mreschke/ansible-shared
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d76f1eb125c198fc104d95b83cb9270af6fae2e
ansible-shared/web/kong-2.0.3/files/original/kong.conf.default

1071 lines
62 KiB
Plaintext
Raw Blame History

# -----------------------
# Kong configuration file
# -----------------------
#
# The commented-out settings shown in this file represent the default values.
#
# This file is read when `kong start` or `kong prepare` are used. Kong
# generates the Nginx configuration with the settings specified in this file.
#
# All environment variables prefixed with `KONG_` and capitalized will override
# the settings specified in this file.
# Example:
# `log_level` setting -> `KONG_LOG_LEVEL` env variable
#
# Boolean values can be specified as `on`/`off` or `true`/`false`.
# Lists must be specified as comma-separated strings.
#
# All comments in this file can be removed safely, including the
# commented-out properties.
# You can verify the integrity of your settings with `kong check <conf>`.
#------------------------------------------------------------------------------
# GENERAL
#------------------------------------------------------------------------------
#prefix = /usr/local/kong/ # Working directory. Equivalent to Nginx's
# prefix path, containing temporary files
# and logs.
# Each Kong process must have a separate
# working directory.
#log_level = notice # Log level of the Nginx server. Logs are
# found at `<prefix>/logs/error.log`.
# See http://nginx.org/en/docs/ngx_core_module.html#error_log for a list
# of accepted values.
#proxy_access_log = logs/access.log # Path for proxy port request access
# logs. Set this value to `off` to
# disable logging proxy requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
#proxy_error_log = logs/error.log # Path for proxy port request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
#admin_access_log = logs/admin_access.log # Path for Admin API request access
# logs. Set this value to `off` to
# disable logging Admin API requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
#admin_error_log = logs/error.log # Path for Admin API request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
#status_access_log = off # Path for Status API request access
# logs. The default value of `off`
# implies that loggin for this API
# is disabled by default.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
#status_error_log = logs/status_error.log # Path for Status API request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
