Admin Console
Runnable bundle with embedded admin, sample access/error logs, TLS certs, and SQLite-backed audit state.
Source: examples/admin-console/.
Configuration
yaml
version: v1
port: 8080
admin:
enabled: true
port: 9080
database:
driver: sqlite
dsn: file:./admin.db?cache=shared&_fk=1
web:
dev_proxy: true
geoip:
ingress_label: 上海
ingress_lat: 31.2304
ingress_lng: 121.4737
cache:
ttl: 300
prefix: "ingress:"
waf:
enabled: true
log_only: false
builtin: true
trust_proxy: true
healthcheck:
outer:
enable: true
path: /healthz
ok: true
inner:
enable: true
interval: 30
timeout: 5
https:
port: 8443
redirect_from_http:
permanent: true
ssl:
- domain: api.example.com
cert:
certificate: ./certs/api.example.com.pem
certificate_key: ./certs/api.example.com.key.pem
- domain: cdn.example.com
cert:
certificate: ./certs/cdn.example.com.pem
certificate_key: ./certs/cdn.example.com.key.pem
- domain: assets.cdn.example.com
cert:
certificate: ./certs/assets.cdn.example.com.pem
certificate_key: ./certs/assets.cdn.example.com.key.pem
- domain: admin.internal
cert:
certificate: ./certs/admin.internal.pem
certificate_key: ./certs/admin.internal.key.pem
- domain: legacy.example.com
cert:
certificate: ./certs/legacy.example.com.pem
certificate_key: ./certs/legacy.example.com.key.pem
- domain: tunnel-a.inlets.example.com
cert:
certificate: ./certs/tunnel-a.inlets.example.com.pem
certificate_key: ./certs/tunnel-a.inlets.example.com.key.pem
- domain: waf-demo.example.com
cert:
certificate: ./certs/waf-demo.example.com.pem
certificate_key: ./certs/waf-demo.example.com.key.pem
- domain: portal.example.com
cert:
certificate: ./certs/portal.example.com.pem
certificate_key: ./certs/portal.example.com.key.pem
fallback:
type: handler
handler:
type: static_response
headers:
Content-Type: text/plain; charset=utf-8
body: |
fallback ok
services:
- name: api.internal
port: 8080
note: API 主集群(演示用 handler 替代)
- name: api-v2.internal
port: 8080
note: API v2 路径专用
- name: home
port: 8080
rules:
- host: api.example.com
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"ok":true,"service":"api"}
cache:
enabled: true
ttl: 300
paths:
- path: /v2
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"v2":true,"users":[]}
cache:
enabled: true
ttl: 600
max_body_bytes: 2097152
- path: /public
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"public":true}
cache:
enabled: true
ttl: 300
max_body_bytes: 2097152
- path: /search
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"results":[]}
- path: /error/400
backend:
type: handler
handler:
type: static_response
status_code: 400
headers:
Content-Type: application/json
body: |
{"error":"bad request"}
- path: /error/403
backend:
type: handler
handler:
type: static_response
status_code: 403
headers:
Content-Type: application/json
body: |
{"error":"forbidden"}
- path: /error/500
backend:
type: handler
handler:
type: static_response
status_code: 500
headers:
Content-Type: application/json
body: |
{"error":"internal"}
- host: cdn.example.com
backend:
type: handler
handler:
type: file_server
root_dir: ./static
index_file: assets/app.js
cache:
enabled: true
ttl: 3600
- host: assets.cdn.example.com
host_type: exact
backend:
type: handler
handler:
type: file_server
root_dir: ./static
index_file: static/main.js
cache:
enabled: true
ttl: 3600
- host: portal.example.com
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: text/html; charset=utf-8
body: |
<!doctype html><html><body><h1>portal</h1></body></html>
cache:
enabled: true
ttl: 120
- host: ^([a-z0-9-]+)\.inlets\.example\.com$
host_type: regex
backend:
service:
name: ${host.1}.tunnel
port: 443
protocol: https
- host: admin.internal
backend:
type: handler
handler:
headers:
Content-Type: text/plain; charset=utf-8
body: |
admin console demo host
cache:
enabled: true
ttl: 60
paths:
- path: /healthz
backend:
type: handler
handler:
headers:
Content-Type: text/plain; charset=utf-8
body: |
ok
- host: legacy.example.com
backend:
type: redirect
redirect:
url: https://www.example.com$request_uri
permanent: true
cache:
enabled: true
ttl: 120
- host: httpbin.work
backend:
service:
mode: external
protocol: https
name: httpbin.zcorky.com
port: 443
scenarios:
active: default
items:
- id: peak
label: 高峰
description: Admin 演示 — 延长 api.example.com 缓存 TTL
overlay:
rules:
- host: api.example.com
backend:
cache:
enabled: true
ttl: 900Key points:
admin.enabled: true— API on port 9080 in the same process as the proxy (8080 / 8443).admin.auth.type: basic— explicit login for this demo bundle (admin/admin); default auth type isnone— see Admin auth example.admin.web.dev_proxy: true— API only; runcd core/admin/web && pnpm devfor the UI.- When
loggingis omitted, file logs default to./access.logand./error.lognext to this YAML (no/var/log/ingressrequired).
Validate and run
bash
ingress validate -c examples/admin-console/ingress.yaml
ingress run -c examples/admin-console/ingress.yamlExpected startup lines:
text
Admin started at http://127.0.0.1:9080
Server started at http://127.0.0.1:8080Sample data
| Asset | Purpose |
|---|---|
access.log / error.log | Pre-generated lines for the Logs UI |
admin.db | Created on first start; empty DB gets bootstrap WAF events and audit rows |
certs/ | Sample TLS files referenced by https.ssl |
Regenerate helpers (from repo root):
bash
python3 examples/admin-console/scripts/gen_sample_data.py
go run ./examples/admin-console/scripts/gen_sample_certs/main.goSee also the Admin console guide.