Skip to content

/ apisix-docker

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can network use service name instead IP? #115

Open
leenux opened this issue Jan 10, 2021 · 11 comments
Open

Can network use service name instead IP? #115

leenux opened this issue Jan 10, 2021 · 11 comments
Labels
good first issue

Comments

@leenux
Copy link

@leenux leenux commented Jan 10, 2021

I found network use subnet 172.18..
Can network use service name instead IP?
For example

networks:
  apisix-network:
    name: apisix-network
    driver: bridge
@spacewander
Copy link
Member

@spacewander spacewander commented Jan 11, 2021

CC @gxthrj
@spacewander spacewander mentioned this issue Jan 11, 2021
Closed
@gxthrj
Copy link
Contributor

@gxthrj gxthrj commented Jan 12, 2021

Yes, we can all use serviceName instead of IP.
@leenux Do you have time to contribute this feature ?
@leenux
Copy link
Author

@leenux leenux commented Jan 12, 2021

change https://github.com/qwxingzhe/apisix-docker-compose and it work fine
@leenux leenux closed this Jan 12, 2021
@gxthrj
Copy link
Contributor

@gxthrj gxthrj commented Jan 12, 2021

@leenux https://github.com/qwxingzhe/apisix-docker-compose/blob/main/simple/docker-compose.yml is the same as our docker-compose.yml. what is different ?
@gxthrj gxthrj reopened this Jan 12, 2021
@leenux
Copy link
Author

@leenux leenux commented Jan 12, 2021

docker-compose.yml

version: "3"

services:
  apisix:
    image: apache/apisix:2.0-alpine
    # 官网 2.1-alpine 镜像存在ssl无法启动BUG,此处暂用2.0-alpine替代
    #image: apache/apisix:2.1-alpine
    restart: always
    volumes:
      - ./apisix_log:/usr/local/apisix/logs
      - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
    depends_on:
      - etcd
    ##network_mode: host
    ports:
      # 此处分别以80、443替换原配置文件中的9080、9443以便直接配置使用
      - "80:9080/tcp"
      - "443:9443/tcp"
      #- "9080:9080/tcp"
      #- "9443:9443/tcp"
    networks:
      - apisix

  etcd:
    image: bitnami/etcd:3.4.9
    user: root
    restart: always
    volumes:
      - ./etcd_data:/etcd_data
    environment:
      ETCD_DATA_DIR: /etcd_data
      ETCD_ENABLE_V2: "true"
      ALLOW_NONE_AUTHENTICATION: "yes"
      ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
      ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
    ports:
      - "2379:2379/tcp"
    networks:
      - apisix

  apisix-dashboard:
    container_name: apisix-dashboard
    # 由于官方未提供镜像,此处暂使用自建镜像
    image: registry.cn-shanghai.aliyuncs.com/qwxingzhe/apisix-dashboard:2.2
    ports:
      - 9000:9000
    volumes:
      - ./apisix-dashboard/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
    networks:
      - apisix

networks:
  apisix:
    name: apisix
    driver: bridge

config.yaml

apisix:
  node_listen: 9080              # APISIX listening port
  enable_ipv6: false

  ssl:
    enable: true                 # ssl is disabled by default
                                  # enable it to use your own cert and key
    enable_http2: true
    listen_port: 9443
    # ssl_trusted_certificate: /path/to/ca-cert # Specifies a file path with trusted CA certificates in the PEM format
                                                # used to verify the certificate when APISIX needs to do SSL/TLS handshaking
                                                # with external services (e.g. etcd)
    # ssl_cert: /path/to/ssl_cert
    # ssl_cert_key: /path/to/ssl_cert_key
    ssl_protocols: "TLSv1.2 TLSv1.3"
    ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
    ssl_session_tickets: false              #  disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.
                                            #  ref: https://github.com/mozilla/server-side-tls/issues/135
    key_encrypt_salt: "edd1c9f0985e76a2"    #  If not set, will save origin ssl key into etcd.
                                            #  If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC
                                            #  !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!

  allow_admin:                  # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
    - 0.0.0.0/0              # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.

  admin_key:
    - name: "admin"
      key: edd1c9f034335f136f87ad84b625c8f1
      role: admin                 # admin: manage all configuration data
                                  # viewer: only can view configuration data
    - name: "viewer"
      key: 4054f7cf07e344346cd3f287985e76a2
      role: viewer

etcd:
  host:                           # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
    - "http://etcd:2379"     # multiple etcd address
  prefix: "/apisix"               # apisix configurations prefix
  timeout: 30                     # 30 seconds

conf.yaml

conf:
  listen:
    host: 0.0.0.0 # 允许外网访问
    #host: 127.0.0.1 # `manager api` listening ip or host name
    port: 9000 # `manager api` listening port
  etcd:
    endpoints: # supports defining multiple etcd host addresses for an etcd cluster
      - etcd:2379
  log:
    error_log:
      level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
      file_path:
        logs/error.log # supports relative path, absolute path, standard output
        # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
authentication:
  secret:
    secret # secret for jwt token generation.
    # NOTE: Highly recommended to modify this value to protect `manager api`.
    # if it's default value, when `manager api` start , it will generate a random string to replace it.
  expire_time: 3600 # jwt token expire time, in second
  users:
    - username: admin # username and password for login `manager api`
      password: admin
    - username: user
      password: user
@leenux
Copy link
Author

@leenux leenux commented Jan 12, 2021
edited

how-to-host2bridge.zip
@gxthrj

    networks:
      - apisix

networks:
  apisix:
    name: apisix
    driver: bridge

etcd:
  host:                           # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
    - "http://etcd:2379"     # multiple etcd address

  etcd:
    endpoints: # supports defining multiple etcd host addresses for an etcd cluster
      - etcd:2379

above 3 segments is diffrent
@gxthrj
Copy link
Contributor

@gxthrj gxthrj commented Jan 12, 2021

Yes, I agree. we can change to the way by using service name.

Do you have time to contribute a PR to apache/apisix-docker?
@leenux
Copy link
Author

@leenux leenux commented Jan 13, 2021

@gxthrj 我不知如何PR :( 没做过 如果你有空可以看看上面的zip合并一哈
@leenux leenux closed this Jan 13, 2021
@membphis membphis reopened this Jan 13, 2021
@membphis
Copy link
Member

@membphis membphis commented Jan 13, 2021

welcome anyone to contribute PR ^_^
@gxthrj
Copy link
Contributor

@gxthrj gxthrj commented Jan 14, 2021

@leenux Here are some instructions on how to create a Pull Request.
https://blog.csdn.net/vim_wj/article/details/78300239
gnipbao/iblog#19

If you have time, welcome to have a try.
@gxthrj
Copy link
Contributor

@gxthrj gxthrj commented Feb 1, 2021

If anyone is interested, welcome to provide a PR.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
@leenux @spacewander @gxthrj @membphis