├── .gitignore
├── README.md
├── apisix_conf
└── config.yaml
├── apisix_log
└── .keep
├── dashboard_conf
└── conf.yaml
├── docker-compose.yml
├── etcd_conf
└── etcd.conf.yml
├── example-curl-cmds
├── 10_create_versioning.sh
├── 11_create_versioned_route.sh
├── 12_test_new_versioned_route.sh
├── 13_redirect_to_versioned_route.sh
├── 14_update_first_route_plugin_config.sh
├── 15_test_http_301.sh
├── 16_enable_traffic_split.sh
├── 17_test_traffic_split.sh
├── 1_create_upstream.sh
├── 2_create_plugin_config.sh
├── 3_create_route.sh
├── 4_test_current_setup.sh
├── 5_add_consumer.sh
├── 6_enable_basic_auth_per_route.sh
├── 7_test_auth_after_enabled.sh
├── 8_apply_rate_policy.sh
├── 8_enable_prometheus_plugin.sh
└── 9_test_rate_limit.sh
├── grafana_conf
├── config
│ └── grafana.ini
├── dashboards
│ └── apisix-grafana-dashboard.json
└── provisioning
│ ├── dashboards
│ └── all.yaml
│ └── datasources
│ └── all.yaml
└── prometheus_conf
└── prometheus.yml
/.gitignore:
--------------------------------------------------------------------------------
1 | /apisix_log/*
2 | !/apisix_log/.keep
3 |
4 | /etcd_data/*
5 | !/etcd_data/.keep
6 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Manage OpenAI APIs with Apache APISIX Demo
2 |
3 | In this example, Apache APISIX is used to create a simple API gateway that accesses the OpenAI API and manages the traffic by creating a route, upstream and enabling some plugins.
4 | We are going to interact with OpenAI API Completion endpoint to create a product description generator to generate the product description efficiently and accurately.
5 |
6 | Read the related blog post to follow all steps:
7 |
8 | https://api7.ai/blog/power-ai-capabilities-with-apache-apisix
9 |
--------------------------------------------------------------------------------
/apisix_conf/config.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Licensed to the Apache Software Foundation (ASF) under one or more
3 | # contributor license agreements. See the NOTICE file distributed with
4 | # this work for additional information regarding copyright ownership.
5 | # The ASF licenses this file to You under the Apache License, Version 2.0
6 | # (the "License"); you may not use this file except in compliance with
7 | # the License. You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | apisix:
19 | node_listen: 9080 # APISIX listening port
20 | enable_ipv6: false
21 |
22 | enable_control: true
23 | control:
24 | ip: "0.0.0.0"
25 | port: 9092
26 |
27 | deployment:
28 | admin:
29 | allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
30 | - 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test.
31 |
32 | admin_key:
33 | - name: "admin"
34 | key: edd1c9f034335f136f87ad84b625c8f1
35 | role: admin # admin: manage all configuration data
36 |
37 | - name: "viewer"
38 | key: 4054f7cf07e344346cd3f287985e76a2
39 | role: viewer
40 |
41 | etcd:
42 | host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster.
43 | - "http://etcd:2379" # multiple etcd address
44 | prefix: "/apisix" # apisix configurations prefix
45 | timeout: 30 # 30 seconds
46 |
47 | plugin_attr:
48 | prometheus:
49 | export_addr:
50 | ip: "0.0.0.0"
51 | port: 9091
52 |
--------------------------------------------------------------------------------
/apisix_log/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Boburmirzo/apisix-open-ai-api/0e66a20bce9c532bebe05a5e9efe6c48f6625a98/apisix_log/.keep
--------------------------------------------------------------------------------
/dashboard_conf/conf.yaml:
--------------------------------------------------------------------------------
1 | #
2 | # Licensed to the Apache Software Foundation (ASF) under one or more
3 | # contributor license agreements. See the NOTICE file distributed with
4 | # this work for additional information regarding copyright ownership.
