diff --git a/app/_data/docs_nav_gateway_3.0.x.yml b/app/_data/docs_nav_gateway_3.0.x.yml index 80166967a290..994d374f5320 100644 --- a/app/_data/docs_nav_gateway_3.0.x.yml +++ b/app/_data/docs_nav_gateway_3.0.x.yml @@ -4,9 +4,10 @@ generate: true items: - title: Introduction icon: /assets/images/icons/documentation/icn-flag.svg - url: /gateway/ - absolute_url: true items: + - text: Overview of Kong Gateway + url: /gateway/ + absolute_url: true - text: Version Support Policy url: /konnect-platform/support-policy absolute_url: true @@ -200,80 +201,6 @@ items: url: /configure/auth/rbac/add-admin - text: Mapping LDAP Service Directory Groups to Kong Roles url: /configure/auth/service-directory-mapping - - text: Kong Dev Portal - url: /developer-portal/ - items: - - text: Enable the Dev Portal - url: /developer-portal/enable-dev-portal - - text: Structure and File Types - url: /developer-portal/structure-and-file-types - - text: Portal API - url: /developer-portal/portal-api - - text: Working with Templates - url: /developer-portal/working-with-templates - - text: Using the Editor - url: /developer-portal/using-the-editor - # commented out for now, as this redirects to an old doc version - # - text: Networking - # url: /developer-portal/networking - - text: Configuration - items: - - text: Authentication - items: - - text: Basic Auth - url: /developer-portal/configuration/authentication/basic-auth - - text: Key Auth - url: /developer-portal/configuration/authentication/key-auth - - text: OIDC - url: /developer-portal/configuration/authentication/oidc - - text: Sessions - url: /developer-portal/configuration/authentication/sessions - - text: Adding Custom Registration Fields - url: /developer-portal/configuration/authentication/adding-registration-fields - - text: SMTP - url: /developer-portal/configuration/smtp - - text: Workspaces - url: /developer-portal/configuration/workspaces - - text: Administration - items: - - text: Manage Developers - url: /developer-portal/administration/managing-developers - - text: Developer Roles and Content Permissions - url: /developer-portal/administration/developer-permissions - - text: Application Registration - items: - - text: Authorization Provider Strategy - url: /developer-portal/administration/application-registration/auth-provider-strategy - - text: Enable Application Registration - url: /developer-portal/administration/application-registration/enable-application-registration - - text: Enable Key Authentication for Application Registration - url: /developer-portal/administration/application-registration/enable-key-auth-plugin - - text: External OAuth2 Support - url: /developer-portal/administration/application-registration/3rd-party-oauth - - text: Set up Okta and Kong for external OAuth - url: /developer-portal/administration/application-registration/okta-config - - text: Set Up Azure AD and Kong for External Authentication - url: /developer-portal/administration/application-registration/azure-oidc-config - - text: Manage Applications - url: /developer-portal/administration/application-registration/managing-applications - - text: Customization - items: - - text: Easy Theme Editing - url: /developer-portal/theme-customization/easy-theme-editing - - text: Migrating Templates Between Workspaces - url: /developer-portal/theme-customization/migrating-templates - - text: Markdown Rendering Module - url: /developer-portal/theme-customization/markdown-extended - - text: Customizing Portal Emails - url: /developer-portal/theme-customization/emails - - text: Adding and Using JavaScript Assets - url: /developer-portal/theme-customization/adding-javascript-assets - - text: Single Page App in Dev Portal - url: /developer-portal/theme-customization/single-page-app - - text: Alternate OpenAPI Renderer - url: /developer-portal/theme-customization/alternate-openapi-renderer - - text: Helpers CLI - url: /developer-portal/helpers/cli - text: Configure gRPC Plugins url: /configure/grpc @@ -290,6 +217,83 @@ items: - text: Network and Firewall url: /configure/network + - title: Dev Portal + icon: /assets/images/icons/documentation/icn-dev-portal-color.svg + items: + - text: Overview + url: /developer-portal/ + - text: Enable the Dev Portal + url: /developer-portal/enable-dev-portal + - text: Structure and File Types + url: /developer-portal/structure-and-file-types + - text: Portal API + url: /developer-portal/portal-api + - text: Working with Templates + url: /developer-portal/working-with-templates + - text: Using the Editor + url: /developer-portal/using-the-editor + # commented out for now, as this redirects to an old doc version + # - text: Networking + # url: /developer-portal/networking + - text: Configuration + items: + - text: Authentication + items: + - text: Basic Auth + url: /developer-portal/configuration/authentication/basic-auth + - text: Key Auth + url: /developer-portal/configuration/authentication/key-auth + - text: OIDC + url: /developer-portal/configuration/authentication/oidc + - text: Sessions + url: /developer-portal/configuration/authentication/sessions + - text: Adding Custom Registration Fields + url: /developer-portal/configuration/authentication/adding-registration-fields + - text: SMTP + url: /developer-portal/configuration/smtp + - text: Workspaces + url: /developer-portal/configuration/workspaces + - text: Administration + items: + - text: Manage Developers + url: /developer-portal/administration/managing-developers + - text: Developer Roles and Content Permissions + url: /developer-portal/administration/developer-permissions + - text: Application