Created
December 13, 2018 22:15
-
-
Save rainest/4663e48c4f3393eb7b4e2de5138b608f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ----------------------- | |
# Kong configuration file | |
# ----------------------- | |
# | |
# The commented-out settings shown in this file represent the default values. | |
# | |
# This file is read when `kong start` or `kong prepare` are used. Kong | |
# generates the Nginx configuration with the settings specified in this file. | |
# | |
# All environment variables prefixed with `KONG_` and capitalized will override | |
# the settings specified in this file. | |
# Example: | |
# `log_level` setting -> `KONG_LOG_LEVEL` env variable | |
# | |
# Boolean values can be specified as `on`/`off` or `true`/`false`. | |
# Lists must be specified as comma-separated strings. | |
# | |
# All comments in this file can be removed safely, including the | |
# commented-out properties. | |
# You can verify the integrity of your settings with `kong check <conf>`. | |
#------------------------------------------------------------------------------ | |
# GENERAL | |
#------------------------------------------------------------------------------ | |
#prefix = /usr/local/kong/ # Working directory. Equivalent to Nginx's | |
# prefix path, containing temporary files | |
# and logs. | |
# Each Kong process must have a separate | |
# working directory. | |
#log_level = notice # Log level of the Nginx server. Logs are | |
# found at <prefix>/logs/error.log. | |
# Note: see http://nginx.org/en/docs/ngx_core_module.html#error_log for a list | |
# of accepted values. | |
#proxy_access_log = logs/access.log # Path for proxy port request access | |
# logs. Set this value to `off` to | |
# disable logging proxy requests. | |
# If this value is a relative path, | |
# it will be placed under the | |
# `prefix` location. | |
#proxy_error_log = logs/error.log # Path for proxy port request error | |
# logs. Granularity of these logs is | |
# adjusted by the `log_level` | |
# directive. | |
#admin_access_log = logs/admin_access.log # Path for Admin API request access | |
# logs. Set this value to `off` to | |
# disable logging Admin API requests. | |
# If this value is a relative path, | |
# it will be placed under the | |
# `prefix` location. | |
#admin_error_log = logs/error.log # Path for Admin API request error | |
# logs. Granularity of these logs is | |
# adjusted by the `log_level` | |
# directive. | |
#custom_plugins = # Comma-separated list of additional plugins | |
# this node should load. | |
# Use this property to load custom plugins | |
# that are not bundled with Kong. | |
# Plugins will be loaded from the | |
# `kong.plugins.{name}.*` namespace. | |
#anonymous_reports = on # Send anonymous usage data such as error | |
# stack traces to help improve Kong. | |
#------------------------------------------------------------------------------ | |
# NGINX | |
#------------------------------------------------------------------------------ | |
#proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl | |
# Comma-separated list of addresses and ports on | |
# which the proxy server should listen. | |
# The proxy server is the public entrypoint of Kong, | |
# which proxies traffic from your consumers to your | |
# backend services. This value accepts IPv4, IPv6, and | |
# hostnames. | |
# Some suffixes can be specified for each pair: | |
# - `ssl` will require that all connections made | |
# through a particular address/port be made with TLS | |
# enabled. | |
# - `http2` will allow for clients to open HTTP/2 | |
# connections to Kong's proxy server. | |
# - Finally, `proxy_protocol` will enable usage of the | |
# PROXY protocol for a given address/port. | |
# | |
# This value can be set to `off`, thus disabling | |
# the proxy port for this node, enabling a | |
# 'control-plane' mode (without traffic proxying | |
# capabilities) which can configure a cluster of | |
# nodes connected to the same database. | |
#proxy_url = | |
# Kong Proxy URL | |
# | |
# Here you may provide the lookup, or balancer, | |
# address for your Kong Proxy nodes. | |
# | |
# This value is commonly used in a microservices | |
# or service-mesh oriented architecture. | |
# | |
# Accepted format (parts in parenthesis are optional): | |
# | |
# <scheme>://<IP / HOSTNAME>(:<PORT>(/<PATH>)) | |
# | |
# Examples: | |
# | |
# - <scheme>://<IP>:<PORT> | |
# proxy_url = http://127.0.0.1:8000 | |
# - SSL <scheme>://<HOSTNAME> | |
# proxy_url = https://proxy.domain.tld | |
# - <scheme>://<HOSTNAME>/<PATH> | |
# proxy_url = http://dev-machine/dev-285 | |
# | |
# By default: | |
# | |
# Kong Manager, and Kong Portal will use | |
# the window request host and append the resolved | |
# listener port depending on the requested protocol. | |
# Note: see http://nginx.org/en/docs/http/ngx_http_core_module.html#listen for | |
# a description of the accepted formats for this and other *_listen values. | |
# Note bis: see https://www.nginx.com/resources/admin-guide/proxy-protocol/ | |
# for more details about the `proxy_protocol` parameter. | |
#admin_api_uri = # Hierarchical part of a URI which is composed | |
