config-default.yaml

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# PLEASE DO NOT UPDATE THIS FILE!
# If you want to set the specified configuration value, you can set the new
# value in the conf/config.yaml file.
#

apisix:
  # node_listen: 9080               # APISIX listening port
  node_listen:                      # This style support multiple ports
    - 9080
  #   - port: 9081
  #     enable_http2: true          # If not set, the default value is `false`.
  #   - ip: 127.0.0.2               # Specific IP, If not set, the default value is `0.0.0.0`.
  #     port: 9082
  #     enable_http2: true
  enable_admin: true
  enable_dev_mode: false            # Sets nginx worker_processes to 1 if set to true
  enable_reuseport: true            # Enable nginx SO_REUSEPORT switch if set to true.
  show_upstream_status_in_response_header: false # when true all upstream status write to `X-APISIX-Upstream-Status` otherwise only 5xx code
  enable_ipv6: true

  #proxy_protocol:                  # Proxy Protocol configuration
  #  listen_http_port: 9181         # The port with proxy protocol for http, it differs from node_listen and admin_listen.
                                    # This port can only receive http request with proxy protocol, but node_listen & admin_listen
                                    # can only receive http request. If you enable proxy protocol, you must use this port to
                                    # receive http request with proxy protocol
  #  listen_https_port: 9182        # The port with proxy protocol for https
  #  enable_tcp_pp: true            # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
  #  enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
  enable_server_tokens: true        # Whether the APISIX version number should be shown in Server header.
                                    # It's enabled by default.

  # configurations to load third party code and/or override the builtin one.
  extra_lua_path: ""                # extend lua_package_path to load third party code
  extra_lua_cpath: ""               # extend lua_package_cpath to load third party code
  #lua_module_hook: "my_project.my_hook"  # the hook module which will be used to inject third party code into APISIX

  proxy_cache:                      # Proxy Caching configuration
    cache_ttl: 10s                  # The default caching time in disk if the upstream does not specify the cache time
    zones:                          # The parameters of a cache
      - name: disk_cache_one        # The name of the cache, administrator can specify
                                    # which cache to use by name in the admin api (disk|memory)
        memory_size: 50m            # The size of shared memory, it's used to store the cache index for
                                    # disk strategy, store cache content for memory strategy (disk|memory)
        disk_size: 1G               # The size of disk, it's used to store the cache data (disk)
        disk_path: /tmp/disk_cache_one  # The path to store the cache data (disk)
        cache_levels: 1:2           # The hierarchy levels of a cache (disk)
      #- name: disk_cache_two
      #  memory_size: 50m
      #  disk_size: 1G
      #  disk_path: "/tmp/disk_cache_two"
      #  cache_levels: "1:2"
      - name: memory_cache
        memory_size: 50m

  delete_uri_tail_slash: false    # delete the '/' at the end of the URI
  # The URI normalization in servlet is a little different from the RFC's.
  # See https://github.com/jakartaee/servlet/blob/master/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization,
  # which is used under Tomcat.
  # Turn this option on if you want to be compatible with servlet when matching URI path.
  normalize_uri_like_servlet: false
  router:
    http: radixtree_host_uri      # radixtree_uri: match route by uri(base on radixtree)
                                  # radixtree_host_uri: match route by host + uri(base on radixtree)
                                  # radixtree_uri_with_parameter: like radixtree_uri but match uri with parameters,
                                  #   see https://github.com/api7/lua-resty-radixtree/#parameters-in-path for
                                  #   more details.
    ssl: radixtree_sni          # radixtree_sni: match route by SNI(base on radixtree)
  #stream_proxy:                  # TCP/UDP proxy
  #  only: true                   # use stream proxy only, don't enable HTTP stuff
  #  tcp:                         # TCP proxy port list
  #    - addr: 9100
  #      tls: true
  #    - addr: "127.0.0.1:9101"
  #  udp:                         # UDP proxy port list
  #    - 9200
  #    - "127.0.0.1:9201"
  #dns_resolver:                  # If not set, read from `/etc/resolv.conf`
  #  - 1.1.1.1
  #  - 8.8.8.8
  #dns_resolver_valid: 30         # if given, override the TTL of the valid records. The unit is second.
  resolver_timeout: 5             # resolver timeout
  enable_resolv_search_opt: true  # enable search option in resolv.conf
  ssl:
    enable: true
    listen:                       # APISIX listening port in https.
      - port: 9443
        enable_http2: true
    #   - ip: 127.0.0.3           # Specific IP, If not set, the default value is `0.0.0.0`.
    #     port: 9445
    #     enable_http2: true
    #ssl_trusted_certificate: /path/to/ca-cert  # Specifies a file path with trusted CA certificates in the PEM format
                                                # used to verify the certificate when APISIX needs to do SSL/TLS handshaking
                                                # with external services (e.g. etcd)
    ssl_protocols: TLSv1.2 TLSv1.3
    ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl_session_tickets: false              #  disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
                                            #  ref: https://github.com/mozilla/server-side-tls/issues/135

