Permalink
# ----------------------- | |
# Kong configuration file | |
# ----------------------- | |
# | |
# The commented-out settings shown in this file represent the default values. | |
# | |
# This file is read when `kong start` or `kong prepare` are used. Kong | |
# generates the Nginx configuration with the settings specified in this file. | |
# | |
# All environment variables prefixed with `KONG_` and capitalized will override | |
# the settings specified in this file. | |
# Example: | |
# `log_level` setting -> `KONG_LOG_LEVEL` env variable | |
# | |
# Boolean values can be specified as `on`/`off` or `true`/`false`. | |
# Lists must be specified as comma-separated strings. | |
# | |
# All comments in this file can be removed safely, including the | |
# commented-out properties. | |
# You can verify the integrity of your settings with `kong check <conf>`. | |
#------------------------------------------------------------------------------ | |
# GENERAL | |
#------------------------------------------------------------------------------ | |
#prefix = /usr/local/kong/ # Working directory. Equivalent to Nginx's | |
# prefix path, containing temporary files | |
# and logs. | |
# Each Kong process must have a separate | |
# working directory. | |
#log_level = notice # Log level of the Nginx server. Logs are | |
# found at `<prefix>/logs/error.log`. | |
# See http://nginx.org/en/docs/ngx_core_module.html#error_log for a list | |
# of accepted values. | |
#proxy_access_log = logs/access.log # Path for proxy port request access | |
# logs. Set this value to `off` to | |
# disable logging proxy requests. | |
# If this value is a relative path, | |
# it will be placed under the | |
# `prefix` location. | |
#proxy_error_log = logs/error.log # Path for proxy port request error | |
# logs. The granularity of these logs | |
# is adjusted by the `log_level` | |
# property. | |
#proxy_stream_access_log = logs/access.log basic # Path for tcp streams proxy port access | |
# logs. Set this value to `off` to | |
# disable logging proxy requests. | |
# If this value is a relative path, | |
# it will be placed under the | |
# `prefix` location. | |
# `basic` is defined as `'$remote_addr [$time_local] ' | |
# '$protocol $status $bytes_sent $bytes_received ' | |
# '$session_time'` | |
#proxy_stream_error_log = logs/error.log # Path for tcp streams proxy port request error | |
# logs. The granularity of these logs | |
# is adjusted by the `log_level` | |
# property. | |
#admin_access_log = logs/admin_access.log # Path for Admin API request access | |
# logs. If Hybrid Mode is enabled | |
# and the current node is set to be | |
# the Control Plane, then the | |
# connection requests from Data Planes | |
# are also written to this file with | |
# server name "kong_cluster_listener". | |
# | |
# Set this value to `off` to | |
# disable logging Admin API requests. | |
# If this value is a relative path, | |
# it will be placed under the | |
# `prefix` location. | |
#admin_error_log = logs/error.log # Path for Admin API request error | |
# logs. The granularity of these logs | |
# is adjusted by the `log_level` | |
# property. | |
#status_access_log = off # Path for Status API request access | |
# logs. The default value of `off` | |
# implies that logging for this API | |
# is disabled by default. | |
# If this value is a relative path, | |
# it will be placed under the | |
# `prefix` location. | |
#status_error_log = logs/status_error.log # Path for Status API request error | |
# logs. The granularity of these logs | |
# is adjusted by the `log_level` | |
# property. | |
#plugins = bundled # Comma-separated list of plugins this node | |
# should load. By default, only plugins | |
# bundled in official distributions are | |
# loaded via the `bundled` keyword. | |
# | |
# Loading a plugin does not enable it by | |
# default, but only instructs Kong to load its | |
# source code, and allows to configure the | |
# plugin via the various related Admin API | |
# endpoints. | |
# | |
# The specified name(s) will be substituted as | |
# such in the Lua namespace: | |
# `kong.plugins.{name}.*`. | |
# | |
# When the `off` keyword is specified as the | |
# only value, no plugins will be loaded. | |
# | |
# `bundled` and plugin names can be mixed | |
# together, as the following examples suggest: | |
# | |
# - `plugins = bundled,custom-auth,custom-log` | |
# will include the bundled plugins plus two | |
# custom ones | |
# - `plugins = custom-auth,custom-log` will | |
# *only* include the `custom-auth` and | |
# `custom-log` plugins. | |
# - `plugins = off` will not include any | |
# plugins | |
# | |
# **Note:** Kong will not start if some | |
# plugins were previously configured (i.e. | |
# have rows in the database) and are not | |
# specified in this list. Before disabling a | |
# plugin, ensure all instances of it are | |
# removed before restarting Kong. | |
# | |
# **Note:** Limiting the amount of available | |
# plugins can improve P99 latency when | |
# experiencing LRU churning in the database | |
# cache (i.e. when the configured | |
# `mem_cache_size`) is full. | |
#pluginserver_names = # Comma-separated list of names for pluginserver | |
# processes. The actual names are used for | |
# log messages and to relate the actual settings. | |
#pluginserver_XXX_socket = <prefix>/<XXX>.socket # Path to the unix socket | |
# used by the <XXX> pluginserver. | |
#pluginserver_XXX_start_cmd = /usr/local/bin/<XXX> # Full command (including | |
# any needed arguments) to | |
# start the <XXX> pluginserver | |
#pluginserver_XXX_query_cmd = /usr/local/bin/query_<XXX> # Full command to "query" the | |
# <XXX> pluginserver. Should | |
# produce a JSON with the | |
# dump info of all plugins it | |
# manages | |
#port_maps = # With this configuration parameter, you can | |
# let the Kong to know about the port from | |
# which the packets are forwarded to it. This | |
# is fairly common when running Kong in a | |
# containerized or virtualized environment. | |
# For example, `port_maps=80:8000, 443:8443` | |
# instructs Kong that the port 80 is mapped | |
# to 8000 (and the port 443 to 8443), where | |
# 8000 and 8443 are the ports that Kong is | |
# listening to. | |
# | |
# This parameter helps Kong set a proper | |
# forwarded upstream HTTP request header or to | |
# get the proper forwarded port with the Kong PDK | |
# (in case other means determining it has | |
# failed). It changes routing by a destination | |
# port to route by a port from which packets | |
# are forwarded to Kong, and similarly it | |
# changes the default plugin log serializer to | |
# use the port according to this mapping | |
# instead of reporting the port Kong is | |
# listening to. | |
#anonymous_reports = on # Send anonymous usage data such as error | |
# stack traces to help improve Kong. | |
#------------------------------------------------------------------------------ | |
# HYBRID MODE | |
#------------------------------------------------------------------------------ | |
#role = traditional # Use this setting to enable Hybrid Mode, | |
# This allows running some Kong nodes in a | |
# control plane role with a database and | |
# have them deliver configuration updates | |
# to other nodes running to DB-less running in | |
# a Data Plane role. | |
# | |
# Valid values to this setting are: | |
# | |
# - `traditional`: do not use Hybrid Mode. | |
# - `control_plane`: this node runs in a | |
# control plane role. It can use a database | |
# and will deliver configuration updates | |
# to data plane nodes. | |
# - `data_plane`: this is a data plane node. | |
# It runs DB-less and receives configuration | |
# updates from a control plane node. | |
#cluster_mtls = shared # Sets the verification between nodes of the | |
