Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######
- ## Kong configuration file. All commented values are default values.
- ## Uncomment and update a value to configure Kong to your needs.
- ##
- ## Lines starting with `##` are comments.
- ## Lines starting with `#` are properties that can be updated.
- ## Beware of YAML formatting for nested properties.
- ######
- ## Additional plugins that this node needs to load.
- ## If you want to load custom plugins that are not supported by Kong, uncomment and update
- ## this property with the names of the plugins to load.
- ## Plugins will be loaded from the kong.plugins.{name}.* namespace.
- # custom_plugins:
- # - hello_world
- # - custom_plugin2
- # - ...
- ######
- ## The Kong working directory. Equivalent to nginx's prefix path.
- ## This is where this running nginx instance will keep server files including logs.
- ## Make sure it has the appropriate permissions.
- # nginx_working_dir: /usr/local/kong/
- ######
- ## Address and port on which the server will accept HTTP requests, consumers will make requests on this port.
- # proxy_listen: "0.0.0.0:8000"
- ######
- ## Same as proxy_listen, but for HTTPS requests.
- # proxy_listen_ssl: "0.0.0.0:8443"
- ######
- ## Address and port on which the admin API will listen to. The admin API is a private API which lets you
- ## manage your Kong infrastructure. It needs to be secured appropriately.
- # admin_api_listen: "0.0.0.0:8001"
- ######
- ## Address and port used by the node to communicate with other Kong nodes in the cluster with both UDP and
- ## TCP messages. All the nodes in the cluster must be able to communicate with this node on this address.
- ## Only IPv4 addresses are allowed (no hostnames).
- # cluster_listen: "0.0.0.0:7946"
- ######
- ## Address and port used by the node to communicate with the local clustering agent (TCP only, and local only).
- ## Used internally by this Kong node. Only IPv4 addresses are allowed (no hostnames).
- # cluster_listen_rpc: "127.0.0.1:7373"
- ######
- ## The path to the SSL certificate and key that Kong will use when listening on the `https` port.
- # ssl_cert_path: /path/to/certificate.pem
- # ssl_key_path: /path/to/certificate.key
- ######
- ## Specify how Kong performs DNS resolution (in the `dns_resolvers_available` property) you want to use.
- ## Options are: "dnsmasq" (You will need dnsmasq to be installed) or "server".
- # dns_resolver: dnsmasq
- ######
- ## A dictionary of DNS resolvers Kong can use, and their respective properties.
- ## Currently `dnsmasq` (default, http://www.thekelleys.org.uk/dnsmasq/doc.html) and `server` are supported.
- ## By choosing `dnsmasq`, Kong will resolve hostnames using the local `/etc/hosts` file and `resolv.conf`
- ## configuration. By choosing `
- server`, you can specify a custom DNS server.
- # dns_resolvers_available:
- # server:
- # address: "8.8.8.8:53"
- # dnsmasq:
- # port: 8053
- ######
- ## Cluster settings between Kong nodes.
- ## For more information take a look at the Clustering Reference: https://getkong.org/docs/latest/clustering/
- # cluster:
- ######
- ## Address and port used by the node to communicate with other Kong nodes in the cluster with both UDP and
- ## TCP messages. All the nodes in the cluster must be able to communicate with this node on this address.
- ## Only IPv4 addresses are allowed (no hostnames).
- ## The advertise flag is used to change the address that we advertise to other nodes in the
- ## cluster. By default, the cluster_listen address is advertised. If the cluster_listen host is "0.0.0.0",
- ## then the first local, non-loopback, IPv4 address will be advertised to the other nodes. However, in some
- ## cases (specifically NAT traversal), there may be a routable address that cannot be bound to. This flag
- ## enables gossiping a different address to support this.
- # advertise: ""
- ######
- ## Key for encrypting network traffic within Kong. Must be a base64-encoded 16-byte key.
