templates/default/kong.yml.erb
<% require 'yaml' -%>
# Generated by Chef
<%= @config.to_hash.to_yaml.gsub(/([-:] )([^"']\S*[\.:]+\S*)\b/m, '\1"\2"') %>
## Nginx configuration
nginx: |
{{user}}
worker_processes auto;
error_log logs/error.log error;
daemon on;
worker_rlimit_nofile {{auto_worker_rlimit_nofile}};
env KONG_CONF;
env PATH;
events {
worker_connections {{auto_worker_connections}};
multi_accept on;
}
http {
resolver {{dns_resolver}} ipv6=off;
charset UTF-8;
access_log logs/access.log;
access_log off;
# Timeouts
keepalive_timeout 60s;
client_header_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
# Proxy Settings
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_ssl_server_name on;
# IP Address
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
real_ip_recursive on;
# Other Settings
client_max_body_size 0;
underscores_in_headers on;
reset_timedout_connection on;
tcp_nopush on;
################################################
# The following code is required to run Kong #
# Please be careful if you'd like to change it #
################################################
# Lua Settings
lua_package_path ';;';
lua_code_cache on;
lua_max_running_timers 4096;
lua_max_pending_timers 16384;
lua_shared_dict reports_locks 100k;
lua_shared_dict cluster_locks 100k;
lua_shared_dict cluster_autojoin_locks 100k;
lua_shared_dict cache {{memory_cache_size}}m;
lua_shared_dict cassandra 1m;
lua_shared_dict cassandra_prepared 5m;
lua_socket_log_errors off;
{{lua_ssl_trusted_certificate}}
init_by_lua_block {
kong = require "kong"
kong.init()
}
init_worker_by_lua_block {
kong.init_worker()
}
server {
server_name _;
listen {{proxy_listen}};
listen {{proxy_listen_ssl}} ssl;
ssl_certificate_by_lua_block {
kong.ssl_certificate()
}
<% if @manage_ssl_certificate -%>
<%=
@ssl_cert = '{{ssl_cert}}'
@ssl_key = '{{ssl_key}}'
render 'nginx.erb', cookbook: 'ssl_certificate'
%>
<% else -%>
ssl_certificate {{ssl_cert}};
ssl_certificate_key {{ssl_key}};
<% end -%>
location / {
default_type 'text/plain';
# These properties will be used later by proxy_pass
set $upstream_host nil;
set $upstream_url nil;
# Authenticate the user and load the API info
access_by_lua_block {
kong.access()
}
# Proxy the request
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $upstream_host;
proxy_pass $upstream_url;
proxy_pass_header Server;
# Add additional response headers
header_filter_by_lua_block {
kong.header_filter()
}
# Change the response body
body_filter_by_lua_block {
kong.body_filter()
}
# Log the request
log_by_lua_block {
kong.log()
}
}
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}
error_page 500 502 503 504 /50x;
location = /50x {
internal;
content_by_lua_block {
require("kong.core.error_handlers")(ngx)
}
}
}
server {
listen {{admin_api_listen}};
client_max_body_size 10m;
client_body_buffer_size 10m;
location / {
default_type application/json;
content_by_lua_block {
ngx.header["Access-Control-Allow-Origin"] = "*"
if ngx.req.get_method() == "OPTIONS" then
ngx.header["Access-Control-Allow-Methods"] = "GET,HEAD,PUT,PATCH,POST,DELETE"
ngx.header["Access-Control-Allow-Headers"] = "Content-Type"
ngx.exit(204)
end
local lapis = require "lapis"
lapis.serve "kong.api.app"
}
}
location /nginx_status {
internal;
access_log off;
stub_status;
}
location /robots.txt {
return 200 'User-agent: *\nDisallow: /';
}
}
}