5 | # The ASF licenses this file to You under the Apache License, Version 2.0
6 | # (the "License"); you may not use this file except in compliance with
7 | # the License. You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | conf:
19 | listen:
20 | host: 0.0.0.0 # `manager api` listening ip or host name
21 | port: 9000 # `manager api` listening port
22 | allow_list: # If we don't set any IP list, then any IP access is allowed by default.
23 | - 0.0.0.0/0
24 | etcd:
25 | endpoints: # supports defining multiple etcd host addresses for an etcd cluster
26 | - "http://etcd:2379"
27 | # yamllint disable rule:comments-indentation
28 | # etcd basic auth info
29 | # username: "root" # ignore etcd username if not enable etcd auth
30 | # password: "123456" # ignore etcd password if not enable etcd auth
31 | mtls:
32 | key_file: "" # Path of your self-signed client side key
33 | cert_file: "" # Path of your self-signed client side cert
34 | ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates
35 | # prefix: /apisix # apisix config's prefix in etcd, /apisix by default
36 | log:
37 | error_log:
38 | level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal
39 | file_path:
40 | logs/error.log # supports relative path, absolute path, standard output
41 | # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr
42 | access_log:
43 | file_path:
44 | logs/access.log # supports relative path, absolute path, standard output
45 | # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr
46 | # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []}
47 | security:
48 | # access_control_allow_origin: "http://httpbin.org"
49 | # access_control_allow_credentials: true # support using custom cors configration
50 | # access_control_allow_headers: "Authorization"
51 | # access_control-allow_methods: "*"
52 | # x_frame_options: "deny"
53 | content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *" # You can set frame-src to provide content for your grafana panel.
54 |
55 | authentication:
56 | secret:
57 | secret # secret for jwt token generation.
58 | # NOTE: Highly recommended to modify this value to protect `manager api`.
59 | # if it's default value, when `manager api` start, it will generate a random string to replace it.
60 | expire_time: 3600 # jwt token expire time, in second
61 | users: # yamllint enable rule:comments-indentation
62 | - username: admin # username and password for login `manager api`
63 | password: admin
64 | - username: user
65 | password: user
66 |
67 | plugins: # plugin list (sorted in alphabetical order)
68 | - api-breaker
69 | - authz-keycloak
70 | - basic-auth
71 | - batch-requests
72 | - consumer-restriction
73 | - cors
74 | # - dubbo-proxy
75 | - echo
76 | # - error-log-logger
77 | # - example-plugin
78 | - fault-injection
79 | - grpc-transcode
80 | - hmac-auth
81 | - http-logger
82 | - ip-restriction
83 | - jwt-auth
84 | - kafka-logger
85 | - key-auth
86 | - limit-conn
87 | - limit-count
88 | - limit-req
89 | # - log-rotate
90 | # - node-status
91 | - openid-connect
92 | - prometheus
93 | - proxy-cache
94 | - proxy-mirror
95 | - proxy-rewrite
96 | - redirect
97 | - referer-restriction
98 | - request-id
99 | - request-validation
100 | - response-rewrite
101 | - serverless-post-function
102 | - serverless-pre-function
103 | # - skywalking
104 | - sls-logger
105 | - syslog
106 | - tcp-logger
107 | - udp-logger
108 | - uri-blocker
109 | - wolf-rbac
110 | - zipkin
111 | - server-info
112 | - traffic-split
113 |
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
1 | #
2 | # Licensed to the Apache Software Foundation (ASF) under one or more
3 | # contributor license agreements. See the NOTICE file distributed with
4 | # this work for additional information regarding copyright ownership.
