a simple project that shows how to use kong API Gateway service.
download Docker and install it on your system.
docker pull kong/kong-gateway:2.7.0.0-alpinedocker network create kong-netdocker run -d --name kong-database --network=kong-net -e “POSTGRES_USER=kong” -e “POSTGRES_DB=kong” -e “POSTGRES_PASSWORD=kong” -p 5432:5432 postgres:9.6docker run --rm --network=kong-net -e “KONG_DATABASE=postgres” -e “KONG_PG_HOST=kong-database” -e “KONG_PG_PASSWORD=kong” kong:latest kong migrations bootstrapdocker run -d --name kong --network=kong-net -e “KONG_DATABASE=postgres” -e “KONG_PG_HOST=kong-database” -e “KONG_PG_PASSWORD=kong” -e “KONG_PROXY_ACCESS_LOG=/dev/stdout” -e “KONG_ADMIN_ACCESS_LOG=/dev/stdout” -e “KONG_PROXY_ERROR_LOG=/dev/stderr” -e “KONG_ADMIN_ERROR_LOG=/dev/stderr” -e “KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl” -p 8000:8000 -p 8443:8443 -p 8001:8001 -p 8444:8444 -p 8002:8002 kong:latestIn this step, you can use one of the services that I have built (myservice1.py or myservice2.py). Run one of these services locally on your PC.
here is the code of myservice1.py:
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return "Hi, I'm service 1"
if __name__ == '__main__':
app.run(debug=True, host='0.0.0.0',port=5000)When you type http://yourip:5000/ into your browser's address bar and hit enter, you will see that the service is running successfully.
your service is running on port 5000 on your local IP
type http://yourip:8002/ into your browser's address bar and hit enter, you will see the Kong Manager OSS on your browser.
click on Gateway Services on the menu.
add your service information and hit save button.
add your route information and hit save button.
add your consumer information and hit save button.
In this section, we guide you through the installation and usage of ten distinct plugins in Kong, providing step-by-step instructions for each
first we should know our docker's IP to add it in allow or deny list.
for understanding your docker's IP on windows:
first open a windows powershell.then run following commands :
bash docker ps
bash docker inspect kong-net
Then in this step you should go to Plugins section and enable IP Restriction plugin.
Please configure your plugin settings as shown in the image below.
Adjust the settings according to your preferences.
then click on install button.
Upon entering http://yourip:8000/yourservicename into your browser's address bar and pressing enter, you will observe that access to the service is restricted for your IP.
your service page
in this step you should go to Plugins section and enable Basic Authentication plugin.
Please configure your plugin settings as shown in the image below.
then click on install button.
Once you've activated the plugin, proceed to create a new consumer (as previously explained).
Subsequently, click on your designated consumer and navigate to the credentials section. You will notice the addition of the Basic Authentication section for your consumer. Click on New Basic Auth Credential.
set a username and password for your consumer then click on create button.
Upon entering http://yourip:8000/yourservicename into your browser's address bar and pressing enter, you will observe that you need Username and password for accessing to your service.
Upon entering the accurate username and password, you will gain access to your service content.
Firstly, you should create your second consumer(as previously explained). then you should go to Plugins section and enable Request termination plugin.
Please configure your plugin settings as shown in the image below.
then click on install button.
Subsequently, click on your designated consumer and navigate to the credentials section. You will notice the addition of the Basic Authentication section for your consumer. Click on New Basic Auth Credential.
set a username and password for your consumer then click on create button.
When you correctly input your username and password, you'll sign in. However, a message will be displayed, indicating that your request has been terminated.
In the first step you should go to Plugins section and enable Proxy caching plugin.
Please configure your plugin settings as shown in the image below.
Now, using Thunder Client, or any other preferred service such as Postman, send a GET request to http://yourip:8000/yourservicename. With the plugin disabled, you should observe that everything is functioning correctly, but there is no evidence of caching, as depicted in the image below.
Now enable your proxy caching plugin from Kong manager.
Upon sending another GET request, you'll notice that the headers now include x-cache-key and x-cache-status .
In the first step you should go to Plugins section and enable Response Rate limiting plugin.
Please configure your plugin settings as shown in the image below.
When you enter http://yourip:8000/yourservicename in your browser's address bar and hit enter, attempting to exceed the rate limit will result in an error.
In the first step you should go to Plugins section and enable Bot Detection plugin.
Please configure your plugin settings as shown in the image below.
When an attempt is made to access our service through Google Chrome, the system promptly identifies the user as a bot. Consequently, upon opening Google Chrome and entering http://yourip:8000/yourservicename into the browser's address bar, an error message explicitly stating "Forbidden" is displayed. This proactive measure plays a crucial role in recognizing and restraining potential automated bot activities.
In the first step you should go to Plugins section and enable Request size limiting plugin.
Please configure your plugin settings as shown in the image below.
Use Thunder Client, Postman, or your preferred service to send a GET request to http://yourip:8000/yourservicename, ensuring that it remains within the size-limiting restrictions. Upon doing so, you will receive a standard response.
Conversely, if you surpass the size-limiting restrictions in your request, the response will notify you that your request exceeds the size-limiting range.
In the first step you should go to Plugins section and enable Request size limiting plugin.
Please configure your plugin settings as shown in the image below.
Use Thunder Client, Postman, or your preferred service to send a GET request to http://yourip:8000/yourservicename. If an incorrect API key is used, as illustrated in the image below, a 401 Unauthorized error will be returned, indicating that the provided credentials are invalid and access to the requested resource is not permitted.
If a valid API key is utilized in the request, as demonstrated in the image below, a successful authentication will result in a 200 status code. In this case, the Authorization header of the response will contain your authentication information, confirming authorized access to the requested resource.
In the first step you should go to Plugins section and enable Request size limiting plugin.
Please configure your plugin settings as shown in the image below.
After configuring your settings, follow the outlined steps to create two consumers, as previously explained.
Alternatively, if you already have two consumers, navigate to the 'Consumers' section in your Kong panel. Then, proceed to the 'Credentials' section, where you can add ACL credentials for both consumers.
now ensure that the Basic Authentication plugin is enabled in your configuration.
Consequently, upon opening your browser and entering http://yourip:8000/yourservicename into the browser's address bar.After signing into your service, refer to the provided image below to observe that the admin consumer is granted access to the service.
whereas the bot consumer is restricted from accessing it.
This project represents a collaborative effort between Kiarash Rahmani and Ahmad Asadi. Working in tandem, we dedicated our efforts to developing a comprehensive and robust repository, designed to guide users in optimizing their experience with the Kong API gateway service.
This project is licensed under the MIT License.