From faced1569d43455af239b07068f70fa231721b3b Mon Sep 17 00:00:00 2001 From: wss-git Date: Mon, 27 Feb 2023 14:36:29 +0800 Subject: [PATCH] docs: wafConfig & rewriteConfig Signed-off-by: wss-git --- docs/en/yaml/customDomains.md | 37 ++++++++++++++++++++++++++++++++++- docs/en/yaml/readme.md | 14 ++++++++++++- docs/zh/yaml/customDomains.md | 36 ++++++++++++++++++++++++++++++++++ docs/zh/yaml/readme.md | 12 ++++++++++++ 4 files changed, 97 insertions(+), 2 deletions(-) diff --git a/docs/en/yaml/customDomains.md b/docs/en/yaml/customDomains.md index 7261fc7b..ae90cba4 100644 --- a/docs/en/yaml/customDomains.md +++ b/docs/en/yaml/customDomains.md @@ -15,6 +15,7 @@ category: 'Yaml-Spec' | [certConfig](#certconfig) | False | [Struct](#certconfig) | Domain Certificate | | certId | False | Number | cert ID | | [tlsConfig](#tlsConfig) | False | [Struct](#tlsConfig) | TLS | +| [wafConfig](#wafConfig) | False | [Struct](#wafConfig) | The Web Application Firewall (WAF) configuration | References: @@ -22,10 +23,23 @@ References: customDomains: - domainName: auto protocol: HTTP + wafConfig: + enableWAF: true routeConfigs: - path: /* serviceName: unit-deploy-service functionName: event-function + qualifier: LATEST + rewriteConfig: + equalRules: + - match: /equalRules + replacement: /xxxx + regexRules: + - match: ^/old/[a-z]+/ + replacement: /xxxx + wildcardRules: + - match: /api/* + replacement: /$1 ``` > ⚠️ Note: If the domain name is configured as `auto`, the system will assign a test domain name by default. This domain name is only for testing use, and its stability is not guaranteed. The Serverless Devs FC component has the right to recycle the domain name in the future. In the case of online business and production demand business, it is strongly recommended to bind your own custom domain name. @@ -46,6 +60,22 @@ customDomains: | serviceName | False | String | The name of the service. | | functionName | False | String | The name of the function. | | qualifier | False | String | The version of the service. | +| rewriteConfig | False | [Struct](#rewriteConfig) | The URI rewrite configurations | + +#### rewriteConfig + +| Parameter | Required | Type | Description | +| ------------ | -------- | ------ | --------------------------- | +| equalRules | False | [List\](#rewriteConfigRules) | The exact match rules | +| wildcardRules | False | [List\](#rewriteConfigRules) | The wildcard match rule | +| regexRules | False | [List\](#rewriteConfigRules) | The regex match rule | + +#### rewriteConfigRules + +| Parameter | Required | Type | Description | +| ------------ | -------- | ------ | --------------------------- | +| match | True | String | The matching rule | +| replacement | True | String | The replacement rule | #### Obtain the certificate content by configuring certId @@ -130,10 +160,15 @@ customDomains: | Parameter | Required | Type | Description | | ------------ | -------- | -------------- | --------------------------------------------------- | -| ------------ | ---- | -------------- | --------------------------------------------------- | | minVersion | True | String | TLS Version, value: `TLSv1.0`、`TLSv1.1`、`TLSv1.2` | | cipherSuites | True | List\ | Cipher Suite | +### wafConfig + +| Parameter | Required | Type | Description | +| ------------ | -------- | -------------- | --------------------------------------------------- | +| enableWAF | False | Boolean | Specifies whether to enable Web Application Firewall (WAF) | + ### Permissions #### Permissions required for a RAM user diff --git a/docs/en/yaml/readme.md b/docs/en/yaml/readme.md index 4892b111..3e239bce 100644 --- a/docs/en/yaml/readme.md +++ b/docs/en/yaml/readme.md @@ -203,9 +203,21 @@ services: protocol: HTTP # Protocol, value: HTTP, HTTPS, HTTP, HTTPS