5 | # The ASF licenses this file to You under the Apache License, Version 2.0
6 | # (the "License"); you may not use this file except in compliance with
7 | # the License. You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | version: "3"
19 |
20 | services:
21 | apisix-dashboard:
22 | image: apache/apisix-dashboard:2.15.0-alpine
23 | restart: always
24 | volumes:
25 | - ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml
26 | ports:
27 | - "9000:9000"
28 | networks:
29 | apisix:
30 |
31 | apisix:
32 | image: apache/apisix:latest
33 | restart: always
34 | volumes:
35 | - ./apisix_log:/usr/local/apisix/logs
36 | - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
37 | depends_on:
38 | - etcd
39 | ##network_mode: host
40 | ports:
41 | - "9180:9180/tcp"
42 | - "9080:9080/tcp"
43 | - "9091:9091/tcp"
44 | - "9443:9443/tcp"
45 | - "9092:9092/tcp"
46 | networks:
47 | apisix:
48 |
49 | etcd:
50 | image: bitnami/etcd:3.4.15
51 | restart: always
52 | volumes:
53 | - etcd_data:/bitnami/etcd
54 | environment:
55 | ETCD_ENABLE_V2: "true"
56 | ALLOW_NONE_AUTHENTICATION: "yes"
57 | ETCD_ADVERTISE_CLIENT_URLS: "http://etcd:2379"
58 | ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
59 | ports:
60 | - "12379:2379/tcp"
61 | networks:
62 | apisix:
63 |
64 | prometheus:
65 | image: prom/prometheus:v2.25.0
66 | restart: always
67 | volumes:
68 | - ./prometheus_conf/prometheus.yml:/etc/prometheus/prometheus.yml
69 | ports:
70 | - "9090:9090"
71 | networks:
72 | apisix:
73 |
74 | grafana:
75 | image: grafana/grafana:7.3.7
76 | restart: always
77 | ports:
78 | - "3000:3000"
79 | volumes:
80 | - "./grafana_conf/provisioning:/etc/grafana/provisioning"
81 | - "./grafana_conf/dashboards:/var/lib/grafana/dashboards"
82 | - "./grafana_conf/config/grafana.ini:/etc/grafana/grafana.ini"
83 | networks:
84 | apisix:
85 |
86 | networks:
87 | apisix:
88 | driver: bridge
89 |
90 | volumes:
91 | etcd_data:
92 | driver: local
93 |
--------------------------------------------------------------------------------
/etcd_conf/etcd.conf.yml:
--------------------------------------------------------------------------------
1 | #
2 | # Licensed to the Apache Software Foundation (ASF) under one or more
3 | # contributor license agreements. See the NOTICE file distributed with
4 | # this work for additional information regarding copyright ownership.
5 | # The ASF licenses this file to You under the Apache License, Version 2.0
6 | # (the "License"); you may not use this file except in compliance with
7 | # the License. You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | # This is the configuration file for the etcd server.
19 |
20 | # Human-readable name for this member.
21 | name: 'default'
22 |
23 | # Path to the data directory.
24 | data-dir:
25 |
26 | # Path to the dedicated wal directory.
27 | wal-dir:
28 |
29 | # Number of committed transactions to trigger a snapshot to disk.
30 | snapshot-count: 10000
31 |
32 | # Time (in milliseconds) of a heartbeat interval.
33 | heartbeat-interval: 100
34 |
35 | # Time (in milliseconds) for an election to timeout.
36 | election-timeout: 1000
37 |
38 | # Raise alarms when backend size exceeds the given quota. 0 means use the
39 | # default quota.
40 | quota-backend-bytes: 0
41 |
42 | # List of comma separated URLs to listen on for peer traffic.
43 | listen-peer-urls: http://localhost:2380
44 |
45 | # List of comma separated URLs to listen on for client traffic.
46 | listen-client-urls: http://localhost:2379
47 |
48 | # Maximum number of snapshot files to retain (0 is unlimited).
49 | max-snapshots: 5
50 |
51 | # Maximum number of wal files to retain (0 is unlimited).
52 | max-wals: 5
53 |
54 | # Comma-separated white list of origins for CORS (cross-origin resource sharing).
55 | cors:
56 |
57 | # List of this member's peer URLs to advertise to the rest of the cluster.
58 | # The URLs needed to be a comma-separated list.