#plugins = bundled # Comma-separated list of plugins this node
# should load. By default, only plugins
# bundled in official distributions are
# loaded via the `bundled` keyword.
#
# Loading a plugin does not enable it by
# default, but only instructs Kong to load its
# source code, and allows to configure the
# plugin via the various related Admin API
# endpoints.
#
# The specified name(s) will be substituted as
# such in the Lua namespace:
# `kong.plugins.{name}.*`.
#
# When the `off` keyword is specified as the
# only value, no plugins will be loaded.
#
# `bundled` and plugin names can be mixed
# together, as the following examples suggest:
#
# - `plugins = bundled,custom-auth,custom-log`
# will include the bundled plugins plus two
# custom ones
# - `plugins = custom-auth,custom-log` will
# *only* include the `custom-auth` and
# `custom-log` plugins.
# - `plugins = off` will not include any
# plugins
#
# **Note:** Kong will not start if some
# plugins were previously configured (i.e.
# have rows in the database) and are not
# specified in this list. Before disabling a
# plugin, ensure all instances of it are
# removed before restarting Kong.
#
# **Note:** Limiting the amount of available
# plugins can improve P99 latency when
# experiencing LRU churning in the database
# cache (i.e. when the configured
# `mem_cache_size`) is full.
#go_pluginserver_exe = /usr/local/bin/go-pluginserver
# Path for the go-pluginserver executable,
# used for running Kong plugins written in Go.
#go_plugins_dir = off # Directory for installing Kong plugins
# written in Go.
#
# This value can be set to `off`, thus disabling
# the plugin server and Go plugin loading.
#anonymous_reports = on # Send anonymous usage data such as error
# stack traces to help improve Kong.
#------------------------------------------------------------------------------
# HYBRID MODE
#------------------------------------------------------------------------------
#role = traditional # Use this setting to enable Hybrid Mode,
# This allows running some Kong nodes in a
# control plane role with a database and
# have them deliver configuration updates
# to other nodes running to DB-less running in
# a Data Plane role.
#
# Valid values to this setting are:
#
# - `traditional`: do not use Hybrid Mode.
# - `control_plane`: this node runs in a
# control plane role. It can use a database
# and will deliver configuration updates
# to data plane nodes.
# - `data_plane`: this is a data plane node.
# It runs DB-less and receives configuration
# updates from a control plane node.
#cluster_cert = # Filename of the cluster certificate to use
# when establishing secure communication
# between control and data plane nodes.
# You can use the `kong hybrid` command to
# generate the certificate/key pair.
#cluster_cert_key = # Filename of the cluster certificate key to
# use when establishing secure communication
# between control and data plane nodes.
# You can use the `kong hybrid` command to
# generate the certificate/key pair.
#cluster_control_plane = # To be used by data plane nodes only:
# address of the control plane node from
# which configuration updates will be fetched,
# in `host:port` format.
#cluster_listen = 0.0.0.0:8005
# Comma-separated list of addresses and ports on
# which the cluster control plane server should listen
# for data plane connections.
# The cluster communication port of the control plane
# must be accessible by all the data planes
# within the same cluster. This port is mTLS protected
# to ensure end-to-end security and integrity.
#
# This setting has no effect if `role` is not set to
# `control_plane`.
#------------------------------------------------------------------------------
# NGINX
#------------------------------------------------------------------------------
#proxy_listen = 0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl reuseport backlog=16384