Registration + items: + - text: Authorization Provider Strategy + url: /developer-portal/administration/application-registration/auth-provider-strategy + - text: Enable Application Registration + url: /developer-portal/administration/application-registration/enable-application-registration + - text: Enable Key Authentication for Application Registration + url: /developer-portal/administration/application-registration/enable-key-auth-plugin + - text: External OAuth2 Support + url: /developer-portal/administration/application-registration/3rd-party-oauth + - text: Set up Okta and Kong for external OAuth + url: /developer-portal/administration/application-registration/okta-config + - text: Set Up Azure AD and Kong for External Authentication + url: /developer-portal/administration/application-registration/azure-oidc-config + - text: Manage Applications + url: /developer-portal/administration/application-registration/managing-applications + - text: Customization + items: + - text: Easy Theme Editing + url: /developer-portal/theme-customization/easy-theme-editing + - text: Migrating Templates Between Workspaces + url: /developer-portal/theme-customization/migrating-templates + - text: Markdown Rendering Module + url: /developer-portal/theme-customization/markdown-extended + - text: Customizing Portal Emails + url: /developer-portal/theme-customization/emails + - text: Adding and Using JavaScript Assets + url: /developer-portal/theme-customization/adding-javascript-assets + - text: Single Page App in Dev Portal + url: /developer-portal/theme-customization/single-page-app + - text: Alternate OpenAPI Renderer + url: /developer-portal/theme-customization/alternate-openapi-renderer + - text: Helpers CLI + url: /developer-portal/helpers/cli + - title: Monitor icon: /assets/images/icons/documentation/icn-vitals.svg items: diff --git a/src/gateway/admin-api/index.md b/src/gateway/admin-api/index.md index 68561c54f7a0..8b048a10f9cc 100644 --- a/src/gateway/admin-api/index.md +++ b/src/gateway/admin-api/index.md @@ -6,6 +6,7 @@ # or its associated files instead. # title: Admin API +source_url: https://github.com/Kong/kong/blob/master/autodoc/admin-api/data/admin-api.lua toc: false service_body: | @@ -20,13 +21,13 @@ service_body: | `connect_timeout`
*optional* | The timeout in milliseconds for establishing a connection to the upstream server. Default: `60000`. `write_timeout`
*optional* | The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. Default: `60000`. `read_timeout`
*optional* | The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. Default: `60000`. - `tags`
*optional* | An optional set of strings associated with the Service for grouping and filtering. + `tags`
*optional* | An optional set of strings associated with the Service for grouping and filtering. `client_certificate`
*optional* | Certificate to be used as client certificate while TLS handshaking to the upstream server. With form-encoded, the notation is `client_certificate.id=`. With JSON, use "`"client_certificate":{"id":""}`. - `tls_verify`
*optional* | Whether to enable verification of upstream server TLS certificate. If set to `null`, then the Nginx default is respected. + `tls_verify`
*optional* | Whether to enable verification of upstream server TLS certificate. If set to `null`, then the Nginx default is respected. `tls_verify_depth`
*optional* | Maximum depth of chain while verifying Upstream server's TLS certificate. If set to `null`, then the Nginx default is respected. Default: `null`. `ca_certificates`
*optional* | Array of `CA Certificate` object UUIDs that are used to build the trust store while verifying upstream server's TLS certificate. If set to `null` when Nginx default is respected. If default CA list in Nginx are not specified and TLS verification is enabled, then handshake with upstream server will always fail (because no CA are trusted). With form-encoded, the notation is `ca_certificates[]=4e3ad2e4-0bc4-4638-8e34-c84a417ba39b&ca_certificates[]=51e77dc2-8f3e-4afa-9d0e-0e3bbbcfd515`. With JSON, use an Array. `enabled` | Whether the Service is active. If set to `false`, the proxy behavior will be as if any routes attached to it do not exist (404). Default: `true`. Default: `true`. - `url`
*shorthand-attribute* | Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never returns the URL). + `url`
*shorthand-attribute* | Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never returns the URL). service_json: | { @@ -96,21 +97,21 @@ route_body: | ---:| --- `name`
*optional* | The name of the Route. Route names must be unique, and they are case sensitive. For example, there can be two different Routes named "test" and "Test". `protocols` | An array of the protocols this Route should allow. See the [Route Object](#route-object) section for a list of accepted protocols. When set to only `"https"`, HTTP requests are answered with an upgrade error. When set to only `"http"`, HTTPS requests are answered with an error. Default: `["http", "https"]`. - `methods`
*semi-optional* | A list of HTTP methods that match this Route. + `methods`
*semi-optional* | A list of HTTP methods that match this Route. `hosts`
*semi-optional* | A list of domain names that match this Route. Note that the hosts value is case sensitive. With form-encoded, the notation is `hosts[]=example.com&hosts[]=foo.test`. With JSON, use an Array. `paths`