59 | initial-advertise-peer-urls: http://localhost:2380
60 |
61 | # List of this member's client URLs to advertise to the public.
62 | # The URLs needed to be a comma-separated list.
63 | advertise-client-urls: http://localhost:2379
64 |
65 | # Discovery URL used to bootstrap the cluster.
66 | discovery:
67 |
68 | # Valid values include 'exit', 'proxy'
69 | discovery-fallback: 'proxy'
70 |
71 | # HTTP proxy to use for traffic to discovery service.
72 | discovery-proxy:
73 |
74 | # DNS domain used to bootstrap initial cluster.
75 | discovery-srv:
76 |
77 | # Initial cluster configuration for bootstrapping.
78 | initial-cluster:
79 |
80 | # Initial cluster token for the etcd cluster during bootstrap.
81 | initial-cluster-token: 'etcd-cluster'
82 |
83 | # Initial cluster state ('new' or 'existing').
84 | initial-cluster-state: 'new'
85 |
86 | # Reject reconfiguration requests that would cause quorum loss.
87 | strict-reconfig-check: false
88 |
89 | # Accept etcd V2 client requests
90 | enable-v2: true
91 |
92 | # Enable runtime profiling data via HTTP server
93 | enable-pprof: true
94 |
95 | # Valid values include 'on', 'readonly', 'off'
96 | proxy: 'off'
97 |
98 | # Time (in milliseconds) an endpoint will be held in a failed state.
99 | proxy-failure-wait: 5000
100 |
101 | # Time (in milliseconds) of the endpoints refresh interval.
102 | proxy-refresh-interval: 30000
103 |
104 | # Time (in milliseconds) for a dial to timeout.
105 | proxy-dial-timeout: 1000
106 |
107 | # Time (in milliseconds) for a write to timeout.
108 | proxy-write-timeout: 5000
109 |
110 | # Time (in milliseconds) for a read to timeout.
111 | proxy-read-timeout: 0
112 |
113 | client-transport-security:
114 | # Path to the client server TLS cert file.
115 | cert-file:
116 |
117 | # Path to the client server TLS key file.
118 | key-file:
119 |
120 | # Enable client cert authentication.
121 | client-cert-auth: false
122 |
123 | # Path to the client server TLS trusted CA cert file.
124 | trusted-ca-file:
125 |
126 | # Client TLS using generated certificates
127 | auto-tls: false
128 |
129 | peer-transport-security:
130 | # Path to the peer server TLS cert file.
131 | cert-file:
132 |
133 | # Path to the peer server TLS key file.
134 | key-file:
135 |
136 | # Enable peer client cert authentication.
137 | client-cert-auth: false
138 |
139 | # Path to the peer server TLS trusted CA cert file.
140 | trusted-ca-file:
141 |
142 | # Peer TLS using generated certificates.
143 | auto-tls: false
144 |
145 | # Enable debug-level logging for etcd.
146 | debug: false
147 |
148 | logger: zap
149 |
150 | # Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
151 | log-outputs: [stderr]
152 |
153 | # Force to create a new one member cluster.
