求地址:/apisix/admin/plugins/{plugin_name} ```shell curl "http://127.0.0.1:9180/apisix/admin/plugins/list" \ - -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' + -H 'X-API-KEY: your-admin-key' ``` ```shell @@ -1504,7 +1504,7 @@ Plugin 资源请求地址:/apisix/admin/plugins/{plugin_name} ```shell curl "http://127.0.0.1:9180/apisix/admin/plugins/key-auth?subsystem=http" \ - -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' + -H 'X-API-KEY: your-admin-key' ``` ```json diff --git a/docs/zh/latest/certificate.md b/docs/zh/latest/certificate.md index f85e663a8..dee938bb5 100644 --- a/docs/zh/latest/certificate.md +++ b/docs/zh/latest/certificate.md @@ -233,7 +233,7 @@ deployment: admin: admin_key - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 + key: your-admin-key role: admin admin_listen: ip: 127.0.0.1 diff --git a/docs/zh/latest/dashboard.md b/docs/zh/latest/dashboard.md index 18f87f95b..25b97cf8a 100644 --- a/docs/zh/latest/dashboard.md +++ b/docs/zh/latest/dashboard.md @@ -73,8 +73,8 @@ deployment: - name: admin role: admin - # 使用简单的 Admin API Key 存在安全风险,部署到生产环境时请及时更新 - key: edd1c9f034335f136f87ad84b625c8f1 + # 设置安全的 Admin API Key。如果留空,APISIX 会在初始化时自动生成并写回此文件。 + key: your-admin-key ``` 也支持通过环境变量配置: diff --git a/docs/zh/latest/plugins/authz-casdoor.md b/docs/zh/latest/plugins/authz-casdoor.md index e24150fd6..d09156a22 100644 --- a/docs/zh/latest/plugins/authz-casdoor.md +++ b/docs/zh/latest/plugins/authz-casdoor.md @@ -55,8 +55,18 @@ description: 本篇文档介绍了 Apache APISIX auth-casdoor 插件的相关信 以下示例展示了如何在指定路由上启用 `auth-casdoor` 插件: +:::note 注意 + +您可以这样从 `config.yaml` 中获取 `admin_key` 并存入环境变量: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```shell -curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "methods": ["GET"], "uri": "/anything/*", diff --git a/docs/zh/latest/plugins/csrf.md b/docs/zh/latest/plugins/csrf.md index 49eb4bbb1..c6ac5118d 100644 --- a/docs/zh/latest/plugins/csrf.md +++ b/docs/zh/latest/plugins/csrf.md @@ -65,7 +65,7 @@ curl -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" - "uri": "/hello", "plugins": { "csrf": { - "key": "edd1c9f034335f136f87ad84b625c8f1" + "key": "csrf-secret-key" } }, "upstream": { diff --git a/docs/zh/latest/plugins/gm.md b/docs/zh/latest/plugins/gm.md index 317b23b42..a49bd7673 100644 --- a/docs/zh/latest/plugins/gm.md +++ b/docs/zh/latest/plugins/gm.md @@ -142,7 +142,7 @@ with open(sys.argv[3]) as f: sign_cert = f.read() with open(sys.argv[4]) as f: sign_key = f.read() -api_key = "edd1c9f034335f136f87ad84b625c8f1" +api_key = "your-admin-key" resp = requests.put("http://127.0.0.1:9180/apisix/admin/ssls/1";, json={ "cert": enc_cert, "key": enc_key, diff --git a/docs/zh/latest/tutorials/cache-api-responses.md b/docs/zh/latest/tutorials/cache-api-responses.md index c95f99e81..83347ecee 100644 --- a/docs/zh/latest/tutorials/cache-api-responses.md +++ b/docs/zh/latest/tutorials/cache-api-responses.md @@ -109,7 +109,7 @@ curl http://127.0.0.1:9180/apisix/admin/plugins/reload -H "X-API-KEY: $admin_key 然后,我们运行两个 curl 命令来为 `/api/products` 端点配置 **Upstream** 和 **Route**。