diff --git a/compose/dashboard-compose.yaml b/compose/dashboard-compose.yaml index bb195ab8..9e536f76 100644 --- a/compose/dashboard-compose.yaml +++ b/compose/dashboard-compose.yaml @@ -22,7 +22,7 @@ services: image: "apache/apisix-dashboard:${APISIX_DASHBOARD_VERSION}" restart: always volumes: - - ../example/dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml:ro + - ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml:ro depends_on: - etcd ports: diff --git a/compose/dashboard_conf/conf.yml b/compose/dashboard_conf/conf.yml new file mode 100644 index 00000000..2e6c92b1 --- /dev/null +++ b/compose/dashboard_conf/conf.yml @@ -0,0 +1,112 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +conf: + listen: + host: 0.0.0.0 # `manager api` listening ip or host name + port: 9000 # `manager api` listening port + allow_list: # If we don't set any IP list, then any IP access is allowed by default. + - 0.0.0.0/0 + etcd: + endpoints: # supports defining multiple etcd host addresses for an etcd cluster + - "http://etcd:2379" + # yamllint disable rule:comments-indentation + # etcd basic auth info + # username: "root" # ignore etcd username if not enable etcd auth + # password: "123456" # ignore etcd password if not enable etcd auth + mtls: + key_file: "" # Path of your self-signed client side key + cert_file: "" # Path of your self-signed client side cert + ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates + # prefix: /apisix # apisix config's prefix in etcd, /apisix by default + log: + error_log: + level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal + file_path: + logs/error.log # supports relative path, absolute path, standard output + # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr + access_log: + file_path: + logs/access.log # supports relative path, absolute path, standard output + # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr + # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} + security: + # access_control_allow_origin: "http://httpbin.org" + # access_control_allow_credentials: true # support using custom cors configration + # access_control_allow_headers: "Authorization" + # access_control-allow_methods: "*" + # x_frame_options: "deny" + content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *" # You can set frame-src to provide content for your grafana panel. + +authentication: + secret: + secret # secret for jwt token generation. + # NOTE: Highly recommended to modify this value to protect `manager api`. + # if it's default value, when `manager api` start, it will generate a random string to replace it. + expire_time: 3600 # jwt token expire time, in second + users: # yamllint enable rule:comments-indentation + - username: admin # username and password for login `manager api` + password: admin + - username: user + password: user + +plugins: # plugin list (sorted in alphabetical order) + - api-breaker + - authz-keycloak + - basic-auth + - batch-requests + - consumer-restriction + - cors + # - dubbo-proxy + - echo + # - error-log-logger + # - example-plugin + - fault-injection + - grpc-transcode + - hmac-auth + - http-logger + - ip-restriction + - jwt-auth + - kafka-logger + - key-auth + - limit-conn + - limit-count + - limit-req + # - log-rotate + # - node-status + - openid-connect + - prometheus + - proxy-cache + - proxy-mirror + - proxy-rewrite + - redirect + - referer-restriction + - request-id + - request-validation + - response-rewrite + - serverless-post-function + - serverless-pre-function + # - skywalking + - sls-logger + - syslog + - tcp-logger + - udp-logger + - uri-blocker + - wolf-rbac + - zipkin + - server-info + - traffic-split diff --git a/example/dashboard_conf/conf.yml b/example/dashboard_conf/conf.yml new file mode 100644 index 00000000..2e6c92b1 --- /dev/null +++ b/example/dashboard_conf/conf.yml @@ -0,0 +1,112 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +conf: + listen: + host: 0.0.0.0 # `manager api` listening ip or host name + port: 9000 # `manager api` listening port + allow_list: # If we don't set any IP list, then any IP access is allowed by default. + - 0.0.0.0/0 + etcd: + endpoints: # supports defining multiple etcd host addresses for an etcd cluster + - "http://etcd:2379" + # yamllint disable rule:comments-indentation + # etcd basic auth info + # username: "root" # ignore etcd username if not enable etcd auth + # password: "123456" # ignore etcd password if not enable etcd auth + mtls: + key_file: "" # Path of your self-signed client side key + cert_file: "" # Path of your self-signed client side cert + ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates + # prefix: /apisix # apisix config's prefix in etcd, /apisix by default + log: + error_log: + level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal + file_path: + logs/error.log # supports relative path, absolute path, standard output + # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr + access_log: + file_path: + logs/access.log # supports relative path, absolute path, standard output + # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr + # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} + security: + # access_control_allow_origin: "http://httpbin.org" + # access_control_allow_credentials: true # support using custom cors configration + # access_control_allow_headers: "Authorization" + # access_control-allow_methods: "*" + # x_frame_options: "deny" + content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *" # You can set frame-src to provide content for your grafana panel. + +authentication: + secret: + secret # secret for jwt token generation. + # NOTE: Highly recommended to modify this value to protect `manager api`. + # if it's default value, when `manager api` start, it will generate a random string to replace it. + expire_time: 3600 # jwt token expire time, in second + users: # yamllint enable rule:comments-indentation + - username: admin # username and password for login `manager api` + password: admin + - username: user + password: user + +plugins: # plugin list (sorted in alphabetical order) + - api-breaker + - authz-keycloak + - basic-auth + - batch-requests + - consumer-restriction + - cors + # - dubbo-proxy + - echo + # - error-log-logger + # - example-plugin + - fault-injection + - grpc-transcode + - hmac-auth + - http-logger + - ip-restriction + - jwt-auth + - kafka-logger + - key-auth + - limit-conn + - limit-count + - limit-req + # - log-rotate + # - node-status + - openid-connect + - prometheus + - proxy-cache + - proxy-mirror + - proxy-rewrite + - redirect + - referer-restriction + - request-id + - request-validation + - response-rewrite + - serverless-post-function + - serverless-pre-function + # - skywalking + - sls-logger + - syslog + - tcp-logger + - udp-logger + - uri-blocker + - wolf-rbac + - zipkin + - server-info + - traffic-split diff --git a/example/docker-compose.yml b/example/docker-compose.yml index 603134ae..7dd122a7 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -18,6 +18,16 @@ version: "3" services: + apisix-dashboard: + image: apache/apisix-dashboard:${APISIX_DASHBOARD_VERSION:-3.0.1-alpine} + restart: always + volumes: + - ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml + ports: + - "9000:9000" + networks: + apisix: + apisix: image: apache/apisix:${APISIX_IMAGE_TAG:-3.8.0-debian} restart: always