154 | force-new-cluster: false
155 |
156 | auto-compaction-mode: periodic
157 | auto-compaction-retention: "1"
158 |
--------------------------------------------------------------------------------
/example-curl-cmds/10_create_versioning.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -d '
2 | {
3 | "plugins": {
4 | "proxy-rewrite": {
5 | "regex_uri": ["/v1/(.*)", "/$1"]
6 | }
7 | }
8 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/11_create_versioned_route.sh:
--------------------------------------------------------------------------------
1 | curl -i http://127.0.0.1:9180/apisix/admin/routes/2 \
2 | -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
3 | {
4 | "name":"OpenAI API completion route",
5 | "desc":"Create a new route in APISIX for the OpenAI API completion endpoint",
6 | "methods":[
7 | "POST"
8 | ],
9 | "uris": ["/v1/openai/product/desc", "/v1/openai/product/desc/", "/v1/openai/product/desc/*"],
10 | "upstream_id":"1",
11 | "plugin_config_id":1
12 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/12_test_new_versioned_route.sh:
--------------------------------------------------------------------------------
1 | curl -i -u username1:password1 http://127.0.0.1:9080/v1/openai/product/desc -X POST -d \
2 | '{
3 | "model":"text-davinci-003",
4 | "prompt":"Write a brief product description for Apple 13 pro",
5 | "temperature":0,
6 | "max_tokens":256
7 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/13_redirect_to_versioned_route.sh:
--------------------------------------------------------------------------------
1 | curl -L http://127.0.0.1:9180/apisix/admin/plugin_configs/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
2 | {
3 | "plugins": {
4 | "redirect": {
5 | "uri": "/v1$uri",
6 | "ret_code": 301
7 | }
8 | }
9 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/14_update_first_route_plugin_config.sh:
--------------------------------------------------------------------------------
1 | curl -i http://127.0.0.1:9180/apisix/admin/routes/1 \
2 | -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -d '
3 | {
4 | "plugin_config_id":2
5 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/15_test_http_301.sh:
--------------------------------------------------------------------------------
1 | curl -i -u username1:password1 http://127.0.0.1:9080/openai/product/desc -X POST -d \
2 | '{
3 | "model":"text-davinci-003",
4 | "prompt":"Write a brief product description for Apple 13 pro",
5 | "temperature":0,
6 | "max_tokens":256
7 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/16_enable_traffic_split.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -d '
2 | {
3 | "plugins": {
4 | "traffic-split": {
5 | "rules": [
6 | {
7 | "weighted_upstreams": [
8 | {
9 | "upstream_id": 2,
10 | "weight": 1
11 | },
12 | {
13 | "weight": 1
14 | }
15 | ]
16 | }
17 | ]
18 | }
19 | }
20 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/17_test_traffic_split.sh:
--------------------------------------------------------------------------------
1 | curl -i -u username1:password1 http://127.0.0.1:9080/v1/openai/product/desc -X POST -d \
2 | '{
3 | "model":"text-davinci-003",
4 | "prompt":"Write a brief product description for Apple 13 pro",
5 | "temperature":0,
6 | "max_tokens":256
7 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/1_create_upstream.sh:
--------------------------------------------------------------------------------
1 | curl "http://127.0.0.1:9180/apisix/admin/upstreams/1" -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" -X PUT -d '
2 | {
3 | "name": "OpenAI API upstream",
4 | "desc": "Add the OpenAI API domain as the upstream",
5 | "type": "roundrobin",
6 | "scheme": "https",
7 | "nodes": {
8 | "api.openai.com:443": 1
9 | }
10 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/2_create_plugin_config.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
2 | {
3 | "plugins":{
4 | "proxy-rewrite":{
5 | "uri":"/v1/completions",
6 | "host":"api.openai.com",
7 | "headers":{
8 | "Authorization":"OpenAI API Key",
9 | "Content-Type":"application/json"
10 | }
11 | }
12 | }
13 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/3_create_route.sh:
--------------------------------------------------------------------------------
1 | curl -i http://127.0.0.1:9180/apisix/admin/routes/1 \
2 | -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
3 | {
4 | "name":"OpenAI API completion route",
5 | "desc":"Create a new route in APISIX for the OpenAI API completion endpoint",
6 | "methods":[
7 | "POST"
8 | ],
9 | "uri":"/openai/product/desc",
10 | "upstream_id":"1",
11 | "plugin_config_id":1
12 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/4_test_current_setup.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9080/openai/product/desc -X POST -d \
2 | '{
3 | "model":"text-davinci-003",