*semi-optional* | A list of paths that match this Route. With form-encoded, the notation is `paths[]=/foo&paths[]=/bar`. With JSON, use an array. The path can be a regular expression, or a plain text pattern. The path patterns are matched against a normalized path, with most percent-encoded characters decoded, path folding, and preserved semantics. For more details read [rfc3986](https://datatracker.ietf.org/doc/html/rfc3986#section-6). - `headers`
*semi-optional* | One or more lists of values indexed by header name that will cause this Route to match if present in the request. The `Host` header cannot be used with this attribute: hosts should be specified using the `hosts` attribute. + `headers`
*semi-optional* | One or more lists of values indexed by header name that will cause this Route to match if present in the request. The `Host` header cannot be used with this attribute: hosts should be specified using the `hosts` attribute. `https_redirect_status_code` | The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is `HTTP` instead of `HTTPS`. `Location` header is injected by Kong if the field is set to 301, 302, 307 or 308. Accepted values are: `426`, `301`, `302`, `307`, `308`. Default: `426`. `regex_priority`
*optional* | A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same `regex_priority`, the older one (lowest `created_at`) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). Default: `0`. `strip_path` | When matching a Route via one of the `paths`, strip the matching prefix from the upstream request URL. Default: `true`. `path_handling`
*optional* | Controls how the Service path, Route path and requested path are combined when sending a request to the upstream. See above for a detailed description of each behavior. Accepted values are: `"v0"`, `"v1"`. Default: `"v0"`. - `preserve_host` | When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. If set to `false`, the upstream `Host` header will be that of the Service's `host`. + `preserve_host` | When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. If set to `false`, the upstream `Host` header will be that of the Service's `host`. `request_buffering` | Whether to enable request body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that receive data with chunked transfer encoding. Default: `true`. `response_buffering` | Whether to enable response body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that send data with chunked transfer encoding. Default: `true`. - `snis`
*semi-optional* | A list of SNIs that match this Route when using stream routing. - `sources`
*semi-optional* | A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". - `destinations`
*semi-optional* | A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". - `tags`
*optional* | An optional set of strings associated with the Route for grouping and filtering. + `snis`
*semi-optional* | A list of SNIs that match this Route when using stream routing. + `sources`
*semi-optional* | A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". + `destinations`
*semi-optional* | A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". + `tags`
*optional* | An optional set of strings associated with the Route for grouping and filtering. `service`
*optional* | The Service this Route is associated to. This is where the Route proxies traffic to. With form-encoded, the notation is `service.id=` or `service.name=`. With JSON, use "`"service":{"id":""}` or `"service":{"name":""}`. route_json: | @@ -178,9 +179,9 @@ route_data: | consumer_body: | Attributes | Description ---:| --- - `username`
*semi-optional* | The unique username of the Consumer. You must send either this field or `custom_id` with the request. - `custom_id`
*semi-optional* | Field for storing an existing unique ID for the Consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request. - `tags`
*optional* | An optional set of strings associated with the Consumer for grouping and filtering. + `username`
*semi-optional* | The unique username of the Consumer. You must send either this field or `custom_id` with the request. + `custom_id`
*semi-optional* | Field for storing an existing unique ID for the Consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request. + `tags`
*optional* | An optional set of strings associated with the Consumer for grouping and filtering. consumer_json: | { @@ -209,14 +210,14 @@ consumer_data: | plugin_body: | Attributes | Description ---:| --- - `name` | The name of the Plugin that's going to be added. Currently, the Plugin must be installed in every Kong instance separately. + `name` | The name of the Plugin that's going to be added. Currently, the Plugin must be installed in every Kong instance separately. `route`
*optional* | If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the Route being used. Default: `null`.With form-encoded, the notation is `route.id=` or `route.name=`. With JSON, use "`"route":{"id":""}` or `"route":{"name":""}`. `service`
*optional* | If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched. Default: `null`.With form-encoded, the notation is `service.id=` or `service.name=`. With JSON, use "`"service":{"id":""}` or `"service":{"name":""}`. `consumer`
*optional* | If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer. Default: `null`.With form-encoded, the notation is `consumer.id=` or `consumer.username=`. With JSON, use "`"consumer":{"id":""}` or `"consumer":{"username":""}`. - `config`
*optional* | The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/). + `config`
*optional* | The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/). `protocols` | A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support `"tcp"` and `"tls"`. Default: `["grpc", "grpcs", "http",`` "https"]`. `enabled` | Whether the plugin is applied. Default: `true`. - `tags`
*optional* | An optional set of strings associated with the Plugin for grouping and filtering. + `tags`
*optional* | An optional set of strings associated with the Plugin for grouping and filtering. plugin_json: | { @@ -262,10 +263,10 @@ certificate_body: | ---:| --- `cert` | PEM-encoded public certificate chain of the SSL key pair. `key` | PEM-encoded private key of the SSL key pair. - `cert_alt`
*optional* | PEM-encoded public certificate chain of the alternate SSL key pair. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. - `key_alt`
*optional* | PEM-encoded private key of the alternate SSL key pair. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. - `tags`
*optional* | An optional set of strings associated with the Certificate for grouping and filtering. - `snis`
*shorthand-attribute* | An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience. To set this attribute this certificate must have a valid private key associated with it. + `cert_alt`
*optional* | PEM-encoded public certificate chain of the alternate SSL key pair. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. + `key_alt`
*optional* | PEM-encoded private key of the alternate SSL key pair. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. + `tags`
*optional* | An optional set of strings associated with the Certificate for grouping and filtering. + `snis`
*shorthand-attribute* | An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience. To set this attribute this certificate must have a valid private key associated with it. certificate_json: | { @@ -302,7 +303,7 @@ ca_certificate_body: | ---:| --- `cert` | PEM-encoded public certificate of the CA. `cert_digest`
*optional* | SHA256 hex digest of the public certificate. - `tags`
*optional* | An optional set of strings associated with the Certificate for grouping and filtering. + `tags`
*optional* | An optional set of strings associated with the Certificate for grouping and filtering. ca_certificate_json: | { @@ -332,7 +333,7 @@ sni_body: | Attributes | Description ---:| --- `name` | The SNI name to associate with the given certificate. - `tags`
*optional* | An optional set of strings associated with the SNIs for grouping and filtering. + `tags`
*optional* | An optional set of strings associated with the SNIs for grouping and filtering. `certificate` | The id (a UUID) of the certificate with which to associate the SNI hostname. The Certificate must have a valid private key associated with it to be used by the SNI object. With form-encoded, the notation is `certificate.id=`. With JSON, use "`"certificate":{"id":""}`. sni_json: | @@ -394,7 +395,7 @@ upstream_body: | `healthchecks.passive.``healthy.http_statuses`
*optional* | An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks. Default: `[200, 201, 202, 203, 204, 205,`` 206, 207, 208, 226, 300, 301,`` 302, 303, 304, 305, 306, 307,`` 308]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=201`. With JSON, use an Array. `healthchecks.passive.``healthy.successes`
*optional* | Number of successes in proxied traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to consider a target healthy, as observed by passive health checks. Default: `0`. `healthchecks.threshold`
*optional* | The minimum percentage of the upstream's targets' weight that must be available for the whole upstream to be considered healthy. Default: `0`. - `tags`
*optional* | An optional set of strings associated with the Upstream for grouping and filtering. + `tags`
*optional* | An optional set of strings associated with the Upstream for grouping and filtering. `host_header`
*optional* | The hostname to be used as `Host` header when proxying requests through Kong. `client_certificate`
*optional* | If set, the certificate to be used as client certificate while TLS handshaking to the upstream server.With form-encoded, the notation is `client_certificate.id=`. With JSON, use "`"client_certificate":{"id":""}`. @@ -554,9 +555,9 @@ upstream_data: | target_body: | Attributes | Description ---:| --- - `target` | The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the `port` value will be overridden by the value from the DNS record. + `target` | The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the `port` value will be overridden by the value from the DNS record. `weight`
*optional* | The weight this target gets within the upstream loadbalancer (`0`-`65535`). If the hostname resolves to an SRV record, the `weight` value will be overridden by the value from the DNS record. Default: `100`. - `tags`
*optional* | An optional set of strings associated with the Target for grouping and filtering. + `tags`
*optional* | An optional set of strings associated with the Target for grouping and filtering. target_json: | { @@ -588,11 +589,11 @@ target_data: | vaults_beta_body: | Attributes | Description ---:| --- - `prefix` | The unique prefix (or identifier) for this Vault configuration. The prefix is used to load the right Vault configuration and implementation when referencing secrets with the other entities. - `name` | The name of the Vault that's going to be added. Currently, the Vault implementation must be installed in every Kong instance. - `description`
*optional* | The description of the Vault entity. - `config`
*optional* | The configuration properties for the Vault which can be found on the vaults' documentation page. - `tags`
