Question posted in
The official documentation can be found here.

Kong API Gateway Open Source on docker with https

I’m facing a configuration issue while setting up Kong API Gateway (Open Source Edition) in a containerized environment.

Following the official Kong documentation, I used the commands below to set up Kong:

Network Creation:

docker network create kong-net

PostgreSQL Container Setup:

docker run -d --name kong-database 
--network=kong-net 
-p 5432:5432 
-e "POSTGRES_USER=kong" 
-e "POSTGRES_DB=kong" 
-e "POSTGRES_PASSWORD=kongpass" 
postgres:13

Database Bootstrap:

docker run --rm --network=kong-net 
-e "KONG_DATABASE=postgres" 
-e "KONG_PG_HOST=kong-database" 
-e "KONG_PG_PASSWORD=kongpass" 
kong/kong-gateway:3.7.1.2 kong migrations bootstrap

Kong Gateway Setup:

docker run -d --name kong-gateway 
--network=kong-net 
-e "KONG_DATABASE=postgres" 
-e "KONG_PG_HOST=kong-database" 
-e "KONG_PG_USER=kong" 
-e "KONG_PG_PASSWORD=kongpass" 
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" 
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" 
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" 
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" 
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001" 
-e "KONG_ADMIN_GUI_URL=http://localhost:8002" 
-e KONG_LICENSE_DATA 
-p 8000:8000 
-p 8443:8443 
-p 8001:8001 
-p 8444:8444 
-p 8002:8002 
-p 8445:8445 
kong/kong-gateway:3.7.1.2

While this setup works, and I can access the Kong Manager on port 8002, I’m having trouble enabling HTTPS. When I change the manager URL to https://localhost:8445, the GUI shows a CORS error when trying to access the Admin API on port 8444.

How can I properly configure HTTPS for the Kong Manager without encountering CORS issues?
The CORS plugin is not the solution because it should be related to the API endpoint.

I’ve tried several things like removing the

KONG_ADMIN_GUI_URL

parameter, but nothing seems to work.

Tags:

2

Answers


  1. 0

    Based on your configuration, changing KONG_ADMIN_GUI_URL and KONG_ADMIN_LISTEN to allow ssl should be enough:

        docker run -d --name kong-gateway 
    ...
    -e "KONG_ADMIN_LISTEN=0.0.0.0:8444 ssl" 
    -e "KONG_ADMIN_GUI_URL=https://localhost:8445" 
    -e KONG_LICENSE_DATA 
    ...

    There shouldn’t be CORS error unless there is something more to this setup.

    Just to recheck, have you trust the self-signed certificate on both https://localhost:8444 and https://localhost:8445?
    If no certificates are provided, Kong will create two self-signed certificate, one for Admin API and one for Manager.
    This might cause the network error on Kong Manager since the browser doesn’t trust Admin API certificate when using the GUI (Kong Manager).

    Login or Signup to reply.
  2. 0

    If you dont set ADMIN_GUI_URL then Kong will use whats requested in the browser i.e. https://localhost:8445 admin_gui_url

    BUT the catch comes in with the admin API, ADMIN_GUI_API_URL – the docs say this admin_gui_api_url

    Hierarchical part of a URI which is composed optionally of a host, port, and path at which the Admin API accepts HTTP or HTTPS traffic. When this config is disabled, Kong Manager will use the window protocol + host and append the resolved admin_listen HTTP/HTTPS port.

    The issue is not the hostname or the protocol because this is taken from your Manager request but the port. Because admin API runs on port 8444 and Manager off 8445 you need to specify this. The same goes if you are using DNS and they are different subdomains you need to tell Kong that.

    So you adjust your config you need to use the following

    docker run -d --name kong-gateway 
--network=kong-net 
-e "KONG_DATABASE=postgres" 
-e "KONG_PG_HOST=kong-database" 
-e "KONG_PG_USER=kong" 
-e "KONG_PG_PASSWORD=kongpass" 
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" 
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" 
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" 
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" 
-e "KONG_ADMIN_GUI_URL=https://localhost:8445" 
-e "KONG_ADMIN_GUI_API_URL=localhost:8444" 
-e "KONG_ADMIN_LISTEN=0.0.0.0:8444 http2 ssl"
-e KONG_LICENSE_DATA 
-p 8000:8000 
-p 8443:8443 
-p 8001:8001 
-p 8444:8444 
-p 8002:8002 
-p 8445:8445 
kong/kong-gateway:3.7.1.2

    Once you are running the containers, because its a certificate the browser doesnt trust you will need to go to https://localhost:8444 and trust the cert and then go to https://localhost:8445 and trust the cert again and Manager will now work over SSL.

    I have tested the above docker command and it works.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search