4 | "prompt":"Write a brief product description for Apple 13 pro",
5 | "temperature":0,
6 | "max_tokens":256
7 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/5_add_consumer.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
2 | {
3 | "username": "consumer1",
4 | "plugins": {
5 | "basic-auth": {
6 | "username": "username1",
7 | "password": "password1"
8 | }
9 | }
10 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/6_enable_basic_auth_per_route.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -d '
2 | {
3 | "plugins":{
4 | "basic-auth":{
5 | }
6 | }
7 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/7_test_auth_after_enabled.sh:
--------------------------------------------------------------------------------
1 | curl -i -u username1:password1 http://127.0.0.1:9080/openai/product/desc -X POST -d \
2 | '{
3 | "model":"text-davinci-003",
4 | "prompt":"Write a brief product description for Apple 13 pro",
5 | "temperature":0,
6 | "max_tokens":256
7 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/8_apply_rate_policy.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -d '
2 | {
3 | "plugins":{
4 | "limit-count":{
5 | "count":2,
6 | "time_window":60,
7 | "rejected_code":403,
8 | "rejected_msg":"Requests are too frequent, please try again later.",
9 | "key_type":"var",
10 | "key":"remote_addr"
11 | }
12 | }
13 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/8_enable_prometheus_plugin.sh:
--------------------------------------------------------------------------------
1 | curl http://127.0.0.1:9180/apisix/admin/plugin_configs/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PATCH -d '
2 | {
3 | "plugins":{
4 | "prometheus":{}
5 | }
6 | }'
--------------------------------------------------------------------------------
/example-curl-cmds/9_test_rate_limit.sh:
--------------------------------------------------------------------------------
1 | curl -i -u username1:password1 http://127.0.0.1:9080/openai/product/desc -X POST -d \
2 | '{
3 | "model":"text-davinci-003",
4 | "prompt":"Write a brief product description for Apple 13 pro",
5 | "temperature":0,
6 | "max_tokens":256
7 | }'
--------------------------------------------------------------------------------
/grafana_conf/config/grafana.ini:
--------------------------------------------------------------------------------
1 | ##################### Grafana Configuration Example #####################
2 | #
3 | # Everything has defaults so you only need to uncomment things you want to
4 | # change
5 |
6 | # possible values : production, development
7 | ;app_mode = production
8 |
9 | # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
10 | ;instance_name = ${HOSTNAME}
11 |
12 | #################################### Paths ####################################
13 | [paths]
14 | # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
15 | ;data = /var/lib/grafana
16 |
17 | # Temporary files in `data` directory older than given duration will be removed
18 | ;temp_data_lifetime = 24h
19 |
20 | # Directory where grafana can store logs
21 | ;logs = /var/log/grafana
22 |
23 | # Directory where grafana will automatically scan and look for plugins
24 | ;plugins = /var/lib/grafana/plugins
25 |
26 | # folder that contains provisioning config files that grafana will apply on startup and while running.
27 | ;provisioning = conf/provisioning
28 |
29 | #################################### Server ####################################
30 | [server]
31 | # Protocol (http, https, h2, socket)
32 | ;protocol = http
33 |
34 | # The ip address to bind to, empty will bind to all interfaces
35 | ;http_addr =
36 |
37 | # The http port to use
38 | ;http_port = 3000
39 |
40 | # The public facing domain name used to access grafana from a browser
41 | ;domain = localhost
42 |
43 | # Redirect to correct domain if host header does not match domain
44 | # Prevents DNS rebinding attacks
45 | ;enforce_domain = false
46 |
47 | # The full public facing url you use in browser, used for redirects and emails
48 | # If you use reverse proxy and sub path specify full url (with sub path)
49 | ;root_url = %(protocol)s://%(domain)s:%(http_port)s/
50 |
51 | # Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
52 | ;serve_from_sub_path = false
53 |
54 | # Log web requests
55 | ;router_logging = false
56 |
57 | # the path relative working path
58 | ;static_root_path = public
59 |
60 | # enable gzip
61 | ;enable_gzip = false
62 |
63 | # https certs & key file
64 | ;cert_file =
65 | ;cert_key =
66 |
67 | # Unix socket path
68 | ;socket =
69 |
70 | #################################### Database ####################################
71 | [database]
72 | # You can configure the database connection by specifying type, host, name, user and password
73 | # as separate properties or as on string using the url properties.