*optional* | An optional set of strings associated with the Vault for grouping and filtering. + `prefix` | The unique prefix (or identifier) for this Vault configuration. The prefix is used to load the right Vault configuration and implementation when referencing secrets with the other entities. + `name` | The name of the Vault that's going to be added. Currently, the Vault implementation must be installed in every Kong instance. + `description`
*optional* | The description of the Vault entity. + `config`
*optional* | The configuration properties for the Vault which can be found on the vaults' documentation page. + `tags`
*optional* | An optional set of strings associated with the Vault for grouping and filtering. vaults_beta_json: | { diff --git a/src/gateway/configure/auth/kong-manager/sessions.md b/src/gateway/configure/auth/kong-manager/sessions.md index ca8a128df3aa..371e233cd628 100644 --- a/src/gateway/configure/auth/kong-manager/sessions.md +++ b/src/gateway/configure/auth/kong-manager/sessions.md @@ -72,7 +72,7 @@ The following properties must be altered depending on the protocol and domains i * If using different domains for the Admin API and Kong Manager: `"cookie_samesite": "off"` {:.important} -> **Important:** Sessions are not invalidated when a user logs out if `"storage": "cookie"` (the default) is used. In that case, the cookie is deleted client-side. Only when session data is stored server-side with `"storage": "kong"` set is the session actively invalidated. +> **Important:** Sessions are not invalidated when a user logs out if `"storage": "cookie"` (the default) is used. In that case, the cookie is deleted client-side. Only when session data is stored server-side with `"storage": "kong"` set is the session actively invalidated. ## Example Configurations @@ -84,8 +84,8 @@ the following configuration could be used for Basic Auth: enforce_rbac = on admin_gui_auth = basic-auth admin_gui_session_conf = { - "cookie_name":"$4m04$" - "secret":"change-this-secret" + "cookie_name":"$4m04$", + "secret":"change-this-secret", "storage":"kong" } ``` @@ -96,9 +96,9 @@ In testing, if using HTTP, the following configuration could be used instead: enforce_rbac = on admin_gui_auth = basic-auth admin_gui_session_conf = { - "cookie_name":"04tm34l" - "secret":"change-this-secret" - "storage":"kong" + "cookie_name":"04tm34l", + "secret":"change-this-secret", + "storage":"kong", "cookie_secure":false } ``` diff --git a/src/gateway/configure/graphql-quickstart.md b/src/gateway/configure/graphql-quickstart.md index dfdad5529c1b..4f3a64e77365 100644 --- a/src/gateway/configure/graphql-quickstart.md +++ b/src/gateway/configure/graphql-quickstart.md @@ -5,7 +5,7 @@ badge: enterprise GraphQL decouples apps from services by introducing a flexible query language. Instead of a custom API for each screen, app developers describe the data they need, service developers describe what they can supply, and GraphQL automatically matches the two together. Teams ship faster across more platforms, with new levels of visibility and control over the use of their data. To learn more about how teams benefit, read why [GraphQL is important](https://www.apollographql.com/why-graphql/). -{{site.base_gateway}} is an API gateway and platform. That means it is a form of middleware between computing clients and your API-based applications. {{site.base_gateway}} quickly and consistently extends the features of your APIs. Some of the popular features deployed through {{site.base_gateway}} include authentication, security, traffic control, serverless, analytics & monitoring, request/response transformations, and logging. To learn more about these features, see the [Hub page](https://docs.konghq.com/hub/) for plugins. For more about the benefits of Kong in general, please see the [FAQ](https://konghq.com/faqs/). +{{site.base_gateway}} is an API gateway and platform. That means it is a form of middleware between computing clients and your API-based applications. {{site.base_gateway}} quickly and consistently extends the features of your APIs. Some of the popular features deployed through {{site.base_gateway}} include authentication, security, traffic control, serverless, analytics & monitoring, request/response transformations, and logging. To learn more about these features, see the [Hub page](/hub/) for plugins. For more about the benefits of Kong in general, please see the [FAQ](https://konghq.com/faqs). The GraphQL paradigm differs from traditional API-based systems. Depending on the resolver implementation details, one query can potentially generate an arbitrary number of requests. Proxy caching and rate limiting on top of GraphQL is key but usually overlooked as a hard problem to solve, since traditional proxy-caching and rate-limiting is not a good fit for GraphQL. diff --git a/src/gateway/developer-portal/administration/managing-developers.md b/src/gateway/developer-portal/administration/managing-developers.md index 87b08f3ef52b..4a88c700d556 100644 --- a/src/gateway/developer-portal/administration/managing-developers.md +++ b/src/gateway/developer-portal/administration/managing-developers.md @@ -61,87 +61,6 @@ Each developer is bcc'd by default for privacy. You may choose to edit the messa ![Invite Developers](https://konghq.com/wp-content/uploads/2018/05/invite-developers.png) - ## Developer Management Property Reference - -### portal_auto_approve - -**Default:** `off` - -**Description:** -Dev Portal Auto Approve Access. - -When set to `on`, a developer will automatically be marked as `approved` after -completing Dev Portal registration. Access can still be revoked through -Kong Manager or the API. - -When set to `off`, a Kong admin will have to manually approve the Developer -using Kong Manager or the API. - - -### portal_invite_email - -**Default:** `on` - -**Description:** -When enabled, Kong admins can invite developers to a Dev Portal by using -the Invite button in Kong Manager. - - -### portal_access_request_email - -**Default:** `on` - -**Description:** -When enabled, Kong admins specified by `smtp_admin_emails` will receive an email -when a developer requests access to a Dev Portal. - -When disabled, Kong admins will have to manually check the Kong Manager to view -any requests. - - -### portal_approved_email - -**Default:** `on` - -**Description:** -When enabled, developers will receive an email when access to a Dev Portal has -been approved. - -When disabled, developers will receive no indication that they have been -approved. It is suggested to only disable this feature if `portal_auto_approve` -is enabled. - - -### portal_reset_email - -**Default:** `on` - -**Description:** -When enabled, developers will be able to use the Reset Password flow on a Dev -Portal and will receive an email with password reset instructions. - -When disabled, developers will *not* be able to reset their account passwords. -Kong Admins will have to manually create new credentials for the Developer in -the Kong Manager. - -### portal_token_exp - -**Default:** `21600` - -**Description:** -Duration in seconds for the expiration of the Dev Portal reset password token. -Default is `21600` (six hours). - - -### portal_reset_success_email - -**Default:** `on` - -**Description:** -When enabled, developers will receive an email after successfully resetting -their Dev Portal account password. - -When disabled, developers will still be able to reset their account passwords, -but will not receive a confirmation email. +For comprehensive documentation on developer management properties, see [Default Developer Portal Authentication](/gateway/{{page.kong_version}}/reference/configuration/#default-developer-portal-authentication-section). diff --git a/src/gateway/developer-portal/configuration/smtp.md b/src/gateway/developer-portal/configuration/smtp.md index b62d24c909b9..5dc7bfbb4206 100644 --- a/src/gateway/developer-portal/configuration/smtp.md +++ b/src/gateway/developer-portal/configuration/smtp.md @@ -3,11 +3,13 @@ title: Dev Portal SMTP Configuration badge: enterprise --- -The following property reference outlines each email and email variable used by the Dev Portal to send emails to Kong admins and developers. +Dev Portal enables SMTP configuration via email variables, which are used by the Dev Portal to send emails to Kong admins and developers. + +For comprehensive documentation on SMTP configuration properties, see [Default Portal SMTP Configuration](/gateway/{{page.kong_version}}/reference/configuration/#default-portal-smtp-configuration-section). These settings can be modified in the `Kong Manager` under the Dev Portal `Settings / Email` tab, or by running the following command: -``` +```bash curl http://localhost:8001/workspaces/ \ --data "config.=off" ``` @@ -15,135 +17,3 @@ curl http://localhost:8001/workspaces/ \ If they are not modified manually, the Dev Portal will use the default value defined in the Kong Configuration file. Dev Portal email content and styling can be customized via [template files](/gateway/{{page.kong_version}}/developer-portal/theme-customization/emails/). - -## portal_invite_email - -**Default:** `on` - -**Description:** -When enabled, Kong admins will be able to invite developers to a Dev Portal by using the Invite button in the Kong Manager. - -**Email:** -``` -Subject: Invite to access Dev Portal - -Hello Developer! - -You have been invited to create a Dev Portal account at %s. -Please visit `` to create your account. -``` - - -## portal_email_verification - -**Default:** `off` - -**Description:** -When enabled, developers will receive an email upon registration to verify their account. Developers will not be able to use the Dev Portal until their account is verified, even if auto-approve is enabled. - - -## portal_access_request_email - -**Default:** `on` - -**Description:** -When enabled, Kong Admins specified by `smtp_admin_emails` will receive an email when a Developer requests access to a Dev Portal. - -``` -Subject: Request to access Dev Portal - -Hello Admin! - - has requested Dev Portal access for . -Please visit to review this request. -``` - - -## portal_approved_email - -**Default:** `on` - -**Description:** -When enabled, developers will receive an email when access to a Dev Portal has been approved. - -``` -Subject: Dev Portal access approved - -Hello Developer! -You have been approved to access . -Please visit to login. - -``` - -## portal_reset_email - -**Default:** `on` - -**Description:** -When enabled, developers will be able to use the Reset Password flow on a Dev Portal and will receive an email with password reset instructions. - -When disabled, developers will *not* be able to reset their account passwords. - -``` -Subject: Password Reset Instructions for Dev Portal . - -Hello Developer, - -Please click the link below to reset your Dev Portal password. - - - -This link will expire in - -If you didn't make this request, keep your account secure by clicking -the link above to change your password. -``` - -## portal_reset_success_email - -**Default:** `on` - -**Description:** -When enabled, developers will receive an email after successfully resetting their Dev Portal account password. - -When disabled, developers will still be able to reset their account passwords, but will not receive a confirmation email. - -``` -Subject: Dev Portal password change success - -Hello Developer, -We are emailing