liyin37 opened a new issue #103:
URL: https://github.com/apache/apisix-docker/issues/103
2020/12/14 09:42:35 [error] 54#54: *960335 [lua] init.lua:180:
http_ssl_phase(): failed to fetch ssl config: failed to fetch SSL certificate:
not found, context: ssl_certificate_by_lua*, client: 10.112.0.116, server:
0.0.0.0:9443
2020/12/14 09:42:58 [error] 54#54: *963324 [lua] init.lua:180:
http_ssl_phase(): failed to fetch ssl config: failed to fetch SSL certificate:
not found, context: ssl_certificate_by_lua*, client: 10.112.0.116, server:
0.0.0.0:9443
the config.yaml is below:
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for
security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
ssl:
enable: true # ssl is disabled by default
# enable it to use your own cert and key
enable_http2: true
listen_port: 9443
ssl_trusted_certificate: /usr/local/apisix/conf/cert/ca.pem # Specifies
a file path with trusted CA certificates in the PEM format
# used to verify the
certificate when APISIX needs to do SSL/TLS handshaking
# with external services
(e.g. etcd)
ssl_cert: /usr/local/apisix/conf/cert/server.pem
ssl_cert_key: /usr/local/apisix/conf/cert/server.key
ssl_protocols: "TLSv1.2 TLSv1.3"
ssl_ciphers:
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_session_tickets: false # disable ssl_session_tickets
by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
# ref:
https://github.com/mozilla/server-side-tls/issues/135
key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin
ssl key into etcd.
# If set this, must be a string
of length 16. And it will encrypt ssl key with AES-128-CBC
# !!! So do not change it after
saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
etcd:
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
- "http://gistack-etcd:2379"; # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
docker ps :
dbb324ca4312
registry.cn-beijing.aliyuncs.com/gisuni/apisix:2.1-centos "sh -c
'/usr/bin/api…" 2 hours ago Up 2 hours
0.0.0.0:9080->9080/tcp, 0.0.0.0:9443->9443/tcp gistack-apisix
59c37ca479d6 registry.cn-beijing.aliyuncs.com/gisuni/etcd:3.4.9
"/entrypoint.sh etcd" 2 hours ago Up 2 hours
0.0.0.0:2379->2379/tcp, 2380/tcp gistack-etcd
the image all use official images
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
