Info: https://www.nginx.com/resources/admin-guide/nginx-https-upstreams/
Source: http://nategood.com/client-side-certificate-authentication-in-ngi
This is SSL, so you'll need an cert-key pair for you/the server, the api users/the client and a CA pair. You will be the CA in this case (usually a role played by VeriSign, thawte, GoDaddy, etc.), signing your client's certs. There are plenty of tutorials out there on creating and signing certificates, so I'll leave the details on this to someone else and just quickly show a sample here to give a complete tutorial. NOTE: This is just a quick sample of creating certs and not intended for production.
This document describes the steps to enable mutual SSL in APIcast. The instructions are provided for Docker and OpenShift.
Note: this approach will only work in APIcast v3.1.0-rc1 and later.
| use Test::Nginx::Socket::Lua 'no_plan'; | |
| run_tests(); | |
| __DATA__ | |
| === TEST 1: failing test | |
| --- config | |
| resolver 1.1.1.1; | |
| location = /t { |
The behavior depends on several factors:
1. If the application plan is changed on the same day as is it was created, and so it has never been invoiced before, the fixed costs for the old plan are included to the invoice, and are discounted with a 'Refund' line item. The fixed costs for the old plan are also added to the invoice.
Example.
Here are the steps to get apisonator (opensource project for 3scale backend) run locally, which can be useful for testing.
The image can be either built manually from the GitHub source, or there is an image available on quay.io.
The attached file starts redis, backend worker and backend listener.
In theory it could be possible to start APIcast with the same docker-compose file, but there is some issue with the resolver - it doesn't pick up the services hostnames that docker-compose resolves normally (i.e. I couldn't use http://listener:3000 from APIcast). So, I am starting APIcast locally.
| # Switch to root | |
| sudo -i | |
| # Install dependencies | |
| yum install -y yum-utils gcc git | |
| # Enable OpenResty repo (see RHEL section at https://openresty.org/en/linux-packages.html) | |
| yum-config-manager --add-repo https://openresty.org/package/rhel/openresty.repo | |
| # Enable EPEL packages (needed for LuaRocks) |
| $ make busted | |
| lua_modules/bin/rover exec bin/busted | |
| ●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●◌●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●◌●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●● | |
| 527 successes / 0 failures / 25 errors / 2 pending : 14.675192 seconds | |
| Pending → spec/policy/rate_limit/redis_shdict_spec.lua @ 33 | |
| Redis Shared Dictionary incr without default | |
| Pending → spec/resty/http_ng_spec.lua @ 35 | |
| http_ng options method works with default options |
The error logs in the system-developer container on the system-app pod show the following error:
ActionView::Template::Error (No site key specified.):
| FROM centos:7 | |
| # Install dependencies | |
| RUN yum install -y yum-utils gcc git | |
| # Enable OpenResty repo (see RHEL section at https://openresty.org/en/linux-packages.html) | |
| RUN yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo | |
| # Enable EPEL packages (needed for LuaRocks) | |
| RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm |