[GitHub] [apisix-dashboard] bzp2010 opened a new pull request, #2517: test: move server info unit cases to e2e
bzp2010 opened a new pull request, #2517: URL: https://github.com/apache/apisix-dashboard/pull/2517 Please answer these questions before submitting a pull request, **or your PR will get closed**. **Why submit this pull request?** - [ ] Bugfix - [ ] New feature provided - [x] Improve performance - [ ] Backport patches **What changes will this PR take into?** Migrating unit tests to E2E implementations -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] bzp2010 merged pull request #2516: chore: merge master branch to next branch on 220713
bzp2010 merged PR #2516: URL: https://github.com/apache/apisix-dashboard/pull/2516 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-dashboard] branch next updated: chore: merge master branch to next branch on 220713 (#2516)
This is an automated email from the ASF dual-hosted git repository. bzp2010 pushed a commit to branch next in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git The following commit(s) were added to refs/heads/next by this push: new d6a2567b chore: merge master branch to next branch on 220713 (#2516) d6a2567b is described below commit d6a2567bdf53d72c0bdffad878da3470aed0630c Author: Zeping Bai AuthorDate: Wed Jul 13 14:50:19 2022 +0800 chore: merge master branch to next branch on 220713 (#2516) Co-authored-by: 房森 <72308243+fangsen9...@users.noreply.github.com> Co-authored-by: Young --- .../filter/invalid_request.go} | 26 -- .../filter/invalid_request_test.go}| 13 ++- api/internal/route.go | 7 -- api/test/e2e/{gzip => middlewares}/gzip_test.go| 8 +++ .../invalid_request_test.go} | 25 - .../middlewares_suite_test.go} | 6 ++--- docs/en/latest/deploy-with-docker.md | 2 ++ web/src/pages/Route/Create.tsx | 8 ++- web/src/pages/Route/typing.d.ts| 1 + 9 files changed, 63 insertions(+), 33 deletions(-) diff --git a/api/test/e2e/gzip/gzip_suite_test.go b/api/internal/filter/invalid_request.go similarity index 67% copy from api/test/e2e/gzip/gzip_suite_test.go copy to api/internal/filter/invalid_request.go index 13380cf0..8c1ebc5c 100644 --- a/api/test/e2e/gzip/gzip_suite_test.go +++ b/api/internal/filter/invalid_request.go @@ -14,16 +14,28 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package gzip_test +package filter import ( - "testing" + "net/url" + "strings" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/gin-gonic/gin" ) -func TestGzip(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "gzip suite") +// InvalidRequest provides a filtering mechanism for illegitimate requests +func InvalidRequest() gin.HandlerFunc { + return func(c *gin.Context) { + if !checkURL(c.Request.URL) { + c.AbortWithStatus(403) + } + c.Next() + } +} + +func checkURL(url *url.URL) bool { + if strings.Contains(url.Path, "..") { + return false + } + return true } diff --git a/api/test/e2e/gzip/gzip_suite_test.go b/api/internal/filter/invalid_request_test.go similarity index 72% copy from api/test/e2e/gzip/gzip_suite_test.go copy to api/internal/filter/invalid_request_test.go index 13380cf0..986a7910 100644 --- a/api/test/e2e/gzip/gzip_suite_test.go +++ b/api/internal/filter/invalid_request_test.go @@ -14,16 +14,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package gzip_test +package filter import ( + "net/url" "testing" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/stretchr/testify/assert" ) -func TestGzip(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "gzip suite") +func TestURLCheck_double_dot(t *testing.T) { + assert.Equal(t, false, checkURL(&url.URL{Path: "../../../etc/hosts"})) + assert.Equal(t, false, checkURL(&url.URL{Path: "/../../../etc/hosts"})) + assert.Equal(t, true, checkURL(&url.URL{Path: "/etc/hosts"})) } diff --git a/api/internal/route.go b/api/internal/route.go index 937fe300..d200ae2e 100644 --- a/api/internal/route.go +++ b/api/internal/route.go @@ -57,8 +57,11 @@ func SetUpRouter() *gin.Engine { } r := gin.New() logger := log.GetLogger(log.AccessLog) - r.Use(gzip.Gzip(gzip.DefaultCompression)) - r.Use(filter.CORS(), filter.RequestId(), filter.IPFilter(), filter.RequestLogHandler(logger), filter.SchemaCheck(), filter.RecoverHandler(), filter.Authentication()) + // security + r.Use(filter.RequestLogHandler(logger), filter.IPFilter(), filter.InvalidRequest(), filter.Authentication()) + + // misc + r.Use(gzip.Gzip(gzip.DefaultCompression), filter.CORS(), filter.RequestId(), filter.SchemaCheck(), filter.RecoverHandler()) r.Use(static.Serve("/", static.LocalFile(filepath.Join(conf.WorkDir, conf.WebDir), false))) r.NoRoute(func(c *gin.Context) { c.File(fmt.Sprintf("%s/index.html", filepath.Join(conf.WorkDir, conf.WebDir))) diff --git a/api/test/e2e/gzip/gzip_test.go b/api/test/e2e/middlewares/gzip_test.go similarity index 90% copy from api/test/e2e/gzip/gzip_test.go copy to api/test/e2e/middlewares/gzip_test.go index 3508199a..87e0ac0c 100644 --- a/api/test/e2e/gzip/gzip_test.go +++ b/api/test/e2e/middlewares/gzip_test.go @@ -14,18 +14,18 @@ * See the License for the specific language governing permissions
[GitHub] [apisix] spacewander commented on a diff in pull request #7412: feat(promethues): add ngx.shared.DICT status
spacewander commented on code in PR #7412: URL: https://github.com/apache/apisix/pull/7412#discussion_r919694784 ## apisix/plugins/prometheus/exporter.lua: ## @@ -122,6 +122,14 @@ function _M.http_init(prometheus_enabled_in_stream) "Etcd modify index for APISIX keys", {"key"}) +metrics.shared_dict_capacity_bytes = prometheus:gauge("shared_dict_capacity_bytes", +"capacity every moment of nginx shared DICT since APISIX start", Review Comment: I am afraid I can't understand what this means... Could you change the description? ## apisix/plugins/prometheus/exporter.lua: ## @@ -352,13 +360,50 @@ local function etcd_modify_index() end +local function shared_dict_status() +local attr = plugin.plugin_attr(plugin_name) +if not attr or not attr.shared_DICT then +return +end + +local name = {} +local set_shared_dict_param = function (shared_dict_name) Review Comment: We can put this in the for loop instead of defining a new function to solve it? The function definition can't be JIT and should be avoided. ## apisix/plugins/prometheus/exporter.lua: ## @@ -352,13 +360,50 @@ local function etcd_modify_index() end +local function shared_dict_status() +local attr = plugin.plugin_attr(plugin_name) Review Comment: We can list the shdict in https://github.com/apache/apisix/blob/master/apisix/cli/ngx_tpl.lua, instead of requiring the users to configure them? Since the usage of shdict is an implementation detail. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-helm-chart] tao12345666333 commented on issue #312: docs: add "how to configure features in the config-default.yaml"
tao12345666333 commented on issue #312: URL: https://github.com/apache/apisix-helm-chart/issues/312#issuecomment-1182818928 I think it's a very common and fundamental behavior that anyone using Helm basically knows/understands. There is a document on APISIX Ingress using *-plugin-runner in our documentation. https://github.com/apache/apisix-ingress-controller/blob/master/docs/en/latest/tutorials/how-to-use-go-plugin-runner-in-apisix-ingress.md#install- apisix-ingress The documentation exists because its configuration is specific and not easy to understand. So in my opinion, this can be described in one sentence, and it's not even worth describing. Of course, the above is only my personal opinion, and we also very welcome any contribution, if there is a contribution to this content, we will also accept it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] AlfonsoGonz commented on a diff in pull request #7435: docs: enable mTLS with the mqtt-proxy plugin
AlfonsoGonz commented on code in PR #7435: URL: https://github.com/apache/apisix/pull/7435#discussion_r919691230 ## docs/en/latest/plugins/mqtt-proxy.md: ## @@ -123,6 +123,39 @@ curl http://127.0.0.1:9080/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f03 MQTT connections with different client ID will be forwarded to different nodes based on the consistent hash algorithm. If client ID is missing, client IP is used instead for load balancing. +## Enabling mTLS with mqtt-proxy plugin + +Stream proxies use TCP connections and can accept TLS. Follow the guide about [how to accept tls over tcp connections](../stream-proxy.md/#accept-tls-over-tcp-connection) to open a stream proxy with enabled TLS. + +The `mqtt-proxy` plugin is enabled through TCP communications on the specified port for the stream proxy, and will also require clients to authenticate via TLS if tls is set to true. + +Configure `ssl` providing the CA certificate and the server certificate, together with a list of SNIs. Steps to protect `stream_routes` with `ssl` are equivalent to the ones to [protect Routes](../mtls.md/#protect-route) + +### Create a stream_route using mqtt-proxy plugin and mTLS + +Here is an example of how create a stream_route which is using the `mqtt-proxy` plugin, providing the CA certificate, the client certificate and the client key (for self-signed certificates which are not trusted by your host, use the `-k` flag): + +```shell +curl --cacert /path/to/ca.pem --key /path/to/client.key.pem --cert /path/to/client.pem 127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' Review Comment: Actually it is. Both mTLS for the admin API and the mqtt proxy were enabled. I think this flags sould be removed from the curl request to avoid confusion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #7433: fix: the query string is repeated twice when enable http-to-https and append-query-string (#7394)
spacewander commented on code in PR #7433: URL: https://github.com/apache/apisix/pull/7433#discussion_r919689728 ## apisix/plugins/redirect.lua: ## @@ -55,13 +55,32 @@ local schema = { }, http_to_https = {type = "boolean"}, encode_uri = {type = "boolean", default = false}, -append_query_string = {type = "boolean", default = false}, +append_query_string = {type = "boolean"}, +}, +allOf = { +{ +oneOf = { +{required = {"uri"}}, +{required = {"regex_uri"}}, +{required = {"http_to_https"}}, +}, +}, +-- append_query_string and http_to_https are exclusive +{ +oneOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +{ +["not"] = { +anyOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +}, +}, +}, +}, +}, }, -oneOf = { -{required = {"uri"}}, -{required = {"regex_uri"}}, -{required = {"http_to_https"}} Review Comment: Give it a try: ``` oneOf = { {required = {"uri"}}, {required = {"regex_uri"}}, {required = {"http_to_https"}, ["not"] = { required = {"append_query_string"} }} } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] codecov-commenter commented on pull request #2516: chore: merge master branch to next branch on 220713
codecov-commenter commented on PR #2516: URL: https://github.com/apache/apisix-dashboard/pull/2516#issuecomment-1182806371 # [Codecov](https://codecov.io/gh/apache/apisix-dashboard/pull/2516?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > Merging [#2516](https://codecov.io/gh/apache/apisix-dashboard/pull/2516?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (cb51967) into [next](https://codecov.io/gh/apache/apisix-dashboard/commit/59eb16e02721cc701be6a7b2a50effb3b4356012?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (59eb16e) will **decrease** coverage by `0.01%`. > The diff coverage is `44.44%`. ```diff @@Coverage Diff @@ ## next#2516 +/- ## == - Coverage 48.56% 48.55% -0.02% == Files 40 41 +1 Lines2963 2972 +9 == + Hits 1439 1443 +4 - Misses 1336 1341 +5 Partials 188 188 ``` | Flag | Coverage Δ | | |---|---|---| | backend-unit-test | `48.55% <44.44%> (-0.02%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more. | [Impacted Files](https://codecov.io/gh/apache/apisix-dashboard/pull/2516?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | | |---|---|---| | [api/internal/filter/invalid\_request.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2516/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2ZpbHRlci9pbnZhbGlkX3JlcXVlc3QuZ28=) | `44.44% <44.44%> (ø)` | | -- [Continue to review full report at Codecov](https://codecov.io/gh/apache/apisix-dashboard/pull/2516?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/apisix-dashboard/pull/2516?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [59eb16e...cb51967](https://codecov.io/gh/apache/apisix-dashboard/pull/2516?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #7425: feat: run `apisix init` in directory other than /usr/local/apisix
spacewander commented on code in PR #7425: URL: https://github.com/apache/apisix/pull/7425#discussion_r919681087 ## apisix/cli/apisix.lua: ## @@ -22,6 +22,7 @@ local apisix_home = "/usr/local/apisix" local pkg_cpath = apisix_home .. "/deps/lib64/lua/5.1/?.so;" .. apisix_home .. "/deps/lib/lua/5.1/?.so;" local pkg_path = apisix_home .. "/deps/share/lua/5.1/?.lua;" + .. apisix_home .. "/?.lua;" Review Comment: Could we break pkg_path into two parts and add each part to each side of pkg_path_org? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] bzp2010 opened a new pull request, #2516: chore: merge master branch to next branch on 220713