首先,创建一个示例 Upstream(也就是我们的 API 服务器): ```shell -curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: $admin_key" -X PUT -d ' { "type": "roundrobin", "nodes": { @@ -121,7 +121,7 @@ curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; -H "X-API-KEY: edd1c9f0343 接下来,我们为 `/api/products` 添加一个具备缓存能力的路由,通过在 `plugins` 属性中设置 `proxy-cache` 插件,并通过 **upstream_id** 引用上游服务,将请求转发到 API 服务器: ```shell -curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d '{ +curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: $admin_key" -X PUT -d '{ "name": "Route for API Caching", "methods": [ "GET" diff --git a/docs/zh/latest/tutorials/client-to-apisix-mtls.md b/docs/zh/latest/tutorials/client-to-apisix-mtls.md index a697c6d12..aa8a7a34c 100644 --- a/docs/zh/latest/tutorials/client-to-apisix-mtls.md +++ b/docs/zh/latest/tutorials/client-to-apisix-mtls.md @@ -74,9 +74,19 @@ openssl pkcs12 -export -clcerts -in client.cer -inkey client.key -out client.p12 ::: +:::note 注意 + +你可以通过以下命令从 `config.yaml` 中获取 `admin_key` 并保存到环境变量: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```shell curl -X PUT 'http://127.0.0.1:9180/apisix/admin/ssls/1' \ ---header 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ +--header 'X-API-KEY: $admin_key' \ --header 'Content-Type: application/json' \ --data-raw '{ "sni": "test.com", @@ -99,7 +109,7 @@ curl -X PUT 'http://127.0.0.1:9180/apisix/admin/ssls/1' \ ```shell curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/1' \ ---header 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' \ +--header 'X-API-KEY: $admin_key' \ --header 'Content-Type: application/json' \ --data-raw '{ "uri": "/anything", diff --git a/docs/zh/latest/tutorials/expose-api.md b/docs/zh/latest/tutorials/expose-api.md index 9561717e6..079577b79 100644 --- a/docs/zh/latest/tutorials/expose-api.md +++ b/docs/zh/latest/tutorials/expose-api.md @@ -59,9 +59,18 @@ APISIX 可以通过路由定义规则来匹配客户端请求,根据匹配结 创建一个包含 `httpbin.org` 的上游服务,你可以使用它进行测试。这是一个返回服务,它将返回我们在请求中传递的参数。 +:::note 注意 +你可以通过以下命令从 `config.yaml` 中获取 `admin_key` 并保存到环境变量: + +```bash +admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') +``` + +::: + ```shell curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; \ --H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +-H "X-API-KEY: $admin_key" -X PUT -d ' { "type": "roundrobin", "nodes": { @@ -70,7 +79,7 @@ curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; \ }' ``` -在该命令中,我们指定了 Apache APISIX 的 Admin API Key 为 `edd1c9f034335f136f87ad84b625c8f1`,并且使用 `roundrobin` 作为负载均衡机制,并设置了 `httpbin.org:80` 为上游服务。为了将该上游绑定到路由,此处需要把 `upstream_id` 设置为 `1`。此处你可以在 `nodes` 下指定多个上游,以达到负载均衡的效果。 +在该命令中,我们使用保存在 `$admin_key` 中的 Apache APISIX Admin API Key,并且使用 `roundrobin` 作为负载均衡机制,并设置了 `httpbin.org:80` 为上游服务。为了将该上游绑定到路由,此处需要把 `upstream_id` 设置为 `1`。此处你可以在 `nodes` 下指定多个上游,以达到负载均衡的效果。 如需了解更多信息,请参考[上游](../terminology/upstream.md)。 @@ -78,7 +87,7 @@ curl "http://127.0.0.1:9180/apisix/admin/upstreams/1"; \ ```shell curl "http://127.0.0.1:9180/apisix/admin/routes/1"; \ --H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +-H "X-API-KEY: $admin_key" -X PUT -d ' { "methods": ["GET"], "host": "example.com", @@ -93,7 +102,7 @@ curl "http://127.0.0.1:9180/apisix/admin/routes/1"; \ ```shell curl "http://127.0.0.1:9180/apisix/admin/routes/1"; \ --H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d ' +-H "X-API-KEY: $admin_key" -X PUT -d ' { "methods": ["GET"], "host": "example.com",
