OpenResty Edge's configuration files

Configuration files for OpenResty Edge Admin

File path: /usr/local/oredge-admin/conf/config.ini

After modifying the configuration, you will need to execute the following command to restart the service for the new configuration to take effect.

sudo systemctl start upgrade-oredge-admin

postgresql

[postgresql]
host = 127.0.0.1
port = 5432
max_idle_timeout = 60
pool_size = 100
backlog = 256
database = "or_edge_admin"
user = "USER"
password = 'PASSWORD'
ssl = false
ssl_verify = false
ssl_required = false
endpoints="postgresql://127.0.0.1:5432,127.0.0.1:5433/or_edge_admin?user=or_edge_admin&password=PASSWORD&pool_size=10"
check_primary_interval = 5

This configuration block configures the database connection for OpenResty Edge Admin.

  • host: The hostname or IP address of the PostgreSQL database server. It is set to 127.0.0.1 by default, assuming the database and OpenResty Edge Admin are deployed on the same machine.
  • port: The service port of the database. The default value is 5432.
  • max_idle_timeout: The duration for keeping idle long-lived connections. The default value is 60 seconds.
  • pool_size: The size of the connection pool for connecting to the database.
  • backlog: Specifies the maximum queue length for waiting connections. When all connections in the connection pool are occupied, new connection requests will enter the waiting queue.
  • database: Specifies the name of the database to which to connect.
  • user: The username used to access the database.
  • password: The password used to access the database.
  • ssl: Specifies whether to use SSL encryption for the connection.
  • ssl_verify: Specifies whether to verify the SSL certificate.
  • ssl_required: Specifies whether to enforce the use of SSL connections.
  • endpoints: Specifies the database endpoints to connect to. Only one primary database can exist at a time. When multiple endpoints are present, the first primary database in the list will be used. This configuration is used primarily for database failover. The format is “postgresql://host:port/database?args”. For example: "postgresql://127.0.0.1:5432,127.0.0.1:5433/or_edge_admin?user=or_edge_admin&password=PASSWORD&pool_size=10" represents connecting to two database endpoints, “127.0.0.1:5432” and “127.0.0.1:5433”, with the database name “or_edge_admin”, and specifies connection parameters such as username, password, connection pool size, and idle timeout.
  • check_primary_interval: Specifies the time interval for checking the primary and secondary databases in the endpoints list. The default value is 5 seconds.

It’s important to note that all configuration items except max_idle_timeout and check_primary_interval can be passed as parameters in the endpoints parameter. Additionally, the password parameter value in endpoints will be replaced with encrypted content after the first startup, so please remember your original password. When special characters such as & and = are present in the parameters or parameter values of endpoints, they must be URL-encoded. For example, & should be encoded as %40, and = should be encoded as %3D.

clone_admin

[clone_admin]
host = "192.168.1.2"
port = 12345
role = "normal"

This configuration block is used to configure another OpenResty Edge Admin.

  • host is the address of another OpenResty Edge Admin
  • port is the port of another OpenResty Edge Admin
  • role is the role type of another OpenResty Edge Admin. The values are: normal, main, and staging.
    • normal is the default value and indicates a generic OpenResty Edge Admin.
    • main indicates the main OpenResty Edge Admin.
    • staging indicates grayscale OpenResty Edge Admin.

log_server

[log_server]
endpoints = "https://192.168.0.2:12346"

# The following configuration is used in versions prior to 23.12.1.
host = 127.0.0.1
mbus_port = 12346

This configuration block is used to specify information about the OpenResty Edge Log Server.

  • The endpoints option is used to set the connection address of the OpenResty Edge Log Server instances. If you have multiple instances, you can separate them with commas, e.g. endpoints = "https://192.168.0.2:12346, https://192.168.0.3:12346". This is a new configuration added in version 23.12.1, replacing the old host, mbus_port configuration items.
  • The host and mbus_port configuration items specify the hostname and RPC communication port of the OpenResty Edge Log Server instance. In version 23.12.1 and later, it is recommended to use endpoints.

log_server_heartbeat

[log_server_heartbeat]
enable = true
interval = 1
down_threshold = 1
up_threshold = 1

This configuration block is used to configure health checks for the OpenResty Edge Log Server.