# Comma-separated list of addresses and ports on
# which the proxy server should listen for
# HTTP/HTTPS traffic.
# The proxy server is the public entry point of Kong,
# which proxies traffic from your consumers to your
# backend services. This value accepts IPv4, IPv6, and
# hostnames.
#
# Some suffixes can be specified for each pair:
#
# - `ssl` will require that all connections made
# through a particular address/port be made with TLS
# enabled.
# - `http2` will allow for clients to open HTTP/2
# connections to Kong's proxy server.
# - `proxy_protocol` will enable usage of the
# PROXY protocol for a given address/port.
# - `deferred` instructs to use a deferred accept on
# Linux (the TCP_DEFER_ACCEPT socket option).
# - `bind` instructs to make a separate bind() call
# for a given address:port pair.
# - `reuseport` instructs to create an individual
# listening socket for each worker process
# allowing the Kernel to better distribute incoming
# connections between worker processes
# - `backlog=N` sets the maximum length for the queue
# of pending TCP connections. This number should
# not be too small in order to prevent clients
# seeing "Connection refused" error connecting to
# a busy Kong instance.
# **Note:** on Linux, this value is limited by the
# setting of `net.core.somaxconn` Kernel parameter.
# In order for the larger `backlog` set here to take
# effect it is necessary to raise
# `net.core.somaxconn` at the same time to match or
# exceed the `backlog` number set.
#
# This value can be set to `off`, thus disabling
# the HTTP/HTTPS proxy port for this node.
# If stream_listen is also set to `off`, this enables
# 'control-plane' mode for this node
# (in which all traffic proxying capabilities are
# disabled). This node can then be used only to
# configure a cluster of Kong
# nodes connected to the same datastore.
#
# Example:
# `proxy_listen = 0.0.0.0:443 ssl, 0.0.0.0:444 http2 ssl`
#
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
# for a description of the accepted formats for this
# and other `*_listen` values.
#
# See https://www.nginx.com/resources/admin-guide/proxy-protocol/
# for more details about the `proxy_protocol`
# parameter.
#
# Not all `*_listen` values accept all formats
# specified in nginx's documentation.
#stream_listen = off
# Comma-separated list of addresses and ports on
# which the stream mode should listen.
#
# This value accepts IPv4, IPv6, and hostnames.
# Some suffixes can be specified for each pair:
# - `ssl` will require that all connections made
# through a particular address/port be made with TLS
# enabled.
# - `proxy_protocol` will enable usage of the
# PROXY protocol for a given address/port.
# - `bind` instructs to make a separate bind() call
# for a given address:port pair.
# - `reuseport` instructs to create an individual
# listening socket for each worker process
# allowing the Kernel to better distribute incoming
# connections between worker processes
# - `backlog=N` sets the maximum length for the queue
# of pending TCP connections. This number should
# not be too small in order to prevent clients
# seeing "Connection refused" error connecting to
# a busy Kong instance.
# **Note:** on Linux, this value is limited by the
# setting of `net.core.somaxconn` Kernel parameter.
# In order for the larger `backlog` set here to take
# effect it is necessary to raise
# `net.core.somaxconn` at the same time to match or
# exceed the `backlog` number set.
#
# **Note:** The `ssl` suffix is not supported,
# and each address/port will accept TCP with or
# without TLS enabled.
#
# Examples:
#
# ```
# stream_listen = 127.0.0.1:7000 reuseport backlog=16384
# stream_listen = 0.0.0.0:989 reuseport backlog=65536, 0.0.0.0:20
# stream_listen = [::1]:1234 backlog=16384
# ```
#
# By default this value is set to `off`, thus
# disabling the stream proxy port for this node.
# See http://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen
# for a description of the formats that Kong might accept in stream_listen.
#admin_listen = 127.0.0.1:8001 reuseport backlog=16384, 127.0.0.1:8444 http2 ssl reuseport backlog=16384
# Comma-separated list of addresses and ports on
# which the Admin interface should listen.
# The Admin interface is the API allowing you to
# configure and manage Kong.
# Access to this interface should be *restricted*
# to Kong administrators *only*. This value accepts
# IPv4, IPv6, and hostnames.
#
# Some suffixes can be specified for each pair:
#
# - `ssl` will require that all connections made
# through a particular address/port be made with TLS
# enabled.
# - `http2` will allow for clients to open HTTP/2
# connections to Kong's proxy server.
# - `proxy_protocol` will enable usage of the
# PROXY protocol for a given address/port.
# - `deferred` instructs to use a deferred accept on
# Linux (the TCP_DEFER_ACCEPT socket option).
# - `bind` instructs to make a separate bind() call
# for a given address:port pair.
# - `reuseport` instructs to create an individual
# listening socket for each worker process
# allowing the Kernel to better distribute incoming
# connections between worker processes
# - `backlog=N` sets the maximum length for the queue
# of pending TCP connections. This number should
# not be too small in order to prevent clients
# seeing "Connection refused" error connecting to
# a busy Kong instance.
# **Note:** on Linux, this value is limited by the
# setting of `net.core.somaxconn` Kernel parameter.
# In order for the larger `backlog` set here to take
# effect it is necessary to raise
# `net.core.somaxconn` at the same time to match or
# exceed the `backlog` number set.
#
# This value can be set to `off`, thus disabling
# the Admin interface for this node, enabling a
# 'data-plane' mode (without configuration
# capabilities) pulling its configuration changes
# from the database.
#
# Example: `admin_listen = 127.0.0.1:8444 http2 ssl`
#status_listen = off # Comma-separated list of addresses and ports on
# which the Status API should listen.
# The Status API is a read-only endpoint
# allowing monitoring tools to retrieve metrics,
# healthiness, and other non-sensitive information
# of the current Kong node.
#
# This value can be set to `off`, disabling
# the Status API for this node.
#
# Example: `status_listen = 0.0.0.0:8100`
#nginx_user = nobody nobody # Defines user and group credentials used by
# worker processes. If group is omitted, a
# group whose name equals that of user is
# used.
#
# Example: `nginx_user = nginx www`
#nginx_worker_processes = auto # Determines the number of worker processes
# spawned by Nginx.
#
# See http://nginx.org/en/docs/ngx_core_module.html#worker_processes
# for detailed usage of the equivalent Nginx
# directive and a description of accepted
# values.
#nginx_daemon = on # Determines whether Nginx will run as a daemon
# or as a foreground process. Mainly useful
# for development or when running Kong inside
# a Docker environment.
#
# See http://nginx.org/en/docs/ngx_core_module.html#daemon.
#mem_cache_size = 128m # Size of each of the two in-memory caches
# for database entities. The accepted units are
# `k` and `m`, with a minimum recommended value of
# a few MBs.
#
# **Note**: As this option controls the size of two
# different cache entries, the total memory Kong
# uses to cache entities might be double this value.
#ssl_cipher_suite = intermediate # Defines the TLS ciphers served by Nginx.