# optionally of a host, port, and path at which your | |
# Admin interface API accepts HTTP or HTTPS traffic. | |
# When this config is disabled, the gui will use the | |
# window protocol + host and append the resolved | |
# admin_gui_listen HTTP/HTTPS port. | |
#admin_listen = 127.0.0.1:8001, 127.0.0.1:8444 ssl | |
# Comma-separated list of addresses and ports on | |
# which the Admin interface should listen. | |
# The Admin interface is the API allowing you to | |
# configure and manage Kong. | |
# Access to this interface should be *restricted* | |
# to Kong administrators *only*. This value accepts | |
# IPv4, IPv6, and hostnames. | |
# Some suffixes can be specified for each pair: | |
# - `ssl` will require that all connections made | |
# through a particular address/port be made with TLS | |
# enabled. | |
# - `http2` will allow for clients to open HTTP/2 | |
# connections to Kong's proxy server. | |
# - Finally, `proxy_protocol` will enable usage of the | |
# PROXY protocol for a given address/port. | |
# | |
# This value can be set to `off`, thus disabling | |
# the Admin interface for this node, enabling a | |
# 'data-plane' mode (without configuration | |
# capabilities) pulling its configuration changes | |
# from the database. | |
#nginx_user = nobody nobody # Defines user and group credentials used by | |
# worker processes. If group is omitted, a | |
# group whose name equals that of user is | |
# used. Ex: [user] [group]. | |
#nginx_worker_processes = auto # Determines the number of worker processes | |
# spawned by Nginx. | |
#nginx_daemon = on # Determines wether Nginx will run as a daemon | |
# or as a foreground process. Mainly useful | |
# for development or when running Kong inside | |
# a Docker environment. | |
#mem_cache_size = 128m # Size of the in-memory cache for database | |
# entities. The accepted units are `k` and | |
# `m`, with a minimum recommended value of | |
# a few MBs. | |
#ssl_cipher_suite = modern # Defines the TLS ciphers served by Nginx. | |
# Accepted values are `modern`, | |
# `intermediate`, `old`, or `custom`. | |
# Note: see https://wiki.mozilla.org/Security/Server_Side_TLS for detailed | |
# descriptions of each cipher suite. | |
#ssl_ciphers = # Defines a custom list of TLS ciphers to be | |
# served by Nginx. This list must conform to | |
# the pattern defined by `openssl ciphers`. | |
# This value is ignored if `ssl_cipher_suite` | |
# is not `custom`. | |
#ssl_cert = # The absolute path to the SSL certificate for | |
# `proxy_listen` values with SSL enabled. | |
#ssl_cert_key = # The absolute path to the SSL key for | |
# `proxy_listen` values with SSL enabled. | |
#client_ssl = off # Determines if Nginx should send client-side | |
# SSL certificates when proxying requests. | |
#client_ssl_cert = # If `client_ssl` is enabled, the absolute | |
# path to the client SSL certificate for the | |
# `proxy_ssl_certificate` directive. Note that | |
# this value is statically defined on the | |
# node, and currently cannot be configured on | |
# a per-API basis. | |
#client_ssl_cert_key = # If `client_ssl` is enabled, the absolute | |
# path to the client SSL key for the | |
# `proxy_ssl_certificate_key` address. Note | |
# this value is statically defined on the | |
# node, and currently cannot be configured on | |
# a per-API basis. | |
#admin_ssl_cert = # The absolute path to the SSL certificate for | |
# `admin_listen` values with SSL enabled. | |
#admin_ssl_cert_key = # The absolute path to the SSL key for | |
# `admin_listen` values with SSL enabled. | |
#upstream_keepalive = 60 # Sets the maximum number of idle keepalive | |
# connections to upstream servers that are | |
# preserved in the cache of each worker | |
# process. When this number is exceeded, the | |
# least recently used connections are closed. | |
#server_tokens = on # Enables or disables emitting Kong version on | |
# error pages and in the "Server" or "Via" | |
# (in case the request was proxied) response | |
# header field. | |
#latency_tokens = on # Enables or disables emitting Kong latency | |
# information in the "X-Kong-Proxy-Latency" | |
# and "X-Kong-Upstream-Latency" response | |
# header fields. | |
#trusted_ips = # Defines trusted IP addresses blocks that are | |
# known to send correct X-Forwarded-* headers. | |
# Requests from trusted IPs make Kong forward | |
# their X-Forwarded-* headers upstream. | |
# Non-trusted requests make Kong insert its | |
# own X-Forwarded-* headers. | |
# | |
# This property also sets the | |
# `set_real_ip_from` directive(s) in the Nginx | |
# configuration. It accepts the same type of | |
# values (CIDR blocks) but as a | |
# comma-separated list. | |
# | |
# To trust *all* /!\ IPs, set this value to | |
# `0.0.0.0/0,::/0`. | |
# | |
# If the special value `unix:` is specified, | |
# all UNIX-domain sockets will be trusted. | |
# Note: see http://nginx.org/en/docs/http/ngx_http_realip_module.html for | |
# examples of accepted values. | |
#real_ip_header = X-Real-IP # Defines the request header field whose value | |