  • enable is used to enable or disable the health check.
  • interval is the heartbeat interval.
  • down_threshold is the unhealthy threshold, the number of failed requests reaches this threshold, and the Log Server is considered unhealthy.
  • up_threshold is the health threshold. If the number of successful requests reaches this threshold, then Log Server is considered healthy.

acme

[acme]
acme_skip_precheck = false
auto_renew_interval = 3600
max_retries = 100
nameservers = "1.1.1.1,8.8.8.8"
http_timeout = 60
acme_skip_duplicate_check = false

This configuration block is used to configure the behavior when using a third-party certificate provider.

  • acme_skip_precheck is used to control whether to skip the precheck before a certificate is issued, such as “whether the DNS record for the domain name points to OpenResty Edge”.
  • auto_renew_interval is used to set the interval for automatically checking and renewing certificates, defaulting to 3600 seconds.
  • max_retries is used to set the number of challenge retries during certificate issuance, with a default value of 100.
  • nameservers is used to configure the DNS servers used for domain name resolution, defaulting to 1.1.1.1 and 8.8.8.8. This configuration was first introduced in version 23.6.1.
  • http_timeout is used to set the timeout for certificate issuance requests to the ACME server, defaulting to 60 seconds. This configuration was first introduced in version 23.6.1.
  • Setting acme_skip_duplicate_check = true will allow multiple ACME certificates to be configured for the same domain name. This configuration was first introduced in version 24.9.1.

config

[config]
max_full_sync_batch = 500
max_full_sync_qps = 5
max_delta_sync_qps = 500
admin_api_port = 8088
admin_api_scheme = http
max_history = 5000
gc_history_threshold = 1000
gc_ts_threshold = 259200
clean_ts_threshold = 604800
clean_sync_delta_interval = 86400

This configuration block is used to specify the configuration of OpenResty Edge Admin’s service port, configuration synchronization, etc.

  • max_full_sync_batch: The number of configurations synchronized when full sync is used.
  • max_full_sync_qps: The speed limit configuration for full sync. The default value is 5.
  • max_delta_sync_qps: The speed limit configuration for delta sync. The default value is 500.
  • admin_api_port: The srvice port of OpenResty Edge Admin.
  • admin_api_scheme: The service type of OpenResty Edge Admin.
  • max_history: In each configuration database, the part of the incremental sync data versions exceeding max_history will be cleaned up, with a default of 5000.
  • gc_history_threshold: In all configuration databases, the versions of the incremental sync data exceeding gc_history_threshold, and the time before gc_ts_threshold, will be cleaned up, with a default of 1000.
  • gc_ts_threshold: In all configuration databases, the versions of the incremental sync data exceeding gc_history_threshold, and the time before gc_ts_threshold, will be cleaned up. The default is 259200 seconds, which is 3 days.
  • clean_ts_threshold: In all configuration databases, the incremental sync data generated before clean_ts_threshold will be cleaned up, with a default of 604800 seconds, which is 7 days.
  • clean_sync_delta_interval: The interval for performing cleanup operations, with a default of 86400 seconds, which is 1 day.

static_file

[static_file]
max_download_qps = 5
full_sync_max_batch_size = 50
delta_sync_max_batch_size = 50
delta_sync_max_diff_version = 100
temp_file_root = "/tmp"
max_single_file_size = 10485760
max_archive_dir_size = 104857600
list_delta_limit = 5
  • max_download_qps is the QPS for downloading static files. The default value is 5.
  • full_sync_max_batch_size is the batch size for full sync. The default value is 50.
  • delta_sync_max_batch_size is the batch size for delta synchronization. The default value is 50.
  • delta_sync_max_diff_version exceeds this threshold, full sync is used. Otherwise, delta sync is used.
  • temp_file_root is used to specify the temporary directory for static files. When uploading files to OpenResty Edge, they will be stored in this temporary directory first.
  • max_single_file_size is the maximum size of a single file, files exceeding this size will not be uploaded.
  • max_archive_dir_size is the maximum size of compressed files when uploading files in bulk, files exceeding this size will not be uploaded.
  • list_delta_limit is the QPS for OpenResty Node to get the list of changed files. The default value is 5.

license

[license]
http_proxy = "http://127.0.0.1:2000"
authorization = "UESRNAME:PASSWORD"

This configuration block is used to configure the License synchronization.