# Accepted values are `modern`,
# `intermediate`, `old`, or `custom`.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS
# for detailed descriptions of each cipher
# suite.
#ssl_ciphers = # Defines a custom list of TLS ciphers to be
# served by Nginx. This list must conform to
# the pattern defined by `openssl ciphers`.
# This value is ignored if `ssl_cipher_suite`
# is not `custom`.
#ssl_cert = # The absolute path to the SSL certificate for
# `proxy_listen` values with SSL enabled.
#ssl_cert_key = # The absolute path to the SSL key for
# `proxy_listen` values with SSL enabled.
#client_ssl = off # Determines if Nginx should send client-side
# SSL certificates when proxying requests.
#client_ssl_cert = # If `client_ssl` is enabled, the absolute
# path to the client SSL certificate for the
# `proxy_ssl_certificate` directive. Note that
# this value is statically defined on the
# node, and currently cannot be configured on
# a per-API basis.
#client_ssl_cert_key = # If `client_ssl` is enabled, the absolute
# path to the client SSL key for the
# `proxy_ssl_certificate_key` address. Note
# this value is statically defined on the
# node, and currently cannot be configured on
# a per-API basis.
#admin_ssl_cert = # The absolute path to the SSL certificate for
# `admin_listen` values with SSL enabled.
#admin_ssl_cert_key = # The absolute path to the SSL key for
# `admin_listen` values with SSL enabled.
#headers = server_tokens, latency_tokens
# Comma-separated list of headers Kong should
# inject in client responses.
#
# Accepted values are:
# - `Server`: Injects `Server: kong/x.y.z`
# on Kong-produced response (e.g. Admin
# API, rejected requests from auth plugin).
# - `Via`: Injects `Via: kong/x.y.z` for
# successfully proxied requests.
# - `X-Kong-Proxy-Latency`: Time taken
# (in milliseconds) by Kong to process
# a request and run all plugins before
# proxying the request upstream.
# - `X-Kong-Response-Latency`: time taken
# (in millisecond) by Kong to produce
# a response in case of e.g. plugin
# short-circuiting the request, or in
# in case of an error.
# - `X-Kong-Upstream-Latency`: Time taken
# (in milliseconds) by the upstream
# service to send response headers.
# - `X-Kong-Admin-Latency`: Time taken
# (in milliseconds) by Kong to process
# an Admin API request.
# - `X-Kong-Upstream-Status`: The HTTP status
# code returned by the upstream service.
# This is particularly useful for clients to
# distinguish upstream statuses if the
# response is rewritten by a plugin.
# - `server_tokens`: Same as specifying both
# `Server` and `Via`.
# - `latency_tokens`: Same as specifying
# `X-Kong-Proxy-Latency`,
# `X-Kong-Response-Latency`,
# `X-Kong-Admin-Latency` and
# `X-Kong-Upstream-Latency`
#
# In addition to those, this value can be set
# to `off`, which prevents Kong from injecting
# any of the above headers. Note that this
# does not prevent plugins from injecting
# headers of their own.
#
# Example: `headers = via, latency_tokens`
#trusted_ips = # Defines trusted IP addresses blocks that are
# known to send correct `X-Forwarded-*`
# headers.
# Requests from trusted IPs make Kong forward
# their `X-Forwarded-*` headers upstream.
# Non-trusted requests make Kong insert its
# own `X-Forwarded-*` headers.
#
# This property also sets the
# `set_real_ip_from` directive(s) in the Nginx
# configuration. It accepts the same type of
# values (CIDR blocks) but as a
# comma-separated list.
#
# To trust *all* /!\ IPs, set this value to
# `0.0.0.0/0,::/0`.
#
# If the special value `unix:` is specified,
# all UNIX-domain sockets will be trusted.
#
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
# for examples of accepted values.
#real_ip_header = X-Real-IP # Defines the request header field whose value
# will be used to replace the client address.
# This value sets the `ngx_http_realip_module`
# directive of the same name in the Nginx
# configuration.
#
# If this value receives `proxy_protocol`:
#
# - at least one of the `proxy_listen` entries
# must have the `proxy_protocol` flag
# enabled.
# - the `proxy_protocol` parameter will be
# appended to the `listen` directive of the
# Nginx template.
#
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
# for a description of this directive.
#real_ip_recursive = off # This value sets the `ngx_http_realip_module`
# directive of the same name in the Nginx
# configuration.
#
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
# for a description of this directive.
#client_max_body_size = 0 # Defines the maximum request body size allowed