# will be used to replace the client address. | |
# This value sets the ngx_http_realip_module | |
# directive of the same name in the Nginx | |
# configuration. | |
# If set to `proxy_protocol`, then at least | |
# one of the `proxy_listen` entries must | |
# have the `proxy_protocol` flag enabled. | |
# Note: see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header | |
# for a description of this directive. | |
#real_ip_recursive = off # This value sets the ngx_http_realip_module | |
# directive of the same name in the Nginx | |
# configuration. | |
# Note: see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive | |
# for a description of this directive. | |
#client_max_body_size = 0 # Defines the maximum request body size allowed | |
# by requests proxied by Kong, specified in | |
# the Content-Length request header. If a | |
# request exceeds this limit, Kong will | |
# respond with a 413 (Request Entity Too | |
# Large). Setting this value to 0 disables | |
# checking the request body size. | |
# Note: see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size | |
# for further description of this parameter. Numeric values may be suffixed | |
# with 'k' or 'm' to denote limits in terms of kilobytes or megabytes. | |
#client_body_buffer_size = 8k # Defines the buffer size for reading the | |
# request body. If the client request body is | |
# larger than this value, the body will be | |
# buffered to disk. Note that when the body is | |
# buffered to disk Kong plugins that access or | |
# manipulate the request body may not work, so | |
# it is advisable to set this value as high as | |
# possible (e.g., set it as high as | |
# `client_max_body_size` to force request | |
# bodies to be kept in memory). Do note that | |
# high-concurrency environments will require | |
# significant memory allocations to process | |
# many concurrent large request bodies. | |
# Note: see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size | |
# for further description of this parameter. Numeric values may be suffixed | |
# with 'k' or 'm' to denote limits in terms of kilobytes or megabytes. | |
#error_default_type = text/plain # Default MIME type to use when the request | |
# `Accept` header is missing and Nginx | |
# is returning an error for the request. | |
# Accepted values are `text/plain`, | |
# `text/html`, `application/json`, and | |
# `application/xml`. | |
#------------------------------------------------------------------------------ | |
# DATASTORE | |
#------------------------------------------------------------------------------ | |
# Kong will store all of its data (such as APIs, consumers and plugins) in | |
# either Cassandra or PostgreSQL. | |
# | |
# All Kong nodes belonging to the same cluster must connect themselves to the | |
# same database. | |
#database = postgres # Determines which of PostgreSQL or Cassandra | |
# this node will use as its datastore. | |
# Accepted values are `postgres` and | |
# `cassandra`. | |
#pg_host = 127.0.0.1 # The PostgreSQL host to connect to. | |
#pg_port = 5432 # The port to connect to. | |
#pg_user = kong # The username to authenticate if required. | |
#pg_password = # The password to authenticate if required. | |
#pg_database = kong # The database name to connect to. | |
#pg_ssl = off # Toggles client-server TLS connections | |
# between Kong and PostgreSQL. | |
#pg_ssl_verify = off # Toggles server certificate verification if | |
# `pg_ssl` is enabled. | |
# See the `lua_ssl_trusted_certificate` | |
# setting to specify a certificate authority. | |
#cassandra_contact_points = 127.0.0.1 # A comma-separated list of contact | |
# points to your cluster. | |
#cassandra_port = 9042 # The port on which your nodes are listening | |
# on. All your nodes and contact points must | |
# listen on the same port. | |
#cassandra_keyspace = kong # The keyspace to use in your cluster. | |
#cassandra_timeout = 5000 # Defines the timeout (in ms), for reading | |
# and writing. | |
#cassandra_ssl = off # Toggles client-to-node TLS connections | |
# between Kong and Cassandra. | |
#cassandra_ssl_verify = off # Toggles server certificate verification if | |
# `cassandra_ssl` is enabled. | |
# See the `lua_ssl_trusted_certificate` | |
# setting to specify a certificate authority. | |
#cassandra_username = kong # Username when using the | |
# `PasswordAuthenticator` scheme. | |
#cassandra_password = # Password when using the | |
# `PasswordAuthenticator` scheme. | |
#cassandra_consistency = ONE # Consistency setting to use when reading/ | |
# writing to the Cassandra cluster. | |
#cassandra_lb_policy = RoundRobin # Load balancing policy to use when | |
# distributing queries across your Cassandra | |
# cluster. | |
# Accepted values are: | |
# `RoundRobin`, `RequestRoundRobin`, | |
# `DCAwareRoundRobin`, and | |
# `RequestDCAwareRoundRobin`. | |
# Prefer the later if and only if you are | |
# using a multi-datacenter cluster. | |
#cassandra_local_datacenter = # When using the `DCAwareRoundRobin` | |