  • http_proxy is the URL to use when using the proxy.
  • authorization is the authentication information for the proxy.

waf_rules

[waf_rules]
temp_file_root = "/tmp"

This configuration block is the configuration related to the WAF rules.

  • temp_file_root is the directory where WAF rules are temporarily cached when uploaded.

rotate_log

[rotate_log]
interval = 86400
max_kept_file = 128

This configuration block is used to configure the log rotation.

  • interval is the rotation interval.
  • max_kept_file is the maximum number of log files to keep.

dns_healthcheck

[dns_healthcheck]
interval = 10

This configuration block is used to configure DNS health checks.

  • interval is used to set the DNS health check interval in seconds. The default value is 10.

dns

[dns]
client_limiter_rate = 50
client_limiter_burst = 100

This configuration block is used to set up DNS related configurations.

  • client_limiter_rate and client_limiter_burst are used to control the rate at which DNS query requests are sent. For example, when using a domain name as the Host for a Kubernetes cluster, DNS resolution occurs before accessing the cluster. These two configurations were introduced in versions 23.6.1-31 and 23.12.16-1 and later.

log_server_health_check

[log_server_health_check]
request_interval = 1
healthy_threshold = 2
unhealthy_threshold = 3
connect_timeout = 10

This configuration block is used to set the health check parameters for the Log Server. In scenarios where multiple Log Server instances are deployed, the health check mechanism can quickly identify and switch to available instances, thereby improving overall service quality.

The parameters are explained as follows:

  • request_interval: Defines the interval between health check requests, in seconds. The default value is 1 second.

  • healthy_threshold: The health threshold, with a default value of 2. When the number of consecutive successful health checks reaches this threshold, the system will mark the Log Server instance as healthy.

  • unhealthy_threshold: The unhealthy threshold, with a default value of 3. When the number of consecutive failed health checks reaches this threshold, the system will mark the Log Server instance as unhealthy.

  • connect_timeout: The connection timeout, in seconds, with a default value of 10 seconds. This is the maximum time the system will attempt to connect to the Log Server. If the connection is not successful within this time, the current request is considered a failure.

By adjusting these parameters appropriately, you can optimize the sensitivity and accuracy of health checks based on your specific network environment and business requirements, thereby ensuring high availability of the logging service.

Configuration file for OpenResty Edge Node

File path: /usr/local/oredge-node/conf/config.ini

After modifying the configuration, you will need to execute the following command to restart the service for the new configuration to take effect.

sudo systemctl start upgrade-oredge-node

admin

[admin]
host = 127.0.0.1
port = 12345
ssl_host = ADMIN_HOST_COM
protocol = "wss"
host2 = 127.0.0.1
port2 = 12345
protocol2 = "https"

This configuration block is used to configure the information of OpenResty Edge Admin, according to which OpenResty Edge Node will connect to the corresponding OpenResty Edge Admin.

  • host is the address of the OpenResty Edge Admin.
  • port is the service port of OpenResty Edge Admin.
  • ssl_host is the domain name of OpenResty Edge Admin, which will be used during the SSL handshake.
  • protocol is the protocol used to connect to OpenResty Edge Admin and can take the values wss and https.

If there is a second OpenResty Edge Admin, you can connect to this OpenResty Edge Admin by configuring host2, port2, protocol2.

log_server

[log_server]
endpoints = "https://192.168.0.2:12346"

# Optional
mbus_use_host_as_sni = true
mbus_sni = "logserver.test.com"

# The following configuration is used in versions prior to 23.12.1.
host = "127.0.0.1"
port = 12346
protocol = "https"

This configuration block configures OpenResty Edge Log Server information for OpenResty Edge Node.

  • The endpoints option is used to set the address of the OpenResty Edge Log Server instances. If you have multiple instances, you can separate them with commas, e.g. endpoints = "https://192.168.0.2:12346, https://192.168.0.3:12346". This is a new configuration added in version 23.12.1, replacing the old host, port and protocol configuration items.
  • The host, port, and protocol configuration items specify the host, port, and protocol of the OpenResty Edge Log Server. In version 23.12.1 and later versions, it’s recommended to use endpoints.
  • The mbus_use_host_as_sni option indicates whether the host name should be used as the SNI (Server Name Indication) during the SSL handshake.
  • The mbus_sni configuration item has a similar function to mbus_use_host_as_sni. However, if you choose to use mbus_sni, you can directly specify the SNI during the SSL handshake.

healthcheck

[healthcheck]
update_always_check_ups_interval = 180
run_interval = 1
check_interval = 60
pool_size = 512

This configuration block is used to configure upstream health checks.