# by requests proxied by Kong, specified in
# the Content-Length request header. If a
# request exceeds this limit, Kong will
# respond with a 413 (Request Entity Too
# Large). Setting this value to 0 disables
# checking the request body size.
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
# for further description of this parameter. Numeric values may be suffixed
# with `k` or `m` to denote limits in terms of kilobytes or megabytes.
#client_body_buffer_size = 8k # Defines the buffer size for reading the
# request body. If the client request body is
# larger than this value, the body will be
# buffered to disk. Note that when the body is
# buffered to disk Kong plugins that access or
# manipulate the request body may not work, so
# it is advisable to set this value as high as
# possible (e.g., set it as high as
# `client_max_body_size` to force request
# bodies to be kept in memory). Do note that
# high-concurrency environments will require
# significant memory allocations to process
# many concurrent large request bodies.
# See http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size
# for further description of this parameter. Numeric values may be suffixed
# with `k` or `m` to denote limits in terms of kilobytes or megabytes.
#error_default_type = text/plain # Default MIME type to use when the request
# `Accept` header is missing and Nginx
# is returning an error for the request.
# Accepted values are `text/plain`,
# `text/html`, `application/json`, and
# `application/xml`.
#------------------------------------------------------------------------------
# NGINX injected directives
#------------------------------------------------------------------------------
# Nginx directives can be dynamically injected in the runtime nginx.conf file
# without requiring a custom Nginx configuration template.
#
# All configuration properties respecting the naming scheme
# `nginx_<namespace>_<directive>` will result in `<directive>` being injected in
# the Nginx configuration block corresponding to the property's `<namespace>`.
# Example:
# `nginx_proxy_large_client_header_buffers = 8 24k`
#
# Will inject the following directive in Kong's proxy `server {}` block:
#
# `large_client_header_buffers 8 24k;`
#
# The following namespaces are supported:
#
# - `nginx_main_<directive>`: Injects `<directive>` in Kong's configuration
# `main` context.
# - `nginx_events_<directive>`: Injects `<directive>` in Kong's `events {}`
# block.
# - `nginx_http_<directive>`: Injects `<directive>` in Kong's `http {}` block.
# - `nginx_proxy_<directive>`: Injects `<directive>` in Kong's proxy
# `server {}` block.
# - `nginx_upstream_<directive>`: Injects `<directive>` in Kong's proxy
# `upstream {}` block.
# - `nginx_admin_<directive>`: Injects `<directive>` in Kong's Admin API
# `server {}` block.
# - `nginx_status_<directive>`: Injects `<directive>` in Kong's Status API
# `server {}` block (only effective if `status_listen` is enabled).
# - `nginx_stream_<directive>`: Injects `<directive>` in Kong's stream module
# `stream {}` block (only effective if `stream_listen` is enabled).
# - `nginx_sproxy_<directive>`: Injects `<directive>` in Kong's stream module
# `server {}` block (only effective if `stream_listen` is enabled).
# - `nginx_supstream_<directive>`: Injects `<directive>` in Kong's stream
# module `upstream {}` block.
#
# As with other configuration properties, Nginx directives can be injected via
# environment variables when capitalized and prefixed with `KONG_`.
# Example:
# `KONG_NGINX_HTTP_SSL_PROTOCOLS` -> `nginx_http_ssl_protocols`
#
# Will inject the following directive in Kong's `http {}` block:
#
# `ssl_protocols <value>;`
#
# If different sets of protocols are desired between the proxy and Admin API
# server, you may specify `nginx_proxy_ssl_protocols` and/or
# `nginx_admin_ssl_protocols`, both of which taking precedence over the
# `http {}` block.
#nginx_http_ssl_protocols = TLSv1.1 TLSv1.2 TLSv1.3
# Enables the specified protocols for
# client-side connections. The set of
# supported protocol versions also depends
# on the version of OpenSSL Kong was built
# with.
#
# This value is ignored if `ssl_cipher_suite`
# is not `custom`.
#
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
#nginx_http_ssl_prefer_server_ciphers = on
# Specifies that server ciphers should be
# preferred over client ciphers when using
# the SSLv3 and TLS protocols
#
# This value is ignored if `ssl_cipher_suite`
# is not `custom`.
#
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers
#nginx_http_ssl_session_tickets = on