# cluster. | |
# | |
# Valid values to this setting are: | |
# | |
# - `shared`: use a shared certificate/key | |
# pair specified with the `cluster_cert` | |
# and `cluster_cert_key` settings. | |
# Note that CP and DP nodes have to present | |
# the same certificate to establish mTLS | |
# connections. | |
# - `pki`: use `cluster_ca_cert`, | |
# `cluster_server_name` and `cluster_cert` | |
# for verification. | |
# These are different certificates for each | |
# DP node, but issued by a cluster-wide | |
# common CA certificate: `cluster_ca_cert`. | |
#cluster_cert = # Filename of the cluster certificate to use | |
# when establishing secure communication | |
# between control and data plane nodes. | |
# You can use the `kong hybrid` command to | |
# generate the certificate/key pair. | |
# Under `shared` mode, it must be the same | |
# for all nodes. Under `pki` mode it | |
# should be a different certificate for each | |
# DP node. | |
#cluster_cert_key = # Filename of the cluster certificate key to | |
# use when establishing secure communication | |
# between control and data plane nodes. | |
# You can use the `kong hybrid` command to | |
# generate the certificate/key pair. | |
# Under `shared` mode, it must be the same | |
# for all nodes. Under `pki` mode it | |
# should be a different certificate for each | |
# DP node. | |
#cluster_ca_cert = # The trusted CA certificate file in PEM | |
# format used to verify the `cluster_cert`. | |
# Required if `cluster_mtls` is set to `pki`, | |
# ignored otherwise. | |
#------------------------------------------------------------------------------ | |
# HYBRID MODE DATA PLANE | |
#------------------------------------------------------------------------------ | |
#cluster_server_name = # The server name used in the SNI of the TLS | |
# connection from a DP node to a CP node. | |
# Must match the Common Name (CN) or Subject | |
# Alternative Name (SAN) found in the CP | |
# certificate. | |
# If `cluster_mtls` is set to | |
# `shared`, this setting is ignored and | |
# `kong_clustering` is used. | |
#cluster_control_plane = # To be used by data plane nodes only: | |
# address of the control plane node from | |
# which configuration updates will be fetched, | |
# in `host:port` format. | |
#------------------------------------------------------------------------------ | |
# HYBRID MODE CONTROL PLANE | |
#------------------------------------------------------------------------------ | |
#cluster_listen = 0.0.0.0:8005 | |
# Comma-separated list of addresses and ports on | |
# which the cluster control plane server should listen | |
# for data plane connections. | |
# The cluster communication port of the control plane | |
# must be accessible by all the data planes | |
# within the same cluster. This port is mTLS protected | |
# to ensure end-to-end security and integrity. | |
# | |
# This setting has no effect if `role` is not set to | |
# `control_plane`. | |
# | |
# Connection made to this endpoint are logged | |
# to the same location as Admin API access logs. | |
# See `admin_access_log` config description for more | |
# information. | |
#cluster_data_plane_purge_delay = 1209600 | |
# How many seconds must pass from the time a DP node | |
# becomes offline to the time its entry gets removed | |
# from the database, as returned by the | |
# /clustering/data-planes Admin API endpoint. | |
# | |
# This is to prevent the cluster data plane table from | |
# growing indefinitely. The default is set to | |
# 14 days. That is, if CP haven't heard from a DP for | |
# 14 days, its entry will be removed. | |
#cluster_ocsp = off | |
# Whether to check for revocation status of DP | |
# certificates using OCSP (Online Certificate Status Protocol). | |
# If enabled, the DP certificate should contain the | |
# "Certificate Authority Information Access" extension | |
# and the OCSP method with URI of which the OCSP responder | |
# can be reached from CP. | |
# | |
# OCSP checks are only performed on CP nodes, it has no | |
# effect on DP nodes. | |
# | |
# Valid values to this setting are: | |
# | |
# - `on`: OCSP revocation check is enabled and DP | |
# must pass the check in order to establish | |
# connection with CP. | |
# - `off`: OCSP revocation check is disabled. | |
# - `optional`: OCSP revocation check will be attempted, | |
# however, if the required extension is not | |
# found inside DP provided certificate | |
# or communication with the OCSP responder | |
# failed, then DP is still allowed through. | |
#------------------------------------------------------------------------------ | |
# NGINX | |
#------------------------------------------------------------------------------ | |
#proxy_listen = 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport backlog=16384 | |
# Comma-separated list of addresses and ports on | |
# which the proxy server should listen for | |
# HTTP/HTTPS traffic. | |
# The proxy server is the public entry point of Kong, | |
# which proxies traffic from your consumers to your | |
# backend services. This value accepts IPv4, IPv6, and | |
# hostnames. | |
# | |
# Some suffixes can be specified for each pair: | |
# | |
# - `ssl` will require that all connections made | |
# through a particular address/port be made with TLS | |
# enabled. | |
# - `http2` will allow for clients to open HTTP/2 | |
# connections to Kong's proxy server. | |
# - `proxy_protocol` will enable usage of the | |
# PROXY protocol for a given address/port. | |
# - `deferred` instructs to use a deferred accept on | |
# Linux (the TCP_DEFER_ACCEPT socket option). | |
# - `bind` instructs to make a separate bind() call | |
# for a given address:port pair. | |
# - `reuseport` instructs to create an individual | |
# listening socket for each worker process | |
# allowing the Kernel to better distribute incoming | |
# connections between worker processes | |
# - `backlog=N` sets the maximum length for the queue | |
# of pending TCP connections. This number should | |
# not be too small in order to prevent clients | |
# seeing "Connection refused" error connecting to | |
# a busy Kong instance. | |
# **Note:** on Linux, this value is limited by the | |
# setting of `net.core.somaxconn` Kernel parameter. | |
# In order for the larger `backlog` set here to take | |
# effect it is necessary to raise | |
# `net.core.somaxconn` at the same time to match or | |
# exceed the `backlog` number set. | |
# | |
# This value can be set to `off`, thus disabling | |
# the HTTP/HTTPS proxy port for this node. | |
# If stream_listen is also set to `off`, this enables | |
# 'control-plane' mode for this node | |
# (in which all traffic proxying capabilities are | |
# disabled). This node can then be used only to | |
# configure a cluster of Kong | |
# nodes connected to the same datastore. | |
# | |
# Example: | |
# `proxy_listen = 0.0.0.0:443 ssl, 0.0.0.0:444 http2 ssl` | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#listen | |
# for a description of the accepted formats for this | |
# and other `*_listen` values. | |
# | |
# See https://www.nginx.com/resources/admin-guide/proxy-protocol/ | |
# for more details about the `proxy_protocol` | |
# parameter. | |
# | |
# Not all `*_listen` values accept all formats | |
# specified in nginx's documentation. | |
#stream_listen = off | |
