github:qwxingzhe/apisix-docker-compose
./docker-compose.yml
version: "3"
services:
apisix:
image: apache/apisix:2.0-alpine
#image: apache/apisix:2.1-alpine # 存在ssl无法开启BUG
restart: always
volumes:
- ./apisix_log:/usr/local/apisix/logs
- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
depends_on:
- etcd
ports:
- "80:9080/tcp"
- "443:9443/tcp"
# - "9080:9080/tcp"
# - "9443:9443/tcp"
networks:
apisix:
ipv4_address: 172.18.5.11
etcd:
image: bitnami/etcd:3.4.9
user: root
restart: always
volumes:
- ./etcd_data:/etcd_data
environment:
ETCD_DATA_DIR: /etcd_data
ETCD_ENABLE_V2: "true"
ALLOW_NONE_AUTHENTICATION: "yes"
ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ports:
- "2379:2379/tcp"
networks:
apisix:
ipv4_address: 172.18.5.10
apisix-dashboard:
container_name: apisix-dashboard
image: registry.cn-shanghai.aliyuncs.com/qwxingzhe/apisix-dashboard:2.1-master-20201210 # 官方镜像尚未发布,可自行构建
ports:
- 9000:9000
volumes:
- ./apisix-dashboard/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
networks:
apisix:
ipv4_address: 172.18.5.18
networks:
apisix:
driver: bridge
ipam:
config:
- subnet: 172.18.0.0/16
./apisix_conf/config.yaml
apisix:
node_listen: 9080 # APISIX listening port
enable_ipv6: false
ssl:
enable: true # ssl is disabled by default
# enable it to use your own cert and key
enable_http2: true
listen_port: 9443
# ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format
# used to verify the certificate when APISIX needs to do SSL/TLS handshaking
# with external services (e.g. etcd)
# ssl_cert: /path/to/ssl_cert
# ssl_cert_key: /path/to/ssl_cert_key
ssl_protocols: "TLSv1.2 TLSv1.3"
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_session_tickets: false # disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
# ref: https://github.com/mozilla/server-side-tls/issues/135
key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin ssl key into etcd.
# If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC
# !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
admin_key:
- name: "admin"
key: edd1c9f034335f136f87ad84b625c8f1
role: admin # admin: manage all configuration data
# viewer: only can view configuration data
- name: "viewer"
key: 4054f7cf07e344346cd3f287985e76a2
role: viewer
etcd:
host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
- "http://172.18.5.10:2379" # multiple etcd address
prefix: "/apisix" # apisix configurations prefix
timeout: 30 # 30 seconds
此配置文件参考:github.com/apache/apis…
./apisix-dashboard/conf.yaml
conf:
listen:
host: 0.0.0.0 # `manager api` listening ip or host name
#host: 127.0.0.1 # `manager api` listening ip or host name
port: 9000 # `manager api` listening port
etcd:
endpoints: # supports defining multiple etcd host addresses for an etcd cluster
- 172.18.5.10:2379
log:
error_log:
level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
file_path:
logs/error.log # supports relative path, absolute path, standard output
# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
authentication:
secret:
secret # secret for jwt token generation.
# NOTE: Highly recommended to modify this value to protect `manager api`.
# if it's default value, when `manager api` start , it will generate a random string to replace it.
expire_time: 3600 # jwt token expire time, in second
users:
- username: admin # username and password for login `manager api`
password: admin
- username: user
password: user