- # encrypt: "foo"
- ######
- ## The TTL (time to live), in seconds, of a node in the cluster when it stops sending healthcheck pings, maybe
- ## because of a failure. If the node is not able to send a new healthcheck before the expiration, then new nodes
- ## in the cluster will stop attempting to connect to it on startup. Should be at least 60.
- # ttl_on_failure: 3600
- ######
- ## Specify which database to use. Only "cassandra" and "postgres" are currently available.
- # database: cassandra
- ######
- ## PostgreSQL configuration
- # postgres:
- # host: "127.0.0.1"
- # port: 5432
- ######
- ## Name of the database used by Kong. Will be created if it does not exist.
- # database: kong
- #####
- ## User authentication settings
- # user: ""
- # password: ""
- ######
- ## Cassandra configuration (keyspace, authentication, client-to-node encryption)
- # cassandra:
- ######
- ## Contact points to your Cassandra cluster.
- # contact_points:
- # - "127.0.0.1:9042"
- ## Port on which your cluster's peers (other than your contact_points)
- ## are listening on.
- # port: 9042
- ######
- ## Name of the keyspace used by Kong. Will be created if it does not exist.
- # keyspace: kong
- #####
- ## Connection and reading timeout (in ms).
- # timeout: 5000
- ######
- ## Keyspace options. Set those before running Kong or any migration.
- ## Those settings will be used to create a keyspace with the desired options
- ## when first running the migrations.
- ## See http://docs.datastax.com/en/cql/3.1/cql/cql_reference/create_keyspace_r.html
- ######
- ## The name of the replica placement strategy class for the keyspace.
- ## Can be "SimpleStrategy" or "NetworkTopologyStrategy".
- # replication_strategy: SimpleStrategy
- ######
- ## For SimpleStrategy only.
- ## The number of replicas of data on multiple nodes.
- # replication_factor: 1
- ######
- ## For NetworkTopologyStrategy only.
- ## The number of replicas of data on multiple nodes in each data center.
- # data_centers:
- # dc1: 2
- # dc2: 3
- #####
- ## Consistency level to use.
- ## See http://docs.datastax.com/en/cassandra/2.0/cassandra/dml/dml_config_consistency_c.html
- # consistency: ONE
- #####
- ## Client-to-node TLS options.
- ## `enabled`: if true, will connect to your Cassandra instance using TLS.
- ## `verify`: if true, will verify the server certificate using the given CA file.
- ## `certificate_authority`: an absolute path to the trusted CA certificate in PEM format used to verify the server certificate.
- ## For additional SSL settings, see the ngx_lua `lua_ssl_*` directives.
- # ssl:
- # enabled: false
- # verify: false
- # certificate_authority: "/path/to/cluster-ca-certificate.pem"
- ######
- ## Cluster authentication options. Provide a user and a password here if your cluster uses the
- ## PasswordAuthenticator scheme.
- # username: cassandra
- # password: cassandra
- ######
- ## Kong will send anonymous reports to Mashape. This helps Mashape fixing bugs/errors and improving Kong.
- ## By default is `true`.
- # send_anonymous_reports: true
- ######
- ## A value specifying (in MB) the size of the internal preallocated in-memory cache. Kong uses an in-memory
- ## cache to store database entities in order to optimize access to the underlying datastore. The cache size
- ## needs to be as big as the size of the entities being used by Kong at any given time. The default value
- ## is `128`, and the potential maximum value is the total size of the datastore.
- ## This value may not be smaller than 32MB.
- # memory_cache_size: 128
- ######
- ## The NGINX configuration (or `nginx.conf`) that will be used for this instance.
- ## The placeholders will be computed and this property will be written as a file
- ## by Kong at `<nginx_working_dir>/nginx.conf` during startup.
- ## This file can tweaked to some extent, but many directives are necessary for Kong to work.