    key_encrypt_salt:             #  If not set, will save origin ssl key into etcd.
      - edd1c9f0985e76a2          #  If set this, the key_encrypt_salt should be an array whose elements are string, and the size is also 16, and it will encrypt ssl key with AES-128-CBC
                                  #  !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
                                  #  Only use the first key to encrypt, and decrypt in the order of the array.

    #fallback_sni: "my.default.domain"      # If set this, when the client doesn't send SNI during handshake, the fallback SNI will be used instead
  enable_control: true
  #control:
  #  ip: 127.0.0.1
  #  port: 9090
  disable_sync_configuration_during_start: false  # safe exit. Remove this once the feature is stable
  data_encryption:                # add `encrypt_fields = { $field },` in plugin schema to enable encryption
    enable: false                 # if not set, the default value is `false`.
    keyring:
      - qeddd145sfvddff3          # If not set, will save origin value into etcd.
                                  # If set this, the keyring should be an array whose elements are string, and the size is also 16, and it will encrypt fields with AES-128-CBC
                                  # !!! So do not change it after encryption, it can't decrypt the fields have be saved if you change !!
                                  # Only use the first key to encrypt, and decrypt in the order of the array.

nginx_config:                     # config for render the template to generate nginx.conf
  #user: root                     # specifies the execution user of the worker process.
                                  # the "user" directive makes sense only if the master process runs with super-user privileges.
                                  # if you're not root user,the default is current user.
  error_log: logs/error.log
  error_log_level:  warn          # warn,error
  worker_processes: auto          # if you want use multiple cores in container, you can inject the number of cpu as environment variable "APISIX_WORKER_PROCESSES"
  enable_cpu_affinity: false      # disable CPU affinity by default, if APISIX is deployed on a physical machine, it can be enabled and work well.
  worker_rlimit_nofile: 20480     # the number of files a worker process can open, should be larger than worker_connections
  worker_shutdown_timeout: 240s   # timeout for a graceful shutdown of worker processes

  max_pending_timers: 16384       # increase it if you see "too many pending timers" error
  max_running_timers: 4096        # increase it if you see "lua_max_running_timers are not enough" error

  event:
    worker_connections: 10620
  #envs:                          # allow to get a list of environment variables
  #  - TEST_ENV

  meta:
    lua_shared_dict:
      prometheus-metrics: 15m

  stream:
    enable_access_log: false         # enable access log or not, default false
    access_log: logs/access_stream.log
    access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time"
                                            # create your custom log format by visiting http://nginx.org/en/docs/varindex.html
    access_log_format_escape: default       # allows setting json or default characters escaping in variables
    lua_shared_dict:
      etcd-cluster-health-check-stream: 10m
      lrucache-lock-stream: 10m
      plugin-limit-conn-stream: 10m
      worker-events-stream: 10m
      tars-stream: 1m

