iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/05-apisix-remove-ssl.md
Murat ÖZDEMİR 81c38e8d39 initial commit
2026-05-09 16:26:06 +03:00

1.4 KiB
Raw Permalink Blame History

05 — APISIX: Remove SSL / Configure Trusted Proxy (Prod)

Context

Identical to test-env-setup/05-apisix-remove-ssl.md.

The same init/apisix-core/init.sh and custom APISIX image are used for both environments. Changes made for test already apply to prod.

Checklist

  • ssls/1 PUT block removed from init/apisix-core/init.sh
  • dev SSL block removed or confirmed non-impactful for prod
  • Custom APISIX image (custom-apisix:3.12.0) config.yaml contains real_ip_header and set_real_ip_from for overlay CIDR (10.0.0.0/8)
  • New image built and pushed to Harbor if config.yaml was changed: bash docker build -t registry.tarla.io/iklimco/custom-apisix:3.12.0 . docker push registry.tarla.io/iklimco/custom-apisix:3.12.0

Prod-specific note

APISIX runs with replicas: 2 in prod. Both replicas receive the same configuration from etcd — no additional steps needed beyond the single init run.

The init/apisix-core/init.sh is called once (from the pipeline) and configures the shared etcd state that all APISIX instances read from.

Verification

# From a whitelisted IP, make a request and check real IP in APISIX logs
docker exec $(docker ps -q -f name=iklimco_apisix | head -1) \
  tail -5 /usr/local/apisix/logs/access.log

Client IP should appear in the log, not SWAG's internal overlay IP.