Skip to main content

Installing APISIX

  1. Open a terminal on your VM.
  2. Make a folder for APISIX:
    sudo mkdir -p /opt/apisix
  3. Create the file /opt/apisix/apisix.yaml:
    sudo nano /opt/apisix/apisix.yaml
  4. Copy and paste exactly this content into apisix.yaml. Replace YOUR_BASE64_DEMO_TOKEN and YOUR_BASE64_LIVE_TOKEN with your real Base64(API_KEY:SECRET_KEY) strings:
    role: data_plane

apisix:
  node_listen: 9080  # APISIX listens on port 9080 for HTTP

consumers:
  - username: finmars
    plugins:
      basic-auth:
        username: foo  # Basic auth user for APISIX
        password: bar  # Basic auth password for APISIX

upstreams:
  - id: 1
    nodes:
      api-demo.exante.eu:443: 1
    scheme: https
    pass_host: node
    type: roundrobin

  - id: 2
    nodes:
      api-live.exante.eu:443: 1
    scheme: https
    pass_host: node
    type: roundrobin

plugin_configs:
  - id: 1
    plugins:
      basic-auth: {}
      proxy-rewrite:
        headers:
          set:
            # Replace with your Base64(API_KEY:SECRET_KEY) for demo
            Authorization: "Basic YOUR_BASE64_DEMO_TOKEN"
        regex_uri:
          - "^/demo/(.*)"
          - "/$1"

  - id: 2
    plugins:
      basic-auth: {}
      proxy-rewrite:
        headers:
          set:
            # Replace with your Base64(API_KEY:SECRET_KEY) for live
            Authorization: "Basic YOUR_BASE64_LIVE_TOKEN"
        regex_uri:
          - "^/live/(.*)"
          - "/$1"

routes:
  - priority: 0
    status: 1
    uris:
      - /demo/md/*/accounts
      - /demo/md/*/symbols/*
      - /demo/md/*/summary/*
      - /demo/md/*/ohlc/*
      - /demo/md/*/transactions
      - /demo/trade/*/orders/*
    upstream_id: 1
    plugin_config_id: 1

  - priority: 0
    status: 1
    uris:
      - /live/md/*/accounts
      - /live/md/*/symbols/*
      - /live/md/*/summary/*
      - /live/md/*/ohlc/*
      - /live/md/*/transactions
      - /live/trade/*/orders/*
    upstream_id: 2
    plugin_config_id: 2

#END
  5. Save and close the file:
    • Press Ctrl+O, then Enter to save.
    • Press Ctrl+X to exit Nano.

2. Create a restart script for APISIX

  1. In the terminal, make a new script:
    nano /opt/apisix/restart_apisix.sh
  2. Copy and paste this into restart_apisix.sh:
    #!/bin/bash

# If a container named "apache-apisix" exists, stop and remove it
if docker ps -a --format '{{.Names}}' | grep -Eq "^apache-apisix\$"; then
  echo "Stopping and removing existing apache-apisix container..."
  docker stop apache-apisix
  docker rm apache-apisix
fi

echo "Starting a new APISIX container..."
docker run -d \
  --name apache-apisix \
  -p 9080:9080 \
  -e APISIX_STAND_ALONE=true \
  -v /opt/apisix/apisix.yaml:/usr/local/apisix/conf/config.yaml \
  -v /opt/apisix/apisix.yaml:/usr/local/apisix/conf/apisix.yaml \
  apache/apisix

echo "APISIX container is now running."
  3. Save and close:
    • Press Ctrl+O, then Enter.
    • Press Ctrl+X.
  4. Make the script executable:
    chmod +x /opt/apisix/restart_apisix.sh

3. Run APISIX for the first time

  1. In the terminal, run:
    ./restart_apisix.sh
  2. Wait a few seconds. APISIX will start in Docker, listening on port 9080, reading your /opt/apisix/apisix.yaml as both config.yaml and apisix.yaml.
  3. Check that it is running:
    sudo docker ps

    You should see a line for apache/apisix with 0.0.0.0:9080->9080/tcp.
  4. Look at the logs to ensure no errors:
    sudo docker logs apache-apisix

    You should see messages like “config file … reloaded” and no errors.

4. Test APISIX locally with curl (no Nginx yet)

  1. In the terminal, run:
    curl -u foo:bar http://127.0.0.1:9080/demo/md/3.0/accounts
    • -u foo:bar sends your Basic Auth.
    • The path /demo/md/3.0/accounts matches your route pattern /demo/md/*/accounts.
  2. If everything is correct, you will see JSON returned from Exante.
    If you see {"error_msg":"404 Route Not Found"}, double-check that the path matches exactly and that your tokens are correct.