# or `RequestDCAwareRoundRobin` load | |
# balancing policy, you must specify the name | |
# of the local (closest) datacenter for this | |
# Kong node. | |
#cassandra_repl_strategy = SimpleStrategy # When migrating for the first time, | |
# Kong will use this setting to | |
# create your keyspace. | |
# Accepted values are | |
# `SimpleStrategy` and | |
# `NetworkTopologyStrategy`. | |
#cassandra_repl_factor = 1 # When migrating for the first time, Kong | |
# will create the keyspace with this | |
# replication factor when using the | |
# `SimpleStrategy`. | |
#cassandra_data_centers = dc1:2,dc2:3 # When migrating for the first time, | |
# will use this setting when using the | |
# `NetworkTopologyStrategy`. | |
# The format is a comma-separated list | |
# made of <dc_name>:<repl_factor>. | |
#cassandra_schema_consensus_timeout = 10000 # Defines the timeout (in ms) for | |
# the waiting period to reach a | |
# schema consensus between your | |
# Cassandra nodes. | |
# This value is only used during | |
# migrations. | |
#------------------------------------------------------------------------------ | |
# DATASTORE CACHE | |
#------------------------------------------------------------------------------ | |
# In order to avoid unecessary communication with the datastore, Kong caches | |
# entities (such as APIs, Consumers, Credentials...) for a configurable period | |
# of time. It also handles invalidations if such an entity is updated. | |
# | |
# This section allows for configuring the behavior of Kong regarding the | |
# caching of such configuration entities. | |
#db_update_frequency = 5 # Frequency (in seconds) at which to check for | |
# updated entities with the datastore. | |
# When a node creates, updates, or deletes an | |
# entity via the Admin API, other nodes need | |
# to wait for the next poll (configured by | |
# this value) to eventually purge the old | |
# cached entity and start using the new one. | |
#db_update_propagation = 0 # Time (in seconds) taken for an entity in the | |
# datastore to be propagated to replica nodes | |
# of another datacenter. | |
# When in a distributed environment such as | |
# a multi-datacenter Cassandra cluster, this | |
# value should be the maximum number of | |
# seconds taken by Cassandra to propagate a | |
# row to other datacenters. | |
# When set, this property will increase the | |
# time taken by Kong to propagate the change | |
# of an entity. | |
# Single-datacenter setups or PostgreSQL | |
# servers should suffer no such delays, and | |
# this value can be safely set to 0. | |
#db_cache_ttl = 3600 # Time-to-live (in seconds) of an entity from | |
# the datastore when cached by this node. | |
# Database misses (no entity) are also cached | |
# according to this setting. | |
# If set to 0, such cached entities/misses | |
# never expire. | |
#------------------------------------------------------------------------------ | |
# DNS RESOLVER | |
#------------------------------------------------------------------------------ | |
# By default the DNS resolver will use the standard configuration files | |
# `/etc/hosts` and `/etc/resolv.conf`. The settings in the latter file will be | |
# overridden by the environment variables `LOCALDOMAIN` and `RES_OPTIONS` if | |
# they have been set. | |
#dns_resolver = # Comma separated list of nameservers, each | |
# entry in `ip[:port]` format to be used by | |
# Kong. If not specified the nameservers in | |
# the local `resolv.conf` file will be used. | |
# Port defaults to 53 if omitted. Accepts | |
# both IPv4 and IPv6 addresses. | |
#dns_hostsfile = /etc/hosts # The hosts file to use. This file is read | |
# once and its content is static in memory. | |
# To read the file again after modifying it, | |
# Kong must be reloaded. | |
#dns_order = LAST,SRV,A,CNAME # The order in which to resolve different | |
# record types. The `LAST` type means the | |
# type of the last successful lookup (for the | |
# specified name). The format is a (case | |
# insensitive) comma separated list. | |
#dns_stale_ttl = 4 # Defines, in seconds, how long a record will | |
# remain in cache past its TTL. This value | |
# will be used while the new DNS record is | |
# fetched in the background. | |
# Stale data will be used from expiry of a | |
# record until either the refresh query | |
# completes, or the `dns_stale_ttl` number of | |
# seconds have passed. | |
#dns_not_found_ttl = 30 # TTL in seconds for empty DNS responses and | |
# "(3) name error" responses. | |
#dns_error_ttl = 1 # TTL in seconds for error responses. | |
#dns_no_sync = off # If enabled, then upon a cache-miss every | |
# request will trigger its own dns query. | |
# When disabled multiple requests for the | |
# same name/type will be synchronised to a | |
# single query. | |
#------------------------------------------------------------------------------ | |
# DEVELOPMENT & MISCELLANEOUS | |
#------------------------------------------------------------------------------ | |