  # As user can add arbitrary configurations in the snippet,
  # it is user's responsibility to check the configurations
  # don't conflict with APISIX.
  main_configuration_snippet: |
    # Add custom Nginx main configuration to nginx.conf.
    # The configuration should be well indented!
  http_configuration_snippet: |
    # Add custom Nginx http configuration to nginx.conf.
    # The configuration should be well indented!
  http_server_configuration_snippet: |
    # Add custom Nginx http server configuration to nginx.conf.
    # The configuration should be well indented!
  http_server_location_configuration_snippet: |
    # Add custom Nginx http server location configuration to nginx.conf.
    # The configuration should be well indented!
  http_admin_configuration_snippet: |
    # Add custom Nginx admin server configuration to nginx.conf.
    # The configuration should be well indented!
  http_end_configuration_snippet: |
    # Add custom Nginx http end configuration to nginx.conf.
    # The configuration should be well indented!
  stream_configuration_snippet: |
    # Add custom Nginx stream configuration to nginx.conf.
    # The configuration should be well indented!

  http:
    enable_access_log: true         # enable access log or not, default true
    access_log: logs/access.log
    access_log_format: "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
    access_log_format_escape: default       # allows setting json or default characters escaping in variables
    keepalive_timeout: 60s          # timeout during which a keep-alive client connection will stay open on the server side.
    client_header_timeout: 60s      # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client
    client_body_timeout: 60s        # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client
    client_max_body_size: 0         # The maximum allowed size of the client request body.
                                    # If exceeded, the 413 (Request Entity Too Large) error is returned to the client.
                                    # Note that unlike Nginx, we don't limit the body size by default.

    send_timeout: 10s              # timeout for transmitting a response to the client.then the connection is closed
    underscores_in_headers: "on"   # default enables the use of underscores in client request header fields
    real_ip_header: X-Real-IP      # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
    real_ip_recursive: "off"       # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
    real_ip_from:                  # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
      - 127.0.0.1
      - "unix:"
    #custom_lua_shared_dict:       # add custom shared cache to nginx.conf
    #  ipc_shared_dict: 100m       # custom shared cache, format: `cache-key: cache-size`

    # Enables or disables passing of the server name through TLS Server Name Indication extension (SNI, RFC 6066)
    # when establishing a connection with the proxied HTTPS server.
    proxy_ssl_server_name: true
    upstream:
      keepalive: 320                # Sets the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process.
                                    # When this number is exceeded, the least recently used connections are closed.
      keepalive_requests: 1000      # Sets the maximum number of requests that can be served through one keepalive connection.
                                    # After the maximum number of requests is made, the connection is closed.
      keepalive_timeout: 60s        # Sets a timeout during which an idle keepalive connection to an upstream server will stay open.
    charset: utf-8                  # Adds the specified charset to the "Content-Type" response header field, see
                                    # http://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
    variables_hash_max_size: 2048   # Sets the maximum size of the variables hash table.

    lua_shared_dict:
      internal-status: 10m
      plugin-limit-req: 10m
      plugin-limit-count: 10m
      prometheus-metrics: 10m
      plugin-limit-conn: 10m
      upstream-healthcheck: 10m
      worker-events: 10m
      lrucache-lock: 10m
      balancer-ewma: 10m
      balancer-ewma-locks: 10m
      balancer-ewma-last-touched-at: 10m
      plugin-limit-count-redis-cluster-slot-lock: 1m
      tracing_buffer: 10m
      plugin-api-breaker: 10m
      etcd-cluster-health-check: 10m
      discovery: 1m
      jwks: 1m
      introspection: 10m
      access-tokens: 1m
      ext-plugin: 1m
      tars: 1m
      cas-auth: 10m

