diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 412e15447f30..3e72e4aafd75 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -174,7 +174,8 @@ local function run() if seg_res == "stream_routes" then local local_conf = core.config.local_conf() - if not local_conf.apisix.stream_proxy then + if local_conf.apisix.proxy_mode ~= "stream" and + local_conf.apisix.proxy_mode ~= "http&stream" then core.log.warn("stream mode is disabled, can not add any stream ", "routes") core.response.exit(400, {error_msg = "stream mode is disabled, " .. diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 74b14302b9bb..27dbf2847a1b 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -124,7 +124,7 @@ http { {% end %} -{% if stream_proxy then %} +{% if enable_stream then %} stream { lua_package_path "{*extra_lua_path*}$prefix/deps/share/lua/5.1/?.lua;$prefix/deps/share/lua/5.1/?/init.lua;]=] .. [=[{*apisix_lua_home*}/?.lua;{*apisix_lua_home*}/?/init.lua;;{*lua_path*};"; diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 5bb87ad85056..4d1eecc7407a 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -269,11 +269,24 @@ Please modify "admin_key" in conf/config.yaml . "your openresty, please check it out.\n") end + --- http is enabled by default local enable_http = true - if not yaml_conf.apisix.enable_admin and yaml_conf.apisix.stream_proxy and - yaml_conf.apisix.stream_proxy.only ~= false - then - enable_http = false + --- stream is disabled by default + local enable_stream = false + if yaml_conf.apisix.proxy_mode then + --- check for "http" + if yaml_conf.apisix.proxy_mode == "http" then + enable_http = true + enable_stream = false + --- check for "stream" + elseif yaml_conf.apisix.proxy_mode == "stream" then + enable_stream = true + enable_http = false + --- check for "http&stream" + elseif yaml_conf.apisix.proxy_mode == "http&stream" then + enable_stream = true + enable_http = true + end end local enabled_discoveries = {} @@ -488,7 +501,7 @@ Please modify "admin_key" in conf/config.yaml . local tcp_enable_ssl -- compatible with the original style which only has the addr - if yaml_conf.apisix.stream_proxy and yaml_conf.apisix.stream_proxy.tcp then + if enable_stream and yaml_conf.apisix.stream_proxy and yaml_conf.apisix.stream_proxy.tcp then local tcp = yaml_conf.apisix.stream_proxy.tcp for i, item in ipairs(tcp) do if type(item) ~= "table" then @@ -545,6 +558,7 @@ Please modify "admin_key" in conf/config.yaml . use_apisix_base = env.use_apisix_base, error_log = {level = "warn"}, enable_http = enable_http, + enable_stream = enable_stream, enabled_discoveries = enabled_discoveries, enabled_plugins = enabled_plugins, enabled_stream_plugins = enabled_stream_plugins, diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua index 56d7e2f630cc..3684232f1a7f 100644 --- a/apisix/cli/schema.lua +++ b/apisix/cli/schema.lua @@ -136,6 +136,10 @@ local config_schema = { } } }, + proxy_mode = { + type = "string", + enum = {"http", "stream", "http&stream"}, + }, stream_proxy = { type = "object", properties = { diff --git a/conf/config-default.yaml b/conf/config-default.yaml index e40dc174c908..ef490f74286b 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -73,6 +73,8 @@ apisix: # radixtree_uri_with_parameter: similar to radixtree_uri but match URI