# Additional settings inherited from lua-nginx-module allowing for more | |
# flexibility and advanced usage. | |
# | |
# See the lua-nginx-module documentation for more informations: | |
# https://github.com/openresty/lua-nginx-module | |
#lua_ssl_trusted_certificate = # Absolute path to the certificate | |
# authority file for Lua cosockets in PEM | |
# format. This certificate will be the one | |
# used for verifying Kong's database | |
# connections, when `pg_ssl_verify` or | |
# `cassandra_ssl_verify` are enabled. | |
#lua_ssl_verify_depth = 1 # Sets the verification depth in the server | |
# certificates chain used by Lua cosockets, | |
# set by `lua_ssl_trusted_certificate`. | |
# This includes the certificates configured | |
# for Kong's database connections. | |
#lua_package_path = # Sets the Lua module search path (LUA_PATH). | |
# Useful when developing or using custom | |
# plugins not stored in the default search | |
# path. | |
#lua_package_cpath = # Sets the Lua C module search path | |
# (LUA_CPATH). | |
#lua_socket_pool_size = 30 # Specifies the size limit for every cosocket | |
# connection pool associated with every remote | |
# server. | |
#enforce_rbac = off # Specifies whether Admin API RBAC is enforced; | |
# accepts one of 'entity', 'both', 'on', or | |
# 'off'. When 'on' is passed, only | |
# endpoint-level authorization is enforced; | |
# when 'entity' is passed, entity-level | |
# authorization applies; 'both' enables both | |
# endpoint and entity-level authorization; | |
# 'off' disables both. When enabled, Kong will | |
# deny requests to the Admin API when a | |
# nonexistent or invalid RBAC authorization | |
# token is passed, or the RBAC user with which | |
# the token is associated does not have | |
# permissions to access/modify the requested | |
# resource. | |
#rbac_auth_header = Kong-Admin-Token # Defines the name of the HTTP request | |
# header from which the Admin API will | |
# attempt to identify the RBAC user. | |
#------------------------------------------------------------------------------ | |
# ADMIN GUI | |
#------------------------------------------------------------------------------ | |
#admin_gui_listen = 0.0.0.0:8002, 0.0.0.0:8445 ssl | |
# Admin GUI Listeners | |
# | |
# Comma-separated list of addresses and ports on which | |
# Kong will expose the Admin GUI. This web application | |
# lets you configure and manage Kong, and therefore | |
# should be kept private and secured. | |
# | |
# Suffixes can be specified for each pair, similarly to | |
# the `admin_listen` directive. | |
#admin_gui_url = | |
# Admin GUI URL | |
# | |
# Here you may provide the lookup, or balancer, | |
# address for your admin application. | |
# | |
# Accepted format (items in parenthesis are optional): | |
# | |
# <scheme>://<IP / HOSTNAME>(:<PORT>(/<PATH>)) | |
# | |
# Examples: | |
# | |
# - http://127.0.0.1:8003 | |
# - https://kong-admin.test | |
# - http://dev-machine/dev-285 | |
# | |
# By default: | |
# | |
# The application will use the window request host and | |
# append the resolved listener port depending on the | |
# requested protocol. | |
#admin_gui_ssl_cert = | |
# The absolute path to the SSL certificate for | |
# `admin_gui_listen` values with SSL enabled. | |
#admin_gui_ssl_cert_key = | |
# The absolute path to the SSL key for | |
# `admin_gui_listen` values with SSL enabled. | |
#admin_gui_flags = {} | |
# Alters the layout Admin GUI (JSON) | |
#admin_gui_access_log = logs/admin_gui_access.log | |
# Admin GUI Access Logs | |
# | |
# Here you can set an absolute or relative path for the | |
# Admin GUI access logs. When the path is relative, | |
# logs are placed in the `prefix` location. | |
# | |
# Setting this value to `off` disables access logs | |
# for the Admin GUI. | |
#admin_gui_error_log = logs/admin_gui_error.log | |
# Admin GUI Error Logs | |
# | |
# Here you can set an absolute or relative path for your | |
# Portal API access logs. When the path is relative, | |
# logs are placed in the `prefix` location. | |
# | |
# Setting this value to `off` disables error logs for | |
# the Admin GUI. | |
# | |
# Granularity can be adjusted through the `log_level` | |
# directive. | |
#admin_gui_auth = | |
# Admin GUI Authentication Plugin Name | |
# | |
# Here you may secure access to the Admin GUI by | |
# specifying an authentication plugin to use. | |
# | |
# Supported Plugins: | |
# | |
# Value to Use | Authentication Type | |
# ----------------------+-------------------------- | |
# basic-auth | Basic Authentication | |
# ldap-auth-advanced | LDAP Authentication | |
#admin_gui_auth_conf = | |
# Admin GUI Authentication Plugin Config (JSON) | |
# | |
# Here you may specify the configuration for the | |
# authentication plugin you have chosen. | |
# | |
# For information about Plugin Configuration | |
# consult the associated plugin documentation. | |
# | |
# Example for `basic-auth`: | |
# | |
# admin_gui_auth_conf = { "hide_credentials": true } | |
#------------------------------------------------------------------------------ | |
# VITALS | |
#------------------------------------------------------------------------------ | |