74 |
75 | # Either "mysql", "postgres" or "sqlite3", it's your choice
76 | ;type = sqlite3
77 | ;host = 127.0.0.1:3306
78 | ;name = grafana
79 | ;user = root
80 | # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
81 | ;password =
82 |
83 | # Use either URL or the previous fields to configure the database
84 | # Example: mysql://user:secret@host:port/database
85 | ;url =
86 |
87 | # For "postgres" only, either "disable", "require" or "verify-full"
88 | ;ssl_mode = disable
89 |
90 | ;ca_cert_path =
91 | ;client_key_path =
92 | ;client_cert_path =
93 | ;server_cert_name =
94 |
95 | # For "sqlite3" only, path relative to data_path setting
96 | ;path = grafana.db
97 |
98 | # Max idle conn setting default is 2
99 | ;max_idle_conn = 2
100 |
101 | # Max conn setting default is 0 (mean not set)
102 | ;max_open_conn =
103 |
104 | # Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
105 | ;conn_max_lifetime = 14400
106 |
107 | # Set to true to log the sql calls and execution times.
108 | ;log_queries =
109 |
110 | # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
111 | ;cache_mode = private
112 |
113 | #################################### Cache server #############################
114 | [remote_cache]
115 | # Either "redis", "memcached" or "database" default is "database"
116 | ;type = database
117 |
118 | # cache connectionstring options
119 | # database: will use Grafana primary database.
120 | # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'.
121 | # memcache: 127.0.0.1:11211
122 | ;connstr =
123 |
124 | #################################### Data proxy ###########################
125 | [dataproxy]
126 |
127 | # This enables data proxy logging, default is false
128 | ;logging = false
129 |
130 | # How long the data proxy should wait before timing out default is 30 (seconds)
131 | ;timeout = 30
132 |
133 | # If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
134 | ;send_user_header = false
135 |
136 | #################################### Analytics ####################################
137 | [analytics]
138 | # Server reporting, sends usage counters to stats.grafana.org every 24 hours.
139 | # No ip addresses are being tracked, only simple counters to track
140 | # running instances, dashboard and error counts. It is very helpful to us.
141 | # Change this option to false to disable reporting.
142 | ;reporting_enabled = true
143 |
144 | # Set to false to disable all checks to https://grafana.net
145 | # for new vesions (grafana itself and plugins), check is used
146 | # in some UI views to notify that grafana or plugin update exists
147 | # This option does not cause any auto updates, nor send any information
148 | # only a GET request to http://grafana.com to get latest versions
149 | ;check_for_updates = true
150 |
151 | # Google Analytics universal tracking code, only enabled if you specify an id here
152 | ;google_analytics_ua_id =
153 |
154 | # Google Tag Manager ID, only enabled if you specify an id here
155 | ;google_tag_manager_id =
156 |
157 | #################################### Security ####################################
158 | [security]
159 | # disable creation of admin user on first start of grafana
160 | ;disable_initial_admin_creation = false
161 |
162 | # default admin user, created on startup
163 | ;admin_user = admin
164 |
165 | # default admin password, can be changed before first start of grafana, or in profile settings
166 | ;admin_password = admin
167 |
168 | # used for signing
169 | ;secret_key = SW2YcwTIb9zpOOhoPsMm
170 |
171 | # disable gravatar profile images
172 | ;disable_gravatar = false
173 |
174 | # data source proxy whitelist (ip_or_domain:port separated by spaces)
175 | ;data_source_proxy_whitelist =
176 |
177 | # disable protection against brute force login attempts
178 | ;disable_brute_force_login_protection = false
179 |
180 | # set to true if you host Grafana behind HTTPS. default is false.
181 | ;cookie_secure = false
182 |
183 | # set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
184 | ;cookie_samesite = none
185 |
186 | # set to true if you want to allow browsers to render Grafana in a ,