with parameters. See https://github.com/api7/lua-resty-radixtree/#parameters-in-path for more details. ssl: radixtree_sni # radixtree_sni: match route by SNI + # http is the default proxy mode. proxy_mode can be one of `http`, `stream`, or `http&stream` + proxy_mode: http # stream_proxy: # TCP/UDP L4 proxy # only: true # Enable L4 proxy only without L7 proxy. # tcp: diff --git a/docs/en/latest/plugins/mqtt-proxy.md b/docs/en/latest/plugins/mqtt-proxy.md index cafc986251b6..786083e3b367 100644 --- a/docs/en/latest/plugins/mqtt-proxy.md +++ b/docs/en/latest/plugins/mqtt-proxy.md @@ -50,7 +50,6 @@ To enable the Plugin, you need to first enable the `stream_proxy` configuration http: 'radixtree_uri' ssl: 'radixtree_sni' stream_proxy: # TCP/UDP proxy - only: false # needed if HTTP and Stream Proxy should be enabled tcp: # TCP proxy port list - 9100 dns_resolver: diff --git a/docs/en/latest/stream-proxy.md b/docs/en/latest/stream-proxy.md index c68173d09c59..9354c96b255b 100644 --- a/docs/en/latest/stream-proxy.md +++ b/docs/en/latest/stream-proxy.md @@ -29,7 +29,12 @@ APISIX can serve as a stream proxy, in addition to being an application layer pr By default, stream proxy is disabled. -To enable the option, add the `apisix.stream_proxy` option in `conf/config.yaml` and specify a list of addresses which APISIX should act as a stream proxy and listen for incoming requests. +To enable this option, set `apisix.proxy_mode` to `stream` or `http&stream`, depending on whether you want stream proxy only or both http and stream. Then add the `apisix.stream_proxy` option in `conf/config.yaml` and specify the list of addresses where APISIX should act as a stream proxy and listen for incoming requests. +:::note + +This "apisix.stream_proxy" option has only been added in versions after 3.2.1. + +::: ```yaml apisix: @@ -42,19 +47,6 @@ apisix: - "127.0.0.1:9211" ``` -If `apisix.enable_admin` is true, both HTTP and stream proxy are enabled with the configuration above. - -If you have set the `enable_admin` to false, and need to enable both HTTP and stream proxy, set the `only` to false: - -```yaml -apisix: - enable_admin: false - stream_proxy: - only: false - tcp: - - 9100 -``` - If `apisix.stream_proxy` is undefined in `conf/config.yaml`, you will encounter an error similar to the following and not be able to add a stream route: ``` diff --git a/docs/zh/latest/plugins/mqtt-proxy.md b/docs/zh/latest/plugins/mqtt-proxy.md index 7cd779787dbc..518974d6c93a 100644 --- a/docs/zh/latest/plugins/mqtt-proxy.md +++ b/docs/zh/latest/plugins/mqtt-proxy.md @@ -50,7 +50,6 @@ description: 本文档介绍了 Apache APISIX mqtt-proxy 插件的信息,通 http: 'radixtree_uri' ssl: 'radixtree_sni' stream_proxy: # TCP/UDP proxy - only: false # 如需 HTTP 与 Stream 代理同时生效,需要增加该键值 tcp: # TCP proxy port list - 9100 dns_resolver: diff --git a/docs/zh/latest/stream-proxy.md b/docs/zh/latest/stream-proxy.md index e2c1de110f43..22a17be6cdb3 100644 --- a/docs/zh/latest/stream-proxy.md +++ b/docs/zh/latest/stream-proxy.md @@ -27,7 +27,7 @@ APISIX 可以对 TCP/UDP 协议进行代理并实现动态负载均衡。在 ngi ## 如何开启 Stream 代理 -在 `conf/config.yaml` 配置文件设置 `stream_proxy` 选项,指定一组需要进行动态代理的 IP 地址。默认情况不开启 stream 代理。 +要启用该选项,请将 `apisix.proxy_mode` 设置为 `stream` 或 `http&stream`,具体取决于您是只需要流代理还是需要 http 和流。然后在 conf/config.yaml 中添加 apisix.stream_proxy 选项并指定 APISIX 应充当流代理并侦听传入请求的地址列表。 ```yaml apisix: @@ -40,19 +40,6 @@ apisix: - "127.0.0.1:9211" ``` -如果 `apisix.enable_admin` 为 true,上面的配置会同时启用 HTTP 和 stream 代理。 - -如果你设置 `enable_admin` 为 false,且需要同时启用 HTTP 和 stream 代理,设置 `only` 为 false: - -```yaml -apisix: - enable_admin: false - stream_proxy: # TCP/UDP proxy - only: false - tcp: # TCP proxy address list - - 9100 -``` - ## 如何设置 route 简例如下: diff --git a/t/APISIX.pm b/t/APISIX.pm index 0c057b5381eb..92e58a7ba265 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -102,6 +102,7 @@ my $etcd_key = read_file("t/certs/etcd.key"); $user_yaml_config = <<_EOC_; apisix: node_listen: 1984 + proxy_mode: http&stream stream_proxy: tcp: - 9100 diff --git a/t/cli/test_access_log.sh b/t/cli/test_access_log.sh index 7c40b35a3b8a..58faba74e527 100755 --- a/t/cli/test_access_log.sh +++ b/t/cli/test_access_log.sh @@ -230,6 +230,7 @@ echo "passed: should find upstream scheme" # check stream logs echo ' apisix: + proxy_mode: stream stream_proxy: # UDP proxy udp: - "127.0.0.1:9200" diff --git a/t/cli/test_core_config.sh b/t/cli/test_core_config.sh index 7b96820539cc..f799241b945d 100755 --- a/t/cli/test_core_config.sh +++ b/t/cli/test_core_config.sh @@ -45,6 +45,7 @@ echo "passed: set lua_max_running_timers successfully" echo " apisix: + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_deployment_traditional.sh b/t/cli/test_deployment_traditional.sh index 1dead769bc10..2699c3d2aecd 100755 --- a/t/cli/test_deployment_traditional.sh +++ b/t/cli/test_deployment_traditional.sh @@ -45,6 +45,7 @@ fi # Both HTTP and Stream echo ' apisix: + proxy_mode: http&stream enable_admin: true stream_proxy: tcp: @@ -74,6 +75,7 @@ fi echo ' apisix: enable_admin: false + proxy_mode: stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_dns.sh b/t/cli/test_dns.sh index cb8f8eaee565..86dd9dbb1f19 100755 --- a/t/cli/test_dns.sh +++ b/t/cli/test_dns.sh @@ -41,6 +41,7 @@ fi echo ' apisix: + proxy_mode: http&stream stream_proxy: tcp: - 9100 @@ -62,6 +63,7 @@ echo "pass: dns_resolver_valid takes effect" echo ' apisix: + proxy_mode: http&stream stream_proxy: tcp: - 9100 @@ -130,6 +132,7 @@ rm logs/error.log || true echo " apisix: enable_admin: true + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_etcd_grpc_mtls.sh b/t/cli/test_etcd_grpc_mtls.sh index 8f37a711272e..90c151a62d7a 100755 --- a/t/cli/test_etcd_grpc_mtls.sh +++ b/t/cli/test_etcd_grpc_mtls.sh @@ -105,6 +105,7 @@ echo "passed: certificate verify with CA success expectedly" # etcd mTLS in stream subsystem echo ' apisix: + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_etcd_mtls.sh b/t/cli/test_etcd_mtls.sh index d61d6d517c1f..5d0152ff64f1 100755 --- a/t/cli/test_etcd_mtls.sh +++ b/t/cli/test_etcd_mtls.sh @@ -102,6 +102,7 @@ echo "passed: certificate verify with CA success expectedly" # etcd mTLS in stream subsystem echo ' apisix: + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh index 29534c83aa54..3b0cab766d59 100755 --- a/t/cli/test_main.sh +++ b/t/cli/test_main.sh @@ -670,10 +670,10 @@ echo "passed: bad lua_module_hook should be rejected" echo ' apisix: + proxy_mode: http&stream extra_lua_path: "\$prefix/example/?.lua" lua_module_hook: "my_hook" stream_proxy: - only: false tcp: - addr: 9100 ' > conf/config.yaml @@ -810,6 +810,7 @@ git checkout conf/config.yaml echo ' apisix: + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_prometheus_run_in_privileged.sh b/t/cli/test_prometheus_run_in_privileged.sh index 7f8a3e2ec5ff..a97cf307e26c 100755 --- a/t/cli/test_prometheus_run_in_privileged.sh +++ b/t/cli/test_prometheus_run_in_privileged.sh @@ -55,6 +55,7 @@ rm logs/error.log || true echo " apisix: + proxy_mode: http&stream extra_lua_path: "\$prefix/t/lib/?.lua" enable_admin: true stream_proxy: @@ -87,6 +88,7 @@ rm logs/error.log || true echo " apisix: + proxy_mode: http&stream extra_lua_path: "\$prefix/t/lib/?.lua" enable_admin: false stream_proxy: diff --git a/t/cli/test_prometheus_stream.sh b/t/cli/test_prometheus_stream.sh index 561b9a820cf5..abf960e776a5 100755 --- a/t/cli/test_prometheus_stream.sh +++ b/t/cli/test_prometheus_stream.sh @@ -23,6 +23,7 @@ exit_if_not_customed_nginx echo " apisix: + proxy_mode: http&stream enable_admin: true stream_proxy: tcp: @@ -65,6 +66,7 @@ echo "passed: prometheus works when both http & stream are enabled" echo " apisix: + proxy_mode: stream enable_admin: false stream_proxy: tcp: diff --git a/t/cli/test_snippet.sh b/t/cli/test_snippet.sh index 1b545dd9cf0a..72eee7e64a96 100755 --- a/t/cli/test_snippet.sh +++ b/t/cli/test_snippet.sh @@ -25,8 +25,8 @@ echo ' apisix: node_listen: 9080 enable_admin: true + proxy_mode: http&stream stream_proxy: - only: false tcp: - 9100 nginx_config: diff --git a/t/cli/test_stream_config.sh b/t/cli/test_stream_config.sh index 5a15ae10fe2f..baab138a0c99 100755 --- a/t/cli/test_stream_config.sh +++ b/t/cli/test_stream_config.sh @@ -22,6 +22,7 @@ echo " apisix: enable_admin: false + proxy_mode: stream stream_proxy: tcp: - addr: 9100 @@ -40,8 +41,8 @@ echo "passed: enable stream proxy only by default" echo " apisix: enable_admin: false + proxy_mode: http&stream stream_proxy: - only: false tcp: - addr: 9100 " > conf/config.yaml @@ -57,6 +58,7 @@ fi echo " apisix: enable_admin: true + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 @@ -76,6 +78,7 @@ echo " apisix: ssl: ssl_trusted_certificate: t/certs/mtls_ca.crt + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 @@ -92,6 +95,7 @@ echo "passed: set trust certificate" echo " apisix: + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 @@ -108,6 +112,7 @@ fi echo " apisix: + proxy_mode: http&stream stream_proxy: tcp: - addr: 9100 diff --git a/t/cli/test_tls_over_tcp.sh b/t/cli/test_tls_over_tcp.sh index 566af9418a24..5d378ce6a9ad 100755 --- a/t/cli/test_tls_over_tcp.sh +++ b/t/cli/test_tls_over_tcp.sh @@ -22,8 +22,8 @@ # check tls over tcp proxy echo " apisix: + proxy_mode: http&stream stream_proxy: - only: false tcp: - addr: 9100 tls: true diff --git a/t/cli/test_validate_config.sh b/t/cli/test_validate_config.sh index 1c00360f1c30..8db581684332 100755 --- a/t/cli/test_validate_config.sh +++ b/t/cli/test_validate_config.sh @@ -82,6 +82,7 @@ deployment: apisix: node_listen: 9080 enable_admin: true + proxy_mode: http&stream stream_proxy: tcp: - "localhost:9100" diff --git a/t/stream-node/sni.t b/t/stream-node/sni.t index f2833d2f494c..41554ba6c0c2 100644 --- a/t/stream-node/sni.t +++ b/t/stream-node/sni.t @@ -276,6 +276,7 @@ proxy request to 127.0.0.2:1995 --- yaml_config apisix: node_listen: 1984 + proxy_mode: http&stream stream_proxy: tcp: - 9100