routeConfigs: # route configuration - path: /a # path - serviceName: fc-depice # service name + serviceName: fc-depicted # service name functionName: function # function name qualifier: 1 # version of the service + rewriteConfig: # The URI rewrite configurations + equalRules: # The exact match rules + - match: /old # The matching rule + replacement: /new # The replacement rule + wildcardRules: # The wildcard match rule + - match: /old # The matching rule + replacement: /new # The replacement rule + regexRules: # The regex match rule + - match: /old # The matching rule + replacement: /new # The replacement rule + wafConfig: # The Web Application Firewall (WAF) configuration + enableWAF: true # Specifies whether to enable Web Application Firewall (WAF) certConfig: # Domain name certificate certName: xxx # certificate name certificate: xxx # Indicates the private key, the content only supports PEM format diff --git a/docs/zh/yaml/customDomains.md b/docs/zh/yaml/customDomains.md index c557bbc3..53c4db13 100644 --- a/docs/zh/yaml/customDomains.md +++ b/docs/zh/yaml/customDomains.md @@ -15,6 +15,7 @@ category: 'Yaml规范' | [certConfig](#certconfig) | False | [Struct](#certconfig) | 域名证书 | | certId | False | Number | 域名证书 ID | | [tlsConfig](#tlsConfig) | False | [Struct](#tlsConfig) | TLS 协议, 注:目前仅支持配置和修改,不支持删除此配置 | +| [wafConfig](#wafConfig) | False | [Struct](#wafConfig) | Web应用防火墙配置信息 | 参考案例: @@ -22,10 +23,23 @@ category: 'Yaml规范' customDomains: - domainName: auto protocol: HTTP + wafConfig: + enableWAF: true routeConfigs: - path: /* serviceName: unit-deploy-service functionName: event-function + qualifier: LATEST + rewriteConfig: + equalRules: + - match: /equalRules + replacement: /xxxx + regexRules: + - match: ^/old/[a-z]+/ + replacement: /xxxx + wildcardRules: + - match: /api/* + replacement: /$1 ``` > ⚠️ 注意:如果域名配置为`auto`,系统会默认分配测试域名,该域名仅供测试使用,不对其稳定性等做保证,Serverless Devs FC 组件在日后有权对该域名进行回收等处理,如是线上业务,生产需求业务,强烈建议绑定自己的自定义域名。 @@ -119,6 +133,12 @@ customDomains: | minVersion | True | String | TLS 协议版本,取值:`TLSv1.0`、`TLSv1.1`、`TLSv1.2` | | cipherSuites | True | List\ | 加密套件 | +### wafConfig + +| 参数名 | 必填 | 类型 | 参数描述 | +| ------------ | ---- | -------------- | --------------------------------------------------- | +| enableWAF | False | Boolean | 是否开启Web应用防火墙 | + ### routeConfigs | 参数名 | 必填 | 类型 | 参数描述 | @@ -127,6 +147,22 @@ customDomains: | serviceName | False | String | 服务名 | | functionName | False | String | 函数名 | | qualifier | False | String | 服务的版本 | +| rewriteConfig | False | [Struct](#rewriteConfig) | URI重写配置 | + +#### rewriteConfig + +| 参数名 | 必填 | 类型 | 参数描述 | +| ------------ | ---- | -------------- | --------------------------------------------------- | +| equalRules | False | [List\](#rewriteConfigRules) | 完全匹配规则 | +| wildcardRules | False | [List\](#rewriteConfigRules) | 通配符匹配规则 | +| regexRules | False | [List\](#rewriteConfigRules) | 正则匹配规则 | + +##### rewriteConfigRules + +| 参数名 | 必填 | 类型 | 参数描述 | +| ------------ | ---- | -------------- | --------------------------------------------------- | +| match | True | String | 匹配规则 | +| replacement | True | String | 替换规则 | ### 权限配置相关 diff --git a/docs/zh/yaml/readme.md b/docs/zh/yaml/readme.md index 4d58f60a..33adadcc 100644 --- a/docs/zh/yaml/readme.md +++ b/docs/zh/yaml/readme.md @@ -221,6 +221,18 @@ services: serviceName: fc-depice # 服务名 functionName: function # 函数名 qualifier: 1 # 服务的版本 + rewriteConfig: # URI重写配置 + equalRules: # 完全匹配规则 + - match: /old # 匹配规则 + replacement: /new # 替换规则 + wildcardRules: # 通配符匹配规则 + - match: /old # 匹配规则 + replacement: /new # 替换规则 + regexRules: # 正则匹配规则 + - match: /old # 匹配规则 + replacement: /new # 替换规则 + wafConfig: # Web应用防火墙配置信息 + enableWAF: true # 是否开启Web应用防火墙 certConfig: # 域名证书 certName: xxx # 证书名称 certificate: xxx # 表示私钥,内容仅支持 PEM 格式