Install and run Kong OSS with PostgreSQL using Docker
- Download Docker images:
sudo docker pull kong
sudo docker pull postgres:9.6
- Start a PostgreSQL container by executing:
sudo docker run -d --name kong-database \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kong" \
postgres:9.6
- Run the database migrations with an ephemeral Kong container:
sudo docker run --rm \
--link kong-database:kong-database \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
kong kong migrations bootstrap
- Start Kong:
sudo docker run -d --name kong \
--link kong-database:kong-database \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong
If everything went well, and if you created your container with the default ports, Kong should be listening on your host's 8000 (Proxy), 8443 (Proxy SSL), 8001 (Admin API) and 8444 (Admin API SSL) ports.
- Test it by listing its endpoints:
curl https://localhost:8444/endpoints -k
You should get something like this (most probably not pretty-formatted):
{
"data":[
"/",
"/acls",
"/acls/{acls}",
"/acls/{acls}/consumer",
"/acme",
"/acme/certificates",
"/acme/certificates/{ceritificates}",
"/acme_storage",
"/acme_storage/{acme_storage}",
"/basic-auths",
"/basic-auths/{basicauth_credentials}",
"/basic-auths/{basicauth_credentials}/consumer",
"/ca_certificates",
"/ca_certificates/{ca_certificates}",
"/cache",
"/cache/{key}",
"/certificates",
"/certificates/{certificates}",
"/certificates/{certificates}/services",
"/certificates/{certificates}/services/{services}",
"/certificates/{certificates}/snis",
"/certificates/{certificates}/snis/{snis}",
"/certificates/{certificates}/upstreams",
"/certificates/{certificates}/upstreams/{upstreams}",
"/clustering/data-planes",
"/clustering/status",
"/config",
"/consumers",
"/consumers/{consumers}",
"/consumers/{consumers}/acls",
"/consumers/{consumers}/acls/{acls}",
"/consumers/{consumers}/basic-auth",
"/consumers/{consumers}/basic-auth/{basicauth_credentials}",
"/consumers/{consumers}/hmac-auth",
"/consumers/{consumers}/hmac-auth/{hmacauth_credentials}",
"/consumers/{consumers}/jwt",
"/consumers/{consumers}/jwt/{jwt_secrets}",
"/consumers/{consumers}/key-auth",
"/consumers/{consumers}/key-auth/{keyauth_credentials}",
"/consumers/{consumers}/oauth2",
"/consumers/{consumers}/oauth2/{oauth2_credentials}",
"/consumers/{consumers}/plugins",
"/consumers/{consumers}/plugins/{plugins}",
"/endpoints",
"/hmac-auths",
"/hmac-auths/{hmacauth_credentials}",
"/hmac-auths/{hmacauth_credentials}/consumer",
"/jwts",
"/jwts/{jwt_secrets}",
"/jwts/{jwt_secrets}/consumer",
"/key-auths",
"/key-auths/{keyauth_credentials}",
"/key-auths/{keyauth_credentials}/consumer",
"/metrics",
"/oauth2",
"/oauth2/{oauth2_credentials}",
"/oauth2/{oauth2_credentials}/consumer",
"/oauth2/{oauth2_credentials}/oauth2_tokens",
"/oauth2/{oauth2_credentials}/oauth2_tokens/{oauth2_tokens}",
"/oauth2_tokens",
"/oauth2_tokens/{oauth2_tokens}",
"/oauth2_tokens/{oauth2_tokens}/credential",
"/oauth2_tokens/{oauth2_tokens}/service",
"/plugins",
"/plugins/enabled",
"/plugins/schema/{name}",
"/plugins/{plugins}",
"/plugins/{plugins}/consumer",
"/plugins/{plugins}/route",
"/plugins/{plugins}/service",
"/proxy-cache",
"/proxy-cache/{cache_key}",
"/proxy-cache/{plugin_id}/caches/{cache_key}",
"/routes",
"/routes/{routes}",
"/routes/{routes}/plugins",
"/routes/{routes}/plugins/{plugins}",
"/routes/{routes}/service",
"/schemas/plugins/validate",
"/schemas/plugins/{name}",
"/schemas/{db_entity_name}/validate",
"/schemas/{name}",
"/services",
"/services/{services}",
"/services/{services}/client_certificate",
"/services/{services}/oauth2_tokens",
"/services/{services}/oauth2_tokens/{oauth2_tokens}",