you to let you know that your Dev Portal password at has been changed. - -Click the link below to sign in with your new credentials. - - -``` - - -## portal_emails_from - -**Default:** `nil` - -**Description:** -The name and email address for the 'From' header included in all Dev Portal emails. - -**Example :** - -``` -portal_emails_from = Your Name -``` - - -## portal_emails_reply_to - -**Default:** `nil` - -**Description:** -The email address for the 'Reply-To' header included in all Dev Portal emails. - - -**Example :** - -``` -portal_emails_reply_to: noreply@example.com -``` diff --git a/src/gateway/developer-portal/theme-customization/emails.md b/src/gateway/developer-portal/theme-customization/emails.md index cd00aace8fe8..c2371318bca7 100644 --- a/src/gateway/developer-portal/theme-customization/emails.md +++ b/src/gateway/developer-portal/theme-customization/emails.md @@ -57,13 +57,13 @@ The body of the email is HTML content. You can reference the tokens allowed for |--- |--- |--- |--- | |emails/invite.txt | `{{portal.gui_url}}` `{{email.developer_email}}` | `{{portal.gui_url}}` |email sent to developer who is invited to a portal from the manager | |--- |--- |--- |--- | -|emails/request-access.txt |`{{portal.gui_url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.admin_url}}` |`{{portal.gui_url}}` `{{email.developer_email}}` |email sent to admin when a developer signs up for portal, in order to approve the developer | -|emails/approved-access.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` |`{{portal.gui_url}}` |email sent to developer when their account is approved | -|emails/password-reset.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.token}}` `{{email.token_exp}}` `{{email.reset_url}}` |`{{portal.url}}` `{{email.token}}` or `{{email.reset_url}}` |email sent to developer when a password reset is requested (basic-auth only) | -|emails/password-reset-success.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` |`{{portal.url}}` |email sent to developer when a password reset is successful (basic-auth only) | -|emails/account-verification.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.token}}` `{{email.verify_url}}` `{{email.invalidate_url}}` |`{{portal.url}}` `{{email.token}}` or both `{{email.verify_url}}` and `{{email.invalidate_url}} ` |email sent to developer when portal_email_verification is on to verify developer email (basic-auth only) | -|emails/account-verification-approved.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` |`{{portal.url}}` |email sent to developer when portal_email_verification is on and developer has verified email and developer has been approved by admin/auto-approve is on (basic-auth only) | -|emails/account-verification-pending.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` |`{{portal.url}}` |email sent to developer when portal_email_verification is on and developer has verified email and developer has yet to be approved by admin (basic-auth only) | +|emails/request-access.txt |`{{portal.gui_url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` `{{email.admin_url}}` |`{{portal.gui_url}}` `{{email.developer_email}}` |email sent to admin when a developer signs up for portal, in order to approve the developer | +|emails/approved-access.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` |`{{portal.gui_url}}` |email sent to developer when their account is approved | +|emails/password-reset.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` `{{email.token}}` `{{email.token_exp}}` `{{email.reset_url}}` |`{{portal.url}}` `{{email.token}}` or `{{email.reset_url}}` |email sent to developer when a password reset is requested (basic-auth only) | +|emails/password-reset-success.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` |`{{portal.url}}` |email sent to developer when a password reset is successful (basic-auth only) | +|emails/account-verification.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` `{{email.token}}` `{{email.verify_url}}` `{{email.invalidate_url}}` |`{{portal.url}}` `{{email.token}}` or both `{{email.verify_url}}` and `{{email.invalidate_url}} ` |email sent to developer when portal_email_verification is on to verify developer email (basic-auth only) | +|emails/account-verification-approved.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` |`{{portal.url}}` |email sent to developer when portal_email_verification is on and developer has verified email and developer has been approved by admin/auto-approve is on (basic-auth only) | +|emails/account-verification-pending.txt |`{{portal.url}}` `{{email.developer_email}}` `{{email.developer_name}}` `{{email.developer_meta.*}}` |`{{portal.url}}` |email sent to developer when portal_email_verification is on and developer has verified email and developer has yet to be approved by admin (basic-auth only) | {% endraw %} ## Token Descriptions @@ -73,9 +73,10 @@ The body of the email is HTML content. You can reference the tokens allowed for |--- |--- | |`{{portal.url}}` |Dev Portal URL for the workspace | |--- |--- | -|`{{email.developer_email}}` |Developers email | -|`{{email.developer_name}}` |Developers full name, this value is collected as part of registration by default. If meta-fields are edited to not include full_name then this will fallback to email | -|`{{email.admin_url}}` |Kong Manger URL | +|`{{email.developer_email}}` |Developer's email | +|`{{email.developer_name}}` |Developer's full name, this value is collected as part of registration by default. If meta-fields are edited to not include full_name then this will fallback to email | +|`{{email.developer_meta.