# Comma-separated list of addresses and ports on | |
# which the stream mode should listen. | |
# | |
# This value accepts IPv4, IPv6, and hostnames. | |
# Some suffixes can be specified for each pair: | |
# - `ssl` will require that all connections made | |
# through a particular address/port be made with TLS | |
# enabled. | |
# - `proxy_protocol` will enable usage of the | |
# PROXY protocol for a given address/port. | |
# - `bind` instructs to make a separate bind() call | |
# for a given address:port pair. | |
# - `reuseport` instructs to create an individual | |
# listening socket for each worker process | |
# allowing the Kernel to better distribute incoming | |
# connections between worker processes | |
# - `backlog=N` sets the maximum length for the queue | |
# of pending TCP connections. This number should | |
# not be too small in order to prevent clients | |
# seeing "Connection refused" error connecting to | |
# a busy Kong instance. | |
# **Note:** on Linux, this value is limited by the | |
# setting of `net.core.somaxconn` Kernel parameter. | |
# In order for the larger `backlog` set here to take | |
# effect it is necessary to raise | |
# `net.core.somaxconn` at the same time to match or | |
# exceed the `backlog` number set. | |
# | |
# Examples: | |
# | |
# ``` | |
# stream_listen = 127.0.0.1:7000 reuseport backlog=16384 | |
# stream_listen = 0.0.0.0:989 reuseport backlog=65536, 0.0.0.0:20 | |
# stream_listen = [::1]:1234 backlog=16384 | |
# ``` | |
# | |
# By default this value is set to `off`, thus | |
# disabling the stream proxy port for this node. | |
# See http://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen | |
# for a description of the formats that Kong might accept in stream_listen. | |
#admin_listen = 127.0.0.1:8001 reuseport backlog=16384, 127.0.0.1:8444 http2 ssl reuseport backlog=16384 | |
# Comma-separated list of addresses and ports on | |
# which the Admin interface should listen. | |
# The Admin interface is the API allowing you to | |
# configure and manage Kong. | |
# Access to this interface should be *restricted* | |
# to Kong administrators *only*. This value accepts | |
# IPv4, IPv6, and hostnames. | |
# | |
# Some suffixes can be specified for each pair: | |
# | |
# - `ssl` will require that all connections made | |
# through a particular address/port be made with TLS | |
# enabled. | |
# - `http2` will allow for clients to open HTTP/2 | |
# connections to Kong's proxy server. | |
# - `proxy_protocol` will enable usage of the | |
# PROXY protocol for a given address/port. | |
# - `deferred` instructs to use a deferred accept on | |
# Linux (the TCP_DEFER_ACCEPT socket option). | |
# - `bind` instructs to make a separate bind() call | |
# for a given address:port pair. | |
# - `reuseport` instructs to create an individual | |
# listening socket for each worker process | |
# allowing the Kernel to better distribute incoming | |
# connections between worker processes | |
# - `backlog=N` sets the maximum length for the queue | |
# of pending TCP connections. This number should | |
# not be too small in order to prevent clients | |
# seeing "Connection refused" error connecting to | |
# a busy Kong instance. | |
# **Note:** on Linux, this value is limited by the | |
# setting of `net.core.somaxconn` Kernel parameter. | |
# In order for the larger `backlog` set here to take | |
# effect it is necessary to raise | |
# `net.core.somaxconn` at the same time to match or | |
# exceed the `backlog` number set. | |
# | |
# This value can be set to `off`, thus disabling | |
# the Admin interface for this node, enabling a | |
# 'data-plane' mode (without configuration | |
# capabilities) pulling its configuration changes | |
# from the database. | |
# | |
# Example: `admin_listen = 127.0.0.1:8444 http2 ssl` | |
#status_listen = off # Comma-separated list of addresses and ports on | |
# which the Status API should listen. | |
# The Status API is a read-only endpoint | |
# allowing monitoring tools to retrieve metrics, | |
# healthiness, and other non-sensitive information | |
# of the current Kong node. | |
# | |
# The following suffix can be specified for each pair: | |
# | |
# - `ssl` will require that all connections made | |
# through a particular address/port be made with TLS | |
# enabled. | |
# | |
# This value can be set to `off`, disabling | |
# the Status API for this node. | |
# | |
# Example: `status_listen = 0.0.0.0:8100` | |
#nginx_user = kong kong # Defines user and group credentials used by | |
# worker processes. If group is omitted, a | |
# group whose name equals that of user is | |
# used. | |
# | |
# Example: `nginx_user = nginx www` | |
# | |
# **Note**: If the `kong` user and the `kong` | |
# group are not available, the default user | |
# and group credentials will be | |
# `nobody nobody`. | |
#nginx_worker_processes = auto # Determines the number of worker processes | |
# spawned by Nginx. | |
# | |
# See http://nginx.org/en/docs/ngx_core_module.html#worker_processes | |
# for detailed usage of the equivalent Nginx | |
# directive and a description of accepted | |
# values. | |
#nginx_daemon = on # Determines whether Nginx will run as a daemon | |
# or as a foreground process. Mainly useful | |
# for development or when running Kong inside | |
# a Docker environment. | |
# | |
# See http://nginx.org/en/docs/ngx_core_module.html#daemon. | |
#mem_cache_size = 128m # Size of each of the two in-memory caches | |
# for database entities. The accepted units are | |
# `k` and `m`, with a minimum recommended value of | |
# a few MBs. | |
# | |
# **Note**: As this option controls the size of two | |
# different cache entries, the total memory Kong | |
# uses to cache entities might be double this value. | |
#ssl_cipher_suite = intermediate # Defines the TLS ciphers served by Nginx. | |
# Accepted values are `modern`, | |
# `intermediate`, `old`, or `custom`. | |
# | |
# See https://wiki.mozilla.org/Security/Server_Side_TLS | |
# for detailed descriptions of each cipher | |
# suite. | |
#ssl_ciphers = # Defines a custom list of TLS ciphers to be | |
# served by Nginx. This list must conform to | |
# the pattern defined by `openssl ciphers`. | |
# This value is ignored if `ssl_cipher_suite` | |
# is not `custom`. | |
#ssl_protocols = TLSv1.1 TLSv1.2 TLSv1.3 | |
# Enables the specified protocols for | |
# client-side connections. The set of | |
# supported protocol versions also depends | |
# on the version of OpenSSL Kong was built | |
# with. This value is ignored if | |
# `ssl_cipher_suite` is not `custom`. | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols | |
#ssl_prefer_server_ciphers = on # Specifies that server ciphers should be | |
# preferred over client ciphers when using | |
# the SSLv3 and TLS protocols. This value is | |
# ignored if `ssl_cipher_suite` is not `custom`. | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers | |
#ssl_dhparam = # Defines DH parameters for DHE ciphers from the | |
# predefined groups: `ffdhe2048`, `ffdhe3072`, | |
# `ffdhe4096`, `ffdhe6144`, `ffdhe8192`, or | |
# from the absolute path to a parameters file. | |
# | |
# This value is ignored if `ssl_cipher_suite` | |
# is `modern` or `intermediate`. The reason is | |
# that `modern` has no ciphers that needs this, | |
# and `intermediate` uses `ffdhe2048`. | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam | |
#ssl_session_tickets = on # Enables or disables session resumption through | |
# TLS session tickets. This has no impact when | |
# used with TLSv1.3. | |
# | |
# Kong enables this by default for performance | |
# reasons, but it has security implications: | |
# https://github.com/mozilla/server-side-tls/issues/135 | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets | |
#ssl_session_timeout = 1d # Specifies a time during which a client may | |
# reuse the session parameters. See the rationale: | |
# https://github.com/mozilla/server-side-tls/issues/198 | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout | |
#ssl_cert = # Comma-separated list of the absolute path to the certificates for | |
# `proxy_listen` values with TLS enabled. | |
# | |
# If more than one certificates are specified, it can be used to provide | |
# alternate type of certificate (for example, ECC certificate) that will be served | |
# to clients that supports them. Note to properly serve using ECC certificates, | |
# it is recommended to also set `ssl_cipher_suite` to | |
# `modern` or `intermediate`. | |
# | |
# Unless this option is explicitly set, Kong will auto-generate | |
# a pair of default certificates (RSA + ECC) first time it starts up and use | |
# it for serving TLS requests. | |
#ssl_cert_key = # Comma-separated list of the absolute path to the keys for | |
# `proxy_listen` values with TLS enabled. | |
# | |
# If more than one certificate was specified for `ssl_cert`, then this | |
# option should contain the corresponding key for all certificates | |
# provided in the same order. | |
# | |
# Unless this option is explicitly set, Kong will auto-generate | |
# a pair of default private keys (RSA + ECC) first time it starts up and use | |
# it for serving TLS requests. | |
#client_ssl = off # Determines if Nginx should attempt to send client-side | |
# TLS certificates and perform Mutual TLS Authentication | |
# with upstream service when proxying requests. | |
#client_ssl_cert = # If `client_ssl` is enabled, the absolute | |
# path to the client certificate for the `proxy_ssl_certificate` directive. | |
# | |
# This value can be overwritten dynamically with the `client_certificate` | |
# attribute of the `Service` object. | |
#client_ssl_cert_key = # If `client_ssl` is enabled, the absolute | |
# path to the client TLS key for the `proxy_ssl_certificate_key` directive. | |
# | |
# This value can be overwritten dynamically with the `client_certificate` | |
# attribute of the `Service` object. | |
#admin_ssl_cert = # Comma-separated list of the absolute path to the certificates for | |
# `admin_listen` values with TLS enabled. | |
# | |
# See docs for `ssl_cert` for detailed usage. | |
#admin_ssl_cert_key = # Comma-separated list of the absolute path to the keys for | |
# `admin_listen` values with TLS enabled. | |
# | |
# See docs for `ssl_cert_key` for detailed usage. | |
#status_ssl_cert = # Comma-separated list of the absolute path to the certificates for | |
# `status_listen` values with TLS enabled. | |
# | |
# See docs for `ssl_cert` for detailed usage. | |
#status_ssl_cert_key = # Comma-separated list of the absolute path to the keys for | |
# `status_listen` values with TLS enabled. | |
# | |
# See docs for `ssl_cert_key` for detailed usage. | |
#headers = server_tokens, latency_tokens | |
# Comma-separated list of headers Kong should | |
# inject in client responses. | |
# | |
# Accepted values are: | |
# - `Server`: Injects `Server: kong/x.y.z` | |
# on Kong-produced response (e.g. Admin | |
# API, rejected requests from auth plugin). | |
# - `Via`: Injects `Via: kong/x.y.z` for | |
# successfully proxied requests. | |
# - `X-Kong-Proxy-Latency`: Time taken | |
# (in milliseconds) by Kong to process | |
# a request and run all plugins before | |
# proxying the request upstream. | |
# - `X-Kong-Response-Latency`: time taken | |
# (in millisecond) by Kong to produce | |
# a response in case of e.g. plugin | |
# short-circuiting the request, or in | |
# in case of an error. | |
# - `X-Kong-Upstream-Latency`: Time taken | |
# (in milliseconds) by the upstream | |
# service to send response headers. | |
# - `X-Kong-Admin-Latency`: Time taken | |
# (in milliseconds) by Kong to process | |
# an Admin API request. | |
# - `X-Kong-Upstream-Status`: The HTTP status | |
# code returned by the upstream service. | |
# This is particularly useful for clients to | |
# distinguish upstream statuses if the | |
# response is rewritten by a plugin. | |
# - `server_tokens`: Same as specifying both | |
# `Server` and `Via`. | |
# - `latency_tokens`: Same as specifying | |
# `X-Kong-Proxy-Latency`, | |
# `X-Kong-Response-Latency`, | |
# `X-Kong-Admin-Latency` and | |
# `X-Kong-Upstream-Latency` | |
# | |
# In addition to those, this value can be set | |
# to `off`, which prevents Kong from injecting | |
# any of the above headers. Note that this | |
# does not prevent plugins from injecting | |
# headers of their own. | |
# | |
# Example: `headers = via, latency_tokens` | |
#trusted_ips = # Defines trusted IP addresses blocks that are | |
# known to send correct `X-Forwarded-*` | |
# headers. | |
# Requests from trusted IPs make Kong forward | |
# their `X-Forwarded-*` headers upstream. | |
# Non-trusted requests make Kong insert its | |
# own `X-Forwarded-*` headers. | |
# | |
# This property also sets the | |
# `set_real_ip_from` directive(s) in the Nginx | |
# configuration. It accepts the same type of | |
# values (CIDR blocks) but as a | |
# comma-separated list. | |
# | |
# To trust *all* /!\ IPs, set this value to | |
# `0.0.0.0/0,::/0`. | |
# | |
# If the special value `unix:` is specified, | |
# all UNIX-domain sockets will be trusted. | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from | |
# for examples of accepted values. | |
#real_ip_header = X-Real-IP # Defines the request header field whose value | |
# will be used to replace the client address. | |
# This value sets the `ngx_http_realip_module` | |
# directive of the same name in the Nginx | |
# configuration. | |
# | |
# If this value receives `proxy_protocol`: | |
# | |
# - at least one of the `proxy_listen` entries | |
# must have the `proxy_protocol` flag | |
# enabled. | |
# - the `proxy_protocol` parameter will be | |
# appended to the `listen` directive of the | |
# Nginx template. | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header | |
# for a description of this directive. | |
#real_ip_recursive = off # This value sets the `ngx_http_realip_module` | |
# directive of the same name in the Nginx | |
# configuration. | |
# | |
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive | |
# for a description of this directive. | |
#error_default_type = text/plain # Default MIME type to use when the request | |
# `Accept` header is missing and Nginx | |
# is returning an error for the request. | |
# Accepted values are `text/plain`, | |
# `text/html`, `application/json`, and | |
# `application/xml`. | |
#upstream_keepalive_pool_size = 60 # Sets the default size of the upstream | |
# keepalive connection pools. | |
# Upstream keepalive connection pools | |
# are segmented by the `dst ip/dst | |
# port/SNI` attributes of a connection. | |
# A value of `0` will disable upstream | |
# keepalive connections by default, forcing | |
# each upstream request to open a new | |
# connection. | |
#upstream_keepalive_max_requests = 100 # Sets the default maximum number of | |