# Enables or disables session resumption through
# TLS session tickets. This is has no impact when
# used with TLSv1.3.
#
# Kong enables this by default for performance
# reasons, but it has security implications:
# https://github.com/mozilla/server-side-tls/issues/135
#
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
#nginx_http_ssl_session_timeout = 1d
# Specifies a time during which a client may
# reuse the session parameters. See the rationale:
# https://github.com/mozilla/server-side-tls/issues/198
#
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout
#nginx_upstream_keepalive = 60 # Sets the maximum number of idle keepalive
# connections to upstream servers that are
# preserved in the cache of each worker
# process. When this number is exceeded, the
# least recently used connections are closed.
# A value of `NONE` will disable this behavior
# altogether, forcing each upstream request
# to open a new connection.
# See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
#nginx_upstream_keepalive_requests = 100
# Sets the maximum number of requests that can
# be served through one keepalive connection.
# After the maximum number of requests is
# made, the connection is closed.
# See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests
#nginx_upstream_keepalive_timeout = 60s
# Sets a timeout during which an idle
# keepalive connection to an upstream server
# will stay open.
# See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout
#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------
# Kong can run with a database to store coordinated data between Kong nodes in
# a cluster, or without a database, where each node stores its information
# independently in memory.
#
# When using a database, Kong will store data for all its entities (such as
# Routes, Services, Consumers, and Plugins) in either Cassandra or PostgreSQL,
# and all Kong nodes belonging to the same cluster must connect themselves
# to the same database.
#
# Kong supports the following database versions:
# - **PostgreSQL**: 9.5 and above.
# - **Cassandra**: 2.2 and above.
#
# When not using a database, Kong is said to be in "DB-less mode": it will keep
# its entities in memory, and each node needs to have this data entered via a
# declarative configuration file, which can be specified through the
# `declarative_config` property, or via the Admin API using the `/config`
# endpoint.
#database = postgres # Determines which of PostgreSQL or Cassandra
# this node will use as its datastore.
# Accepted values are `postgres`,
# `cassandra`, and `off`.
#pg_host = 127.0.0.1 # Host of the Postgres server.
#pg_port = 5432 # Port of the Postgres server.
#pg_timeout = 5000 # Defines the timeout (in ms), for connecting,
# reading and writing.
#pg_user = kong # Postgres user.
#pg_password = # Postgres user's password.
#pg_database = kong # The database name to connect to.
#pg_schema = # The database schema to use. If unspecified,
# Kong will respect the `search_path` value of
# your PostgreSQL instance.
#pg_ssl = off # Toggles client-server TLS connections
# between Kong and PostgreSQL.
#pg_ssl_verify = off # Toggles server certificate verification if
# `pg_ssl` is enabled.
# See the `lua_ssl_trusted_certificate`
# setting to specify a certificate authority.
#pg_max_concurrent_queries = 0 # Sets the maximum number of concurrent queries
# that can be executing at any given time. This
# limit is enforced per worker process; the
# total number of concurrent queries for this
# node will be will be:
# `pg_max_concurrent_queries * nginx_worker_processes`.
#
# The default value of 0 removes this
# concurrency limitation.
#pg_semaphore_timeout = 60000 # Defines the timeout (in ms) after which
# PostgreSQL query semaphore resource
# acquisition attempts will fail. Such
# failures will generally result in the
# associated proxy or Admin API request
# failing with an HTTP 500 status code.
# Detailed discussion of this behavior is
# available in the online documentation.
#cassandra_contact_points = 127.0.0.1 # A comma-separated list of contact
# points to your cluster.
# You may specify IP addresses or
# hostnames. Note that the port
# component of SRV records will be
# ignored in favor of `cassandra_port`.
# When connecting to a multi-DC cluster,
# ensure that contact points from the
# local datacenter are specified first
# in this list.
#cassandra_port = 9042 # The port on which your nodes are listening
# on. All your nodes and contact points must
# listen on the same port. Will be created if
# it doesn't exist.
#cassandra_keyspace = kong # The keyspace to use in your cluster.
