使用 docker 部署 APISIX 3.12.0 包含 dashboard
二话不说,上个 docker-compose.yml 为敬!
version: "3"services:apisix:image: apache/apisix:3.12.0-debianrestart: alwaysvolumes:- ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:rodepends_on:- etcd##network_mode: hostports:- "9180:9180/tcp"- "9080:9080/tcp"- "9091:9091/tcp"- "9443:9443/tcp"- "9092:9092/tcp"networks:apisix:dashboard:image: apache/apisix-dashboard:3.0.0-alpinerestart: alwaysvolumes:- ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml:rodepends_on:- etcdports:- "9000:9000/tcp"networks:- apisixetcd:image: bitnami/etcd:3.5.11restart: alwaysvolumes:- etcd_data:/bitnami/etcdenvironment:ETCD_ENABLE_V2: "true"ALLOW_NONE_AUTHENTICATION: "yes"ETCD_ADVERTISE_CLIENT_URLS: "http://etcd:2379"ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"ports:- "2379:2379/tcp"networks:apisix:networks:apisix:driver: bridgevolumes:etcd_data:driver: local可以修改 apisix-dashboard 的 port 和 apisix 的 port。apisix 容器的 9080 端口对应的就是其内部 OpenRestry 监听的端口,这个要选择好,后面反代的端口就是这个。
etcd 就不用修改什么了,默认就好。
apisix_conf/config.yaml
apisix:node_listen: 9080 # APISIX listening portenable_ipv6: falseenable_control: truecontrol:ip: "0.0.0.0"port: 9092deployment:admin:allow_admin: # https://nginx.org/en/docs/http/ngx_http_access_module.html#allow- 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.admin_key:- name: "admin"key: edd1c9f034335f136f87ad84b625c8f1role: admin # admin: manage all configuration data- name: "viewer"key: 4054f7cf07e344346cd3f287985e76a2role: vieweretcd:host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.- "http://etcd:2379" # multiple etcd addressprefix: "/apisix" # apisix configurations prefixtimeout: 30 # 30 seconds这里需要修改 admin_key,作为 AdminAPI 的认证 key
dashboard_conf/conf.yaml
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#conf:listen:host: 0.0.0.0 # `manager api` listening ip or host nameport: 9000 # `manager api` listening portallow_list: # If we don't set any IP list, then any IP access is allowed by default.- 0.0.0.0/0etcd:endpoints: # supports defining multiple etcd host addresses for an etcd cluster- "http://etcd:2379"# yamllint disable rule:comments-indentation# etcd basic auth info# username: "root" # ignore etcd username if not enable etcd auth# password: "123456" # ignore etcd password if not enable etcd authmtls:key_file: "" # Path of your self-signed client side keycert_file: "" # Path of your self-signed client side certca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates# prefix: /apisix # apisix config's prefix in etcd, /apisix by defaultlog:error_log:level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatalfile_path:logs/error.log # supports relative path, absolute path, standard output# such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderraccess_log:file_path:logs/access.log # supports relative path, absolute path, standard output# such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr# log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}security:# access_control_allow_origin: "http://httpbin.org"# access_control_allow_credentials: true # support using custom cors configration# access_control_allow_headers: "Authorization"# access_control-allow_methods: "*"# x_frame_options: "deny"content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *" # You can set frame-src to provide content for your grafana panel.authentication:secret:secret # secret for jwt token generation.# NOTE: Highly recommended to modify this value to protect `manager api`.# if it's default value, when `manager api` start, it will generate a random string to replace it.expire_time: 3600 # jwt token expire time, in secondusers: # yamllint enable rule:comments-indentation- username: admin # username and password for login `manager api`password: admin- username: userpassword: userplugins: # plugin list (sorted in alphabetical order)- api-breaker- authz-keycloak- basic-auth- batch-requests- consumer-restriction- cors# - dubbo-proxy- echo# - error-log-logger# - example-plugin- fault-injection- grpc-transcode- hmac-auth- http-logger- ip-restriction- jwt-auth- kafka-logger- key-auth- limit-conn- limit-count- limit-req# - log-rotate# - node-status- openid-connect- prometheus- proxy-cache- proxy-mirror- proxy-rewrite- redirect- referer-restriction- request-id- request-validation- response-rewrite- serverless-post-function- serverless-pre-function# - skywalking- sls-logger- syslog- tcp-logger- udp-logger- uri-blocker- wolf-rbac- zipkin- server-info- traffic-split这里需要修改的是 users 中的账号和密码作为登陆的凭证
以上内容都可以在官方的 apisix_docker 仓库中的 example 找到。apisix github