bzp2010 opened a new pull request, #2516: URL: https://github.com/apache/apisix-dashboard/pull/2516 Please answer these questions before submitting a pull request, **or your PR will get closed**. **Why submit this pull request?** - [ ] Bugfix - [ ] New feature provided - [ ] Improve performance - [x] Backport patches **What changes will this PR take into?** Merge cumulative changes from master branch to next branch to maintain dual branch merge compatibility. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #7438: bug: the problem of data precision loss when grpc transcode has Uint64 type in request data
spacewander commented on issue #7438: URL: https://github.com/apache/apisix/issues/7438#issuecomment-1182802975 https://apisix.apache.org/docs/apisix/plugins/grpc-transcode/#options-for-pb_option The `int64_as_string` option can be used to encode int64 as `#123...` and the client needs to convert it from string to real int64. Not a perfect solution but a workaround. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-dashboard] branch next updated: feat: move plugin config unit cases to e2e (#2515)
This is an automated email from the ASF dual-hosted git repository. bzp2010 pushed a commit to branch next in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git The following commit(s) were added to refs/heads/next by this push: new 59eb16e0 feat: move plugin config unit cases to e2e (#2515) 59eb16e0 is described below commit 59eb16e02721cc701be6a7b2a50effb3b4356012 Author: Zeping Bai AuthorDate: Wed Jul 13 14:01:34 2022 +0800 feat: move plugin config unit cases to e2e (#2515) --- .../handler/plugin_config/plugin_config_test.go| 715 - .../e2e/plugin_config/plugin_config_suite_test.go | 4 +- api/test/e2e/plugin_config/plugin_config_test.go | 234 +++ 3 files changed, 124 insertions(+), 829 deletions(-) diff --git a/api/internal/handler/plugin_config/plugin_config_test.go b/api/internal/handler/plugin_config/plugin_config_test.go deleted file mode 100644 index 6b871f65.. --- a/api/internal/handler/plugin_config/plugin_config_test.go +++ /dev/null @@ -1,715 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package plugin_config - -import ( - "errors" - "fmt" - "net/http" - "testing" - - "github.com/shiningrush/droplet" - "github.com/shiningrush/droplet/data" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - - "github.com/apache/apisix-dashboard/api/internal/core/entity" - "github.com/apache/apisix-dashboard/api/internal/core/store" - "github.com/apache/apisix-dashboard/api/internal/handler" -) - -func TestPluginConfig_Get(t *testing.T) { - tests := []struct { - caseDesc string - giveInput *GetInput - giveRet*entity.PluginConfig - giveErrerror - wantErrerror - wantGetKey string - wantRetinterface{} - }{ - { - caseDesc: "normal", - giveInput: &GetInput{ID: "1"}, - wantGetKey: "1", - giveRet: &entity.PluginConfig{ - BaseInfo: entity.BaseInfo{ - ID: "1", - }, - Plugins: map[string]interface{}{ - "limit-count": map[string]interface{}{ - "count": 2, - "time_window": 60, - "rejected_code": 503, - "key": "remote_addr", - }, - }, - }, - wantRet: &entity.PluginConfig{ - BaseInfo: entity.BaseInfo{ - ID: "1", - }, - Plugins: map[string]interface{}{ - "limit-count": map[string]interface{}{ - "count": 2, - "time_window": 60, - "rejected_code": 503, - "key": "remote_addr", - }, - }, - }, - }, - { - caseDesc: "store get failed", - giveInput: &GetInput{ID: "failed_key"}, - wantGetKey: "failed_key", - giveErr:fmt.Errorf("get failed"), - wantErr:fmt.Errorf("get failed"), - wantRet: &data.SpecCodeResponse{ - StatusCode: http.StatusInternalServerError, - }, - }, - } - - for _, tc := range tests { - t.Run(tc.caseDesc, func(t *testing.T) { - getCalled := true -
[GitHub] [apisix-dashboard] bzp2010 merged pull request #2515: test: move plugin config unit cases to e2e
bzp2010 merged PR #2515: URL: https://github.com/apache/apisix-dashboard/pull/2515 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-helm-chart] juzhiyuan commented on issue #312: docs: add "how to configure features in the config-default.yaml"
juzhiyuan commented on issue #312: URL: https://github.com/apache/apisix-helm-chart/issues/312#issuecomment-1182796363 Yes 👍 The thing is, in the `apache/apisix-ingress-controller`'s tutorials and documents, we mainly mention that we could use the following command to install apisix: ```sh helm repo add apisix https://charts.apiseven.com helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update kubectl create ns ingress-apisix helm install apisix apisix/apisix \ --set gateway.type=LoadBalancer \ --set ingress-controller.enabled=true \ --namespace ingress-apisix \ --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix kubectl get service --namespace ingress-apisix ``` But we don't mention how to update configurations in the `config-default.yaml` file, so I would prefer to add some descriptions to make it more straightforward for users. 🙏 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: fix(http-logger): avoid empty Authorization header by default (#7444)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 25325fe1f fix(http-logger): avoid empty Authorization header by default (#7444) 25325fe1f is described below commit 25325fe1fb8b6973b83b0df265d832020be23887 Author: 罗泽轩 AuthorDate: Wed Jul 13 13:49:54 2022 +0800 fix(http-logger): avoid empty Authorization header by default (#7444) Signed-off-by: spacewander --- apisix/plugins/http-logger.lua| 2 +- docs/en/latest/plugins/http-logger.md | 2 +- docs/zh/latest/plugins/http-logger.md | 2 +- t/plugin/http-logger2.t | 56 +++ 4 files changed, 59 insertions(+), 3 deletions(-) diff --git a/apisix/plugins/http-logger.lua b/apisix/plugins/http-logger.lua index 3d3ebdfb4..93cd8c9be 100644 --- a/apisix/plugins/http-logger.lua +++ b/apisix/plugins/http-logger.lua @@ -33,7 +33,7 @@ local schema = { type = "object", properties = { uri = core.schema.uri_def, -auth_header = {type = "string", default = ""}, +auth_header = {type = "string"}, timeout = {type = "integer", minimum = 1, default = 3}, include_req_body = {type = "boolean", default = false}, include_resp_body = {type = "boolean", default = false}, diff --git a/docs/en/latest/plugins/http-logger.md b/docs/en/latest/plugins/http-logger.md index 87ec78fa0..5128af235 100644 --- a/docs/en/latest/plugins/http-logger.md +++ b/docs/en/latest/plugins/http-logger.md @@ -38,7 +38,7 @@ This will allow the ability to send log data requests as JSON objects to monitor | Name | Type| Required | Default | Valid values | Description | | -- | --- | | - | | | | uri| string | True | | | URI of the HTTP/HTTPS server. | -| auth_header| string | False| ""| | Authorization headers if required. | +| auth_header| string | False| | | Authorization headers if required. | | timeout| integer | False| 3 | [1,...] | Time to keep the connection alive for after sending a request. | | name | string | False| "http logger" | | Unique identifier to identify the logger. | | include_req_body | boolean | False| false | [false, true] | When set to `true` includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations. | diff --git a/docs/zh/latest/plugins/http-logger.md b/docs/zh/latest/plugins/http-logger.md index 606a82f60..1cdad3c8b 100644 --- a/docs/zh/latest/plugins/http-logger.md +++ b/docs/zh/latest/plugins/http-logger.md @@ -32,7 +32,7 @@ title: http-logger | 名称 | 类型| 必选项 | 默认值| 有效值 | 描述 | | | --- | -- | - | --- | | | uri | string | 必须 | | | `HTTP/HTTPS` 服务器的 URI。 | -| auth_header | string | 可选 | ""| | 授权头部。 | +| auth_header | string | 可选 | |
[GitHub] [apisix] spacewander closed issue #7431: bug: HTTP logger should avoid add an empty Authorization header if `conf.auth_header` is not set
spacewander closed issue #7431: bug: HTTP logger should avoid add an empty Authorization header if `conf.auth_header` is not set URL: https://github.com/apache/apisix/issues/7431 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #7444: fix(http-logger): avoid empty Authorization header by default
spacewander merged PR #7444: URL: https://github.com/apache/apisix/pull/7444 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] avinal commented on a diff in pull request #7262: docs: Add configuration docs for apisix and env variables
avinal commented on code in PR #7262: URL: https://github.com/apache/apisix/pull/7262#discussion_r919653641 ## docs/en/latest/configuration/environment-variables.md: ## @@ -0,0 +1,144 @@ +--- +title: Environment Variables +--- + + + +## Default Environment Variables + +Many environment variables can be used to configure APISIX and change its behavior. Not all the environment variables are user-MODIFICABLE. + +:::note +Environment variables beginning with `APISIX_` are reserved for APISIX internal usage. Do not define any environment variables with this prefix or modify them unless advised to do so. + +::: + + `APISIX_CONF_EXPIRE_TIME` + +| Default | Type| Remarks | +| --- | --- | -- | +| 3600s | NON-MODIFICABLE | Only used in the multilingual plugins (ext-plugin) | + +When the APISIX configuration is modified, it sends a new `PrepareConf` call to the Plugin Runner. Currently, no mechanism exists to notify the Plugin Runner of configuration change/removal. The `APISIX_CONF_EXPIRE_TIME` is a workaround to set the conf cache to expire time. The Plugin Runner caches the conf slightly longer than this environment variable value, if the configuration is still existing after the set time, a new `PrepareConf` call is sent to create a new configuration. + + `APISIX_PATH` Review Comment: Okay this will be better -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] codecov-commenter commented on pull request #2515: test: move labels unit cases to e2e
codecov-commenter commented on PR #2515: URL: https://github.com/apache/apisix-dashboard/pull/2515#issuecomment-1182742225 # [Codecov](https://codecov.io/gh/apache/apisix-dashboard/pull/2515?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > Merging [#2515](https://codecov.io/gh/apache/apisix-dashboard/pull/2515?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (6053b27) into [next](https://codecov.io/gh/apache/apisix-dashboard/commit/ece2554811bfd0db532973996a63e879e946ee24?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (ece2554) will **decrease** coverage by `21.46%`. > The diff coverage is `n/a`. ```diff @@ Coverage Diff @@ ## next#2515 +/- ## === - Coverage 70.02% 48.56% -21.47% === Files 193 40 -153 Lines7464 2963 -4501 Branches 8600 -860 === - Hits 5227 1439 -3788 + Misses 1938 1336 -602 + Partials 299 188 -111 ``` | Flag | Coverage Δ | | |---|---|---| | backend-e2e-test-ginkgo | `?` | | | backend-unit-test | `48.56% <ø> (-0.33%)` | :arrow_down: | | frontend-e2e-test | `?` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more. | [Impacted Files](https://codecov.io/gh/apache/apisix-dashboard/pull/2515?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | | |---|---|---| | [api/internal/utils/version.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL3V0aWxzL3ZlcnNpb24uZ28=) | `0.00% <0.00%> (-100.00%)` | :arrow_down: | | [api/internal/filter/request\_id.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2ZpbHRlci9yZXF1ZXN0X2lkLmdv) | `0.00% <0.00%> (-100.00%)` | :arrow_down: | | [api/internal/core/entity/entity.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2NvcmUvZW50aXR5L2VudGl0eS5nbw==) | `0.00% <0.00%> (-90.91%)` | :arrow_down: | | [api/internal/core/store/storehub.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2NvcmUvc3RvcmUvc3RvcmVodWIuZ28=) | `0.00% <0.00%> (-73.11%)` | :arrow_down: | | [api/internal/handler/proto/proto.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2hhbmRsZXIvcHJvdG8vcHJvdG8uZ28=) | `0.00% <0.00%> (-67.26%)` | :arrow_down: | | [api/internal/utils/closer.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL3V0aWxzL2Nsb3Nlci5nbw==) | `0.00% <0.00%> (-66.67%)` | :arrow_down: | | [api/internal/handler/data\_loader/route\_import.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2hhbmRsZXIvZGF0YV9sb2FkZXIvcm91dGVfaW1wb3J0Lmdv) | `11.32% <0.00%> (-64.16%)` | :arrow_down: | | [api/internal/filter/schema.go](https://codecov.io/gh/apache/apisix-dashboard/pull/2515/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-YXBpL2ludGVybmFsL2ZpbHRlci9zY2hlbWEuZ28=) | `0.00% <0.00%> (-56.00%)` | :arrow_down: | | [api/internal/handler/s
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #767: Feature suggestion: support forward auth for Ingress resource
tao12345666333 commented on issue #767: URL: https://github.com/apache/apisix-ingress-controller/issues/767#issuecomment-1182741064 @mhh12121 This feature has been implemented in #937 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] bzp2010 opened a new pull request, #2515: test: move labels unit cases to e2e
bzp2010 opened a new pull request, #2515: URL: https://github.com/apache/apisix-dashboard/pull/2515 Please answer these questions before submitting a pull request, **or your PR will get closed**. **Why submit this pull request?** - [ ] Bugfix - [ ] New feature provided - [x] Improve performance - [ ] Backport patches **What changes will this PR take into?** Migrating unit tests to E2E implementations -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] airclear commented on issue #7279: help request: Why can't I find authz-casdoor plugin?
airclear commented on issue #7279: URL: https://github.com/apache/apisix/issues/7279#issuecomment-1182728075 @tzssangglass env same as @saltwang , I use curl to config the route casdoor plugin , result like this: `{"code":1,"message":"schema validate failed: schema not found, path: plugins.authz-casdoor","data":null,"request_id":"b6be9eda-bd71-453f-a178-6462ed32b5f7"}` curl: ``` curl "http://apisix..com:32380/apisix/admin/routes/3a8b12cf"; -H 'Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTc2ODQ4NjIsImlhdCI6MTY1NzY4MTI2Miwic3ViIjoiYWRtaW4ifQ.34vkMLKyjVjUQ5eC0Y9kCqEv98BvkmbXE6gw5-3Dkvk' -X PUT -d ' { "uri": "/anything/*", "name": "casdoor-httpbin", "methods": ["GET"], "host": "httpbin..com", "plugins": { "authz-casdoor": { "endpoint_addr":"http://10.200.180.82:7001";, "callback_url":"http://httpbin..com:32380/anything/callback";, "client_id":"223c6180503181a2da92", "client_secret":"b9add612d0142bfa3f9bd62cf0013e9cfbdd82ff" } }, "upstream_id": "5ce57b8e", "status": 1 }' ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-helm-chart] tao12345666333 commented on issue #312: docs: add "how to configure features in the config-default.yaml"
tao12345666333 commented on issue #312: URL: https://github.com/apache/apisix-helm-chart/issues/312#issuecomment-1182727153 `helm --set` is equivalent to modifying the values file of `charts/apisix`. Then the relevant configuration will be mounted into the APISIX Pod, as well as APISIX's own configuration file. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] mhh12121 commented on issue #767: Feature suggestion: support forward auth for Ingress resource
mhh12121 commented on issue #767: URL: https://github.com/apache/apisix-ingress-controller/issues/767#issuecomment-1182722138 So how's the thing going about this plugin ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] juzhiyuan commented on issue #7449: help request: router dispatch
juzhiyuan commented on issue #7449: URL: https://github.com/apache/apisix/issues/7449#issuecomment-1182710670 Also, could you please paste the screenshot and descriptions into this issue? Then more team members could check. 🙏 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #7435: docs: enable mTLS with the mqtt-proxy plugin
tzssangglass commented on code in PR #7435: URL: https://github.com/apache/apisix/pull/7435#discussion_r919605088 ## docs/en/latest/plugins/mqtt-proxy.md: ## @@ -123,6 +123,39 @@ curl http://127.0.0.1:9080/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f03 MQTT connections with different client ID will be forwarded to different nodes based on the consistent hash algorithm. If client ID is missing, client IP is used instead for load balancing. +## Enabling mTLS with mqtt-proxy plugin + +Stream proxies use TCP connections and can accept TLS. Follow the guide about [how to accept tls over tcp connections](../stream-proxy.md/#accept-tls-over-tcp-connection) to open a stream proxy with enabled TLS. + +The `mqtt-proxy` plugin is enabled through TCP communications on the specified port for the stream proxy, and will also require clients to authenticate via TLS if tls is set to true. + +Configure `ssl` providing the CA certificate and the server certificate, together with a list of SNIs. Steps to protect `stream_routes` with `ssl` are equivalent to the ones to [protect Routes](../mtls.md/#protect-route) + +### Create a stream_route using mqtt-proxy plugin and mTLS + +Here is an example of how create a stream_route which is using the `mqtt-proxy` plugin, providing the CA certificate, the client certificate and the client key (for self-signed certificates which are not trusted by your host, use the `-k` flag): + +```shell +curl --cacert /path/to/ca.pem --key /path/to/client.key.pem --cert /path/to/client.pem 127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' Review Comment: IMO, here use `--cacert` `--cert ` `--key` in `curl` means that the APISIX adminAPI was enabled mTLS, not the stream route enabled mTLS. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] startzhuzhu commented on issue #2499: The last_report_time attribute in the system information of apisix-dashboard is Invalid date
startzhuzhu commented on issue #2499: URL: https://github.com/apache/apisix-dashboard/issues/2499#issuecomment-1182708138 OK. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] juzhiyuan commented on issue #7449: help request: 路由正则匹配
juzhiyuan commented on issue #7449: URL: https://github.com/apache/apisix/issues/7449#issuecomment-1182707496 Hi, please read the following documents: 1. https://apisix.apache.org/docs/apisix/terminology/router/#configuration 2. https://apisix.apache.org/docs/apisix/router-radixtree/ 3. https://github.com/api7/lua-resty-radixtree -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] netlify[bot] commented on pull request #1211: docs: update too long blog title 3/3
netlify[bot] commented on PR #1211: URL: https://github.com/apache/apisix-website/pull/1211#issuecomment-1182705328 ### 👷 Deploy request for *apache-apisix* pending review. [Visit the deploys page to approve it](https://app.netlify.com/sites/apache-apisix/deploys) | Name | Link | |-|| |🔨 Latest commit | 0e05cf8a05b5aee2083ee8a49380496e42438a7c | -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY opened a new pull request, #1211: docs: update too long blog title 3/3
SylviaBABY opened a new pull request, #1211: URL: https://github.com/apache/apisix-website/pull/1211 Changes: Update too long title of Blog -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #7433: fix: the query string is repeated twice when enable http-to-https and append-query-string (#7394)
tzssangglass commented on code in PR #7433: URL: https://github.com/apache/apisix/pull/7433#discussion_r919601305 ## apisix/plugins/redirect.lua: ## @@ -55,13 +55,32 @@ local schema = { }, http_to_https = {type = "boolean"}, encode_uri = {type = "boolean", default = false}, -append_query_string = {type = "boolean", default = false}, +append_query_string = {type = "boolean"}, +}, +allOf = { +{ +oneOf = { +{required = {"uri"}}, +{required = {"regex_uri"}}, +{required = {"http_to_https"}}, +}, +}, +-- append_query_string and http_to_https are exclusive +{ +oneOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +{ +["not"] = { +anyOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +}, +}, +}, +}, +}, }, -oneOf = { -{required = {"uri"}}, -{required = {"regex_uri"}}, -{required = {"http_to_https"}} Review Comment: ``` http_to_https = { ["not"] = {required = {"uri", "regex_uri", "append_query_string"}} }, uri = { ["not"] = {required = {"regex_uri", "http_to_https"}} }, regex_uri = { ["not"] = {required = {"uri", "http_to_https"}} }, ``` what about this form? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] Baoyuantop commented on issue #2499: The last_report_time attribute in the system information of apisix-dashboard is Invalid date
Baoyuantop commented on issue #2499: URL: https://github.com/apache/apisix-dashboard/issues/2499#issuecomment-1182703882 So only remove this field from the UI if it is not in the API response? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-helm-chart] juzhiyuan commented on issue #312: docs: add "how to configure features in the config-default.yaml"
juzhiyuan commented on issue #312: URL: https://github.com/apache/apisix-helm-chart/issues/312#issuecomment-1182702168 @tao12345666333 Could you please check this[1]? We indeed could inject configurations when using Helm [1] https://the-asf.slack.com/archives/CUC5MN17A/p1657630350382909?thread_ts=1657549138.916759&cid=CUC5MN17A -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] codecov-commenter commented on pull request #1149: ci: upgrade e2e-test
codecov-commenter commented on PR #1149: URL: https://github.com/apache/apisix-ingress-controller/pull/1149#issuecomment-1182701608 # [Codecov](https://codecov.io/gh/apache/apisix-ingress-controller/pull/1149?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > Merging [#1149](https://codecov.io/gh/apache/apisix-ingress-controller/pull/1149?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (abe10b8) into [master](https://codecov.io/gh/apache/apisix-ingress-controller/commit/a649751dbdd42cea64ad574dda6fe1eeba6a4a5a?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (a649751) will **not change** coverage. > The diff coverage is `n/a`. > :exclamation: Current head abe10b8 differs from pull request most recent head c75d930. Consider uploading reports for the commit c75d930 to get more accurate results ```diff @@ Coverage Diff @@ ## master#1149 +/- ## === Coverage 30.53% 30.53% === Files 81 81 Lines9895 9895 === Hits 3021 3021 Misses 6549 6549 Partials 325 325 ``` -- [Continue to review full report at Codecov](https://codecov.io/gh/apache/apisix-ingress-controller/pull/1149?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/apache/apisix-ingress-controller/pull/1149?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [a649751...c75d930](https://codecov.io/gh/apache/apisix-ingress-controller/pull/1149?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] juzhiyuan opened a new issue, #7450: docs: highlight introductions that need to be configured in different locations
juzhiyuan opened a new issue, #7450: URL: https://github.com/apache/apisix/issues/7450 ### Current State ### Background In the OpenTelemetry plugin's document[1], there have three locations that need to be configured: 1. When creating a Route/Service/Global Plugin, we need to configure attributes like `sampler.xxx`. 2. This plugin is disabled by default, we need to enable this plugin in the `config.yaml` file. 3. When using custom OpenTelemetry Collector's configurations, we need to configure `plugin_attr.opentelemetry.xxx` in the `config.yaml` file. This case[2] shows that some users will ignore configuration locations when using plugins, even though there has one sentence showing that `You can set the collecting by specifying the configuration in conf/config.yaml.`. **Wrong Usage:** ![image](https://user-images.githubusercontent.com/2106987/178638833-c0909985-484f-4f61-be8b-7b5e921b84df.png) [1] https://apisix.apache.org/docs/apisix/plugins/opentelemetry [2] https://the-asf.slack.com/archives/CUC5MN17A/p1657549138916759 ### Desired State We have nearly 90 plugins, and some other plugins need to be configured separately. I suggest: 1. For those plugins, we need to highlight that the plugin has multiple locations to configure. 2. In the document's different sections, e.g., `Attributes`, `How to enable`, and `How to set collecting`, we should use Docusaurus's `admonitions` feature[1] to highlight which place to configure. ![image](https://user-images.githubusercontent.com/2106987/178639322-fd95a3cc-be6b-4ec4-b125-5b5e7d16bfde.png) ### Related Links 1. https://github.com/apache/apisix/issues/7448 2. https://github.com/apache/apisix-helm-chart/issues/312 [1] https://docusaurus.io/docs/markdown-features/admonitions -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] 1renwuruiming commented on issue #7449: help request: 路由正则匹配
1renwuruiming commented on issue #7449: URL: https://github.com/apache/apisix/issues/7449#issuecomment-118261 @juzhiyuan 我发送了一些邮件到您的邮箱,并提供了一些日志截图,想要咨询一下apisix对于复杂路由的匹配规则是怎样的,是否和nginx一样,又是如何使用的呢 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-helm-chart] tao12345666333 commented on issue #312: docs: add "how to configure features in the config-default.yaml"
tao12345666333 commented on issue #312: URL: https://github.com/apache/apisix-helm-chart/issues/312#issuecomment-1182699988 > When we use the `apache/apisix-ingress-controller` project by HelmChart, we could use the `--set xxx=xxx` command to inject user-defined configurations to the `apache/apisix` project's `config.yaml file` according to this template file[1], but the document[2] misses this part. Some users don't know about this case, so the issue[3] occurred. This description is wrong. For the Apache APISIX Ingress project, it is a control plane component that does not modify any configuration files of APISIX (neither config.yaml nor config-default.yaml will modify) All modifications related to the APISIX configuration file are done in the `charts/apisix` Helm chart -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] startzhuzhu commented on issue #2499: The last_report_time attribute in the system information of apisix-dashboard is Invalid date
startzhuzhu commented on issue #2499: URL: https://github.com/apache/apisix-dashboard/issues/2499#issuecomment-1182699826 ![image](https://user-images.githubusercontent.com/46840316/178638767-a28347fd-60bc-4519-a512-91ae97402b3b.png) ![image](https://user-images.githubusercontent.com/46840316/178638899-5f04dcc4-85d0-4503-8f81-dfeb84b34c6e.png) This field was present in version 2.12, but not in later versions and we want to keep this field. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] AlinsRan opened a new pull request, #1149: ci: upgrade e2e-test
AlinsRan opened a new pull request, #1149: URL: https://github.com/apache/apisix-ingress-controller/pull/1149 ### Type of change: - [ ] Bugfix - [ ] New feature provided - [ ] Improve performance - [ ] Backport patches ### What this PR does / why we need it: ### Pre-submission checklist: * [ ] Did you explain what problem does this PR solve? Or what new features have been added? * [ ] Have you added corresponding test cases? * [ ] Have you modified the corresponding document? * [ ] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix-ingress-controller#community) first** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] 1renwuruiming opened a new issue, #7449: help request: 路由正则匹配
1renwuruiming opened a new issue, #7449: URL: https://github.com/apache/apisix/issues/7449 ### Description nginx存在多种路由的匹配规则,apisix是否存在同样的方式,如果存在,是如何使用的呢 ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-helm-chart] juzhiyuan opened a new issue, #312: docs: add "how to configure features in the config-default.yaml"