#vitals = on # When enabled, Kong will store and report | |
# metrics about its performance. | |
# | |
# When running Kong in a multi-node setup, | |
# `vitals` entails two separate meanings | |
# depending on the node. | |
# | |
# On a Proxy-only node, `vitals` determines | |
# whether to collect data for Vitals. | |
# | |
# On an Admin-only node, `vitals` determines | |
# whether to display Vitals metrics and | |
# visualizations on the dashboard. | |
#vitals_strategy = database # Determines whether to use the Kong database | |
# (either PostgreSQL or Cassandra, as defined | |
# by the 'database' config value above), or a | |
# separate storage engine, for Vitals metrics. | |
# Accepted values are 'database', 'prometheus', | |
# or 'influxdb'. | |
#vitals_tsdb_address = # Defines the host and port of the TSDB server | |
# to which Vitals data is written and read. | |
# This value is only applied when the | |
# 'vitals_strategy` option is set to | |
# 'prometheus' or 'influxdb'. This value | |
# accepts IPv4, IPv6, and hostname values. | |
# If the 'vitals_strategy' is set to | |
# 'prometheus', this value determines the | |
# address of the Prometheus server from which | |
# Vitals data will be read. For 'influxdb' | |
# strategies, this value controls both the read | |
# and write source for Vitals data. | |
#vitals_statsd_address = # Defines the host and port (and an optional | |
# protocol) of the StatsD server to which | |
# Kong should write Vitals metics. This value | |
# is only applied when the 'vitals_strategy' is | |
# set to 'prometheus'. This value accepts IPv4, | |
# IPv6, and, hostnames. Additionally, the suffix | |
# 'tcp' can be specified; doing so will result | |
# in Kong sending StatsD metrics via TCP | |
# instead of the UDP (default). | |
#vitals_statsd_prefix = kong # Defines the prefix value attached to all | |
# Vitals StatsD events. This prefix is useful | |
# when writing metrics to a multi-tenant StatsD | |
# exporter or server. | |
#vitals_statsd_udp_packet_size = 1024 # Defines the maximum buffer size in | |
# which Vitals statsd metrics will be | |
# held and sent in batches. | |
# This value is defined in bytes. | |
#vitals_prometheus_scrape_interval = 5 # Defines the scrape_interval query | |
# parameter sent to the Prometheus | |
# server when reading Vitals data. | |
# This should be same as the scrape | |
# interval (in seconds) of the | |
# Prometheus server. | |
#------------------------------------------------------------------------------ | |
# DEVELOPER PORTAL | |
#------------------------------------------------------------------------------ | |
#portal = off | |
# Developer Portal Switch | |
# | |
# When enabled: | |
# | |
# Kong will expose the Dev Portal interface and | |
# read-only APIs on the `portal_gui_listen` address, | |
# and endpoints on the Admin API to manage assets. | |
# | |
# When enabled along with `portal_auth`: | |
# | |
# Kong will expose management endpoints for developer | |
# accounts on the Admin API and the Dev Portal API. | |
#portal_gui_listen = 0.0.0.0:8003, 0.0.0.0:8446 ssl | |
# Developer Portal GUI Listeners | |
# | |
# Comma-separated list of addresses on which Kong will | |
# expose the Developer Portal GUI. Suffixes can be | |
# specified for each pair, similarly to | |
# the `admin_listen` directive. | |
#portal_gui_protocol = http | |
# Developer Portal GUI protocol | |
# | |
# Here you may provide the protocol used in conjunction | |
# with portal_gui_host to construct the lookup, or balancer | |
# address for your Kong Proxy nodes. | |
# | |
# Examples: http | |
# https | |
#portal_gui_host = 127.0.0.1:8003 | |
# Developer Portal GUI host | |
# | |
# Here you may provide the host used in conjunction | |
# with portal_gui_protocol to construct the lookup, | |
# or balancer address for your Kong Proxy nodes. | |
# | |
# Examples: | |
# | |
# - <IP>:<PORT> | |
# portal_gui_host = 127.0.0.1:8003 | |
# - <HOSTNAME> | |
# portal_gui_host = portal_api.domain.tld | |
# - <HOSTNAME>/<PATH> | |
# portal_gui_host = dev-machine/dev-285 | |
#portal_gui_use_subdomains = off | |
# Developer Portal GUI subdomain toggle | |
# | |
# By default Kong Portal uses the first namespace in | |
# the request path to determine workspace. By turning | |
# portal_gui_subdomains 'on', Kong Portal will expect | |
# workspace to be included in the request url as a subdomain. | |
# | |
# Example (off): | |
# - <scheme>://<HOSTNAME>/<WORKSPACE>/<PATH> | |
# http://kong-portal.com/example-workspace/index | |
# | |
# Example (on): | |
# - <scheme>://<WORKSPACE>.<HOSTNAME> | |
# http://example-workspace.kong-portal.com/index | |
#portal_gui_ssl_cert = | |
# Developer Portal GUI SSL Certificate | |
# | |
# The absolute path to the SSL certificate for | |
# `portal_gui_listen` values with SSL enabled. | |
#portal_gui_ssl_cert_key = | |
# Developer Portal GUI SSL Certificate Key | |
# | |
# The absolute path to the SSL key for | |
# `portal_gui_listen` values with SSL enabled. | |
#portal_api_listen = 0.0.0.0:8004, 0.0.0.0:8447 ssl | |