# requests than can be proxied upstream | |
# through one keepalive connection. | |
# After the maximum number of requests | |
# is reached, the connection will be | |
# closed. | |
# A value of `0` will disable this | |
# behavior, and a keepalive connection | |
# can be used to proxy an indefinite | |
# number of requests. | |
#upstream_keepalive_idle_timeout = 60 # Sets the default timeout (in seconds) | |
# for which an upstream keepalive | |
# connection should be kept open. When | |
# the timeout is reached while the | |
# connection has not been reused, it | |
# will be closed. | |
# A value of `0` will disable this | |
# behavior, and an idle keepalive | |
# connection may be kept open | |
# indefinitely. | |
#------------------------------------------------------------------------------ | |
# NGINX injected directives | |
#------------------------------------------------------------------------------ | |
# Nginx directives can be dynamically injected in the runtime nginx.conf file | |
# without requiring a custom Nginx configuration template. | |
# | |
# All configuration properties respecting the naming scheme | |
# `nginx_<namespace>_<directive>` will result in `<directive>` being injected in | |
# the Nginx configuration block corresponding to the property's `<namespace>`. | |
# Example: | |
# `nginx_proxy_large_client_header_buffers = 8 24k` | |
# | |
# Will inject the following directive in Kong's proxy `server {}` block: | |
# | |
# `large_client_header_buffers 8 24k;` | |
# | |
# The following namespaces are supported: | |
# | |
# - `nginx_main_<directive>`: Injects `<directive>` in Kong's configuration | |
# `main` context. | |
# - `nginx_events_<directive>`: Injects `<directive>` in Kong's `events {}` | |
# block. | |
# - `nginx_http_<directive>`: Injects `<directive>` in Kong's `http {}` block. | |
# - `nginx_proxy_<directive>`: Injects `<directive>` in Kong's proxy | |
# `server {}` block. | |
# - `nginx_upstream_<directive>`: Injects `<directive>` in Kong's proxy | |
# `upstream {}` block. | |
# - `nginx_admin_<directive>`: Injects `<directive>` in Kong's Admin API | |
# `server {}` block. | |
# - `nginx_status_<directive>`: Injects `<directive>` in Kong's Status API | |
# `server {}` block (only effective if `status_listen` is enabled). | |
# - `nginx_stream_<directive>`: Injects `<directive>` in Kong's stream module | |
# `stream {}` block (only effective if `stream_listen` is enabled). | |
# - `nginx_sproxy_<directive>`: Injects `<directive>` in Kong's stream module | |
# `server {}` block (only effective if `stream_listen` is enabled). | |
# - `nginx_supstream_<directive>`: Injects `<directive>` in Kong's stream | |
# module `upstream {}` block. | |
# | |
# As with other configuration properties, Nginx directives can be injected via | |
# environment variables when capitalized and prefixed with `KONG_`. | |
# Example: | |
# `KONG_NGINX_HTTP_SSL_PROTOCOLS` -> `nginx_http_ssl_protocols` | |
# | |
# Will inject the following directive in Kong's `http {}` block: | |
# | |
# `ssl_protocols <value>;` | |
# | |
# If different sets of protocols are desired between the proxy and Admin API | |
# server, you may specify `nginx_proxy_ssl_protocols` and/or | |
# `nginx_admin_ssl_protocols`, both of which taking precedence over the | |
# `http {}` block. | |
#nginx_main_worker_rlimit_nofile = auto | |
# Changes the limit on the maximum number of open files | |
# for worker processes. | |
# | |
# The special and default value of `auto` sets this | |
# value to `ulimit -n` with the upper bound limited to | |
# 16384 as a measure to protect against excess memory use. | |
# | |
# See http://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile | |
#nginx_events_worker_connections = auto | |
# Sets the maximum number of simultaneous | |
# connections that can be opened by a worker process. | |
# | |
# The special and default value of `auto` sets this | |
# value to `ulimit -n` with the upper bound limited to | |
# 16384 as a measure to protect against excess memory use. | |
# | |
# See http://nginx.org/en/docs/ngx_core_module.html#worker_connections | |
#nginx_http_client_header_buffer_size = 1k # Sets buffer size for reading the | |
# client request headers. | |
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size | |
#nginx_http_large_client_header_buffers = 4 8k # Sets the maximum number and | |
# size of buffers used for | |
# reading large clients | |
# requests headers. | |
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers | |
#nginx_http_client_max_body_size = 0 # Defines the maximum request body size | |
# allowed by requests proxied by Kong, | |
# specified in the Content-Length request | |
# header. If a request exceeds this | |
# limit, Kong will respond with a 413 | |
# (Request Entity Too Large). Setting | |
# this value to 0 disables checking the | |
# request body size. | |
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size | |
#nginx_admin_client_max_body_size = 10m # Defines the maximum request body size for | |
# Admin API. | |
#nginx_http_client_body_buffer_size = 8k # Defines the buffer size for reading | |
# the request body. If the client | |
# request body is larger than this | |
# value, the body will be buffered to | |
# disk. Note that when the body is | |
# buffered to disk, Kong plugins that | |
# access or manipulate the request | |
# body may not work, so it is | |
# advisable to set this value as high | |
# as possible (e.g., set it as high | |
# as `client_max_body_size` to force | |
# request bodies to be kept in | |
# memory). Do note that | |
# high-concurrency environments will | |
# require significant memory | |
# allocations to process many | |
# concurrent large request bodies. | |
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size | |
#nginx_admin_client_body_buffer_size = 10m # Defines the buffer size for reading | |
# the request body on Admin API. | |
#------------------------------------------------------------------------------ | |
# DATASTORE | |
#------------------------------------------------------------------------------ | |
# Kong can run with a database to store coordinated data between Kong nodes in | |
# a cluster, or without a database, where each node stores its information | |
# independently in memory. | |
# | |
# When using a database, Kong will store data for all its entities (such as | |
# Routes, Services, Consumers, and Plugins) in either Cassandra or PostgreSQL, | |
# and all Kong nodes belonging to the same cluster must connect themselves | |
# to the same database. | |
# | |
# Kong supports the following database versions: | |
# - **PostgreSQL**: 9.5 and above. | |
# - **Cassandra**: 2.2 and above. | |
# | |
# When not using a database, Kong is said to be in "DB-less mode": it will keep | |
# its entities in memory, and each node needs to have this data entered via a | |
# declarative configuration file, which can be specified through the | |
# `declarative_config` property, or via the Admin API using the `/config` | |
# endpoint. | |
# | |
# When using Postgres as the backend storage, you can optionally enable Kong | |
# to serve read queries from a separate database instance. | |
# When the number of proxies is large, this can greatly reduce the load | |
# on the main Postgres instance and achieve better scalability. It may also | |
# reduce the latency jitter if the Kong proxy node's latency to the main | |
# Postgres instance is high. | |
# | |
# The read-only Postgres instance only serves read queries and write | |
# queries still goes to the main connection. The read-only Postgres instance | |
# can be eventually consistent while replicating changes from the main | |
# instance. | |
# | |
# At least the `pg_ro_host` config is needed to enable this feature. | |
# By default, all other database config for the read-only connection are | |
# inherited from the corresponding main connection config described above but | |
# may be optionally overwritten explicitly using the `pg_ro_*` config below. | |
#database = postgres # Determines which of PostgreSQL or Cassandra | |