"/services/{services}/plugins",
"/services/{services}/plugins/{plugins}",
"/services/{services}/routes",
"/services/{services}/routes/{routes}",
"/sessions",
"/sessions/{sessions}",
"/snis",
"/snis/{snis}",
"/snis/{snis}/certificate",
"/status",
"/tags",
"/tags/{tags}",
"/targets",
"/targets/{targets}",
"/targets/{targets}/upstream",
"/upstreams",
"/upstreams/{upstreams}",
"/upstreams/{upstreams}/client_certificate",
"/upstreams/{upstreams}/health",
"/upstreams/{upstreams}/targets",
"/upstreams/{upstreams}/targets/all",
"/upstreams/{upstreams}/targets/{targets}",
"/upstreams/{upstreams}/targets/{targets}/healthy",
"/upstreams/{upstreams}/targets/{targets}/unhealthy",
"/upstreams/{upstreams}/targets/{targets}/{address}/healthy",
"/upstreams/{upstreams}/targets/{targets}/{address}/unhealthy",
"/workspaces",
"/workspaces/{workspaces}"
]
}
- Verify Kong's status:
curl https://localhost:8444/about -k
Your reponse may look similar to this:
{
"server": {
"connections_waiting": 0,
"connections_active": 4,
"total_requests": 7,
"connections_reading": 0,
"connections_handled": 8,
"connections_writing": 4,
"connections_accepted": 8
},
"database": {
"reachable": true
},
"memory": {
"workers_lua_vms": [
{
"http_allocated_gc": "42.34 MiB",
"pid": 1198
},
{
"http_allocated_gc": "41.90 MiB",
"pid": 1199
},
{
"http_allocated_gc": "41.90 MiB",
"pid": 1200
}
],
"lua_shared_dicts": {
"kong_locks": {
"capacity": "8.00 MiB",
"allocated_slabs": "0.06 MiB"
},
"kong_healthchecks": {
"capacity": "5.00 MiB",
"allocated_slabs": "0.04 MiB"
},
"kong_process_events": {
"capacity": "5.00 MiB",
"allocated_slabs": "0.04 MiB"
},
"kong_cluster_events": {
"capacity": "5.00 MiB",
"allocated_slabs": "0.04 MiB"
},
"kong_rate_limiting_counters": {
"capacity": "12.00 MiB",
"allocated_slabs": "0.08 MiB"
},
"kong_core_db_cache": {
"capacity": "128.00 MiB",
"allocated_slabs": "0.76 MiB"
},
"kong_core_db_cache_miss": {
"capacity": "12.00 MiB",
"allocated_slabs": "0.08 MiB"
},
"kong_db_cache": {
"capacity": "128.00 MiB",
"allocated_slabs": "0.76 MiB"
},
"kong_db_cache_miss": {
"capacity": "12.00 MiB",
"allocated_slabs": "0.08 MiB"
},
"prometheus_metrics": {
"capacity": "5.00 MiB",
"allocated_slabs": "0.04 MiB"
},
"kong": {
"capacity": "5.00 MiB",
"allocated_slabs": "0.04 MiB"
}
}
}
}
After rebooting, use the following commands to start the containers:
sudo docker container start kong-database
sudo docker container start kong
Where are Kong's logs?
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_ADMIN_ERROR_LOG: /dev/stderr
How to deal with Kong's logs?
docker logs containerNameOrID
docker logs --timestamps containerNameOrID
docker logs --since 2020-11-14T08:00:00 --until 2020-11-14T11:00:00 containerNameOrID
docker logs -f --since 1m containerNameOrID
docker logs --tail=10 containerNameOrID
docker logs containerNameOrID 2>&1 | grep foo
How to enter the docker container?
docker exec -it containerNameOrID bash
NGINX info:
Configuration file: /etc/nginx/nginx.conf
Access log: /var/log/nginx/access.log
Error log: /var/log/nginx/error.log
Alternatively nginx configuration file could be also here:
/usr/local/kong/nginx-kong-stream.conf
/usr/local/kong/nginx-kong.conf
/usr/local/kong/nginx.conf
You may not be able to access NGINX's logs.
References:
- https://docs.konghq.com/gateway/2.8.x/install-and-run/docker/
- https://hub.docker.com/_/kong
- https://www.digitalocean.com/community/questions/can-someone-tell-me-the-location-of-access-log-for-nginx
- https://docs.docker.com/engine/reference/commandline/exec/
- https://simplru.github.io/Learn-SIMPLr/wip/draft-labs/explore-nginx-kong-configuration-files