Untitled

######
## Kong configuration file. All commented values are default values.
## Uncomment and update a value to configure Kong to your needs.
##
## Lines starting with `##` are comments.
## Lines starting with `#` are properties that can be updated.
## Beware of YAML formatting for nested properties.

######
## Additional plugins that this node needs to load.
## If you want to load custom plugins that are not supported by Kong, uncomment and update
## this property with the names of the plugins to load.
## Plugins will be loaded from the kong.plugins.{name}.* namespace.
# custom_plugins:
  # - hello_world
  # - custom_plugin2
  # - ...

######
## The Kong working directory. Equivalent to nginx's prefix path.
## This is where this running nginx instance will keep server files including logs.
## Make sure it has the appropriate permissions.
# nginx_working_dir: /usr/local/kong/

######
## Address and port on which the server will accept HTTP requests, consumers will make requests on this port.
# proxy_listen: "0.0.0.0:8000"

######
## Same as proxy_listen, but for HTTPS requests.
# proxy_listen_ssl: "0.0.0.0:8443"

######
## Address and port on which the admin API will listen to. The admin API is a private API which lets you
## manage your Kong infrastructure. It needs to be secured appropriately.
# admin_api_listen: "0.0.0.0:8001"

######
## Address and port used by the node to communicate with other Kong nodes in the cluster with both UDP and
## TCP messages. All the nodes in the cluster must be able to communicate with this node on this address.
## Only IPv4 addresses are allowed (no hostnames).
# cluster_listen: "0.0.0.0:7946"

######
## Address and port used by the node to communicate with the local clustering agent (TCP only, and local only).
## Used internally by this Kong node. Only IPv4 addresses are allowed (no hostnames).
# cluster_listen_rpc: "127.0.0.1:7373"

######
## The path to the SSL certificate and key that Kong will use when listening on the `https` port.
# ssl_cert_path: /path/to/certificate.pem
# ssl_key_path: /path/to/certificate.key

######
## Specify how Kong performs DNS resolution (in the `dns_resolvers_available` property) you want to use.
## Options are: "dnsmasq" (You will need dnsmasq to be installed) or "server".
# dns_resolver: dnsmasq

######
## A dictionary of DNS resolvers Kong can use, and their respective properties.
## Currently `dnsmasq` (default, http://www.thekelleys.org.uk/dnsmasq/doc.html) and `server` are supported.
## By choosing `dnsmasq`, Kong will resolve hostnames using the local `/etc/hosts` file and `resolv.conf`
## configuration. By choosing `
server`, you can specify a custom DNS server.
# dns_resolvers_available:
  # server:
    # address: "8.8.8.8:53"
  # dnsmasq:
    # port: 8053

######
## Cluster settings between Kong nodes.
## For more information take a look at the Clustering Reference: https://getkong.org/docs/latest/clustering/
# cluster:

  ######
  ## Address and port used by the node to communicate with other Kong nodes in the cluster with both UDP and
  ## TCP messages. All the nodes in the cluster must be able to communicate with this node on this address.
  ## Only IPv4 addresses are allowed (no hostnames).
  ## The advertise flag is used to change the address that we advertise to other nodes in the
  ## cluster. By default, the cluster_listen address is advertised. If the cluster_listen host is "0.0.0.0",
  ## then the first local, non-loopback, IPv4 address will be advertised to the other nodes. However, in some
  ## cases (specifically NAT traversal), there may be a routable address that cannot be bound to. This flag
  ## enables gossiping a different address to support this.
  # advertise: ""

  ######
  ## Key for encrypting network traffic within Kong. Must be a base64-encoded 16-byte key.
  # encrypt: "foo"

  ######
  ## The TTL (time to live), in seconds, of a node in the cluster when it stops sending healthcheck pings, maybe
  ## because of a failure. If the node is not able to send a new healthcheck before the expiration, then new nodes
  ## in the cluster will stop attempting to connect to it on startup. Should be at least 60.
  # ttl_on_failure: 3600

######
## Specify which database to use. Only "cassandra" and "postgres" are currently available.
# database: cassandra

######
## PostgreSQL configuration
# postgres:
  # host: "127.0.0.1"
  # port: 5432

  ######
  ## Name of the database used by Kong. Will be created if it does not exist.
  # database: kong

  #####
  ## User authentication settings
  # user: ""
  # password: ""

######
## Cassandra configuration (keyspace, authentication, client-to-node encryption)
# cassandra:
  ######
  ## Contact points to your Cassandra cluster.
  # contact_points:
  #   - "127.0.0.1:9042"

  ## Port on which your cluster's peers (other than your contact_points)
  ## are listening on.
  # port: 9042

  ######
  ## Name of the keyspace used by Kong. Will be created if it does not exist.
  # keyspace: kong

  #####
  ## Connection and reading timeout (in ms).
  # timeout: 5000

  ######
  ## Keyspace options. Set those before running Kong or any migration.
  ## Those settings will be used to create a keyspace with the desired options
  ## when first running the migrations.
  ## See http://docs.datastax.com/en/cql/3.1/cql/cql_reference/create_keyspace_r.html
  ######
  ## The name of the replica placement strategy class for the keyspace.
  ## Can be "SimpleStrategy" or "NetworkTopologyStrategy".
  # replication_strategy: SimpleStrategy
  ######
  ## For SimpleStrategy only.
  ## The number of replicas of data on multiple nodes.
  # replication_factor: 1
  ######
  ## For NetworkTopologyStrategy only.
  ## The number of replicas of data on multiple nodes in each data center.
  # data_centers:
  #   dc1: 2
  #   dc2: 3