- ## /!\ BE CAREFUL
- nginx: |
- {{user}}
- worker_processes auto;
- error_log logs/error.log error;
- daemon on;
- worker_rlimit_nofile {{auto_worker_rlimit_nofile}};
- env KONG_CONF;
- env PATH;
- events {
- worker_connections {{auto_worker_connections}};
- multi_accept on;
- }
- http {
- resolver {{dns_resolver}} ipv6=off;
- charset UTF-8;
- access_log logs/access.log;
- access_log off;
- # Timeouts
- keepalive_timeout 60s;
- client_header_timeout 60s;
- client_body_timeout 60s;
- send_timeout 60s;
- # Proxy Settings
- proxy_buffer_size 128k;
- proxy_buffers 4 256k;
- proxy_busy_buffers_size 256k;
- proxy_ssl_server_name on;
- # IP Address
- real_ip_header X-Forwarded-For;
- set_real_ip_from 0.0.0.0/0;
- real_ip_recursive on;
- # Other Settings
- client_max_body_size 0;
- underscores_in_headers on;
- reset_timedout_connection on;
- tcp_nopush on;
- ################################################
- # The following code is required to run Kong #
- # Please be careful if you'd like to change it #
- ################################################
- # Lua Settings
- lua_package_path ';;';
- lua_code_cache on;
- lua_max_running_timers 4096;
- lua_max_pending_timers 16384;
- lua_shared_dict reports_locks 100k;
- lua_shared_dict cluster_locks 100k;
- lua_shared_dict cluster_autojoin_locks 100k;
- lua_shared_dict cache {{memory_cache_size}}m;
- lua_shared_dict cassandra 1m;
- lua_shared_dict cassandra_prepared 5m;
- lua_socket_log_errors off;
- {{lua_ssl_trusted_certificate}}
- init_by_lua_block {
- kong = require "kong"
- kong.init()
- }
- init_worker_by_lua_block {
- kong.init_worker()
- }
- server {
- server_name _;
- listen {{proxy_listen}};
- listen {{proxy_listen_ssl}} ssl;
- ssl_certificate_by_lua_block {
- kong.ssl_certificate()
- }
- ssl_certificate {{ssl_cert}};
- ssl_certificate_key {{ssl_key}};
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# omit SSLv3 because of POODLE (CVE-2014-3566)
- location / {
- default_type 'text/plain';
- # These properties will be used later by proxy_pass
- set $upstream_host nil;
- set $upstream_url nil;
- # Authenticate the user and load the API info
- access_by_lua_block {
- kong.access()
- }
- # Proxy the request
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $upstream_host;
- proxy_pass $upstream_url;
- proxy_pass_header Server;
- # Add additional response headers
- #header_filter_by_lua_block {
- # kong.header_filter()
- #}
- # Change the response body
- body_filter_by_lua_block {
- kong.body_filter()
- }
- # Log the request
- log_by_lua_block {
- kong.log()
- }
- }
- location /robots.txt {
- return 200 'User-agent: *\nDisallow: /';
- }
- error_page 500 502 503 504 /50x;
- location = /50x {
- internal;
- content_by_lua_block {
- require("kong.core.error_handlers")(ngx)
- }
- }
- }
- server {
- listen {{admin_api_listen}};
- client_max_body_size 10m;
- client_body_buffer_size 10m;
- location / {
- default_type application/json;
- content_by_lua_block {
- ngx.header["Access-Control-Allow-Origin"] = "*"
- if ngx.req.get_method() == "OPTIONS" then
- ngx.header["Access-Control-Allow-Methods"] = "GET,HEAD,PUT,PATCH,POST,DELETE"
- ngx.header["Access-Control-Allow-Headers"] = "Content-Type"
- ngx.exit(204)
- end
- local lapis = require "lapis"
- lapis.serve "kong.api.app"
- }
- }
- location /nginx_status {
- internal;
- access_log off;
- stub_status;
- }
- location /robots.txt {
- return 200 'User-agent: *\nDisallow: /';
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement