From 5ac23e2751fc18eb8c88530b688c13ce14b7e31d Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 22 Aug 2022 09:33:37 +0800 Subject: [PATCH] change: drop support for enable_http2 and listen_port in apisix.ssl (#7717) --- apisix/cli/file.lua | 4 --- apisix/cli/ngx_tpl.lua | 2 +- apisix/cli/ops.lua | 52 ++++++++++-------------------- apisix/cli/schema.lua | 19 +++++++++++ apisix/plugins/redirect.lua | 5 --- conf/config-default.yaml | 7 ++-- docs/en/latest/FAQ.md | 11 ++++--- docs/en/latest/plugins/redirect.md | 2 +- docs/zh/latest/FAQ.md | 11 ++++--- docs/zh/latest/plugins/redirect.md | 2 +- t/cli/test_main.sh | 13 +++++--- t/plugin/redirect.t | 5 +-- 12 files changed, 64 insertions(+), 69 deletions(-) diff --git a/apisix/cli/file.lua b/apisix/cli/file.lua index 85207233bfdf..dae9504dc151 100644 --- a/apisix/cli/file.lua +++ b/apisix/cli/file.lua @@ -133,10 +133,6 @@ local function path_is_multi_type(path, type_val) return true end - if path == "apisix->ssl->listen_port" and type_val == "number" then - return true - end - return false end diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 8e79b6714d7b..e5c3a9b43e8e 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -583,7 +583,7 @@ http { listen {* proxy_protocol.listen_http_port *} default_server proxy_protocol; {% end %} {% if proxy_protocol and proxy_protocol.listen_https_port then %} - listen {* proxy_protocol.listen_https_port *} ssl default_server {% if ssl.enable_http2 then %} http2 {% end %} proxy_protocol; + listen {* proxy_protocol.listen_https_port *} ssl default_server proxy_protocol; {% end %} server_name _; diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 0fb2d083b86c..0fe8c8875ce9 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -425,46 +425,28 @@ Please modify "admin_key" in conf/config.yaml . local ssl_listen = {} -- listen in https, support multiple ports, support specific IP for _, value in ipairs(yaml_conf.apisix.ssl.listen) do - if type(value) == "number" then - listen_table_insert(ssl_listen, "https", "0.0.0.0", value, - yaml_conf.apisix.ssl.enable_http2, yaml_conf.apisix.enable_ipv6) - elseif type(value) == "table" then - local ip = value.ip - local port = value.port - local enable_ipv6 = false - local enable_http2 = (value.enable_http2 or yaml_conf.apisix.ssl.enable_http2) - - if ip == nil then - ip = "0.0.0.0" - if yaml_conf.apisix.enable_ipv6 then - enable_ipv6 = true - end - end - - if port == nil then - port = 9443 - end - - if enable_http2 == nil then - enable_http2 = false + local ip = value.ip + local port = value.port + local enable_ipv6 = false + local enable_http2 = value.enable_http2 + + if ip == nil then + ip = "0.0.0.0" + if yaml_conf.apisix.enable_ipv6 then + enable_ipv6 = true end + end - listen_table_insert(ssl_listen, "https", ip, port, - enable_http2, enable_ipv6) + if port == nil then + port = 9443 end - end - -- listen in https, compatible with the original style - if type(yaml_conf.apisix.ssl.listen_port) == "number" then - listen_table_insert(ssl_listen, "https", "0.0.0.0", yaml_conf.apisix.ssl.listen_port, - yaml_conf.apisix.ssl.enable_http2, yaml_conf.apisix.enable_ipv6) - elseif type(yaml_conf.apisix.ssl.listen_port) == "table" then - for _, value in ipairs(yaml_conf.apisix.ssl.listen_port) do - if type(value) == "number" then - listen_table_insert(ssl_listen, "https", "0.0.0.0", value, - yaml_conf.apisix.ssl.enable_http2, yaml_conf.apisix.enable_ipv6) - end + if enable_http2 == nil then + enable_http2 = false end + + listen_table_insert(ssl_listen, "https", ip, port, + enable_http2, enable_ipv6) end yaml_conf.apisix.ssl.listen = ssl_listen diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua index 54b2a402ec58..c384fa4ed07f 100644 --- a/apisix/cli/schema.lua +++ b/apisix/cli/schema.lua @@ -205,6 +205,25 @@ local config_schema = { properties = { ssl_trusted_certificate = { type = "string", + }, + listen = { + type = "array", + items = { + type = "object", + properties = { + ip = { + type = "string", + }, + port = { + type = "integer", + minimum = 1, + maximum = 65535 + }, + enable_http2 = { + type = "boolean", + } + } + } } } }, diff --git a/apisix/plugins/redirect.lua b/apisix/plugins/redirect.lua index d858b9c86df9..421007d20d82 100644 --- a/apisix/plugins/redirect.lua +++ b/apisix/plugins/redirect.lua @@ -166,11 +166,6 @@ local function get_port(attr) return port end - port = ssl["listen_port"] - if port then - return port - end - local ports = ssl["listen"] if ports and #ports > 0 then local idx = math_random(1, #ports) diff --git a/conf/config-default.yaml b/conf/config-default.yaml index b93e5a81ce36..9e42add2bcdf 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -132,14 +132,11 @@ apisix: ssl: enable: true listen: # APISIX listening port in https. - - 9443 - # - port: 9444 - # enable_http2: true # If not set, the default value is `false`. + - port: 9443 + enable_http2: true # - ip: 127.0.0.3 # Specific IP, If not set, the default value is `0.0.0.0`. # port: 9445 # enable_http2: true - enable_http2: true # Not recommend: This parameter should be set via the `listen`. - # listen_port: 9443 # Not recommend: This parameter should be set via the `listen`. #ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format # used to verify the certificate when APISIX needs to do SSL/TLS handshaking # with external services (e.g. etcd) diff --git a/docs/en/latest/FAQ.md b/docs/en/latest/FAQ.md index 1d12787d2e3a..c694869b530e 100644 --- a/docs/en/latest/FAQ.md +++ b/docs/en/latest/FAQ.md @@ -267,15 +267,16 @@ To configure Apache APISIX to listen on multiple ports, you can: - 9082 ``` - Similarly for HTTPS requests, modify the parameter `ssl.listen_port` in `conf/config.yaml`: + Similarly for HTTPS requests, modify the parameter `ssl.listen` in `conf/config.yaml`: ``` apisix: ssl: - listen_port: - - 9443 - - 9444 - - 9445 + enable: true + listen: + - port: 9443 + - port: 9444 + - port: 9445 ``` 2. Reload or restart Apache APISIX. diff --git a/docs/en/latest/plugins/redirect.md b/docs/en/latest/plugins/redirect.md index e772894a047c..4ded8bc483b6 100644 --- a/docs/en/latest/plugins/redirect.md +++ b/docs/en/latest/plugins/redirect.md @@ -47,7 +47,7 @@ The `redirect` Plugin can be used to configure redirects. * Only one of `http_to_https` and `append_query_string` can be configured. * When enabling `http_to_https`, the ports in the redirect URL will pick a value in the following order (in descending order of priority) * Read `plugin_attr.redirect.https_port` from the configuration file (`conf/config.yaml`). - * If `apisix.ssl` is enabled, read `apisix.ssl.listen_port` first, and if it does not exist, read `apisix.ssl.listen` and select a port randomly from it. + * If `apisix.ssl` is enabled, read `apisix.ssl.listen` and select a port randomly from it. * Use 443 as the default https port. ::: diff --git a/docs/zh/latest/FAQ.md b/docs/zh/latest/FAQ.md index 69f707c49b2d..ce97c059a4de 100644 --- a/docs/zh/latest/FAQ.md +++ b/docs/zh/latest/FAQ.md @@ -270,15 +270,16 @@ nginx_config: - 9082 ``` - 处理 HTTPS 请求也类似,修改 `conf/config.yaml` 中 HTTPS 端口监听的参数 `ssl.listen_port`,示例: + 处理 HTTPS 请求也类似,修改 `conf/config.yaml` 中 HTTPS 端口监听的参数 `ssl.listen`,示例: ``` apisix: ssl: - listen_port: - - 9443 - - 9444 - - 9445 + enable: true + listen: + - port: 9443 + - port: 9444 + - port: 9445 ``` 2. 重启或者重新加载 APISIX。 diff --git a/docs/zh/latest/plugins/redirect.md b/docs/zh/latest/plugins/redirect.md index dcb05411cded..b26b0b4d6e6e 100644 --- a/docs/zh/latest/plugins/redirect.md +++ b/docs/zh/latest/plugins/redirect.md @@ -47,7 +47,7 @@ description: 本文介绍了关于 Apache APISIX `redirect` 插件的基本信 * `http_to_https`、和 `append_query_string` 只能配置其中一个属性。 * 当开启 `http_to_https` 时,重定向 URL 中的端口将按如下顺序选取一个值(按优先级从高到低排列) * 从配置文件(`conf/config.yaml`)中读取 `plugin_attr.redirect.https_port`。 - * 如果 `apisix.ssl` 处于开启状态,先读取 `apisix.ssl.listen_port`,如果没有,再读取 `apisix.ssl.listen` 并从中随机选一个 `port`。 + * 如果 `apisix.ssl` 处于开启状态,读取 `apisix.ssl.listen` 并从中随机选一个 `port`。 * 使用 443 作为默认 `https port`。 ::: diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh index 54a7c52c9712..4397b8228810 100755 --- a/t/cli/test_main.sh +++ b/t/cli/test_main.sh @@ -59,7 +59,9 @@ echo "passed: nginx.conf file contains reuseport configuration" echo " apisix: ssl: - listen_port: 8443 + listen: + - port: 8443 + " > conf/config.yaml make init @@ -87,10 +89,11 @@ apisix: - 9081 - 9082 ssl: - listen_port: - - 9443 - - 9444 - - 9445 + enable: true + listen: + - port: 9443 + - port: 9444 + - port: 9445 " > conf/config.yaml make init diff --git a/t/plugin/redirect.t b/t/plugin/redirect.t index be8bac8077cd..b46b02c37724 100644 --- a/t/plugin/redirect.t +++ b/t/plugin/redirect.t @@ -443,12 +443,13 @@ Location: https://foo.com:8443/hello -=== TEST 19: redirect(port using `apisix.ssl.listen_port`) +=== TEST 19: redirect(port using `apisix.ssl.listen`) --- yaml_config apisix: ssl: enable: true - listen_port: 9445 + listen: + - port: 9445 --- request GET /hello --- more_headers