5. Install and configure Nginx and Let’s Encrypt

5.1. Install Nginx

  1. Update package lists:
    sudo apt update
  2. Install Nginx:
    sudo apt install nginx -y
  3. Start and enable Nginx:
    sudo systemctl start nginx
sudo systemctl enable nginx

5.2. Install Certbot for Let’s Encrypt

  1. Add repositories and update:
    sudo apt install software-properties-common -y
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt update
  2. Install Certbot with Nginx plugin:
    sudo apt install certbot python3-certbot-nginx -y

5.3. Obtain a certificate for your domain

  1. Make sure your DNS A record for abeta-proxy.finmars.com points to 16.170.231.65.
  2. Run:
    sudo certbot --nginx -d abeta-proxy.finmars.com
  3. Follow the prompts:
    1. Enter your email, then press Enter.
    2. Agree to terms by typing A, then Enter.
    3. Choose option 2 to redirect HTTP to HTTPS, then Enter.

Certbot will create an Nginx site file and install the certificate under /etc/letsencrypt/live/abeta-proxy.finmars.com/.

6. Configure Nginx to proxy to APISIX

  1. Open the site file Certbot created:
    sudo nano /etc/nginx/sites-available/abeta-proxy.finmars.com.conf
  2. Inside the server { ... } block for port 443, find these lines:
    listen 443 ssl;
server_name abeta-proxy.finmars.com;

ssl_certificate /etc/letsencrypt/live/abeta-proxy.finmars.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abeta-proxy.finmars.com/privkey.pem;
  3. Right below them, add:
    location / {
    proxy_pass http://127.0.0.1:9080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

    After editing, that server { } block looks like:
    server {
    listen 443 ssl;
    server_name abeta-proxy.finmars.com;

    ssl_certificate /etc/letsencrypt/live/abeta-proxy.finmars.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/abeta-proxy.finmars.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
  4. Make sure there is also a block that redirects HTTP to HTTPS. It looks like:
    server {
    listen 80;
    server_name abeta-proxy.finmars.com;
    return 301 https://$host$request_uri;
}
  5. Save and close:
    • Press Ctrl+O, then Enter.
    • Press Ctrl+X.
  6. Test Nginx configuration:
    sudo nginx -t

    You should see “syntax is ok” and “test is successful”.
  7. Reload Nginx so it uses the new config:
    sudo systemctl reload nginx

7. Open firewall ports (if you use UFW)

  1. Allow HTTP (port 80) and HTTPS (port 443), and APISIX port (9080) in UFW:
    sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 9080/tcp
  2. Check UFW status:
    sudo ufw status

8. Final tests

  1. Test HTTPS through Nginx:
    In a browser or terminal, go to:
    https://abeta-proxy.finmars.com/demo/md/3.0/accounts
    • Enter Basic Auth user foo and password bar.
    • If your Base64 tokens are correct, you see JSON from Exante.
  2. Test other routes:
    https://abeta-proxy.finmars.com/live/md/3.0/accounts
    • Use the same Basic Auth.
    • Should return JSON if live token is correct.
  3. Test local APISIX again (no Nginx):
    curl -u foo:bar http://127.0.0.1:9080/demo/md/3.0/accounts
    • This hits APISIX directly, without Nginx.
    • Should return JSON if config is correct.

9. Automatic certificate renewal

  1. Certbot already set up automatic renewal.
  2. To test renewal, run:
    sudo certbot renew --dry-run
  3. If it says “Congratulations, all renewals succeeded,” your auto-renew is working.

10. How to update your APISIX config later

  1. Edit /opt/apisix/apisix.yaml any time:
    sudo nano /opt/apisix/apisix.yaml
  2. Save changes and exit.
  3. Run the restart script:
    ./restart_apisix.sh
  4. Check logs:
    sudo docker logs apache-apisix
  5. Test again with curl or in a browser.

Complete Recap

  1. Create folder /opt/apisix.
  2. Create and fill /opt/apisix/apisix.yaml (with role: data_plane, consumers, upstreams, plugin_configs, routes, and #END).
  3. Make restart_apisix.sh script that stops any old container and starts a new one, mounting /opt/apisix/apisix.yaml as both config.yaml and apisix.yaml.
  4. Run ./restart_apisix.sh to start APISIX.
  5. Test APISIX locally: curl -u foo:bar http://127.0.0.1:9080/demo/md/3.0/accounts.
  6. Install Nginx (sudo apt install nginx).
  7. Install Certbot (sudo apt install certbot python3-certbot-nginx).
  8. Get SSL: sudo certbot --nginx -d abeta-proxy.finmars.com.
  9. Edit Nginx site at /etc/nginx/sites-available/abeta-proxy.finmars.com.conf to add:
    location / {
    proxy_pass http://127.0.0.1:9080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}
  10. Reload Nginx (sudo nginx -t then sudo systemctl reload nginx).
  11. Open firewall ports 80, 443, 9080 (sudo ufw allow ...).
  12. Test https://abeta-proxy.finmars.com/demo/md/3.0/accounts in a browser.
  13. Auto-renew is handled by Certbot.
  14. To update, edit /opt/apisix/apisix.yaml and run ./restart_apisix.sh.

That is the full, clear set of instructions. Now your APISIX runs behind Nginx with a Let’s Encrypt SSL certificate, and you can update the config anytime by editing the file and restarting with the script.

Back to top