# this node will use as its datastore. | |
# Accepted values are `postgres`, | |
# `cassandra`, and `off`. | |
#pg_host = 127.0.0.1 # Host of the Postgres server. | |
#pg_port = 5432 # Port of the Postgres server. | |
#pg_timeout = 5000 # Defines the timeout (in ms), for connecting, | |
# reading and writing. | |
#pg_user = kong # Postgres user. | |
#pg_password = # Postgres user's password. | |
#pg_database = kong # The database name to connect to. | |
#pg_schema = # The database schema to use. If unspecified, | |
# Kong will respect the `search_path` value of | |
# your PostgreSQL instance. | |
#pg_ssl = off # Toggles client-server TLS connections | |
# between Kong and PostgreSQL. | |
# Because PostgreSQL uses the same port for TLS | |
# and non-TLS, this is only a hint. If the | |
# server does not support TLS, the established | |
# connection will be a plain one. | |
#pg_ssl_verify = off # Toggles server certificate verification if | |
# `pg_ssl` is enabled. | |
# See the `lua_ssl_trusted_certificate` | |
# setting to specify a certificate authority. | |
#pg_max_concurrent_queries = 0 # Sets the maximum number of concurrent queries | |
# that can be executing at any given time. This | |
# limit is enforced per worker process; the | |
# total number of concurrent queries for this | |
# node will be will be: | |
# `pg_max_concurrent_queries * nginx_worker_processes`. | |
# | |
# The default value of 0 removes this | |
# concurrency limitation. | |
#pg_semaphore_timeout = 60000 # Defines the timeout (in ms) after which | |
# PostgreSQL query semaphore resource | |
# acquisition attempts will fail. Such | |
# failures will generally result in the | |
# associated proxy or Admin API request | |
# failing with an HTTP 500 status code. | |
# Detailed discussion of this behavior is | |
# available in the online documentation. | |
#pg_ro_host = # Same as `pg_host`, but for the | |
# read-only connection. | |
# **Note:** Refer to the documentation | |
# section above for detailed usage. | |
#pg_ro_port = <pg_port> # Same as `pg_port`, but for the | |
# read-only connection. | |
#pg_ro_timeout = <pg_timeout> # Same as `pg_timeout`, but for the | |
# read-only connection. | |
#pg_ro_user = <pg_user> # Same as `pg_user`, but for the | |
# read-only connection. | |
#pg_ro_password = <pg_password> # Same as `pg_password`, but for the | |
# read-only connection. | |
#pg_ro_database = <pg_database> # Same as `pg_database`, but for the | |
# read-only connection. | |
#pg_ro_schema = <pg_schema> # Same as `pg_schema`, but for the | |
# read-only connection. | |
#pg_ro_ssl = <pg_ssl> # Same as `pg_ssl`, but for the | |
# read-only connection. | |
#pg_ro_ssl_verify = <pg_ssl_verify> | |
# Same as `pg_ssl_verify`, but for the | |
# read-only connection. | |
#pg_ro_max_concurrent_queries = <pg_max_concurrent_queries> | |
# Same as `pg_max_concurrent_queries`, but for | |
# the read-only connection. | |
# Note: read-only concurrency is not shared | |
# with the main (read-write) connection. | |
#pg_ro_semaphore_timeout = <pg_semaphore_timeout> | |
# Same as `pg_semaphore_timeout`, but for the | |
# read-only connection. | |
#cassandra_contact_points = 127.0.0.1 # A comma-separated list of contact | |
# points to your cluster. | |
# You may specify IP addresses or | |
# hostnames. Note that the port | |
# component of SRV records will be | |
# ignored in favor of `cassandra_port`. | |
# When connecting to a multi-DC cluster, | |
# ensure that contact points from the | |
# local datacenter are specified first | |
# in this list. | |
#cassandra_port = 9042 # The port on which your nodes are listening | |
# on. All your nodes and contact points must | |
# listen on the same port. Will be created if | |
# it doesn't exist. | |
#cassandra_keyspace = kong # The keyspace to use in your cluster. | |
#cassandra_write_consistency = ONE # Consistency setting to use when | |
# writing to the Cassandra cluster. | |
#cassandra_read_consistency = ONE # Consistency setting to use when | |
# reading from the Cassandra cluster. | |
#cassandra_timeout = 5000 # Defines the timeout (in ms) for reading | |
# and writing. | |
#cassandra_ssl = off # Toggles client-to-node TLS connections | |
# between Kong and Cassandra. | |
#cassandra_ssl_verify = off # Toggles server certificate verification if | |
# `cassandra_ssl` is enabled. | |
# See the `lua_ssl_trusted_certificate` | |
# setting to specify a certificate authority. | |
#cassandra_username = kong # Username when using the | |
# `PasswordAuthenticator` scheme. | |
#cassandra_password = # Password when using the | |
# `PasswordAuthenticator` scheme. | |
#cassandra_lb_policy = RequestRoundRobin # Load balancing policy to use when | |
# distributing queries across your | |
# Cassandra cluster. | |
# Accepted values are: | |
# `RoundRobin`, `RequestRoundRobin`, | |
# `DCAwareRoundRobin`, and | |
# `RequestDCAwareRoundRobin`. | |
# Policies prefixed with "Request" | |
# make efficient use of established | |
# connections throughout the same | |
# request. | |
# Prefer "DCAware" policies if and | |
# only if you are using a | |
# multi-datacenter cluster. | |
#cassandra_local_datacenter = # When using the `DCAwareRoundRobin` | |
# or `RequestDCAwareRoundRobin` load | |
# balancing policy, you must specify the name | |
# of the local (closest) datacenter for this | |
# Kong node. | |
#cassandra_refresh_frequency = 60 # Frequency (in seconds) at which | |
# the cluster topology will be | |
# checked for new or decommissioned | |
# nodes. | |
# A value of `0` will disable this | |
# check, and the cluster topology | |
# will never be refreshed. | |
#cassandra_repl_strategy = SimpleStrategy # When migrating for the first time, | |
# Kong will use this setting to | |
# create your keyspace. | |
# Accepted values are | |
# `SimpleStrategy` and | |
# `NetworkTopologyStrategy`. | |
#cassandra_repl_factor = 1 # When migrating for the first time, Kong | |
# will create the keyspace with this | |
# replication factor when using the | |
# `SimpleStrategy`. | |
#cassandra_data_centers = dc1:2,dc2:3 # When migrating for the first time, | |
# will use this setting when using the | |
# `NetworkTopologyStrategy`. | |
# The format is a comma-separated list | |
# made of `<dc_name>:<repl_factor>`. | |
#cassandra_schema_consensus_timeout = 10000 # Defines the timeout (in ms) for | |
# the waiting period to reach a | |
# schema consensus between your | |
# Cassandra nodes. | |
# This value is only used during | |
# migrations. | |
#declarative_config = # The path to the declarative configuration | |