#discovery:                       # service discovery center
#  dns:
#    servers:
#      - "127.0.0.1:8600"         # use the real address of your dns server
#    order:                       # order in which to try different dns record types when resolving
#      - last                     # "last" will try the last previously successful type for a hostname.
#      - SRV
#      - A
#      - AAAA
#      - CNAME
#  eureka:
#    host:                        # it's possible to define multiple eureka hosts addresses of the same eureka cluster.
#      - "http://127.0.0.1:8761"
#    prefix: /eureka/
#    fetch_interval: 30           # default 30s
#    weight: 100                  # default weight for node
#    timeout:
#      connect: 2000              # default 2000ms
#      send: 2000                 # default 2000ms
#      read: 5000                 # default 5000ms
#  nacos:
#    host:
#      - "http://${username}:${password}@${host1}:${port1}"
#    prefix: "/nacos/v1/"
#    fetch_interval: 30    # default 30 sec
#    weight: 100           # default 100
#    timeout:
#      connect: 2000       # default 2000 ms
#      send: 2000          # default 2000 ms
#      read: 5000          # default 5000 ms
#  consul_kv:
#    servers:
#      - "http://127.0.0.1:8500"
#      - "http://127.0.0.1:8600"
#    prefix: "upstreams"
#    skip_keys:                    # if you need to skip special keys
#      - "upstreams/unused_api/"
#    timeout:
#      connect: 2000               # default 2000 ms
#      read: 2000                  # default 2000 ms
#      wait: 60                    # default 60 sec
#    weight: 1                     # default 1
#    fetch_interval: 3             # default 3 sec, only take effect for keepalive: false way
#    keepalive: true               # default true, use the long pull way to query consul servers
#    default_server:               # you can define default server when missing hit
#      host: "127.0.0.1"
#      port: 20999
#      metadata:
#        fail_timeout: 1           # default 1 ms
#        weight: 1                 # default 1
#        max_fails: 1              # default 1
#    dump:                         # if you need, when registered nodes updated can dump into file
#       path: "logs/consul_kv.dump"
#       expire: 2592000            # unit sec, here is 30 day
#  consul:
#    servers:                          # make sure service name is unique in these consul servers
#      - "http://127.0.0.1:8500"       # `http://127.0.0.1:8500` and `http://127.0.0.1:8600` are different clusters
#      - "http://127.0.0.1:8600"
#    skip_services:                    # if you need to skip special services
#      - "service_a"                   # `consul` service is default skip service
#    timeout:
#      connect: 2000               # default 2000 ms
#      read: 2000                  # default 2000 ms
#      wait: 60                    # default 60 sec
#    weight: 1                     # default 1
#    fetch_interval: 3             # default 3 sec, only take effect for keepalive: false way
#    keepalive: true               # default true, use the long pull way to query consul servers
#    default_service:               # you can define default server when missing hit
#      host: "127.0.0.1"
#      port: 20999
#      metadata:
#        fail_timeout: 1           # default 1 ms
#        weight: 1                 # default 1
#        max_fails: 1              # default 1
#    dump:                         # if you need, when registered nodes updated can dump into file
#       path: "logs/consul.dump"
#       expire: 2592000            # unit sec, here is 30 day
#       load_on_init: true         # default true, load the consul dump file on init
#  kubernetes:
#    ### kubernetes service discovery both support single-cluster and multi-cluster mode
#    ### applicable to the case where the service is distributed in a single or multiple kubernetes clusters.
#
#    ### single-cluster mode ###
#    service:
#      schema: https                     #apiserver schema, options [http, https], default https
#      host: ${KUBERNETES_SERVICE_HOST}  #apiserver host, options [ipv4, ipv6, domain, environment variable], default ${KUBERNETES_SERVICE_HOST}
#      port: ${KUBERNETES_SERVICE_PORT}  #apiserver port, options [port number, environment variable], default ${KUBERNETES_SERVICE_PORT}
#    client:
#      # serviceaccount token or path of serviceaccount token_file
#      token_file: ${KUBERNETES_CLIENT_TOKEN_FILE}
#      # token: |-
#       # eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEif
#       # 6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEifeyJhbGciOiJSUzI1NiIsImtpZCI
#    # kubernetes discovery plugin support use namespace_selector
#    # you can use one of [equal, not_equal, match, not_match] filter namespace
#    namespace_selector:
#      # only save endpoints with namespace equal default
#      equal: default
#      # only save endpoints with namespace not equal default
#      #not_equal: default
#      # only save endpoints with namespace match one of [default, ^my-[a-z]+$]
#      #match:
#      #- default
#      #- ^my-[a-z]+$
#      # only save endpoints with namespace not match one of [default, ^my-[a-z]+$ ]
#      #not_match:
#      #- default
#      #- ^my-[a-z]+$
#    # kubernetes discovery plugin support use label_selector
#    # for the expression of label_selector, please refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
#    label_selector: |-
#      first="a",second="b"
#    # reserved lua shared memory size,1m memory can store about 1000 pieces of endpoint
#    shared_size: 1m #default 1m
#    ### single-cluster mode ###
#
#    ### multi-cluster mode ###
#  - id: release  # a custom name refer to the cluster, pattern ^[a-z0-9]{1,8}
#    service:
#      schema: https                     #apiserver schema, options [http, https], default https
#      host: ${KUBERNETES_SERVICE_HOST}  #apiserver host, options [ipv4, ipv6, domain, environment variable]
#      port: ${KUBERNETES_SERVICE_PORT}  #apiserver port, options [port number, environment variable]
#    client:
#      # serviceaccount token or path of serviceaccount token_file
#      token_file: ${KUBERNETES_CLIENT_TOKEN_FILE}
#      # token: |-
#       # eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEif
#       # 6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEifeyJhbGciOiJSUzI1NiIsImtpZCI
#    # kubernetes discovery plugin support use namespace_selector
#    # you can use one of [equal, not_equal, match, not_match] filter namespace
#    namespace_selector:
#      # only save endpoints with namespace equal default
#      equal: default
#      # only save endpoints with namespace not equal default
#      #not_equal: default
#      # only save endpoints with namespace match one of [default, ^my-[a-z]+$]
#      #match:
#      #- default
#      #- ^my-[a-z]+$
#      # only save endpoints with namespace not match one of [default, ^my-[a-z]+$ ]
#      #not_match:
#      #- default
#      #- ^my-[a-z]+$
#    # kubernetes discovery plugin support use label_selector
#    # for the expression of label_selector, please refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
#    label_selector: |-
#      first="a",second="b"
#    # reserved lua shared memory size,1m memory can store about 1000 pieces of endpoint
#    shared_size: 1m #default 1m
#    ### multi-cluster mode ###

