A simple project that shows how to use Kong API Gateway service.
Download Docker and install it on your system.
docker pull kong/kong-gateway:2.7.0.0-alpine
docker network create kong-net
docker run -d --name kong-database --network=kong-net -e "POSTGRES_USER=kong" -e "POSTGRES_DB=kong" -e "POSTGRES_PASSWORD=kong" -p 5432:5432 postgres:9.6
docker run --rm --network=kong-net -e "KONG_DATABASE=postgres" -e "KONG_PG_HOST=kong-database" -e "KONG_PG_PASSWORD=kong" kong:latest kong migrations bootstrap
docker run -d --name kong --network=kong-net -e "KONG_DATABASE=postgres" -e "KONG_PG_HOST=kong-database" -e "KONG_PG_PASSWORD=kong" -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" -e "KONG_PROXY_ERROR_LOG=/dev/stderr" -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" -p 8000:8000 -p 8443:8443 -p 8001:8001 -p 8444:8444 -p 8002:8002 kong:latest
In this step, you can use one of the services that I have built (myservice1.py or myservice2.py). Run one of these services locally on your PC.
Here is the code of myservice1.py:
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return "Hi, I'm service 1"
if __name__ == '__main__':
app.run(debug=True, host='0.0.0.0', port=5000)
When you type http://yourip:5000/ into your browser's address bar and hit enter, you will see that the
service is running successfully.
Your service is running on port 5000 on your local IP.
Type http://yourip:8002/ into your browser's address bar and hit enter; you will see the Kong Manager
OSS on your browser. Click on Gateway Services on the menu. Add your service information and hit the save button.
Add your Route information and hit the save button.
Add your consumer information and hit the save button.
In this section, we guide you through the installation and usage of ten distinct plugins in Kong, providing step-by-step instructions for each.
First, we should know our Docker's IP to add it to the allow or deny list. For understanding your Docker's IP on Windows, first open a Windows PowerShell. Then run the following commands:
docker ps
docker inspect kong-net
Then in this step, you should go to the Plugins section and enable the IP Restriction plugin.
Please configure your plugin settings as shown in the image below.
Adjust the settings according to your preferences, then click on the install button. Upon entering
http://yourip:8000/yourservicename into your browser's address bar and pressing enter, you will observe
that access to the service is restricted for your IP.
In this step, you should go to the Plugins section and enable the Basic Authentication plugin.
Please configure your plugin settings as shown in the image below.
Then click on the install button. Once you've activated the plugin, proceed to create a new consumer (as previously explained).
Subsequently, click on your designated consumer and navigate to the credentials section. You will notice the addition
of the Basic Authentication section for your consumer. Click on New Basic Auth Credential.
Set a username and password for your consumer, then click on the create button.
Upon entering http://yourip:8000/yourservicename into your browser's address bar and pressing enter,
you will observe that you need a username and password for accessing your service.
Upon entering the accurate username and password, you will gain access to your service content.
Firstly, you should create your second consumer (as previously explained), then you should go to the Plugins section and enable the Request termination plugin.
Please configure your plugin settings as shown in the image below.
Then click on the install button. Subsequently, click on your designated consumer and navigate to the credentials
section. You will notice the addition of the Basic Authentication section for your consumer. Click on
New Basic Auth Credential.
Set a username and password for your consumer, then click on the create button.
When you correctly input your username and password, you'll sign in. However, a message will be displayed, indicating that your request has been terminated.
In the first step, you should go to the Plugins section and enable the Proxy caching plugin.
Please configure your plugin settings as shown in the image below.
Now, using Thunder Client, or any other preferred service such as Postman, send a GET request to
http://yourip:8000/yourservicename. With the plugin disabled, you should observe that everything is
functioning correctly, but there is no evidence of caching, as depicted in the image below.
Now enable your proxy caching plugin from Kong manager.
Upon sending another GET request, you'll notice that the headers now include x-cache-key and
x-cache-status.
In the first step, you should go to the Plugins section and enable the Response Rate limiting plugin.
Please configure your plugin settings as shown in the image below.
When you enter http://yourip:8000/yourservicename in your browser's address bar and hit enter,
attempting to exceed the rate limit will result in an error.
In the first step, you should go to the Plugins section and enable the Bot Detection plugin.
Please configure your plugin settings as shown in the image below.
When an attempt is made to access our service through Google Chrome, the system promptly identifies the user as a
bot. Consequently, upon opening Google Chrome and entering http://yourip:8000/yourservicename into the
browser's address bar, an error message explicitly stating "Forbidden" is displayed. This proactive measure plays a
crucial role in recognizing and restraining potential automated bot activities.
In the first step, you should go to the Plugins section and enable the Request size limiting plugin.
Please configure your plugin settings as shown in the image below.
Use Thunder Client, Postman, or your preferred service to send a GET request to
http://yourip:8000/yourservicename, ensuring that it remains within the size-limiting restrictions.
Upon doing so, you will receive a standard response.
Conversely, if you surpass the size-limiting restrictions in your request, the response will notify you that your request exceeds the size-limiting range.
In the first step, you should go to the Plugins section and enable the Key auth restriction plugin.
Please configure your plugin settings as shown in the image below.
Use Thunder Client, Postman, or your preferred service to send a GET request to http://yourip:8000/yourservicename. If an incorrect API key is used, as illustrated in the image below, a 401 Unauthorized error will be returned, indicating that the provided credentials are invalid and access to the requested resource is not permitted.
If a valid API key is utilized in the request, as demonstrated in the image below, a successful authentication will result in a 200 status code. In this case, the Authorization header of the response will contain your authentication information, confirming authorized access to the requested resource.
In the first step, you should go to the Plugins section and enable the ACL plugin.
Please configure your plugin settings as shown in the image below.
After configuring your settings, follow the outlined steps to create two consumers, as previously explained.
Alternatively, if you already have two consumers, navigate to the 'Consumers' section in your Kong panel. Then, proceed to the 'Credentials' section, where you can add ACL credentials for both consumers.
Now ensure that the Basic Authentication plugin is enabled in your configuration.
Consequently, upon opening your browser and entering http://yourip:8000/yourservicename into the browser's address bar. After signing into your service, refer to the provided image below to observe that the admin consumer is granted access to the service.
Whereas the bot consumer is restricted from accessing it.