  #####
  ## Consistency level to use.
  ## See http://docs.datastax.com/en/cassandra/2.0/cassandra/dml/dml_config_consistency_c.html
  # consistency: ONE

  #####
  ## Client-to-node TLS options.
  ## `enabled`: if true, will connect to your Cassandra instance using TLS.
  ## `verify`: if true, will verify the server certificate using the given CA file.
  ## `certificate_authority`: an absolute path to the trusted CA certificate in PEM format used to verify the server certificate.
  ## For additional SSL settings, see the ngx_lua `lua_ssl_*` directives.
  # ssl:
  #   enabled: false
  #   verify: false
  #   certificate_authority: "/path/to/cluster-ca-certificate.pem"

  ######
  ## Cluster authentication options. Provide a user and a password here if your cluster uses the
  ## PasswordAuthenticator scheme.
  # username: cassandra
  # password: cassandra

######
## Kong will send anonymous reports to Mashape. This helps Mashape fixing bugs/errors and improving Kong.
## By default is `true`.
# send_anonymous_reports: true

######
## A value specifying (in MB) the size of the internal preallocated in-memory cache. Kong uses an in-memory
## cache to store database entities in order to optimize access to the underlying datastore. The cache size
## needs to be as big as the size of the entities being used by Kong at any given time. The default value
## is `128`, and the potential maximum value is the total size of the datastore.
## This value may not be smaller than 32MB.
# memory_cache_size: 128

######
## The NGINX configuration (or `nginx.conf`) that will be used for this instance.
## The placeholders will be computed and this property will be written as a file
## by Kong at `<nginx_working_dir>/nginx.conf` during startup.
## This file can tweaked to some extent, but many directives are necessary for Kong to work.
## /!\ BE CAREFUL
nginx: |
  {{user}}
  worker_processes auto;
  error_log logs/error.log error;
  daemon on;

  worker_rlimit_nofile {{auto_worker_rlimit_nofile}};

  env KONG_CONF;
  env PATH;

  events {
    worker_connections {{auto_worker_connections}};
    multi_accept on;
  }

  http {
    resolver {{dns_resolver}} ipv6=off;
    charset UTF-8;

    access_log logs/access.log;
    access_log off;

    # Timeouts
    keepalive_timeout 60s;
    client_header_timeout 60s;
    client_body_timeout 60s;
    send_timeout 60s;

    # Proxy Settings
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_ssl_server_name on;

    # IP Address
    real_ip_header X-Forwarded-For;
    set_real_ip_from 0.0.0.0/0;
    real_ip_recursive on;

    # Other Settings
    client_max_body_size 0;
    underscores_in_headers on;
    reset_timedout_connection on;
    tcp_nopush on;

    ################################################
    #  The following code is required to run Kong  #
    # Please be careful if you'd like to change it #
    ################################################

    # Lua Settings
    lua_package_path ';;';
    lua_code_cache on;
    lua_max_running_timers 4096;
    lua_max_pending_timers 16384;
    lua_shared_dict reports_locks 100k;
    lua_shared_dict cluster_locks 100k;
    lua_shared_dict cluster_autojoin_locks 100k;
    lua_shared_dict cache {{memory_cache_size}}m;
    lua_shared_dict cassandra 1m;
    lua_shared_dict cassandra_prepared 5m;
    lua_socket_log_errors off;
    {{lua_ssl_trusted_certificate}}

    init_by_lua_block {
      kong = require "kong"
      kong.init()
    }

    init_worker_by_lua_block {
      kong.init_worker()
    }

    server {
      server_name _;
      listen {{proxy_listen}};
      listen {{proxy_listen_ssl}} ssl;

      ssl_certificate_by_lua_block {
        kong.ssl_certificate()
      }

      ssl_certificate {{ssl_cert}};
      ssl_certificate_key {{ssl_key}};
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# omit SSLv3 because of POODLE (CVE-2014-3566)

      location / {
        default_type 'text/plain';

        # These properties will be used later by proxy_pass
        set $upstream_host nil;
        set $upstream_url nil;

        # Authenticate the user and load the API info
        access_by_lua_block {
          kong.access()
        }

        # Proxy the request
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $upstream_host;
        proxy_pass $upstream_url;
        proxy_pass_header Server;

        # Add additional response headers
        #header_filter_by_lua_block {
        #  kong.header_filter()
        #}

        # Change the response body
        body_filter_by_lua_block {
          kong.body_filter()
        }

        # Log the request
        log_by_lua_block {
          kong.log()
        }
      }

      location /robots.txt {
        return 200 'User-agent: *\nDisallow: /';
      }

      error_page 500 502 503 504 /50x;

      location = /50x {
        internal;
        content_by_lua_block {
          require("kong.core.error_handlers")(ngx)
        }
      }
    }

    server {
      listen {{admin_api_listen}};

      client_max_body_size 10m;
      client_body_buffer_size 10m;

      location / {
        default_type application/json;
        content_by_lua_block {
          ngx.header["Access-Control-Allow-Origin"] = "*"
          if ngx.req.get_method() == "OPTIONS" then
            ngx.header["Access-Control-Allow-Methods"] = "GET,HEAD,PUT,PATCH,POST,DELETE"
            ngx.header["Access-Control-Allow-Headers"] = "Content-Type"
            ngx.exit(204)
          end
          local lapis = require "lapis"
          lapis.serve "kong.api.app"
        }
      }

      location /nginx_status {
        internal;
        access_log off;
        stub_status;
      }

      location /robots.txt {
        return 200 'User-agent: *\nDisallow: /';
      }
    }
  }