# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # yamllint disable rule:comments-indentation conf: listen: # host: 127.0.0.1 # the address on which the `Manager API` should listen. # The default value is 0.0.0.0, if want to specify, please enable it. # This value accepts IPv4, IPv6, and hostname. port: 9000 # The port on which the `Manager API` should listen. # ssl: # host: 127.0.0.1 # the address on which the `Manager API` should listen for HTTPS. # The default value is 0.0.0.0, if want to specify, please enable it. # port: 9001 # The port on which the `Manager API` should listen for HTTPS. # cert: "/tmp/cert/example.crt" # Path of your SSL cert. # key: "/tmp/cert/example.key" # Path of your SSL key. allow_list: # If we don't set any IP list, then any IP access is allowed by default. - 127.0.0.1 # The rules are checked in sequence until the first match is found. - ::1 # In this example, access is allowed only for IPv4 network 127.0.0.1, and for IPv6 network ::1. # It also support CIDR like 192.168.1.0/24 and 2001:0db8::/32 etcd: endpoints: # supports defining multiple etcd host addresses for an etcd cluster - 127.0.0.1:2379 # yamllint disable rule:comments-indentation # etcd basic auth info # username: "root" # ignore etcd username if not enable etcd auth # password: "123456" # ignore etcd password if not enable etcd auth mtls: key_file: "" # Path of your self-signed client side key cert_file: "" # Path of your self-signed client side cert ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates # prefix: /apisix # apisix config's prefix in etcd, /apisix by default log: error_log: level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal file_path: logs/error.log # supports relative path, absolute path, standard output # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr # such as absolute path on Windows: winfile:///C:\error.log access_log: file_path: logs/access.log # supports relative path, absolute path, standard output # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr # such as absolute path on Windows: winfile:///C:\access.log # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} max_cpu: 0 # supports tweaking with the number of OS threads are going to be used for parallelism. Default value: 0 [will use max number of available cpu cores considering hyperthreading (if any)]. If the value is negative, is will not touch the existing parallelism profile. # security: # access_control_allow_origin: "http://httpbin.org" # access_control_allow_credentials: true # support using custom cors configration # access_control_allow_headers: "Authorization" # access_control-allow_methods: "*" # x_frame_options: "deny" # content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel. authentication: secret: secret # secret for jwt token generation. # NOTE: Highly recommended to modify this value to protect `manager api`. # if it's default value, when `manager api` start, it will generate a random string to replace it. expire_time: 3600 # jwt token expire time, in second users: # yamllint enable rule:comments-indentation - username: admin # username and password for login `manager api` password: admin - username: user password: user oidc: enabled: false expire_time: 3600 client_id: dashboard client_secret: dashboard auth_url: http://172.17.0.1:8080/auth/realms/master/protocol/openid-connect/auth token_url: http://172.17.0.1:8080/auth/realms/master/protocol/openid-connect/token user_info_url: http://172.17.0.1:8080/auth/realms/master/protocol/openid-connect/userinfo redirect_url: http://127.0.0.1:9000/apisix/admin/oidc/callback scope: openid plugins: - api-breaker - authz-casbin - authz-casdoor - authz-keycloak - aws-lambda - azure-functions - basic-auth # - batch-requests - clickhouse-logger - client-control - consumer-restriction - cors - csrf - datadog # - dubbo-proxy - echo - error-log-logger # - example-plugin - ext-plugin-post-req - ext-plugin-post-resp - ext-plugin-pre-req - fault-injection - file-logger - forward-auth - google-cloud-logging - grpc-transcode - grpc-web - gzip - hmac-auth - http-logger - ip-restriction - jwt-auth - kafka-logger - kafka-proxy - key-auth - ldap-auth - limit-conn - limit-count - limit-req - loggly # - log-rotate - mocking # - node-status - opa - openid-connect - opentelemetry - openwhisk - prometheus - proxy-cache - proxy-control - proxy-mirror - proxy-rewrite - public-api - real-ip - redirect - referer-restriction - request-id - request-validation - response-rewrite - rocketmq-logger - server-info - serverless-post-function - serverless-pre-function - skywalking - skywalking-logger - sls-logger - splunk-hec-logging - syslog - tcp-logger - traffic-split - ua-restriction - udp-logger - uri-blocker - wolf-rbac - zipkin - elasticsearch-logge - openfunction - tencent-cloud-cls - ai - cas-auth