graphql:
  max_size: 1048576               # the maximum size limitation of graphql in bytes, default 1MiB

#ext-plugin:
  #cmd: ["ls", "-l"]

plugins:                          # plugin list (sorted by priority)
  - real-ip                        # priority: 23000
  - ai                             # priority: 22900
  - client-control                 # priority: 22000
  - proxy-control                  # priority: 21990
  - request-id                     # priority: 12015
  - zipkin                         # priority: 12011
  #- skywalking                    # priority: 12010
  #- opentelemetry                 # priority: 12009
  - ext-plugin-pre-req             # priority: 12000
  - fault-injection                # priority: 11000
  - mocking                        # priority: 10900
  - serverless-pre-function        # priority: 10000
  #- batch-requests                # priority: 4010
  - cors                           # priority: 4000
  - ip-restriction                 # priority: 3000
  - ua-restriction                 # priority: 2999
  - referer-restriction            # priority: 2990
  - csrf                           # priority: 2980
  - uri-blocker                    # priority: 2900
  - request-validation             # priority: 2800
  - openid-connect                 # priority: 2599
  - cas-auth                       # priority: 2597
  - authz-casbin                   # priority: 2560
  - authz-casdoor                  # priority: 2559
  - wolf-rbac                      # priority: 2555
  - ldap-auth                      # priority: 2540
  - hmac-auth                      # priority: 2530
  - basic-auth                     # priority: 2520
  - jwt-auth                       # priority: 2510
  - key-auth                       # priority: 2500
  - consumer-restriction           # priority: 2400
  - forward-auth                   # priority: 2002
  - opa                            # priority: 2001
  - authz-keycloak                 # priority: 2000
  #- error-log-logger              # priority: 1091
  - proxy-cache                    # priority: 1085
  - body-transformer               # priority: 1080
  - proxy-mirror                   # priority: 1010
  - proxy-rewrite                  # priority: 1008
  - workflow                       # priority: 1006
  - api-breaker                    # priority: 1005
  - limit-conn                     # priority: 1003
  - limit-count                    # priority: 1002
  - limit-req                      # priority: 1001
  #- node-status                   # priority: 1000
  - gzip                           # priority: 995
  - server-info                    # priority: 990
  - traffic-split                  # priority: 966
  - redirect                       # priority: 900
  - response-rewrite               # priority: 899
  - degraphql                      # priority: 509
  - kafka-proxy                    # priority: 508
  #- dubbo-proxy                   # priority: 507
  - grpc-transcode                 # priority: 506
  - grpc-web                       # priority: 505
  - public-api                     # priority: 501
  - prometheus                     # priority: 500
  - datadog                        # priority: 495
  - loki-logger                    # priority: 414
  - elasticsearch-logger           # priority: 413
  - echo                           # priority: 412
  - loggly                         # priority: 411
  - http-logger                    # priority: 410
  - splunk-hec-logging             # priority: 409
  - skywalking-logger              # priority: 408
  - google-cloud-logging           # priority: 407
  - sls-logger                     # priority: 406
  - tcp-logger                     # priority: 405
  - kafka-logger                   # priority: 403
  - rocketmq-logger                # priority: 402
  - syslog                         # priority: 401
  - udp-logger                     # priority: 400