#cassandra_consistency = ONE # Consistency setting to use when reading/
# writing to the Cassandra cluster.
#
#cassandra_timeout = 5000 # Defines the timeout (in ms) for reading
# and writing.
#cassandra_ssl = off # Toggles client-to-node TLS connections
# between Kong and Cassandra.
#cassandra_ssl_verify = off # Toggles server certificate verification if
# `cassandra_ssl` is enabled.
# See the `lua_ssl_trusted_certificate`
# setting to specify a certificate authority.
#cassandra_username = kong # Username when using the
# `PasswordAuthenticator` scheme.
#cassandra_password = # Password when using the
# `PasswordAuthenticator` scheme.
#cassandra_lb_policy = RequestRoundRobin # Load balancing policy to use when
# distributing queries across your
# Cassandra cluster.
# Accepted values are:
# `RoundRobin`, `RequestRoundRobin`,
# `DCAwareRoundRobin`, and
# `RequestDCAwareRoundRobin`.
# Policies prefixed with "Request"
# make efficient use of established
# connections throughout the same
# request.
# Prefer "DCAware" policies if and
# only if you are using a
# multi-datacenter cluster.
#cassandra_local_datacenter = # When using the `DCAwareRoundRobin`
# or `RequestDCAwareRoundRobin` load
# balancing policy, you must specify the name
# of the local (closest) datacenter for this
# Kong node.
#cassandra_refresh_frequency = 60 # Frequency (in seconds) at which
# the cluster topology will be
# checked for new or decommissioned
# nodes.
# A value of `0` will disable this
# check, and the cluster topology
# will never be refreshed.
#cassandra_repl_strategy = SimpleStrategy # When migrating for the first time,
# Kong will use this setting to
# create your keyspace.
# Accepted values are
# `SimpleStrategy` and
# `NetworkTopologyStrategy`.
#cassandra_repl_factor = 1 # When migrating for the first time, Kong
# will create the keyspace with this
# replication factor when using the
# `SimpleStrategy`.
#cassandra_data_centers = dc1:2,dc2:3 # When migrating for the first time,
# will use this setting when using the
# `NetworkTopologyStrategy`.
# The format is a comma-separated list
# made of `<dc_name>:<repl_factor>`.
#cassandra_schema_consensus_timeout = 10000 # Defines the timeout (in ms) for
# the waiting period to reach a
# schema consensus between your
# Cassandra nodes.
# This value is only used during
# migrations.
#declarative_config = # The path to the declarative configuration
# file which holds the specification of all
# entities (Routes, Services, Consumers, etc.)
# to be used when the `database` is set to
# `off`.
#
# Entities are stored in Kong's in-memory cache,
# so you must ensure that enough memory is
# allocated to it via the `mem_cache_size`
# property. You must also ensure that items
# in the cache never expire, which means that
# `db_cache_ttl` should preserve its default
# value of 0.
#------------------------------------------------------------------------------
# DATASTORE CACHE
#------------------------------------------------------------------------------
# In order to avoid unnecessary communication with the datastore, Kong caches
# entities (such as APIs, Consumers, Credentials...) for a configurable period
# of time. It also handles invalidations if such an entity is updated.
#
# This section allows for configuring the behavior of Kong regarding the
# caching of such configuration entities.
#db_update_frequency = 5 # Frequency (in seconds) at which to check for
# updated entities with the datastore.
#
# When a node creates, updates, or deletes an
# entity via the Admin API, other nodes need
# to wait for the next poll (configured by
# this value) to eventually purge the old
# cached entity and start using the new one.
#db_update_propagation = 0 # Time (in seconds) taken for an entity in the
# datastore to be propagated to replica nodes
# of another datacenter.
#
# When in a distributed environment such as
# a multi-datacenter Cassandra cluster, this
# value should be the maximum number of
# seconds taken by Cassandra to propagate a
# row to other datacenters.
#
# When set, this property will increase the
# time taken by Kong to propagate the change
# of an entity.
#
# Single-datacenter setups or PostgreSQL
# servers should suffer no such delays, and
# this value can be safely set to 0.
#db_cache_ttl = 0 # Time-to-live (in seconds) of an entity from
# the datastore when cached by this node.
#
# Database misses (no entity) are also cached
# according to this setting.
#
# If set to 0 (default), such cached entities
# or misses never expire.
#db_resurrect_ttl = 30 # Time (in seconds) for which stale entities
# from the datastore should be resurrected for
# when they cannot be refreshed (e.g., the
# datastore is unreachable). When this TTL
# expires, a new attempt to refresh the stale
# entities will be made.
#db_cache_warmup_entities = services, plugins
# Entities to be pre-loaded from the datastore
# into the in-memory cache at Kong start-up.
# This speeds up the first access of endpoints
# that use the given entities.
#
# When the `services` entity is configured
# for warmup, the DNS entries for values in
# its `host` attribute are pre-resolved
# asynchronously as well.
#
# Cache size set in `mem_cache_size` should
# be set to a value large enough to hold all
# instances of the specified entities.
# If the size is insufficient, Kong will log
# a warning.
#------------------------------------------------------------------------------
# DNS RESOLVER
#------------------------------------------------------------------------------