# Developer Portal API Listeners | |
# | |
# Comma-separated list of addresses on which Kong will | |
# expose the Developer Portal API. Suffixes can be | |
# specified for each pair, similarly to | |
# the `admin_listen` directive. | |
#portal_api_url = | |
# Developer Portal API URL | |
# | |
# Here you may provide the lookup, or balancer, | |
# address for your Developer Portal nodes. | |
# | |
# This value is commonly used in a microservices | |
# or service-mesh oriented architecture. | |
# | |
# portal_api_url is the address on which your | |
# Kong Dev Portal API is accessible by Kong. You | |
# should only set this value if your Kong Dev Portal API | |
# lives on a different node than your Kong Proxy. | |
# | |
# Accepted format (parts in parenthesis are optional): | |
# | |
# <scheme>://<IP / HOSTNAME>(:<PORT>(/<PATH>)) | |
# | |
# Examples: | |
# | |
# - <scheme>://<IP>:<PORT> | |
# portal_api_url = http://127.0.0.1:8003 | |
# - SSL <scheme>://<HOSTNAME> | |
# portal_api_url = https://portal_api.domain.tld | |
# - <scheme>://<HOSTNAME>/<PATH> | |
# portal_api_url = http://dev-machine/dev-285 | |
# | |
# By default this value points to the local interface: | |
# | |
# - http://0.0.0.0:8004 | |
#portal_api_ssl_cert = | |
# Developer Portal API SSL Certificate | |
# | |
# The absolute path to the SSL certificate for | |
# `portal_api_listen` values with SSL enabled. | |
#portal_api_ssl_cert_key = | |
# Developer Portal API SSL Certificate Key | |
# | |
# The absolute path to the SSL key for | |
# `portal_api_listen` values with SSL enabled. | |
#portal_api_access_log = logs/portal_api_access.log | |
# Developer Portal API Access Log location | |
# | |
# Here you can set an absolute or relative path for your | |
# Portal API access logs. | |
# | |
# Setting this value to `off` will disable logging | |
# Portal API access logs. | |
# | |
# When using relative pathing, logs will be placed under | |
# the `prefix` location. | |
#portal_api_error_log = logs/error.log | |
# Developer Portal API Error Log location | |
# | |
# Here you can set an absolute or relative path for your | |
# Portal API access logs. | |
# | |
# Setting this value to `off` will disable logging | |
# Portal API access logs. | |
# | |
# When using relative pathing, logs will be placed under | |
# the `prefix` location. | |
# | |
# Granularity can be adjusted through the `log_level` | |
# directive. | |
#------------------------------------------------------------------------------ | |
# DEFAULT DEVELOPER PORTAL AUTHENTICATION | |
# | |
# Referenced on workspace creation to set Dev Portal authentication defaults | |
# in the database for that particular workspace. | |
#------------------------------------------------------------------------------ | |
#portal_auth = | |
# Developer Portal Authentication Plugin Name | |
# | |
# Here you may specify the authentication plugin | |
# to apply to your Developer Portal. Developers | |
# will use the specified form of authentication | |
# to request access, register, and login to your | |
# Developer Portal. | |
# | |
# Supported Plugins: | |
# | |
# - Basic Authentication: | |
# | |
# portal_auth = basic-auth | |
# | |
# - OIDC Authentication: | |
# | |
# portal_auth = openid-connect | |
# | |
#portal_auth_conf = | |
# Developer Portal Authentication Plugin Config (JSON) | |
# | |
# Here you may specify the plugin configuration object | |
# in JSON format to be applied to your Developer | |
# Portal authentication. | |
# | |
# For information about Plugin Configuration | |
# consult the associated plugin documentation. | |
# | |
# Example for `basic-auth`: | |
# | |
# portal_auth_conf = { "hide_credentials": true } | |
#portal_auto_approve = off | |
# Developer Portal Auto Approve Access | |
# | |
# When this flag is set to "on", a developer will | |
# automatically be marked as "approved" after completing | |
# registration. Access can still be revoked through the | |
# Admin GUI or API. | |
#portal_token_exp = 21600 | |
# Duration in seconds for the expiration of portal | |
# reset token. | |
# Default `21600` (6 hours) | |
#------------------------------------------------------------------------------ | |
# DEFAULT PORTAL SMTP CONFIGURATION | |
# | |
# Referenced on workspace creation to set SMTP defaults in the database | |
# for that particular workspace. | |
#------------------------------------------------------------------------------ | |
#portal_invite_email = on | |
# Enable or disable portal_invite_email | |
# Default `on` | |
#portal_access_request_email = on | |
# Enable or disable portal_access_request_email | |
# Default `on` | |
#portal_approved_email = on | |
# Enable or disable portal_approved_email | |
# Default `on` | |
#portal_reset_email = on | |
# Enable or disable portal_reset_email | |
# Default `on` | |
#portal_reset_success_email = on | |
# Enable or disable portal_reset_success_email | |
# Default `on` | |
#portal_emails_from = # The name and email address for the `From` header | |