  • update_always_check_ups_interval is the interval to update the upstream with the always check flag turned on.
  • run_interval is the interval to perform health checks.
  • check_interval is the interval to check the health check results and to continue the health check at a later time if the results expire.
  • pool_size is the connection pool size to use when connecting to the other side.

config

[config]
lmdb = /usr/local/oredge-node/data/config.mdb
lmdb_size = 8192m
disable_core_file_cleanup = false

This configuration block is some general configuration for the OpenResty Edge Node.

  • lmdb is the file path of the OpenResty Edge Node local database.
  • lmdb_size is the size of the database file. If you want to change it, please refer to this document: LMDB Size Change and Backup Recovery #
  • disable_core_file_cleanup is used to enable the deletion of core files generated by OpenResty Edge Node.

dns

[dns]
enable_access_log = true
enable_limiter = true
enable_cache = true
cache_ttl = 1
client_limiter_rate = 50
client_limiter_burst = 100

This configuration block is the DNS-related configuration for the OpenResty Edge Node.

  • enable_access_log is used to control whether access logging is enabled.
  • enable_limiter is used to control whether to enable speed limiting.
  • enable_cache controls whether caching is enabled or not, and cache_ttl is the cache expiration date.
  • The client_limiter_rate and client_limiter_burst are used to control the rate at which DNS query requests are sent. For example, when a domain name is used as an upstream, DNS resolution takes place before accessing the upstream. These two configuration items were introduced in versions 23.6.1-31 and 23.12.16-1 and later.

access_log

[access_log]
max_log_count = 4096

This configuration block is used to configure the OpenResty Edge Node’s access logs.

  • max_log_count is used to control the number of access logs that can be opened dynamically.

Configuration file for OpenResty Edge Log Server

File path: /usr/local/oredge-log-server/conf/config.ini

After modifying the configuration, you will need to execute the following command to restart the service for the new configuration to take effect.

sudo systemctl start upgrade-oredge-log-server

postgresql

[postgresql]
host = 127.0.0.1
port = 5432
max_idle_timeout = 60
pool_size = 50
database = "or_edge_log_server"
user = "USERNAME"
password = 'PASSWORD'
backlog = 1024

This configuration block is used to configure the database information to be used by the OpenResty Edge Log Server.

stash

[stash]
errlog_size = 100
events_size = 1024
health_check_size = 512
http_metric_size = 1024
sys_monitor_size = 100

This configuration block is used to configure the buffer size for error logging, event, and other logging. This buffer is used before writing to the database to avoid frequent database writes.

  • errlog_size is used for error logging.
  • events_size Used for event notification logging.
  • health_check_size is used for health check logging.
  • http_metric_size for upstream metrics and HTTP metrics.
  • sys_monitor_size Used for OpenResty Edge Node system monitor logging.

alarm

[alarm]
disable_waf_alarm = true

This configuration block is used to configure the alarm.

  • disable_waf_alarm is used to disable the alarm for WAF. WAF events may be numerous and cause a lot of data to be transmitted to OpenRest Edge Admin and written to OpenResty Edge Admin’s database, so we provide an option to disable it.

Configuration file for OpenResty PostgreSQL

Configuration file path: /var/postgres12/data/postgresql.conf Access control file path: /var/postgres12/data/pg_hba.conf

When OpenRsty Edge Admin and the database it uses are on the same machine, when OpenRsty Edge Log Server and the database it uses are on the same machine, no additional database configuration is usually required. When OpenRsty Edge Admin and its database are deployed on different machines, the following configuration is required.

Change the following configuration in /var/postgres12/data/postgresql.conf

from

# listen_addresses = 'localhost'

to

listen_addresses = '*'

Next, modify /var/postgres12/data/pg_hba.conf to allow OpenResty Edge Admin access to the database.

host    all     all      10.0.0.1/32             md5

10.0.0.1/32 indicates the range of IP addresses allowed to access the database.

After all, changes have been made, restart the database to make the new configuration take effect:

sudo systemctl restart openresty-postgresql12