juzhiyuan opened a new issue, #312: URL: https://github.com/apache/apisix-helm-chart/issues/312 ## Background When we use the `apache/apisix-ingress-controller` project by HelmChart, we could use the `--set xxx=xxx` command to inject user-defined configurations to the `apache/apisix` project's `config.yaml file` according to this template file[1], but the document[2] misses this part. Some users don't know about this case, so the issue[3] occurred. ## How to resolve this case? 1. Add a new guide to explain the relationship between `apache/apisix-helm-chart`, `apache/apisix` and `apache/apisix-ingress-controller`, and add a diagram or content to present the working mechanism, e.g., why and how `--set` could inject user-defined configurations to `config.yaml`. 2. In the `apache/apisix-ingress-controller` or `apache/apisix-helm-chart`'s documents, add a FAQ/guide to explain how to configure features in the `config-default.yaml` file. [1] https://github.com/apache/apisix-helm-chart/blob/master/charts/apisix/templates/configmap.yaml#L31 [2] https://apisix.apache.org/docs/helm-chart/apisix-ingress-controller/ [3] https://the-asf.slack.com/archives/CUC5MN17A/p1657549138916759 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7448: feat: Allow OpenTelemetry configuration (especially Collector) to be specified on a per route level
tzssangglass commented on issue #7448: URL: https://github.com/apache/apisix/issues/7448#issuecomment-1182693019 Most of the current observable row plugins are of a similar design (e.g. skywalking). The current design architecture of APISIX does not provide for multi-tenant isolation. To satisfy this feature, it may be necessary not just to modify the plugin, but to rethink in the architectural design whether multi-tenant isolation scenarios need to be introduced. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: feat(deployment): data plane connects to control plane (#7417)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 3623ec20d feat(deployment): data plane connects to control plane (#7417) 3623ec20d is described below commit 3623ec20da44be51a6659bab7df29df5b92edb8c Author: 罗泽轩 AuthorDate: Wed Jul 13 10:00:57 2022 +0800 feat(deployment): data plane connects to control plane (#7417) Signed-off-by: spacewander --- apisix/cli/file.lua| 11 apisix/cli/schema.lua | 26 ++ apisix/core/etcd.lua | 13 + t/cli/test_deployment_data_plane.sh| 29 ...e_customed_nginx.sh => test_deployment_mtls.sh} | 31 ++ 5 files changed, 105 insertions(+), 5 deletions(-) diff --git a/apisix/cli/file.lua b/apisix/cli/file.lua index 196ba1c86..c4154423f 100644 --- a/apisix/cli/file.lua +++ b/apisix/cli/file.lua @@ -263,6 +263,17 @@ function _M.read_yaml_conf(apisix_home) default_conf.etcd = default_conf.deployment.role_data_plane.control_plane default_conf.apisix.enable_admin = false end + +if default_conf.etcd and default_conf.deployment.certs then +-- copy certs configuration to keep backward compatible +local certs = default_conf.deployment.certs +local etcd = default_conf.etcd +if not etcd.tls then +etcd.tls = {} +end +etcd.tls.cert = certs.cert +etcd.tls.key = certs.cert_key +end end return default_conf diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua index 04ab28879..fa76326a9 100644 --- a/apisix/cli/schema.lua +++ b/apisix/cli/schema.lua @@ -327,6 +327,32 @@ local deployment_schema = { }, }, required = {"etcd", "role_control_plane"} +}, +data_plane = { +properties = { +role_data_plane = { +properties = { +config_provider = { +enum = {"control_plane", "yaml"} +}, +}, +required = {"config_provider"} +}, +certs = { +properties = { +cert = { type = "string" }, +cert_key = { type = "string" }, +trusted_ca_cert = { type = "string" }, +}, +dependencies = { +cert = { +required = {"cert_key"}, +}, +}, +default = {}, +}, +}, +required = {"role_data_plane"} } } diff --git a/apisix/core/etcd.lua b/apisix/core/etcd.lua index d877ac6fa..8213d564b 100644 --- a/apisix/core/etcd.lua +++ b/apisix/core/etcd.lua @@ -114,6 +114,19 @@ local function new() end proxy_by_conf_server = true + +elseif local_conf.deployment.role == "data_plane" then +if has_mtls_support() and local_conf.deployment.certs.cert then +local cert = local_conf.deployment.certs.cert +local cert_key = local_conf.deployment.certs.cert_key + +if not etcd_conf.tls then +etcd_conf.tls = {} +end + +etcd_conf.tls.cert = cert +etcd_conf.tls.key = cert_key +end end end diff --git a/t/cli/test_deployment_data_plane.sh b/t/cli/test_deployment_data_plane.sh index c430c3a97..ef5ef61e3 100755 --- a/t/cli/test_deployment_data_plane.sh +++ b/t/cli/test_deployment_data_plane.sh @@ -30,13 +30,11 @@ deployment: config_provider: control_plane control_plane: host: -- http://127.0.0.1:2379 +- https://127.0.0.1:12379 prefix: "/apisix" timeout: 30 -certs: -cert: /path/to/ca-cert -cert_key: /path/to/ca-cert -trusted_ca_cert: /path/to/ca-cert +tls: +verify: false ' > conf/config.yaml make run @@ -61,3 +59,24 @@ if [ ! $code -eq 404 ]; then fi echo "passed: data_plane should not enable Admin API" + +echo ' +deployment: +role: data_plane +role_data_plane: +config_provider: control_plane +control_plane: +host: +- https://127.0.0.1:12379 +prefix: "/apisix" +timeout: 30 +' > conf/config.yaml + +out=$(make run 2>&1 || true) +make stop +if ! echo "$out" | grep 'failed to load the configuration: https://127.0.0.1:12379: certificate verify failed'; then +echo "failed: should verify certificate by default" +exit 1 +fi + +echo "passed: should verify certificate
[GitHub] [apisix] spacewander merged pull request #7417: feat(deployment): data plane connects to control plane
spacewander merged PR #7417: URL: https://github.com/apache/apisix/pull/7417 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: build(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (#7443)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new c61acf6e5 build(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (#7443) c61acf6e5 is described below commit c61acf6e576863c47561ed013c2d78b435b53334 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> AuthorDate: Wed Jul 13 09:56:33 2022 +0800 build(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (#7443) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/doc-lint.yml | 2 +- .github/workflows/lint.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/doc-lint.yml b/.github/workflows/doc-lint.yml index d6b64921b..868ea3f69 100644 --- a/.github/workflows/doc-lint.yml +++ b/.github/workflows/doc-lint.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: 🚀 Use Node.js -uses: actions/setup-node@v3.3.0 +uses: actions/setup-node@v3.4.0 with: node-version: '12.x' - run: npm install -g markdownlint-cli@0.25.0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 233810016..803bd8aab 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -32,7 +32,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Nodejs env -uses: actions/setup-node@v3.3.0 +uses: actions/setup-node@v3.4.0 with: node-version: '12'
[GitHub] [apisix] spacewander merged pull request #7443: build(deps): bump actions/setup-node from 3.3.0 to 3.4.0
spacewander merged PR #7443: URL: https://github.com/apache/apisix/pull/7443 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: change(grpc): map grpc code OUT_OF_RANGE to http code 400 (#7419)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new b498e98ff change(grpc): map grpc code OUT_OF_RANGE to http code 400 (#7419) b498e98ff is described below commit b498e98fff5e19a5e927d3ba25d9d9219a062356 Author: vyvyan2010 <375636...@qq.com> AuthorDate: Wed Jul 13 09:56:22 2022 +0800 change(grpc): map grpc code OUT_OF_RANGE to http code 400 (#7419) --- apisix/plugins/grpc-transcode.lua | 25 + 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/apisix/plugins/grpc-transcode.lua b/apisix/plugins/grpc-transcode.lua index 7da62a805..2405d33ec 100644 --- a/apisix/plugins/grpc-transcode.lua +++ b/apisix/plugins/grpc-transcode.lua @@ -77,15 +77,24 @@ local schema = { required = { "proto_id", "service", "method" }, } +-- Based on https://cloud.google.com/apis/design/errors#handling_errors local status_rel = { -["3"] = 400, -["4"] = 504, -["5"] = 404, -["7"] = 403, -["11"] = 416, -["12"] = 501, -["13"] = 500, -["14"] = 503, +["1"] = 499,-- CANCELLED +["2"] = 500,-- UNKNOWN +["3"] = 400,-- INVALID_ARGUMENT +["4"] = 504,-- DEADLINE_EXCEEDED +["5"] = 404,-- NOT_FOUND +["6"] = 409,-- ALREADY_EXISTS +["7"] = 403,-- PERMISSION_DENIED +["8"] = 429,-- RESOURCE_EXHAUSTED +["9"] = 400,-- FAILED_PRECONDITION +["10"] = 409, -- ABORTED +["11"] = 400, -- OUT_OF_RANGE +["12"] = 501, -- UNIMPLEMENTED +["13"] = 500, -- INTERNAL +["14"] = 503, -- UNAVAILABLE +["15"] = 500, -- DATA_LOSS +["16"] = 401, -- UNAUTHENTICATED } local _M = {
[GitHub] [apisix] spacewander merged pull request #7419: change(grpc): add the correspondence between grpc code and http code
spacewander merged PR #7419: URL: https://github.com/apache/apisix/pull/7419 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #7262: docs: Add configuration docs for apisix and env variables
spacewander commented on code in PR #7262: URL: https://github.com/apache/apisix/pull/7262#discussion_r919571742 ## docs/en/latest/configuration/config-default.md: ## @@ -0,0 +1,1028 @@ +--- +title: Configuration Options +--- + + + +This page describes the configuration options defined in the `conf/config-default.yaml`. + +## `apisix` + +Configuration options for `apisix`. + +### `admin_api_mtls` + +```yaml +# Depends on `port_admin` and `https_admin`. +admin_api_mtls: + + # (string) Path of your self-signed server side cert. + admin_ssl_cert: "" + + # (string) Path of your self-signed server side key. + admin_ssl_cert_key: "" + + # (string) Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates. + admin_ssl_ca_cert: "" +``` + +### `admin_listen` + +```yaml +# The address of the admin api. Use a separate port for admin to listen on. This configuration is disabled by default. +admin_listen: + + # (ip address) Specific IP address to listen on. If not set then the server will listen on all interfaces i.e 0.0.0.0 + ip: 127.0.0.1 + + # (port number) Specific port to listen on. + port: 9180 +``` + +### `allow_admin` + +```yaml +# (ip address list) Allow admin only on specific IP addresses. If not set, then admin is allowed on all IP addresses. Put valid IP addresses only. fore more reference see: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow +allow_admin: + - 127.0.0.0/24 + # - "::/64" +``` + +### `config_center` + +```yaml +# (string) Use config from YAML file or store config in etcd. Possible values: etcd, yaml. +config_center: etcd +``` + +### `control` + +```yaml +# The address of the control api. Use a separate port for control to listen on. This configuration is disabled by default. +control: + + # (ip address) Specific IP address to listen on. + ip: 127.0.0.1 + + # (port number) Specific port to listen on. + port: 9090 +``` + +### `delete_uri_tail_slash` + +```yaml +# (boolean) Enabling this will remove the trailing slash from the request URI. +delete_uri_tail_slash: false +``` + +### `disable_sync_configuration_during_start` + +```yaml +# (boolean) Disable sync configuration during start. +disable_sync_configuration_during_start: false +``` + +### `dns_resolver` + +```yaml +# (ip address list) The list of DNS resolvers to use. If not set, then the system default resolver will be used i.e reads from /etc/resolv.conf. This configuration is disabled by default. +dns_resolver: + - 1.1.1.1 + - 8.8.8.8 +``` + +### `dns_resolver_valid` + +```yaml +# (integer) The number of seconds to override the TTL of valid records. If not set, then the system default TTL will be used. This configuration is disabled by default. +dns_resolver_valid: 30 +``` + +### `enable_admin` + +```yaml +# (boolean) Enable admin mode. +enable_admin: true +``` + +### `enable_admin_cors` + +```yaml +# (boolean) Enable CORS response header for admin. +enable_admin_cors: true +``` + +### `enable_control` + +```yaml +# (boolean) Enable control mode. +enable_control: true +``` + +### `enable_dev_mode` + +```yaml +# (boolean) Sets nginx worker_processes to 1 when set true. This is useful for development. +enable_dev_mode: false +``` + +### `enable_ipv6` + +```yaml +# (boolean) Enable ipv6. +enable_ipv6: true +``` + +### `enable_resolv_search_opt` + +```yaml +# (boolean) Enables search option in resolv.conf. +enable_resolv_search_opt: true +``` + +### `enable_reuseport` + +```yaml +# (boolean) Enables nginx SO_RESUEPORT switch if set true. +enable_reuseport: true +``` + +### `enable_server_tokens` + +```yaml +# (boolean) Enables the APISIX version number in the server header. +enable_server_tokens: true +``` + +### `extra_lua_cpath` + +```yaml +# (string) Load third party lua code by extending lua_package_cpath. It can override the built-in lua code. +extra_lua_cpath: "" +``` + +### `extra_lua_path` + +```yaml +# (string) Load third party lua code by extending lua_package_path. It can override the built-in lua code. +extra_lua_path: "" +``` + +### `https_admin` + +```yaml +# (boolean) Enables HTTPS when using a separate port for admin API. Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as HTTPS certificate and key. +https_admin: true +``` + +### `lua_module_hook` + +```yaml +# (string) The hook module used to inject third party lua code. The format is "my_project.my_hook". This configuration is disabled by default. +lua_module_hook: "" +``` + +### `node_listen` + +```yaml +# APISIX will listen on this port. This configuration has two forms. +# (port numbers) It can accept a list of ports if no other child configuration is set. This form is the default configuration. +node_listen: + - 9080 + +# (ip, port, protocol) Or it can also accept a list of (ip address, port, protocol). This is useful when you want to specify ip address, port and protocol. This form is disabled by default. +node_listen: + + # (ip addr
[GitHub] [apisix] spacewander commented on pull request #7410: change: optimize the way how to run a specific test case.
spacewander commented on PR #7410: URL: https://github.com/apache/apisix/pull/7410#issuecomment-1182669836 I will vote for using `prove -I../test-nginx/lib -I./ -r -s t/` instead. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: docs: fix error link (#7447)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 322dd8af5 docs: fix error link (#7447) 322dd8af5 is described below commit 322dd8af54f99bf9f59ac81880165febe2140309 Author: Fei Han <97138894+hf400...@users.noreply.github.com> AuthorDate: Wed Jul 13 09:49:20 2022 +0800 docs: fix error link (#7447) Co-authored-by: hf400159 --- docs/en/latest/discovery.md | 2 +- docs/zh/latest/discovery.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/latest/discovery.md b/docs/en/latest/discovery.md index 5442c874e..eddcf03a4 100644 --- a/docs/en/latest/discovery.md +++ b/docs/en/latest/discovery.md @@ -51,7 +51,7 @@ It is very easy for APISIX to extend the discovery client, the basic steps are a First, create a directory `eureka` under `apisix/discovery`; -After that, add [`init.lua`](../../../apisix/discovery/eureka/init.lua) in the `apisix/discovery/eureka` directory; +After that, add [`init.lua`](https://github.com/apache/apisix/blob/master/apisix/discovery/init.lua) in the `apisix/discovery/eureka` directory; Then implement the `_M.init_worker()` function for initialization and the `_M.nodes(service_name)` function for obtaining the list of service instance nodes in `init.lua`: diff --git a/docs/zh/latest/discovery.md b/docs/zh/latest/discovery.md index 87687caf5..6271334ff 100644 --- a/docs/zh/latest/discovery.md +++ b/docs/zh/latest/discovery.md @@ -49,7 +49,7 @@ APISIX 要扩展注册中心其实是件非常容易的事情,其基本步骤 首先,在 `apisix/discovery` 下创建 `eureka` 目录; -其次,在 `apisix/discovery/eureka` 目录中添加 [`init.lua`](../../../apisix/discovery/eureka/init.lua); +其次,在 `apisix/discovery/eureka` 目录中添加 [`init.lua`](https://github.com/apache/apisix/blob/master/apisix/discovery/init.lua); 然后在 `init.lua` 实现用于初始化的 `init_worker` 函数以及用于获取服务实例节点列表的 `nodes` 函数即可:
[GitHub] [apisix] spacewander merged pull request #7447: docs: fix link error in service discovery documentation
spacewander merged PR #7447: URL: https://github.com/apache/apisix/pull/7447 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #719: request help: Does apisix-ingress-controller service account require coordination.k8s.io in clusterRule
github-actions[bot] commented on issue #719: URL: https://github.com/apache/apisix-ingress-controller/issues/719#issuecomment-1182662101 This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1138: request help: How to debug e2e-test fail case efficiently
tao12345666333 commented on issue #1138: URL: https://github.com/apache/apisix-ingress-controller/issues/1138#issuecomment-1181910013 Sure! Please! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] vyvyan2010 commented on a diff in pull request #7433: fix: the query string is repeated twice when enable http-to-https and append-query-string (#7394)
vyvyan2010 commented on code in PR #7433: URL: https://github.com/apache/apisix/pull/7433#discussion_r918953447 ## apisix/plugins/redirect.lua: ## @@ -55,13 +55,32 @@ local schema = { }, http_to_https = {type = "boolean"}, encode_uri = {type = "boolean", default = false}, -append_query_string = {type = "boolean", default = false}, +append_query_string = {type = "boolean"}, +}, +allOf = { +{ +oneOf = { +{required = {"uri"}}, +{required = {"regex_uri"}}, +{required = {"http_to_https"}}, +}, +}, +-- append_query_string and http_to_https are exclusive +{ +oneOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +{ +["not"] = { +anyOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +}, +}, +}, +}, +}, }, -oneOf = { -{required = {"uri"}}, -{required = {"regex_uri"}}, -{required = {"http_to_https"}} Review Comment: I have tried, but not succeed ``` ["not"] = { allOf = { {required = {"append_query_string"}}, {required = {"http_to_https"}}, } } ``` and ``` ["not"] = {required = {"append_query_string", "http_to_https"}}, ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] NMichas opened a new issue, #7448: feat: Allow OpenTelemetry configuration (especially Collector) to be specified on a per route level
NMichas opened a new issue, #7448: URL: https://github.com/apache/apisix/issues/7448 ### Description Currently, the Collector address (and possibly others?) information needs to be put in config.yaml (or set in values.yaml, or Helm CLI parameters when running APISIX in Kubernetes). This effectively means that all routes in APISIX are bound to use the same Collector. In a multi-tenant, or multi-user scenarios this might not be desired. A possible future enhancement would be to define Collectors on a per-route level, instead of globally. Relevant discussion on Slack: https://the-asf.slack.com/archives/CUC5MN17A/p1657549138916759 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] stillfox-lee commented on issue #1138: request help: How to debug e2e-test fail case efficiently
stillfox-lee commented on issue #1138: URL: https://github.com/apache/apisix-ingress-controller/issues/1138#issuecomment-1181737290 > For example, we can add an environment variable. If it is run locally by the developer, when a failure occurs, the relevant resources will be kept and not deleted. That's a good idea. Maybe I can create PR for this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #7433: fix: the query string is repeated twice when enable http-to-https and append-query-string (#7394)
spacewander commented on code in PR #7433: URL: https://github.com/apache/apisix/pull/7433#discussion_r918943555 ## apisix/plugins/redirect.lua: ## @@ -55,13 +55,32 @@ local schema = { }, http_to_https = {type = "boolean"}, encode_uri = {type = "boolean", default = false}, -append_query_string = {type = "boolean", default = false}, +append_query_string = {type = "boolean"}, +}, +allOf = { +{ +oneOf = { +{required = {"uri"}}, +{required = {"regex_uri"}}, +{required = {"http_to_https"}}, +}, +}, +-- append_query_string and http_to_https are exclusive +{ +oneOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +{ +["not"] = { +anyOf = { +{required = {"append_query_string"}}, +{required = {"http_to_https"}}, +}, +}, +}, +}, +}, }, -oneOf = { -{required = {"uri"}}, -{required = {"regex_uri"}}, -{required = {"http_to_https"}} Review Comment: https://github.com/apache/apisix/blob/ccfb00055c9814f3a94514e48aa583700ab94189/apisix/schema_def.lua#L420 We can use `not` operation to show the exclusive relationship? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] vyvyan2010 commented on pull request #7410: change: optimize the way how to run a specific test case.
vyvyan2010 commented on PR #7410: URL: https://github.com/apache/apisix/pull/7410#issuecomment-1181727408 > it's not another way, we have suggested to run the tests by `make test`, so why don't suggest use `prove -I../test-nginx/lib -I./ -r -s t/` instead ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] vyvyan2010 commented on a diff in pull request #7410: change: optimize the way how to run a specific test case.
vyvyan2010 commented on code in PR #7410: URL: https://github.com/apache/apisix/pull/7410#discussion_r918906889 ## docs/en/latest/building-apisix.md: ## @@ -276,7 +276,7 @@ For the error `Error unknown directive "lua_package_path" in /API_ASPIX/apisix/t To run a specific test case, use the command below: ```shell -prove -Itest-nginx/lib -r t/plugin/openid-connect.t +make test test=t/plugin/openid-connect.t Review Comment: i agree with `make test case=xxx`, what about @soulbird ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #7262: docs: Add configuration docs for apisix and env variables
tzssangglass commented on code in PR #7262: URL: https://github.com/apache/apisix/pull/7262#discussion_r918905138 ## docs/en/latest/configuration/environment-variables.md: ## @@ -0,0 +1,144 @@ +--- +title: Environment Variables +--- + + + +## Default Environment Variables + +Many environment variables can be used to configure APISIX and change its behavior. Not all the environment variables are user-MODIFICABLE. + +:::note +Environment variables beginning with `APISIX_` are reserved for APISIX internal usage. Do not define any environment variables with this prefix or modify them unless advised to do so. + +::: + + `APISIX_CONF_EXPIRE_TIME` + +| Default | Type| Remarks | +| --- | --- | -- | +| 3600s | NON-MODIFICABLE | Only used in the multilingual plugins (ext-plugin) | + +When the APISIX configuration is modified, it sends a new `PrepareConf` call to the Plugin Runner. Currently, no mechanism exists to notify the Plugin Runner of configuration change/removal. The `APISIX_CONF_EXPIRE_TIME` is a workaround to set the conf cache to expire time. The Plugin Runner caches the conf slightly longer than this environment variable value, if the configuration is still existing after the set time, a new `PrepareConf` call is sent to create a new configuration. + + `APISIX_PATH` Review Comment: what about listing them in a unified place, rather than occupying a position without any meaning? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #7410: change: optimize the way how to run a specific test case.
tzssangglass commented on code in PR #7410: URL: https://github.com/apache/apisix/pull/7410#discussion_r918902188 ## docs/en/latest/building-apisix.md: ## @@ -276,7 +276,7 @@ For the error `Error unknown directive "lua_package_path" in /API_ASPIX/apisix/t To run a specific test case, use the command below: ```shell -prove -Itest-nginx/lib -r t/plugin/openid-connect.t +make test test=t/plugin/openid-connect.t Review Comment: `make test test=xxx` maybe confusion? what about `make test case=xxx`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] avinal commented on a diff in pull request #7262: docs: Add configuration docs for apisix and env variables
avinal commented on code in PR #7262: URL: https://github.com/apache/apisix/pull/7262#discussion_r918837132 ## docs/en/latest/configuration/config-default.md: ## @@ -0,0 +1,1028 @@ +--- +title: Configuration Options +--- + + + +This page describes the configuration options defined in the `conf/config-default.yaml`. + +## `apisix` + +Configuration options for `apisix`. + +### `admin_api_mtls` + +```yaml +# Depends on `port_admin` and `https_admin`. +admin_api_mtls: + + # (string) Path of your self-signed server side cert. + admin_ssl_cert: "" + + # (string) Path of your self-signed server side key. + admin_ssl_cert_key: "" + + # (string) Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates. + admin_ssl_ca_cert: "" +``` + +### `admin_listen` + +```yaml +# The address of the admin api. Use a separate port for admin to listen on. This configuration is disabled by default. +admin_listen: + + # (ip address) Specific IP address to listen on. If not set then the server will listen on all interfaces i.e 0.0.0.0 + ip: 127.0.0.1 + + # (port number) Specific port to listen on. + port: 9180 +``` + +### `allow_admin` + +```yaml +# (ip address list) Allow admin only on specific IP addresses. If not set, then admin is allowed on all IP addresses. Put valid IP addresses only. fore more reference see: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow +allow_admin: + - 127.0.0.0/24 + # - "::/64" +``` + +### `config_center` + +```yaml +# (string) Use config from YAML file or store config in etcd. Possible values: etcd, yaml. +config_center: etcd +``` + +### `control` + +```yaml +# The address of the control api. Use a separate port for control to listen on. This configuration is disabled by default. +control: + + # (ip address) Specific IP address to listen on. + ip: 127.0.0.1 + + # (port number) Specific port to listen on. + port: 9090 +``` + +### `delete_uri_tail_slash` + +```yaml +# (boolean) Enabling this will remove the trailing slash from the request URI. +delete_uri_tail_slash: false +``` + +### `disable_sync_configuration_during_start` + +```yaml +# (boolean) Disable sync configuration during start. +disable_sync_configuration_during_start: false +``` + +### `dns_resolver` + +```yaml +# (ip address list) The list of DNS resolvers to use. If not set, then the system default resolver will be used i.e reads from /etc/resolv.conf. This configuration is disabled by default. +dns_resolver: + - 1.1.1.1 + - 8.8.8.8 +``` + +### `dns_resolver_valid` + +```yaml +# (integer) The number of seconds to override the TTL of valid records. If not set, then the system default TTL will be used. This configuration is disabled by default. +dns_resolver_valid: 30 +``` + +### `enable_admin` + +```yaml +# (boolean) Enable admin mode. +enable_admin: true +``` + +### `enable_admin_cors` + +```yaml +# (boolean) Enable CORS response header for admin. +enable_admin_cors: true +``` + +### `enable_control` + +```yaml +# (boolean) Enable control mode. +enable_control: true +``` + +### `enable_dev_mode` + +```yaml +# (boolean) Sets nginx worker_processes to 1 when set true. This is useful for development. +enable_dev_mode: false +``` + +### `enable_ipv6` + +```yaml +# (boolean) Enable ipv6. +enable_ipv6: true +``` + +### `enable_resolv_search_opt` + +```yaml +# (boolean) Enables search option in resolv.conf. +enable_resolv_search_opt: true +``` + +### `enable_reuseport` + +```yaml +# (boolean) Enables nginx SO_RESUEPORT switch if set true. +enable_reuseport: true +``` + +### `enable_server_tokens` + +```yaml +# (boolean) Enables the APISIX version number in the server header. +enable_server_tokens: true +``` + +### `extra_lua_cpath` + +```yaml +# (string) Load third party lua code by extending lua_package_cpath. It can override the built-in lua code. +extra_lua_cpath: "" +``` + +### `extra_lua_path` + +```yaml +# (string) Load third party lua code by extending lua_package_path. It can override the built-in lua code. +extra_lua_path: "" +``` + +### `https_admin` + +```yaml +# (boolean) Enables HTTPS when using a separate port for admin API. Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as HTTPS certificate and key. +https_admin: true +``` + +### `lua_module_hook` + +```yaml +# (string) The hook module used to inject third party lua code. The format is "my_project.my_hook". This configuration is disabled by default. +lua_module_hook: "" +``` + +### `node_listen` + +```yaml +# APISIX will listen on this port. This configuration has two forms. +# (port numbers) It can accept a list of ports if no other child configuration is set. This form is the default configuration. +node_listen: + - 9080 + +# (ip, port, protocol) Or it can also accept a list of (ip address, port, protocol). This is useful when you want to specify ip address, port and protocol. This form is disabled by default. +node_listen: + + # (ip address)
[GitHub] [apisix] avinal commented on a diff in pull request #7262: docs: Add configuration docs for apisix and env variables
avinal commented on code in PR #7262: URL: https://github.com/apache/apisix/pull/7262#discussion_r918836491 ## docs/en/latest/configuration/environment-variables.md: ## @@ -0,0 +1,144 @@ +--- +title: Environment Variables +--- + + + +## Default Environment Variables + +Many environment variables can be used to configure APISIX and change its behavior. Not all the environment variables are user-MODIFICABLE. + +:::note +Environment variables beginning with `APISIX_` are reserved for APISIX internal usage. Do not define any environment variables with this prefix or modify them unless advised to do so. + +::: + + `APISIX_CONF_EXPIRE_TIME` + +| Default | Type| Remarks | +| --- | --- | -- | +| 3600s | NON-MODIFICABLE | Only used in the multilingual plugins (ext-plugin) | + +When the APISIX configuration is modified, it sends a new `PrepareConf` call to the Plugin Runner. Currently, no mechanism exists to notify the Plugin Runner of configuration change/removal. The `APISIX_CONF_EXPIRE_TIME` is a workaround to set the conf cache to expire time. The Plugin Runner caches the conf slightly longer than this environment variable value, if the configuration is still existing after the set time, a new `PrepareConf` call is sent to create a new configuration. + + `APISIX_PATH` Review Comment: Yeah, we can, but it will be nice to present as much information we have in the docs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-docker] whichdew commented on issue #331: bug: probe failed
whichdew commented on issue #331: URL: https://github.com/apache/apisix-docker/issues/331#issuecomment-1181619625 > and error logs about this? ## apisix-dashboard ```shell -> kubectl logs -f -n apisix apisix-dashboard-77555778bd-nxrl7 {"level":"warn","ts":"2022-07-12T10:52:24.819Z","caller":"clientv3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"endpoint://client-46296962-bb03-4456-b834-99a37783b207/apisix-etcd:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: all SubConns are in TransientFailure, latest connection error: connection error: desc = \"transport: Error while dialing dial tcp 10.110.249.227:2379: connect: connection refused\""} 2022-07-12T10:52:24.820ZERROR storage/etcd.go:147 etcd get failed: context deadline exceeded 2022-07-12T10:52:24.820ZERROR store/storehub.go:76GenericStore init error: etcd get failed: context deadline exceeded 2022-07-12T10:52:24.820ZERROR server/store.go:32 init stores fail: %!w(*errors.errorString=&{etcd get failed: context deadline exceeded}) 2022-07-12T10:52:24.820ZERROR cmd/root.go:79 The Manager API server start failed: etcd get failed: context deadline exceeded Error: etcd get failed: context deadline exceeded ``` ## apisix-etcd ``` -> kubectl describe pod -n apisix apisix-etcd-0 Name: apisix-etcd-0 Namespace:apisix Priority: 0 Node: pve/192.168.1.4 Start Time: Tue, 12 Jul 2022 17:26:37 +0800 Labels: app.kubernetes.io/instance=apisix app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=etcd controller-revision-hash=apisix-etcd-656bbf6ffc helm.sh/chart=etcd-7.0.4 statefulset.kubernetes.io/pod-name=apisix-etcd-0 Annotations: checksum/token-secret: 61ac7b55e6de95aec1f7673faa1ca134b40fe1d997210cee87a864d934b3832e Status: Running IP: 10.244.0.68 IPs: IP: 10.244.0.68 Controlled By: StatefulSet/apisix-etcd Containers: etcd: Container ID: containerd://fda489ccde5d81099a96eb0463e6affaf7e9d06a69f9db4ef6df65e42605bb42 Image: docker.io/bitnami/etcd:3.4.18-debian-10-r14 Image ID: docker.io/bitnami/etcd@sha256:ce0f7334f0b31f341c0bcea4b9cec6fb1e37837400fd16c257f9f6e84e35192b Ports: 2379/TCP, 2380/TCP Host Ports: 0/TCP, 0/TCP State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: Error Exit Code:1 Started: Tue, 12 Jul 2022 18:55:14 +0800 Finished: Tue, 12 Jul 2022 18:57:17 +0800 Ready: False Restart Count: 19 Liveness: exec [/opt/bitnami/scripts/etcd/healthcheck.sh] delay=60s timeout=5s period=30s #success=1 #failure=5 Readiness: exec [/opt/bitnami/scripts/etcd/healthcheck.sh] delay=60s timeout=5s period=10s #success=1 #failure=5 Environment: BITNAMI_DEBUG: false MY_POD_IP: (v1:status.podIP) MY_POD_NAME: apisix-etcd-0 (v1:metadata.name) MY_STS_NAME: apisix-etcd ETCDCTL_API: 3 ETCD_ON_K8S: yes ETCD_START_FROM_SNAPSHOT: no ETCD_DISASTER_RECOVERY:no ETCD_NAME: $(MY_POD_NAME) ETCD_DATA_DIR: /bitnami/etcd/data ETCD_LOG_LEVEL:info ALLOW_NONE_AUTHENTICATION: yes ETCD_AUTH_TOKEN: jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10m ETCD_ADVERTISE_CLIENT_URLS: http://$(MY_POD_NAME).apisix-etcd-headless.apisix.svc.cluster.local:2379,http://apisix-etcd.apisix.svc.cluster.local:2379 ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379 ETCD_INITIAL_ADVERTISE_PEER_URLS: http://$(MY_POD_NAME).apisix-etcd-headless.apisix.svc.cluster.local:2380 ETCD_LISTEN_PEER_URLS: http://0.0.0.0:2380 ETCD_INITIAL_CLUSTER_TOKEN:etcd-cluster-k8s ETCD_INITIAL_CLUSTER_STATE:new ETCD_INITIAL_CLUSTER: apisix-etcd-0=http://apisix-etcd-0.apisix-etcd-headless.apisix.svc.cluster.local:2380,apisix-etcd-1=http://apisix-etcd-1.apisix-etcd-headless.apisix.svc.cluster.local:2380,apisix-etcd-2=http://apisix-etcd-2.apisix-etcd-headless.apisix.svc.cluster.local:2380 ETCD_CLUSTER_DOMAIN: apisix-etcd-headless.apisix.svc.cluster.local Mounts: /bitnami/etcd from data (rw) /opt/bitnami/etcd/certs/token/ from etcd-jwt-token (ro) /var/run/secrets/kubernetes.io/ser
[GitHub] [apisix-docker] whichdew opened a new issue, #331: bug: probe failed
whichdew opened a new issue, #331: URL: https://github.com/apache/apisix-docker/issues/331 ### Current Behavior ![image](https://user-images.githubusercontent.com/20438962/178460531-c74067b7-b261-4eb0-bde3-194d0715efa0.png) ``` Warning Unhealthy 8m50s (x3 over 9m50s) kubelet Liveness probe failed: command "/opt/bitnami/scripts/etcd/healthcheck.sh" timed out Warning Unhealthy 8m22s kubelet Readiness probe failed: Warning Unhealthy 8m22s kubelet Liveness probe failed: Normal Created 8m21s (x2 over 10m)kubelet Created container etcd Normal Started 8m21s (x2 over 10m)kubelet Started container etcd Normal Pulled8m21s (x2 over 10m)kubelet Container image "docker.io/bitnami/etcd:3.4.18-debian-10-r14" already present on machine Warning Unhealthy 40s (x34 over 9m50s) kubelet Readiness probe failed: command "/opt/bitnami/scripts/etcd/healthcheck.sh" timed out ``` As you can see, etcd and dashboard can't start ### Expected Behavior _No response_ ### Error Logs _No response_ ### Steps to Reproduce 1. kubeadm 1.24.2 2. create pv without storageClassName 3. helm install apisix apisix -n apisix ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7446: bug: probe failed
tzssangglass commented on issue #7446: URL: https://github.com/apache/apisix/issues/7446#issuecomment-1181610985 and error logs about this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7436: help request: the value returned by the gateway and the original interface is different
tzssangglass commented on issue #7436: URL: https://github.com/apache/apisix/issues/7436#issuecomment-1181610578 > Can we get the path of the request as it passes through the APISIX proxy and arrives upstream? so pls answer this question, and provide the full reproduction steps. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7314: bug: plugin:cors: config expose_headers using "**" has no handle when allow_credential set true
tzssangglass commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181609804 > For example, `**` for `allow origin` put the origin host to the `access-control-allow-origin`. > Other config is similar but just not handle the `expose_headers`. when `allow_credential ` is `true`, 1. if `allow_headers` is `**`, `Access-Control-Allow-Origin` would be ignored in response header; 2. if `expose_headers` is `**`, `Access-Control-Expose-Headers` would be `**`, should we make `Access-Control-Expose-Headers` ignored as `Access-Control-Allow-Origin`? I'm not sure, it's just an idea, you can try it on the browser. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] nthsky commented on issue #7314: bug: plugin:cors: config expose_headers using "**" has no handle when allow_credential set true
nthsky commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181601030 > > > > [https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua#L167-L172](https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua?rgh-link-date=2022-07-12T09%3A50%3A25Z#L167-L172) > > > > > > > > > when allow-credentials is true, it is not allowed to set other field to `*` > > > > > > ok, I get it. So far, APISIX returns the header `Foo:Bar`, but it is not available in the browser, I don't think this is due to APISIX but browser. > > Yes, but we need to know the exact meaning for `**` and why it's not effective. According to the plugin's code, `**` is special handling of the plugin. For example, `**` for `allow origin` put the origin host to the `access-control-allow-origin`. Other config is similar but just not handle the `expose_headers`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] AlfonsoGonz commented on a diff in pull request #7435: docs: enable mTLS with the mqtt-proxy plugin
AlfonsoGonz commented on code in PR #7435: URL: https://github.com/apache/apisix/pull/7435#discussion_r918812848 ## docs/en/latest/plugins/mqtt-proxy.md: ## @@ -123,6 +123,39 @@ curl http://127.0.0.1:9080/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f03 MQTT connections with different client ID will be forwarded to different nodes based on the consistent hash algorithm. If client ID is missing, client IP is used instead for load balancing. +## Enabling mTLS with mqtt-proxy plugin + +Stream proxies use TCP connections and can accept TLS. Follow the guide about [how to accept tls over tcp connections](https://apisix.apache.org/docs/apisix/stream-proxy/#accept-tls-over-tcp-connection) to open a stream proxy with enabled TLS. + +The `mqtt-proxy` plugin is enabled through TCP communications on the specified port for the stream proxy, and will also require clients to authenticate via TLS if tls is set to true. + +Configure `ssl` providing the CA certificate and the server certificate, together with a list of SNIs. Steps to protect `stream_routes` with `ssl` are equivalent to the ones to [protect Routes](https://apisix.apache.org/docs/apisix/mtls/#protect-route) + +### Create a stream_route using mqtt-proxy plugin and mTLS + +Here is an example of how create a stream_route which is using the `mqtt-proxy` plugin, providing the CA certificate, the client certificate and the client key (for self-signed certificates which are not trusted by your host, use the `-k` flag): + +``` +curl --cacert /path/to/ca.pem --key /path/to/client.key.pem --cert /path/to/client.pem 127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' +{ +"plugins": { +"mqtt-proxy": { +"protocol_name": "MQTT", +"protocol_level": 4 +} +}, +"sni": "", +"upstream": { +"nodes": { +"": 1 Review Comment: Fine! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] nthsky commented on issue #7314: bug: plugin:cors: config expose_headers using "**" has no handle when allow_credential set true
nthsky commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181595862 > > > [https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua#L167-L172](https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua?rgh-link-date=2022-07-12T09%3A50%3A25Z#L167-L172) > > > > > > when allow-credentials is true, it is not allowed to set other field to `*` > > ok, I get it. So far, APISIX returns the header `Foo:Bar`, but it is not available in the browser, I don't think this is due to APISIX but browser. But the cross origin policy is just what browser does and what `cors plugin` need to resolve. I think so. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] hf400159 commented on a diff in pull request #7435: docs: enable mTLS with the mqtt-proxy plugin
hf400159 commented on code in PR #7435: URL: https://github.com/apache/apisix/pull/7435#discussion_r918811019 ## docs/en/latest/plugins/mqtt-proxy.md: ## @@ -123,6 +123,39 @@ curl http://127.0.0.1:9080/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f03 MQTT connections with different client ID will be forwarded to different nodes based on the consistent hash algorithm. If client ID is missing, client IP is used instead for load balancing. +## Enabling mTLS with mqtt-proxy plugin + +Stream proxies use TCP connections and can accept TLS. Follow the guide about [how to accept tls over tcp connections](https://apisix.apache.org/docs/apisix/stream-proxy/#accept-tls-over-tcp-connection) to open a stream proxy with enabled TLS. + +The `mqtt-proxy` plugin is enabled through TCP communications on the specified port for the stream proxy, and will also require clients to authenticate via TLS if tls is set to true. + +Configure `ssl` providing the CA certificate and the server certificate, together with a list of SNIs. Steps to protect `stream_routes` with `ssl` are equivalent to the ones to [protect Routes](https://apisix.apache.org/docs/apisix/mtls/#protect-route) + +### Create a stream_route using mqtt-proxy plugin and mTLS + +Here is an example of how create a stream_route which is using the `mqtt-proxy` plugin, providing the CA certificate, the client certificate and the client key (for self-signed certificates which are not trusted by your host, use the `-k` flag): + +``` +curl --cacert /path/to/ca.pem --key /path/to/client.key.pem --cert /path/to/client.pem 127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' +{ +"plugins": { +"mqtt-proxy": { +"protocol_name": "MQTT", +"protocol_level": 4 +} +}, +"sni": "", +"upstream": { +"nodes": { +"": 1 Review Comment: My suggestion is to use 127.0.0.1, which is unified with other documentation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] 123libohan commented on issue #7436: help request: the value returned by the gateway and the original interface is different
123libohan commented on issue #7436: URL: https://github.com/apache/apisix/issues/7436#issuecomment-1181594546 > > response:{ > > "timestamp": "2022-07-11 19:32:04", > > "status": 401, > > "error": "Unauthorized", > > "path": "/map/api/_/_" > > } > > It looks like this is a Spring Boot project, and when the 401 appears, I remember it would redirect to login page in internal. > > You need to provide the full reproduction steps so that I can reproduce this problem locally. This is the case. Our back-end will judge whether we have permission to access this URL in the form of a token. However, when we conduct load balancing through APISIX, we find that the result returned by APISIX is not the result returned by our back-end. It becomes 404 page not found, while our back-end returns a 401 status code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] 123libohan commented on issue #7436: help request: the value returned by the gateway and the original interface is different
123libohan commented on issue #7436: URL: https://github.com/apache/apisix/issues/7436#issuecomment-1181594218 > This is the case. Our back-end will judge whether we have permission to access this URL in the form of a token. However, when we conduct load balancing through APISIX, we find that the result returned by APISIX is not the result returned by our back-end. It becomes 404 page not found, while our back-end returns a 401 status code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tokers commented on issue #7314: bug: plugin:cors: config expose_headers using "**" has no handle when allow_credential set true
tokers commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181590551 > > > [https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua#L167-L172](https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua?rgh-link-date=2022-07-12T09%3A50%3A25Z#L167-L172) > > > > > > when allow-credentials is true, it is not allowed to set other field to `*` > > ok, I get it. So far, APISIX returns the header `Foo:Bar`, but it is not available in the browser, I don't think this is due to APISIX but browser. Yes, but we need to know the exact meaning for `**` and why it's not effective. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] bzp2010 opened a new issue, #2514: feat: supports overriding configuration via environment variables
bzp2010 opened a new issue, #2514: URL: https://github.com/apache/apisix-dashboard/issues/2514 # Feature request ## Please describe your feature Currently we use a configuration file to define the configuration items of APISIX Dashboard, if modified only the configuration file can be modified, and the configuration file must be available to start properly. In some test environments or container deployments where writing configuration files is difficult, we expect to use environment variables to override Dashboard configuration items. ## Describe the solution you'd like - [ ] Support for overriding values in existing configuration files with environment variables (runtime override rather than file modification) - [ ] Support environment variables only starting (i.e. start without a configuration file) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] hf400159 opened a new pull request, #7447: docs: fix link error in service discovery documentation
hf400159 opened a new pull request, #7447: URL: https://github.com/apache/apisix/pull/7447 ### Description Fixes # (issue) ### Checklist - [ ] I have explained the need for this PR and the problem it solves - [ ] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-website] branch master updated: fix: error 301 redirect (#1210)
This is an automated email from the ASF dual-hosted git repository. juzhiyuan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix-website.git The following commit(s) were added to refs/heads/master by this push: new fd793bc8d8c fix: error 301 redirect (#1210) fd793bc8d8c is described below commit fd793bc8d8c7ad7d691ae7de0322f86e3edfa1d5 Author: Young AuthorDate: Tue Jul 12 18:10:10 2022 +0800 fix: error 301 redirect (#1210) --- .htaccess | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.htaccess b/.htaccess index 8fcd01ee3d0..2aada8315bf 100644 --- a/.htaccess +++ b/.htaccess @@ -10,7 +10,7 @@ ErrorDocument 404 /404.html ErrorDocument 403 /404.html RewriteEngine on -CheckSpelling on +CheckSpelling on Options -Indexes @@ -20,7 +20,6 @@ Options -Indexes Header set Access-Control-Allow-Headers "*" - ExpiresActive on @@ -32,10 +31,10 @@ Options -Indexes ExpiresByType application/javascript"access plus 1 hour" ExpiresByType application/json "access plus 1 hour" ExpiresDefault "access plus 10 days" + Redirect 301 "/docs/apisix/install" "/docs/apisix/how-to-build/" -Redirect 301 "/docs/apisix/plugins/" "/docs/apisix/plugins/batch-requests/" Redirect 301 "/docs/apisix/architecture-design/plugin/" "/docs/apisix/architecture-design/plugin-config/" Redirect 301 "/docs/apisix/2.13/FAQ/plugins.md/" "/docs/apisix/2.13/architecture-design/plugin/" Redirect 301 "/docs/ingress-controller/practices/proxy-the-httpbin-service-with-ingress" "/docs/ingress-controller/tutorials/proxy-the-httpbin-service-with-ingress/" @@ -44,10 +43,9 @@ Redirect 301 "/blog/2021/08/14/contributors-the-golden-metric-of-openSource-proj Redirect 301 "/blog/2022/02/10/apisix-splunk-integration/" "/blog/2022/02/10/splunk-apisix-integration/" Redirect 301 "/blog/2021/08/31/Apache%20APISIX%20×%20KubeSphere-a-better-gateway-and-K8S-Ingress-Controller/" "/blog/2021/08/31/apache-apisix-kubeSphere-a-better-gateway-and-k8s-ingress-controller/" Redirect 301 "/blog/2021/11/30/use-apisix-ingress-in-kubesphere/httpbin.org/" "/blog/2021/11/30/use-apisix-ingress-in-kubesphere/" -Redirect 301 "/blog/2021/08/18/auth-with-casbin-in-apache-apisix/" "/blog/2021/08/25/Auth-with-Casbin-in-Apache-APISIX" +Redirect 301 "/blog/2021/08/18/auth-with-casbin-in-apache-apisix/" "/blog/2021/08/25/Auth-with-Casbin-in-Apache-APISIX/" Redirect 301 "/zh/docs/apisix/install" "/zh/docs/apisix/how-to-build/" -Redirect 301 "/zh/docs/apisix/plugins/" "/zh/docs/apisix/plugins/batch-requests/" Redirect 301 "/zh/docs/apisix/architecture-design/plugin/" "/zh/docs/apisix/architecture-design/plugin-config/" Redirect 301 "/zh/docs/apisix/2.13/FAQ/plugins.md/" "/zh/docs/apisix/2.13/architecture-design/plugin/" Redirect 301 "/zh/docs/ingress-controller/practices/proxy-the-httpbin-service-with-ingress" "/zh/docs/ingress-controller/tutorials/proxy-the-httpbin-service-with-ingress/" @@ -56,4 +54,4 @@ Redirect 301 "/zh/blog/2021/08/14/contributors-the-golden-metric-of-openSource-p Redirect 301 "/zh/blog/2022/02/10/apisix-splunk-integration/" "/zh/blog/2022/02/10/splunk-apisix-integration/" Redirect 301 "/zh/blog/2021/08/31/Apache%20APISIX%20×%20KubeSphere-a-better-gateway-and-K8S-Ingress-Controller/" "/zh/blog/2021/08/31/apache-apisix-kubeSphere-a-better-gateway-and-k8s-ingress-controller/" Redirect 301 "/zh/blog/2021/11/30/use-apisix-ingress-in-kubesphere/httpbin.org/" "/zh/blog/2021/11/30/use-apisix-ingress-in-kubesphere/" -Redirect 301 "/zh/blog/2021/08/18/auth-with-casbin-in-apache-apisix/" "/zh/blog/2021/08/25/Auth-with-Casbin-in-Apache-APISIX" \ No newline at end of file +Redirect 301 "/zh/blog/2021/08/18/auth-with-casbin-in-apache-apisix/" "/zh/blog/2021/08/25/Auth-with-Casbin-in-Apache-APISIX"
[GitHub] [apisix-website] juzhiyuan merged pull request #1210: fix: error 301 redirect
juzhiyuan merged PR #1210: URL: https://github.com/apache/apisix-website/pull/1210 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] github-actions[bot] commented on issue #4642: request help: lua redis problem
github-actions[bot] commented on issue #4642: URL: https://github.com/apache/apisix/issues/4642#issuecomment-1181574931 This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] netlify[bot] commented on pull request #1210: fix: error 301 redirect
netlify[bot] commented on PR #1210: URL: https://github.com/apache/apisix-website/pull/1210#issuecomment-1181573825 ### 👷 Deploy Preview for *apache-apisix* processing. | Name | Link | |-|| |🔨 Latest commit | 178af7857ac5721241d689e4c528bd433cf58d68 | |🔍 Latest deploy log | https://app.netlify.com/sites/apache-apisix/deploys/62cd480789393d000849beb9 | -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SkyeYoung opened a new pull request, #1210: fix: error 301 redirect
SkyeYoung opened a new pull request, #1210: URL: https://github.com/apache/apisix-website/pull/1210 Fixes: #[Add issue number here] Changes: Screenshots of the change: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] dickens7 commented on pull request #1139: Add annotations to combine ApisixPluginConfig with k8s ingress resource
dickens7 commented on PR #1139: URL: https://github.com/apache/apisix-ingress-controller/pull/1139#issuecomment-1181571748 Official website document Direct access to this address is abnormal > https://apisix.apache.org/docs/apisix/plugins/echo/ ``` apisix.apache.org redirected you too many times. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7314: bug: plugin:cors: config expose_headers using "**" has no handle when allow_credential set true
tzssangglass commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181571447 > > [https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua#L167-L172](https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua?rgh-link-date=2022-07-12T09%3A50%3A25Z#L167-L172) > > when allow-credentials is true, it is not allowed to set other field to `*` ok, I get it. So far, APISIX returns the header `Foo:Bar`, but it is not available in the browser, I don't think this is due to APISIX but browser. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7436: help request: the value returned by the gateway and the original interface is different
tzssangglass commented on issue #7436: URL: https://github.com/apache/apisix/issues/7436#issuecomment-1181564430 > response:{ > "timestamp": "2022-07-11 19:32:04", > "status": 401, > "error": "Unauthorized", > "path": "/map/api/_/_" > } It looks like this is a Spring Boot project, and when the 401 appears, I remember it would redirect to login page in internal. You need to provide the full reproduction steps so that I can reproduce this problem locally. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] AlfonsoGonz commented on a diff in pull request #7435: docs: enable mTLS with the mqtt-proxy plugin
AlfonsoGonz commented on code in PR #7435: URL: https://github.com/apache/apisix/pull/7435#discussion_r918782071 ## docs/en/latest/plugins/mqtt-proxy.md: ## @@ -123,6 +123,39 @@ curl http://127.0.0.1:9080/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f03 MQTT connections with different client ID will be forwarded to different nodes based on the consistent hash algorithm. If client ID is missing, client IP is used instead for load balancing. +## Enabling mTLS with mqtt-proxy plugin + +Stream proxies use TCP connections and can accept TLS. Follow the guide about [how to accept tls over tcp connections](https://apisix.apache.org/docs/apisix/stream-proxy/#accept-tls-over-tcp-connection) to open a stream proxy with enabled TLS. + +The `mqtt-proxy` plugin is enabled through TCP communications on the specified port for the stream proxy, and will also require clients to authenticate via TLS if tls is set to true. + +Configure `ssl` providing the CA certificate and the server certificate, together with a list of SNIs. Steps to protect `stream_routes` with `ssl` are equivalent to the ones to [protect Routes](https://apisix.apache.org/docs/apisix/mtls/#protect-route) + +### Create a stream_route using mqtt-proxy plugin and mTLS + +Here is an example of how create a stream_route which is using the `mqtt-proxy` plugin, providing the CA certificate, the client certificate and the client key (for self-signed certificates which are not trusted by your host, use the `-k` flag): + +``` +curl --cacert /path/to/ca.pem --key /path/to/client.key.pem --cert /path/to/client.pem 127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' +{ +"plugins": { +"mqtt-proxy": { +"protocol_name": "MQTT", +"protocol_level": 4 +} +}, +"sni": "", +"upstream": { +"nodes": { +"": 1 Review Comment: The upstream node we are using is not 127.0.0.1, that's why I wrote it in a general way. However 127.0.0.1 is fine also. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] FangSen9000 commented on pull request #2502: feat: Adding batch deletion function for routing pages
FangSen9000 commented on PR #2502: URL: https://github.com/apache/apisix-dashboard/pull/2502#issuecomment-1181557289 > @FangSen9000 Any update here? I've had a day off, and I'll try to update it tonight -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] nthsky commented on issue #7314: bug: plugin:cors: config expose_headers using "**" has no handle when allow_credential set true
nthsky commented on issue #7314: URL: https://github.com/apache/apisix/issues/7314#issuecomment-1181556346 > https://github.com/apache/apisix/blob/master/apisix/plugins/cors.lua#L167-L172 when allow-credentials is true, it is not allowed to set other field to `*` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7436: help request: the value returned by the gateway and the original interface is different
tzssangglass commented on issue #7436: URL: https://github.com/apache/apisix/issues/7436#issuecomment-1181552078 > 404 Not Found Can we get the path of the request as it passes through the APISIX proxy and arrives upstream? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] SkyeYoung commented on pull request #2502: feat: Adding batch deletion function for routing pages
SkyeYoung commented on PR #2502: URL: https://github.com/apache/apisix-dashboard/pull/2502#issuecomment-1181549134 @FangSen9000 Any update here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] whichdew opened a new issue, #7446: bug: probe failed
whichdew opened a new issue, #7446: URL: https://github.com/apache/apisix/issues/7446 ### Current Behavior ![image](https://user-images.githubusercontent.com/20438962/178460531-c74067b7-b261-4eb0-bde3-194d0715efa0.png) ``` Warning Unhealthy 8m50s (x3 over 9m50s) kubelet Liveness probe failed: command "/opt/bitnami/scripts/etcd/healthcheck.sh" timed out Warning Unhealthy 8m22s kubelet Readiness probe failed: Warning Unhealthy 8m22s kubelet Liveness probe failed: Normal Created 8m21s (x2 over 10m)kubelet Created container etcd Normal Started 8m21s (x2 over 10m)kubelet Started container etcd Normal Pulled8m21s (x2 over 10m)kubelet Container image "docker.io/bitnami/etcd:3.4.18-debian-10-r14" already present on machine Warning Unhealthy 40s (x34 over 9m50s) kubelet Readiness probe failed: command "/opt/bitnami/scripts/etcd/healthcheck.sh" timed out ``` As you can see, etcd and dashboard can't start ### Expected Behavior _No response_ ### Error Logs _No response_ ### Steps to Reproduce 1. kubeadm 1.24.2 2. create pv without storageClassName 3. helm install apisix apisix -n apisix ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on pull request #7406: docs: update openid-connect plugin document
tzssangglass commented on PR #7406: URL: https://github.com/apache/apisix/pull/7406#issuecomment-1181547632 LGTM, except CI is broken. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] AlinsRan commented on a diff in pull request #1139: Add annotations to combine ApisixPluginConfig with k8s ingress resource
AlinsRan commented on code in PR #1139: URL: https://github.com/apache/apisix-ingress-controller/pull/1139#discussion_r918745713 ## test/e2e/suite-annotations/plugin_conifg.go: ## @@ -0,0 +1,188 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package annotations + +import ( + "fmt" + "net/http" + "time" + + "github.com/apache/apisix-ingress-controller/test/e2e/scaffold" + ginkgo "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/assert" +) + +func _createAPC(s *scaffold.Scaffold) { + apc := fmt.Sprintf(` +apiVersion: apisix.apache.org/v2beta3 +kind: ApisixPluginConfig +metadata: + name: echo-and-cors-apc +spec: + plugins: + - name: echo +enable: true +config: + before_body: "This is the preface" + after_body: "This is the epilogue" + headers: +X-Foo: v1 +X-Foo2: v2 + - name: cors +enable: true +`) + err := s.CreateResourceFromString(apc) Review Comment: Sure. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SkyeYoung commented on pull request #1028: chore: Adjusting the page layout
SkyeYoung commented on PR #1028: URL: https://github.com/apache/apisix-website/pull/1028#issuecomment-1181523596 @juxianzheng Any update here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-website] branch asf-site updated (f19aea562bc -> a58c4476fa4)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/apisix-website.git discard f19aea562bc deploy: 5455aa1bb8c69a6488c7b75c09a625ac76ecc8a0 new a58c4476fa4 deploy: cf24b0aaf0115ebe73bee9964fdf9c7d18da9656 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (f19aea562bc) \ N -- N -- N refs/heads/asf-site (a58c4476fa4) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .htaccess | 26 +- 404.html | 8 +++ .../index.html | 8 +++ .../index.html | 12 +- .../Apache-APISIX-Incubator-Journey/index.html | 8 +++ .../Apache-APISIX-Kubernetes-Ingress/index.html| 8 +++ .../Apache-APISIX-in-China-Mobile-Cloud/index.html | 12 +- .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../Speed-Limiting-With-Apache-APISIX/index.html | 8 +++ .../index.html | 8 +++ articles/The-Appeal-of-OpenSource/index.html | 8 +++ articles/The-Evolution-of-Apache-APISIX/index.html | 8 +++ .../index.html | 8 +++ articles/archive/index.html| 8 +++ articles/atom.xml | 6 ++--- articles/index.html| 10 - articles/page/2/index.html | 8 +++ articles/rss.xml | 6 ++--- .../{03b491a1.d37b882d.js => 03b491a1.37d20c34.js} | 2 +- .../{09b17eb5.5f8fb568.js => 09b17eb5.2268e28b.js} | 2 +- .../js/0d0b38bc.c332ec25.js| 2 +- .../{507e1a4c.0a1c2619.js => 507e1a4c.944077f3.js} | 2 +- .../{66fbb9c2.8b5d16e8.js => 66fbb9c2.bd81a149.js} | 2 +- .../{7af3052c.3741d9b9.js => 7af3052c.2dd0dc28.js} | 2 +- .../{8e784bf3.1b2cb530.js => 8e784bf3.dd6aed6a.js} | 2 +- .../{8f700fa6.699fe4b7.js => 8f700fa6.0df67655.js} | 2 +- .../{90fc8a94.99fbb0a0.js => 90fc8a94.4eaf32f2.js} | 2 +- .../{941960b1.5cbbb62c.js => 941960b1.00b0af3b.js} | 2 +- .../{a056998a.37fd7cac.js => a056998a.78133638.js} | 2 +- .../{adbb350b.c988e3ae.js => adbb350b.41aa4cd4.js} | 2 +- .../{b1fc098c.3fb31829.js => b1fc098c.9b82c3bf.js} | 2 +- .../{c6ebe4e5.c3d14151.js => c6ebe4e5.5d07d7e8.js} | 2 +- .../{d739b11f.864a657d.js => d739b11f.45ace732.js} | 2 +- .../{ef816cbf.71da9e7e.js => ef816cbf.9f4450c5.js} | 2 +- assets/js/{main.c33d36a3.js => main.fe4c830a.js} | 4 ++-- ...js.LICENSE.txt => main.fe4c830a.js.LICENSE.txt} | 0 ...e~main.13b9c0bc.js => runtime~main.ce1d8271.js} | 2 +- .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../21/run-ingress-apisix-on-amazon-eks/index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ blog/2021/05/24/tencent-games/index.html | 8 +++ .../05/25/apache-apisix-2.6.0-release/index.html | 8 +++ blog/2021/06/06/apisix-two-years/index.html| 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../index.html | 8 +++ .../06/28/why-we-need-apache-apisix/index.html | 8 +++ .../06/29/release-apach
[apisix-dashboard] branch next updated: feat: move label unit cases to e2e (#2513)
This is an automated email from the ASF dual-hosted git repository. juzhiyuan pushed a commit to branch next in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git The following commit(s) were added to refs/heads/next by this push: new ece25548 feat: move label unit cases to e2e (#2513) ece25548 is described below commit ece2554811bfd0db532973996a63e879e946ee24 Author: Zeping Bai AuthorDate: Tue Jul 12 17:11:21 2022 +0800 feat: move label unit cases to e2e (#2513) --- api/internal/handler/label/label_test.go | 377 -- api/test/e2e/label/label_test.go | 522 +++ 2 files changed, 260 insertions(+), 639 deletions(-) diff --git a/api/internal/handler/label/label_test.go b/api/internal/handler/label/label_test.go deleted file mode 100644 index 6136ebb7.. --- a/api/internal/handler/label/label_test.go +++ /dev/null @@ -1,377 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package label - -import ( - "encoding/json" - "math/rand" - "testing" - - "github.com/shiningrush/droplet" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - - "github.com/apache/apisix-dashboard/api/internal/core/entity" - "github.com/apache/apisix-dashboard/api/internal/core/store" -) - -type testCase struct { - giveInput *ListInput - giveData []interface{} - wantRet interface{} -} - -func TestPair_MarshalJSON(t *testing.T) { - type tempStruct struct { - Val string `json:"test_key"` - } - - temp := tempStruct{Val: "test_val"} - expect, err := json.Marshal(temp) - assert.Nil(t, err) - - p := Pair{Key: "test_key", Val: `test_val`} - content, err := json.Marshal(p) - assert.Nil(t, err, nil) - assert.Equal(t, expect, content) - - mp := make(map[string]string) - err = json.Unmarshal(content, &mp) - assert.Nil(t, err) - assert.Equal(t, mp["test_key"], "test_val") - - // Because the quote in json key is not allowed. - // So we only test the quote in json value. - temp = tempStruct{Val: "test_val\""} - expect, err = json.Marshal(temp) - assert.Nil(t, err) - - p = Pair{Key: "test_key", Val: `test_val"`} - content, err = json.Marshal(p) - assert.Nil(t, err, nil) - assert.Equal(t, expect, content) - - mp = make(map[string]string) - err = json.Unmarshal(content, &mp) - assert.Nil(t, err) - assert.Equal(t, mp["test_key"], "test_val\"") -} - -func genMockStore(t *testing.T, giveData []interface{}) *store.MockInterface { - mStore := &store.MockInterface{} - mStore.On("List", mock.Anything).Run(func(args mock.Arguments) { - input := args.Get(0).(store.ListInput) - assert.Equal(t, 0, input.PageSize) - assert.Equal(t, 0, input.PageNumber) - }).Return(func(input store.ListInput) *store.ListOutput { - var returnData []interface{} - for _, c := range giveData { - if input.Predicate(c) { - returnData = append(returnData, input.Format(c)) - } - } - return &store.ListOutput{ - Rows: returnData, - TotalSize: len(returnData), - } - }, nil) - - return mStore -} - -func newCase(giveData []interface{}, ret []interface{}) *testCase { - t := testCase{} - t.giveInput = &ListInput{ - Pagination: store.Pagination{ - PageSize: 10, - PageNumber: 1, - }, - } - - t.giveData = giveData - t.wantRet = &store.ListOutput{ - Rows: ret, - TotalSize: len(ret), - } - - return &t -} - -func genRoute(labels map[string]string) *entity.Route { - r := entity.Route{ - BaseInfo: entity.BaseInfo{ - ID: rand.Int(), - CreateTime: rand.Int63(), - }, - Host: "test.com", -
[GitHub] [apisix-dashboard] juzhiyuan merged pull request #2513: test: move labels unit cases to e2e
juzhiyuan merged PR #2513: URL: https://github.com/apache/apisix-dashboard/pull/2513 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SkyeYoung commented on issue #1200: [Site]: fix Site Audit Report
SkyeYoung commented on issue #1200: URL: https://github.com/apache/apisix-website/issues/1200#issuecomment-1181515795 https://user-images.githubusercontent.com/48400568/178454312-2ce6290f-60a8-42b2-a321-e1caa08e5f00.png";> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-dashboard] Baoyuantop commented on issue #2499: The last_report_time attribute in the system information of apisix-dashboard is Invalid date
Baoyuantop commented on issue #2499: URL: https://github.com/apache/apisix-dashboard/issues/2499#issuecomment-1181515032 > Why not keep this field. I just noticed that APISIX has removed this field and it is not included in the Dashboard API response data -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org