Access web app via Kong gateway with Keycloak – part 1 (Installation)

Kong API Gateway

Installation

From official page:

https://docs.konghq.com/install/ubuntu/

curl -Lo kong.2.5.1.amd64.deb "https://download.konghq.com/gateway-2.x-ubuntu-$(lsb_release -cs)/pool/all/k/kong/kong_2.5.1_amd64.deb"
$ sudo dpkg -i kong.2.5.1.amd64.deb

Prepare database

Supported databases are Postgresql or Cassandra.

Install Postgresql:

sudo apt install postgresql

# Create database and user
sudo -i -u postres

postgres $ psql

# create user and database
postgres=# create user kong;
postgres=# create database kong owner kong;
postgres=# alter role kong with password 'PASSWORD';

# Configure postgresql to use password for login

postgres=# show hba_file;

# find hba_file path and exit
postgres=# \q
postgres $ exit

# Edit postgres file
vim /path/to/hba_file

...(allow kong user to be authenticated by md5 password)...

Configure Kong

Kong's config file can be found in /etc/kong/kong.conf.default
Copy the file and name it kong.conf

https://docs.konghq.com/gateway-oss/2.5.x/configuration/#database

Basically, config database:

sudo -u kong cp /etc/kong/kong.conf.default /etc/kong/kong.conf
sudo vim /etc/kong/kong.conf

# configure postgresql
(...)
 951 
 952 database = postgres             # Determines which of PostgreSQL or Cassandra
 953                                  # this node will use as its datastore.
 954                                  # Accepted values are `postgres`,
 955                                  # `cassandra`, and `off`.
 956 
 957 #pg_host = 127.0.0.1             # Host of the Postgres server.
 958 #pg_port = 5432                  # Port of the Postgres server.
 959 #pg_timeout = 5000               # Defines the timeout (in ms), for connecting,
 960                                  # reading and writing.
 961 
 962 pg_user = kong                   # Postgres user.
 963 pg_password = PASSWORD           # Postgres user's password.
 964 pg_database = kong               # The database name to connect to.
 965 
(...)

Run kong's migration scripts:

kong migrations bootstrap

Run kong:

sudo -u kong kong start

Check if kong is running:

curl http://localhost:8080

Access from your browser by directing to:

https://your.ip.address:8443/

Register service

https://docs.konghq.com/gateway-oss/2.5.x/getting-started/configuring-a-service/

curl -i -X POST \
  --url http://localhost:8001/services/ \
  --data 'name=hello-service' \
  --data 'url=http://your.ip.address:8080'

HTTP/1.1 201 Created
Date: Sun, 26 Sep 2021 03:51:51 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 363
X-Kong-Admin-Latency: 17
Server: kong/2.5.1

{
"path":null,
"name":"hello-service",
"host":"your.ip.address",
"protocol":"http",
"tls_verify":null,
"tags":null,
"retries":5,
"tls_verify_depth":null,
"id":"dcdade9b-1eff-47b9-82a9-3c9d2af531de",
"port":8080,
"client_certificate":null,
"read_timeout":60000,
"write_timeout":60000,
"ca_certificates":null,
"connect_timeout":60000,
"created_at":1632628311,
"updated_at":1632628311
}

Add router for 'hello-service' we created now:

curl -i -X POST \
--url http://localhost:8001/services/hello-service/routes \
--data 'hosts[]=your.domain.name'

HTTP/1.1 201 Created
Date: Sun, 26 Sep 2021 04:03:16 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 489
X-Kong-Admin-Latency: 11
Server: kong/2.5.1

{"preserve_host":false,"name":null,"snis":null,"protocols":["http","https"],"paths":null,"methods":null,"sources":null,"destinations":null,"strip_path":true,"hosts":["your.domain.name"],"https_redirect_status_code":426,"id":"962413a4-782f-4e89-9bf9-4cc72728f21a","regex_priority":0,"headers":null,"tags":null,"path_handling":"v0","request_buffering":true,"response_buffering":true,"service":{"id":"dcdade9b-1eff-47b9-82a9-3c9d2af531de"},"created_at":1632628996,"updated_at":1632628996}

Now request to https://your.domain.name:8443/ will be redirected to your web app, hello-service.

Leave a Reply

Your email address will not be published.