# for portal emails | |
# | |
# Example | |
# portal_emails_from = Your Name <example@example.com> | |
# | |
# Note: Some SMTP servers will not use | |
# this value, but instead insert the email and name | |
# associated with the account. | |
# Default `nil` | |
#portal_emails_reply_to = | |
# Email address for the `Reply-To` header for | |
# portal emails | |
# | |
# Example | |
# portal_emails_reply_to = example@example.com | |
# | |
# Note: Some SMTP servers will not use | |
# this value, but instead insert the email | |
# associated with the account. | |
# Default `nil` | |
#------------------------------------------------------------------------------ | |
# ADMIN SMTP CONFIGURATION | |
#------------------------------------------------------------------------------ | |
#admin_emails_from = "" # The email address for the `From` header | |
# for admin emails | |
#admin_emails_reply_to = # Email address for the `Reply-To` header | |
# for admin emails | |
#admin_invitation_expiry = 259200 # Seconds before admin invitation link | |
# expires. 0 means no expiration. | |
# | |
# Examples: | |
# 259200 = 1 * 60 * 60 * 72 | |
# ^ number of hours | |
#------------------------------------------------------------------------------ | |
# GENERAL SMTP CONFIGURATION | |
#------------------------------------------------------------------------------ | |
#smtp_mock = on # This flag will mock the sending of emails. This can be | |
# used for testing before the SMTP client is fully | |
# configured. | |
# | |
# Example | |
# smtp_mock = on - Emails will NOT attempt send. | |
# smtp_mock = off - Emails will attempt send. | |
# | |
# Default `on` | |
#smtp_host = # The host of the SMTP server to connect to. | |
# Default `localhost` | |
#smtp_port = # The port number on the SMTP server to connect to. | |
# Default `25` | |
#smtp_starttls = # When set to `on`, STARTTLS is used to encrypt | |
# communication with the SMTP server. This is normally | |
# used in conjunction with port 587. | |
# Default `off` | |
#smtp_username = # Username used for authentication with SMTP server | |
# Default `nil` | |
#smtp_password = # Password used for authentication with SMTP server | |
# Default `nil` | |
#smtp_ssl = # When set to `on`, SMTPS is used to encrypt | |
# communication with the SMTP server. This is normally | |
# used in conjunction with port 465. | |
# Default `off` | |
#smtp_auth_type = # The method used to authenticate with the SMTP server | |
# Valid options are `plain`, `login`, or `nil` | |
# Default `nil` | |
#smtp_domain = localhost.localdomain | |
# The domain used in the `EHLO` connection and part of | |
# the `Message-ID` header | |
# Default `localhost.localdomain` | |
#smtp_timeout_connect = 60000 | |
# The timeout (in milliseconds) for connecting to the | |
# SMTP server. | |
# Default 60000 | |
#smtp_timeout_send = 60000 | |
# The timeout (in milliseconds) for sending data to the | |
# SMTP server. | |
# Default 60000 | |
#smtp_timeout_read = 60000 | |
# The timeout (in milliseconds) for reading data from | |
# the SMTP server. | |
# Default 60000 | |
#smtp_admin_emails = # Comma separated list of admin emails to receive | |
# notifications. | |
# Example `admin1@example.com, admin2@example.com` | |
# Default `nil` | |
#------------------------------------------------------------------------------- | |
# DATA & ADMIN AUDIT | |
#------------------------------------------------------------------------------- | |
# When enabled, Kong will store detailed audit data regarding Admin API and | |
# database access. In most cases, updates to the database are associated with | |
# Admin API requests. As such, database object audit log data is tied to a | |
# given HTTP via a unique identifier, providing built-in association of Admin | |
# API and database traffic. | |
# audit_log = off # When enabled, Kong will log information about | |
# Admin API access and database row insertions, | |
# updates, and deletes. | |
# audit_log_ignore_methods = # Comma-separated list of HTTP methods that | |
# will not generate audit log entries. By | |
# default, all HTTP requests will be logged. | |
# audit_log_ignore_paths = # Comma-separated list of request paths that | |
# will not generate audit log entries. By | |
# default, all HTTP requests will be logged. | |
# audit_log_ignore_tables = # Comma-separated list of database tables that | |
# will not generate audit log entries. By | |
# default, updates to all database tables will | |
# be logged (the term "updates" refers to the | |
# creation, update, or deletion of a row). | |
# audit_log_record_ttl = 2592000 # Length, in seconds, of the TTL for audit log | |
# records. Records in the database older than | |
# their TTL are automatically purged. | |
# audit_log_signing_key = # Defines the path to a private RSA signing key | |
# that can be used to insert a signature of | |
# audit records, adjacent to the record. The | |
# corresponding public key should be stored | |
# offline, and can be used the validate audit | |
# entries in the future. If this value is | |
# undefined, no signature will be generated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment