Did you manage to configure Kong Gateway ?
I've been experimenting with it also a few months ago.
Im sharing my docker-compose
file and Kong config .yml file (db-less).
Most of the Kong plugins are disabled and are just there for testing based on this Tutorial
docker-compose.yml
version: '3.3'
services:
kong:
image: kong
volumes:
- "./config:/usr/local/kong/declarative"
environment:
- KONG_DATABASE=off
- KONG_DECLARATIVE_CONFIG=/usr/local/kong/declarative/kong.yml
- KONG_PROXY_ACCESS_LOG=/dev/stdout
- KONG_ADMIN_ACCESS_LOG=/dev/stdout
- KONG_PROXY_ERROR_LOG=/dev/stderr
- KONG_ADMIN_ERROR_LOG=/dev/stderr
- KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl
- KONG_LOG_LEVEL=debug
- KONG_PLUGINS=bundled
ports:
- "8000:8000/tcp"
- "127.0.0.1:7990:8001/tcp"
- "8001:8001/tcp"
- "8443:8443/tcp"
- "127.0.0.1:8444:8444/tcp"
kong.yml (in ./config
folder)
_format_version: "2.1"
services:
- name: nodered-server
url: https://192.168.0.7:1880
routes:
- name: nodered
paths:
- /
consumers:
- username: user
basicauth_credentials:
- consumer: user
username: Aladdin
password: OpenSesame
keyauth_credentials:
- consumer: user
key: abc
acls:
- consumer: user
group: group1
plugins:
- name: request-size-limiting
config:
allowed_payload_size: 1
size_unit: kilobytes
require_content_length: false
enabled: false
- name: request-termination
config:
status_code: 403
# message: So long and thanks for all the fish!
body: "{a:b}"
content_type: "application/json; charset=utf-8"
trigger: "q"
enabled: false
- name: acl
config:
allow:
- group1
hide_groups_header: true
enabled: false
- name: basic-auth
config:
hide_credentials: true
enabled: false
- name: key-auth
config:
key_names:
- apikey
key_in_body: false
key_in_header: true
key_in_query: true
hide_credentials: false
run_on_preflight: true
enabled: false
- name: proxy-cache
config:
response_code:
- 200
request_method:
- GET
- HEAD
content_type:
- text/plain
- application/json
- application/json; charset=utf-8
cache_ttl: 300
strategy: memory
enabled: false
- name: bot-detection
config:
deny:
- "(C|c)hrome"
- "curl"
enabled: false
- name: cors
config:
origins:
- '*'
methods:
- GET
- POST
headers:
- Accept
- Accept-Version
- Content-Length
- Content-MD5
- Content-Type
- Date
- X-Auth-Token
- Authorization
exposed_headers:
- X-Auth-Token
credentials: true
max_age: 3600
preflight_continue: false
- name: rate-limiting
config:
# second: 5
hour: 100
policy: local
fault_tolerant: true
hide_client_headers: false
redis_ssl: false
redis_ssl_verify: false
# comment these if you don't want to store rate limiting data in redis
# policy: redis
# redis_host: 172.27.59.36
# redis_password: example
enabled: false
- name: ip-restriction
config:
deny:
- 172.28.64.0/24
status: 401
message: cannot grant access