Unable to test added API about wicked.haufe.io HOT 5 CLOSED

Yes, untick "strip request path", or add it to the upstream url, and you should be fine. The backend URI which was called is

http://tes-secure.cloudapp.net:8081/?articleId=2707217

because the request path was stripped. That option can be used to rewrite the URL, or to map to something else. If your frontend API prefix is the same as the backend, you can leave it out and untick the option.

/Martin

from wicked.haufe.io.

Hi Martin,

This worked perfectly. Thanks. We can now publish an API on the portal and pass it through the gateway.

We have 2 further questions that would almost complete our review of the stack:

1. Is it possible to gain access to the kong PostGres database via port 5432? If so what would the connection parameters be? This is important for performing analysis on our API calls.
2. I see the documentation for deploying to production but am still a bit unsure as to how we will do this. Our host is an Azure Linux VM with the address tes-dockervm.cloudapp.net. How do we expose this and can we proceed with the sample certs we have been using to date for testing purposes?

Many thanks for your time!
Aaron

from wicked.haufe.io.

Hi Aaron,

Ad 1) Check out the logging plugins for Kong (https://getkong.org/plugins/); chances are you will get a lot of the information you need by simply configuring wicked to use one of those, and/or use Galileo for it. I have colleagues which have also successfully hooked up an ElasticSearch and Kibana to a log stream from Kong to see what's going on there, e.g. using fluentd. Wicked deliberately does not "solve" the analytics topic, as there are other tools for that. Eventually (when we have tried it out), we will write some recommendations on what works, but we haven't come that far yet. The idea is: Enable a logging plugin to forward the logs to some log aggregation system, like fluentd with Elastic and Kibana, GreyLog, Galileo.

As a lightweight alternative, you can also enable the File Logger (the kickstarter can do this, it's prepared for that) and take out the files using docker cp from the Kong instance. Or use some logging online service like Papertrail (https://papertrailapp.com) or Loggly (https://www.loggly.com), which also offer https endpoints you can simply configure Kong to post its logs to (using this plugin: https://getkong.org/plugins/http-log/).

What I would NOT do is to access the Postgres DB directly. While this might work (username is kong, password is also kong), it's not advisable. Kong may change the database schema at any time, as it's explicitly only exposed via the Kong REST API (inside the docker network http://kong:8001).

Ad 2) Yes, the "deploy to production" documentation is not yet finished. But what you essentially would need to do is:

• Set up CNAMEs for the API Gateway and the API Portal, which must both point to your docker Host, e.g. in your case tes-dockervm.cloudapp.net; check that pings to your new DNS names go to the Azure VM, e.g. ping portal.thinkevolvesolve.ie and ping api.thinkevolvesolve.ie
• Configure wicked to listen to these names (using a new environment, e.g. called "production").
• Get "real" certificates via your favorite CA; Let's Encrypt also works, but requires downtime every three months to renew the certificates. If you have a wildcard certificate, this will also work.
• Make sure the certificates make it in the right format (cf. with how the kickstarter creates the certificates) and put into the environment variables PORTAL_PEM and GATEWAY_PEM; see certs/yourenv/yourenv.sh.
• Configure your deployment pipeline (whatever you are using; shell scripting, GoCD, Jenkins, TFS,...) to deploy your environment correctly

As you can imagine there is no "single recipe" on how to do this correctly, as there is no silver bullet for operating docker in production (yet).

I hope these hints help a little, and this is also subject to further documentation in this repository.

Best regards,
Martin

Appendix: Configuration JSON for adding logging to a log service (add this with the kickstarter to your API plugin section):

{
  "name": "http-log",
  "config": {
    "http_endpoint":"https://loggly.com/your-service-end-point/128923-abcb892-def/",
    "method":"POST",
    "timeout":10000,
    "keepalive":60000
  }
}

from wicked.haufe.io.

Addendum 2: Kong even has a specific Loggly plugin you can just use: https://getkong.org/plugins/loggly/

{
  "name":"loggly",
  "config": {
    "key":"YOUR_LOGGLY_SERVICE_TOKEN"
  }
}

from wicked.haufe.io.

Hi Martin,

Thanks very much for the information here. This is extremely useful. I have configured Galileo and am looking into open source solutions as you mentioned Logstash -> elasticsearch -> Kibana.

I will also keep you updated with our progress on our production environment.

Many thanks,
Aaron

from wicked.haufe.io.