# file which holds the specification of all | |
# entities (Routes, Services, Consumers, etc.) | |
# to be used when the `database` is set to | |
# `off`. | |
# | |
# Entities are stored in Kong's in-memory cache, | |
# so you must ensure that enough memory is | |
# allocated to it via the `mem_cache_size` | |
# property. You must also ensure that items | |
# in the cache never expire, which means that | |
# `db_cache_ttl` should preserve its default | |
# value of 0. | |
# | |
# If the Hybrid mode `role` is set to `data_plane` | |
# and there's no configuration cache file, | |
# this configuration is used before connecting | |
# to the Control Plane node as a user-controlled | |
# fallback. | |
#------------------------------------------------------------------------------ | |
# DATASTORE CACHE | |
#------------------------------------------------------------------------------ | |
# In order to avoid unnecessary communication with the datastore, Kong caches | |
# entities (such as APIs, Consumers, Credentials...) for a configurable period | |
# of time. It also handles invalidations if such an entity is updated. | |
# | |
# This section allows for configuring the behavior of Kong regarding the | |
# caching of such configuration entities. | |
#db_update_frequency = 5 # Frequency (in seconds) at which to check for | |
# updated entities with the datastore. | |
# | |
# When a node creates, updates, or deletes an | |
# entity via the Admin API, other nodes need | |
# to wait for the next poll (configured by | |
# this value) to eventually purge the old | |
# cached entity and start using the new one. | |
#db_update_propagation = 0 # Time (in seconds) taken for an entity in the | |
# datastore to be propagated to replica nodes | |
# of another datacenter. | |
# | |
# When in a distributed environment such as | |
# a multi-datacenter Cassandra cluster, this | |
# value should be the maximum number of | |
# seconds taken by Cassandra to propagate a | |
# row to other datacenters. | |
# | |
# When set, this property will increase the | |
# time taken by Kong to propagate the change | |
# of an entity. | |
# | |
# Single-datacenter setups or PostgreSQL | |
# servers should suffer no such delays, and | |
# this value can be safely set to 0. | |
#db_cache_ttl = 0 # Time-to-live (in seconds) of an entity from | |
# the datastore when cached by this node. | |
# | |
# Database misses (no entity) are also cached | |
# according to this setting if you do not | |
# configure `db_cache_neg_ttl`. | |
# | |
# If set to 0 (default), such cached entities | |
# or misses never expire. | |
#db_cache_neg_ttl = # Time-to-live (in seconds) of a datastore | |
# miss (no entity). | |
# | |
# If not specified (default), `db_cache_ttl` | |
# value will be used instead. | |
# | |
# If set to 0, misses will never expire. | |
#db_resurrect_ttl = 30 # Time (in seconds) for which stale entities | |
# from the datastore should be resurrected for | |
# when they cannot be refreshed (e.g., the | |
# datastore is unreachable). When this TTL | |
# expires, a new attempt to refresh the stale | |
# entities will be made. | |
#db_cache_warmup_entities = services | |
# Entities to be pre-loaded from the datastore | |
# into the in-memory cache at Kong start-up. | |
# This speeds up the first access of endpoints | |
# that use the given entities. | |
# | |
# When the `services` entity is configured | |
# for warmup, the DNS entries for values in | |
# its `host` attribute are pre-resolved | |
# asynchronously as well. | |
# | |
# Cache size set in `mem_cache_size` should | |
# be set to a value large enough to hold all | |
# instances of the specified entities. | |
# If the size is insufficient, Kong will log | |
# a warning. | |
#------------------------------------------------------------------------------ | |
# DNS RESOLVER | |
#------------------------------------------------------------------------------ | |
# By default, the DNS resolver will use the standard configuration files | |
# `/etc/hosts` and `/etc/resolv.conf`. The settings in the latter file will be | |
# overridden by the environment variables `LOCALDOMAIN` and `RES_OPTIONS` if | |
# they have been set. | |
# | |
# Kong will resolve hostnames as either `SRV` or `A` records (in that order, and | |
# `CNAME` records will be dereferenced in the process). | |
# In case a name was resolved as an `SRV` record it will also override any given | |
# port number by the `port` field contents received from the DNS server. | |
# | |
# The DNS options `SEARCH` and `NDOTS` (from the `/etc/resolv.conf` file) will | |
# be used to expand short names to fully qualified ones. So it will first try | |
# the entire `SEARCH` list for the `SRV` type, if that fails it will try the | |
# `SEARCH` list for `A`, etc. | |
# | |
# For the duration of the `ttl`, the internal DNS resolver will loadbalance each | |
# request it gets over the entries in the DNS record. For `SRV` records the | |
# `weight` fields will be honored, but it will only use the lowest `priority` | |
# field entries in the record. | |
#dns_resolver = # Comma separated list of nameservers, each | |
# entry in `ip[:port]` format to be used by | |
# Kong. If not specified the nameservers in | |
# the local `resolv.conf` file will be used. | |
# Port defaults to 53 if omitted. Accepts | |
# both IPv4 and IPv6 addresses. | |
#dns_hostsfile = /etc/hosts # The hosts file to use. This file is read | |
# once and its content is static in memory. | |
# To read the file again after modifying it, | |
# Kong must be reloaded. | |
#dns_order = LAST,SRV,A,CNAME # The order in which to resolve different | |
# record types. The `LAST` type means the | |
# type of the last successful lookup (for the | |
# specified name). The format is a (case | |
# insensitive) comma separated list. | |
#dns_valid_ttl = # By default, DNS records are cached using | |
# the TTL value of a response. If this | |
# property receives a value (in seconds), it | |
# will override the TTL for all records. | |
#dns_stale_ttl = 4 # Defines, in seconds, how long a record will | |
# remain in cache past its TTL. This value | |
# will be used while the new DNS record is | |
# fetched in the background. | |
# Stale data will be used from expiry of a | |
# record until either the refresh query | |
# completes, or the `dns_stale_ttl` number of | |
# seconds have passed. | |
#dns_not_found_ttl = 30 # TTL in seconds for empty DNS responses and | |
# "(3) name error" responses. | |
#dns_error_ttl = 1 # TTL in seconds for error responses. | |
#dns_no_sync = off # If enabled, then upon a cache-miss every | |
# request will trigger its own dns query. | |
# When disabled multiple requests for the | |
# same name/type will be synchronised to a | |
# single query. | |
#------------------------------------------------------------------------------ | |
# TUNING & BEHAVIOR | |
#------------------------------------------------------------------------------ | |
#worker_consistency = strict | |
# Defines whether this node should rebuild its | |
# state synchronously or asynchronously (the | |
# balancers and the router are rebuilt on | |
# updates that affects them, e.g., updates to | |
# Routes, Services or Upstreams, via the Admin | |
# API or loading a declarative configuration | |
# file). | |
# | |
# Accepted values are: | |
# | |
# - `strict`: the router will be rebuilt | |
# synchronously, causing incoming requests to | |
# be delayed until the rebuild is finished. | |
# - `eventual`: the router will be rebuilt | |
# asynchronously via a recurring background | |
# job running every second inside of each | |
# worker. | |
# | |
# Note that `strict` ensures that all workers | |
# of a given node will always proxy requests | |
# with an identical router, but that increased | |
# long tail latency can be observed if | |
# frequent Routes and Services updates are | |
# expected. | |
# Using `eventual` will help preventing long | |
# tail latency issues in such cases, but may | |
# cause workers to route requests differently | |
# for a short period of time after Routes and | |
# Services updates. | |
#worker_state_update_frequency = 5 | |