  - file-logger                    # priority: 399
  - clickhouse-logger              # priority: 398
  - tencent-cloud-cls              # priority: 397
  - inspect                        # priority: 200
  #- log-rotate                    # priority: 100
  # <- recommend to use priority (0, 100) for your custom plugins
  - example-plugin                 # priority: 0
  #- gm                            # priority: -43
  - aws-lambda                     # priority: -1899
  - azure-functions                # priority: -1900
  - openwhisk                      # priority: -1901
  - openfunction                   # priority: -1902
  - serverless-post-function       # priority: -2000
  - ext-plugin-post-req            # priority: -3000
  - ext-plugin-post-resp           # priority: -4000

stream_plugins: # sorted by priority
  - ip-restriction                 # priority: 3000
  - limit-conn                     # priority: 1003
  - mqtt-proxy                     # priority: 1000
  #- prometheus                    # priority: 500
  - syslog                         # priority: 401
  # <- recommend to use priority (0, 100) for your custom plugins

#wasm:
  #plugins:
    #- name: wasm_log
      #priority: 7999
      #file: t/wasm/log/main.go.wasm

#xrpc:
  #protocols:
    #- name: pingpong

plugin_attr:
  log-rotate:
    interval: 3600    # rotate interval (unit: second)
    max_kept: 168     # max number of log files will be kept
    max_size: -1      # max size bytes of log files to be rotated, size check would be skipped with a value less than 0
    enable_compression: false    # enable log file compression(gzip) or not, default false
  skywalking:
    service_name: APISIX
    service_instance_name: APISIX Instance Name
    endpoint_addr: http://127.0.0.1:12800
  opentelemetry:
    trace_id_source: x-request-id
    resource:
      service.name: APISIX
    collector:
      address: 127.0.0.1:4318
      request_timeout: 3
      request_headers:
        Authorization: token
    batch_span_processor:
      drop_on_queue_full: false
      max_queue_size: 1024
      batch_timeout: 2
      inactive_timeout: 1
      max_export_batch_size: 16
  prometheus:
    export_uri: /apisix/prometheus/metrics
    metric_prefix: apisix_
    enable_export_server: true
    export_addr:
      ip: 127.0.0.1
      port: 9091
    #metrics:
    #  http_status:
    #    # extra labels from nginx variables
    #    extra_labels:
    #      # the label name doesn't need to be the same as variable name
    #      # below labels are only examples, you could add any valid variables as you need
    #      - upstream_addr: $upstream_addr
    #      - upstream_status: $upstream_status
    #  http_latency:
    #    extra_labels:
    #      - upstream_addr: $upstream_addr
    #  bandwidth:
    #    extra_labels:
    #      - upstream_addr: $upstream_addr
  server-info:
    report_ttl: 60   # live time for server info in etcd (unit: second)
  dubbo-proxy:
    upstream_multiplex_count: 32
  request-id:
    snowflake:
      enable: false
      snowflake_epoc: 1609459200000   # the starting timestamp is expressed in milliseconds
      data_machine_bits: 12           # data machine bit, maximum 31, because Lua cannot do bit operations greater than 31
      sequence_bits: 10               # each machine generates a maximum of (1 << sequence_bits) serial numbers per millisecond
      data_machine_ttl: 30            # live time for data_machine in etcd (unit: second)
      data_machine_interval: 10       # lease renewal interval in etcd (unit: second)
  proxy-mirror:
    timeout:                          # proxy timeout in mirrored sub-request
      connect: 60s
      read: 60s
      send: 60s
#  redirect:
#    https_port: 8443   # the default port for use by HTTP redirects to HTTPS
  inspect:
    delay: 3            # in seconds
    hooks_file: "/usr/local/apisix/plugin_inspect_hooks.lua"