# By default the DNS resolver will use the standard configuration files
# `/etc/hosts` and `/etc/resolv.conf`. The settings in the latter file will be
# overridden by the environment variables `LOCALDOMAIN` and `RES_OPTIONS` if
# they have been set.
#
# Kong will resolve hostnames as either `SRV` or `A` records (in that order, and
# `CNAME` records will be dereferenced in the process).
# In case a name was resolved as an `SRV` record it will also override any given
# port number by the `port` field contents received from the DNS server.
#
# The DNS options `SEARCH` and `NDOTS` (from the `/etc/resolv.conf` file) will
# be used to expand short names to fully qualified ones. So it will first try
# the entire `SEARCH` list for the `SRV` type, if that fails it will try the
# `SEARCH` list for `A`, etc.
#
# For the duration of the `ttl`, the internal DNS resolver will loadbalance each
# request it gets over the entries in the DNS record. For `SRV` records the
# `weight` fields will be honored, but it will only use the lowest `priority`
# field entries in the record.
#dns_resolver = # Comma separated list of nameservers, each
# entry in `ip[:port]` format to be used by
# Kong. If not specified the nameservers in
# the local `resolv.conf` file will be used.
# Port defaults to 53 if omitted. Accepts
# both IPv4 and IPv6 addresses.
#dns_hostsfile = /etc/hosts # The hosts file to use. This file is read
# once and its content is static in memory.
# To read the file again after modifying it,
# Kong must be reloaded.
#dns_order = LAST,SRV,A,CNAME # The order in which to resolve different
# record types. The `LAST` type means the
# type of the last successful lookup (for the
# specified name). The format is a (case
# insensitive) comma separated list.
#dns_valid_ttl = # By default, DNS records are cached using
# the TTL value of a response. If this
# property receives a value (in seconds), it
# will override the TTL for all records.
#dns_stale_ttl = 4 # Defines, in seconds, how long a record will
# remain in cache past its TTL. This value
# will be used while the new DNS record is
# fetched in the background.
# Stale data will be used from expiry of a
# record until either the refresh query
# completes, or the `dns_stale_ttl` number of
# seconds have passed.
#dns_not_found_ttl = 30 # TTL in seconds for empty DNS responses and
# "(3) name error" responses.
#dns_error_ttl = 1 # TTL in seconds for error responses.
#dns_no_sync = off # If enabled, then upon a cache-miss every
# request will trigger its own dns query.
# When disabled multiple requests for the
# same name/type will be synchronised to a
# single query.
#------------------------------------------------------------------------------
# TUNING & BEHAVIOR
#------------------------------------------------------------------------------
#router_consistency = strict # Defines whether this node should rebuild its
# router synchronously or asynchronously (the
# router is rebuilt every time a Route or a
# Service is updated via the Admin API or
# loading a declarative configuration file).
#
# Accepted values are:
#
# - `strict`: the router will be rebuilt
# synchronously, causing incoming requests to
# be delayed until the rebuild is finished.
# - `eventual`: the router will be rebuilt
# asynchronously via a recurring background
# job running every second inside of each
# worker.
#
# Note that `strict` ensures that all workers
# of a given node will always proxy requests
# with an identical router, but that increased
# long tail latency can be observed if
# frequent Routes and Services updates are
# expected.
# Using `eventual` will help preventing long
# tail latency issues in such cases, but may
# cause workers to route requests differently
# for a short period of time after Routes and
# Services updates.
#router_update_frequency = 1 # Defines how often the router changes are
# checked with a background job. When a change
# is detected, a new router will be built. By
# default we check for changes every second.
# Raising this value will decrease the load on
# database servers and result in less jitter
# in proxy latency, with downside of longer
# converge time for router updates.
#------------------------------------------------------------------------------
# DEVELOPMENT & MISCELLANEOUS
#------------------------------------------------------------------------------
# Additional settings inherited from lua-nginx-module allowing for more
# flexibility and advanced usage.
#
# See the lua-nginx-module documentation for more information:
# https://github.com/openresty/lua-nginx-module
#lua_ssl_trusted_certificate = # Absolute path to the certificate
# authority file for Lua cosockets in PEM
# format. This certificate will be the one
# used for verifying Kong's database
# connections, when `pg_ssl_verify` or
# `cassandra_ssl_verify` are enabled.
#
# See https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate
#lua_ssl_verify_depth = 1 # Sets the verification depth in the server
# certificates chain used by Lua cosockets,
# set by `lua_ssl_trusted_certificate`.
# This includes the certificates configured
# for Kong's database connections.
#
# See https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth
#lua_package_path = ./?.lua;./?/init.lua; # Sets the Lua module search path
# (LUA_PATH). Useful when developing
# or using custom plugins not stored
# in the default search path.
#
# See https://github.com/openresty/lua-nginx-module#lua_package_path
#lua_package_cpath = # Sets the Lua C module search path
# (LUA_CPATH).
#
# See https://github.com/openresty/lua-nginx-module#lua_package_cpath
#lua_socket_pool_size = 30 # Specifies the size limit for every cosocket
# connection pool associated with every remote
# server.
#
# See https://github.com/openresty/lua-nginx-module#lua_socket_pool_size
Reference in New Issue View Git Blame Copy Permalink