# Defines how often the worker state changes are | |
# checked with a background job. When a change | |
# is detected, a new router or balancer will be | |
# built, as needed. Raising this value will | |
# decrease the load on database servers and | |
# result in less jitter in proxy latency, but | |
# it might take more time to propagate changes | |
# to each individual worker. | |
#------------------------------------------------------------------------------ | |
# MISCELLANEOUS | |
#------------------------------------------------------------------------------ | |
# Additional settings inherited from lua-nginx-module allowing for more | |
# flexibility and advanced usage. | |
# | |
# See the lua-nginx-module documentation for more information: | |
# https://github.com/openresty/lua-nginx-module | |
#lua_ssl_trusted_certificate = # Comma-separated list of paths to certificate | |
# authority files for Lua cosockets in PEM format. | |
# | |
# The special value `system` attempts to search for the | |
# "usual default" provided by each distro, according | |
# to an arbitrary heuristic. In the current implementation, | |
# The following pathnames will be tested in order, | |
# and the first one found will be used: | |
# | |
# - /etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu/Gentoo) | |
# - /etc/pki/tls/certs/ca-bundle.crt (Fedora/RHEL 6) | |
# - /etc/ssl/ca-bundle.pem (OpenSUSE) | |
# - /etc/pki/tls/cacert.pem (OpenELEC) | |
# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (CentOS/RHEL 7) | |
# - /etc/ssl/cert.pem (OpenBSD, Alpine) | |
# | |
# If no file is found on any of these paths, an error will | |
# be raised. | |
# | |
# `system` can be used by itself or in conjunction with other | |
# CA filepaths. | |
# | |
# When `pg_ssl_verify` or `cassandra_ssl_verify` | |
# are enabled, these certificate authority files will be | |
# used for verifying Kong's database connections. | |
# | |
# See https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate | |
#lua_ssl_verify_depth = 1 # Sets the verification depth in the server | |
# certificates chain used by Lua cosockets, | |
# set by `lua_ssl_trusted_certificate`. | |
# This includes the certificates configured | |
# for Kong's database connections. | |
# If the maximum depth is reached before | |
# reaching the end of the chain, verification | |
# will fail. This helps mitigate certificate | |
# based DoS attacks. | |
# | |
# See https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth | |
#lua_ssl_protocols = TLSv1.1 TLSv1.2 TLSv1.3 # Defines the TLS versions supported | |
# when handshaking with OpenResty's | |
# TCP cosocket APIs. | |
# | |
# This affects connections made by Lua | |
# code, such as connections to the | |
# database Kong uses, or when sending logs | |
# using a logging plugin. It does *not* | |
# affect connections made to the upstream | |
# Service or from downstream clients. | |
#lua_package_path = ./?.lua;./?/init.lua; # Sets the Lua module search path | |
# (LUA_PATH). Useful when developing | |
# or using custom plugins not stored | |
# in the default search path. | |
# | |
# See https://github.com/openresty/lua-nginx-module#lua_package_path | |
#lua_package_cpath = # Sets the Lua C module search path | |
# (LUA_CPATH). | |
# | |
# See https://github.com/openresty/lua-nginx-module#lua_package_cpath | |
#lua_socket_pool_size = 30 # Specifies the size limit for every cosocket | |
# connection pool associated with every remote | |
# server. | |
# | |
# See https://github.com/openresty/lua-nginx-module#lua_socket_pool_size | |
#untrusted_lua = sandbox | |
# Controls loading of Lua functions from admin-supplied | |
# sources such as the Admin API. LuaJIT bytecode | |
# loading is always disabled. | |
# | |
# **Warning:** LuaJIT is not designed as a secure | |
# runtime for running malicious code, therefore | |
# you should properly protect your Admin API endpoint | |
# even with sandboxing enabled. The sandbox only | |
# provides protection against trivial attackers or | |
# unintentional modification of the Kong global | |
# environment. | |
# | |
# Accepted values are: `off`, `sandbox`, or | |
# `on`: | |
# | |
# * `off`: Disallow loading of any arbitrary | |
# Lua functions. The `off` option | |
# disables any functionality that runs | |
# arbitrary Lua code, including the | |
# Serverless Functions plugins and any | |
# transformation plugin that allows | |
# custom Lua functions. | |
# | |
# * `sandbox`: Allow loading of Lua functions, | |
# but use a sandbox when executing | |
# them. The sandboxed function has | |
# restricted access to the global | |
# environment and only has access | |
# to standard Lua functions that | |
# will generally not cause harm to | |
# the Kong Gateway node. | |
# | |
# * `on`: Functions have unrestricted | |
# access to the global environment and | |
# can load any Lua modules. This is | |
# similar to the behavior in | |
# Kong Gateway prior to 2.3.0. | |
# | |
# The default `sandbox` environment does not | |
# allow importing other modules or libraries, | |
# or executing anything at the OS level (for | |
# example, file read/write). The global | |
# environment is also not accessible. | |
# | |
# Examples of `untrusted_lua = sandbox` | |
# behavior: | |
# | |
# * You can't access or change global values | |
# such as `kong.configuration.pg_password` | |
# * You can run harmless lua: | |
# `local foo = 1 + 1`. However, OS level | |
# functions are not allowed, like: | |
# `os.execute('rm -rf /*')`. | |
# | |
# For a full allowed/disallowed list, see: | |
# https://github.com/kikito/sandbox.lua/blob/master/sandbox.lua | |
# | |
# To customize the sandbox environment, use | |
# the `untrusted_lua_sandbox_requires` and | |
# `untrusted_lua_sandbox_environment` | |
# parameters below. | |
#untrusted_lua_sandbox_requires = # Comma-separated list of modules allowed to | |
# be loaded with `require` inside the | |
# sandboxed environment. Ignored | |
# if `untrusted_lua` is not `sandbox`. | |
# | |
# For example, say you have configured the | |
# Serverless pre-function plugin and it | |
# contains the following `requires`: | |
# | |
# ``` | |
# local template = require "resty.template" | |
# local split = require "kong.tools.utils".split | |
# ``` | |
# | |
# To run the plugin, add the modules to the | |
# allowed list: | |
# ``` | |
# untrusted_lua_sandbox_requires = resty.template, kong.tools.utils | |
# ``` | |
# | |
# **Warning:** Allowing certain modules may | |
# create opportunities to escape the | |
# sandbox. For example, allowing `os` or | |
# `luaposix` may be unsafe. | |
#untrusted_lua_sandbox_environment = # Comma-separated list of global Lua | |
# variables that should be made available | |
# inside the sandboxed environment. Ignored | |
# if `untrusted_lua` is not `sandbox`. | |
# | |
# **Warning**: Certain variables, when made | |
# available, may create opportunities to | |
# escape the sandbox. |