deployment:
  role: traditional
  role_traditional:
    config_provider: etcd
  admin:
    # Admin API authentication is enabled by default.
    # Set it false in the production environment will cause a serious security issue.
    # admin_key_required: true

    # Default token when use API to call for Admin API.
    # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
    # Disabling this configuration item means that the Admin API does not
    # require any authentication.
    admin_key:
      -
        name: admin
        key: edd1c9f034335f136f87ad84b625c8f1
        role: admin                 # admin: manage all configuration data
                                    # viewer: only can view configuration data
      -
        name: viewer
        key: 4054f7cf07e344346cd3f287985e76a2
        role: viewer

    enable_admin_cors: true         # Admin API support CORS response headers.
    allow_admin:                    # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
      - 127.0.0.0/24                # If we don't set any IP list, then any IP access is allowed by default.
      #- "::/64"
    admin_listen:                 # use a separate port
      ip: 0.0.0.0                 # Specific IP, if not set, the default value is `0.0.0.0`.
      port: 9180                  # Specific port, which must be different from node_listen's port.

    #https_admin: true            # enable HTTPS when use a separate port for Admin API.
                                  # Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate.

    admin_api_mtls:               # Depends on `admin_listen` and `https_admin`.
      admin_ssl_cert: ""          # Path of your self-signed server side cert.
      admin_ssl_cert_key: ""      # Path of your self-signed server side key.
      admin_ssl_ca_cert: ""       # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates.

    admin_api_version: v3         # The version of admin api, latest version is v3.

  etcd:
    host:                           # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
      - "http://127.0.0.1:2379"     # multiple etcd address, if your etcd cluster enables TLS, please use https scheme,
                                    # e.g. https://127.0.0.1:2379.
    prefix: /apisix                 # configuration prefix in etcd
    use_grpc: false                 # enable the experimental configuration sync via gRPC
    timeout: 30                     # 30 seconds. Use a much higher timeout (like an hour) if the `use_grpc` is true.
    #resync_delay: 5                # when sync failed and a rest is needed, resync after the configured seconds plus 50% random jitter
    #health_check_timeout: 10       # etcd retry the unhealthy nodes after the configured seconds
    startup_retry: 2                # the number of retry to etcd during the startup, default to 2
    #user: root                     # root username for etcd
    #password: 5tHkHhYkjr6cQY       # root password for etcd
    tls:
      # To enable etcd client certificate you need to build APISIX-Base, see
      # https://apisix.apache.org/docs/apisix/FAQ#how-do-i-build-the-apisix-base-environment
      #cert: /path/to/cert          # path of certificate used by the etcd client
      #key: /path/to/key            # path of key used by the etcd client

      verify: true                  # whether to verify the etcd endpoint certificate when setup a TLS connection to etcd,
                                    # the default value is true, e.g. the certificate will be verified strictly.
      #sni:                         # the SNI for etcd TLS requests. If missed, the host part of the URL will be used.