*}}` |Developer's meta-fields, these value are collected as part of registration. They must be configured prior to registration. If the value doesn't exist or is optional and blank, it will display as an empty string. If the `developer_meta` configuration doesn't specify the field, it will appear as-is without replacement, e.g. `{{email.developer_meta.preferred_name}}`| +|`{{email.admin_url}}` |Kong Manager URL | |`{{email.reset_url}}` |Dev Portal full URL for resetting password (assumes default path for password reset) | |`{{email.token_exp}}` |Human readable string for amount of time from sending of email, password reset token/url is valid. | |`{{email.verify_url}}` |Link to verify account (assumes default path for account verification)) | diff --git a/src/gateway/developer-portal/working-with-templates.md b/src/gateway/developer-portal/working-with-templates.md index 8eddba3d2293..a27be4f4ab96 100644 --- a/src/gateway/developer-portal/working-with-templates.md +++ b/src/gateway/developer-portal/working-with-templates.md @@ -10,7 +10,7 @@ Kong Portal is built on top of the `lua-resty-template` templating library, whic You may use the following tags in templates: {% raw %} -* `{{expression}}`, writes result of expression - html escaped +* `{{expression}}`, writes result of expression - HTML escaped * `{*expression*}`, writes result of expression * `{% lua code %}`, executes Lua code * `{(path-to-partial)}`, include `partial` file by path, you may also supply context for the file `{(partials/header.html, { message = "Hello, World" } )}` @@ -26,7 +26,7 @@ You may work with custom properties in your OpenAPI spec. To expose custom prope ## Partials -Partials are snippets of html that layouts can reference. Partials have access to all the same data that its layout does, and can even call other partials. Breaking your code into partials can help organize large pages, as well as allow different layouts share common page elements. +Partials are snippets of HTML that layouts can reference. Partials have access to all the same data that its layout does, and can even call other partials. Breaking your code into partials can help organize large pages, as well as allow different layouts share common page elements. ### content/index.txt @@ -232,7 +232,7 @@ collections: {% endraw %} Above you can see a `collections` object was declared, which is made up of individual collection configurations. In this example, you are configuring a collection called `posts`. The renderer looks for a root directory called `_posts` within the `content` folder for individual pages to render. If you created another collection conf called `animals`, the renderer would look for a directory called `_animals` for content files to render. - + Each configuration item is made up of a few parts: - `output` - **required**: false @@ -253,7 +253,7 @@ Each configuration item is made up of a few parts: - **required**: true - **type**: `string` - **description**: The `layout` attribute determines what HTML layout the collections use to render. The path root is accessed from within the current themes `layouts` directory. - + ### content/_posts/post1.md {% raw %} @@ -310,7 +310,7 @@ From `/blog/posts/post2`: ## Kong Template Helpers - Lua API Kong Template Helpers are a collection of objects that give access to your portal data at the time of render and provide powerful integrations into Kong. -Globals: +Global: - [`l`](#lkey-fallback) - Locale helper, first version, gets values from the currently active page. - [`each`](#eachlist_or_table) - Commonly used helper to iterate over lists or tables. @@ -333,7 +333,7 @@ Objects: Terminology / Definitions: - `list` - Also referred to commonly as an array (`[1, 2, 3]`) in Lua is a table-like object (`{1, 2, 3}`). Lua list index starts at `1` not `0`. Values can be accessed by array notation (`list[1]`). -- `table` - Also commonly known as an object or hashmap (`{1: 2}`) in Lua looks like (`{1 = 2}`). Values can be accessed by array or dot notation (`table.one or table["one"]`). +- `table` - Also commonly known as an object or HashMap (`{1: 2}`) in Lua looks like (`{1 = 2}`). Values can be accessed by array or dot notation (`table.one or table["one"]`). ### l(key, fallback) @@ -459,7 +459,7 @@ Template (Table): ### print(any) -Returns stringified output of input value. +Returns the output of an input value as a string. #### Return Type @@ -489,7 +489,7 @@ string #### Usage -Template (string as arg): +Template (string as an argument): {% raw %} ```lua @@ -497,7 +497,7 @@ Template (string as arg): ``` {% endraw %} -Template (content val as arg): +Template (content val as an argument): {% raw %} ```lua @@ -557,8 +557,7 @@ Template: - [`portal.specs_by_tag`](#portalspecs_by_tag) - [`portal.developer_meta_fields`](#portaldeveloper_meta_fields) - -You can access the current workspace's portal config directly on the `portal` object like so: +You can access the current workspace portal config directly on the `portal` object like so: ```lua portal[config_key] or portal.config_key @@ -960,7 +959,7 @@ Template: #### page.body -Returns the body of the current page as a string. If the route's content file has a `.md` or `.markdown` extension, the body will be parsed from markdown to html. +Returns the body of the current page as a string. If the route's content file has a `.md` or `.markdown` extension, the body will be parsed from markdown to HTML. ##### Return Type @@ -1302,6 +1301,7 @@ Table containing useful string helper methods. {% endraw %} #### Methods + ##### str.[byte](https://www.gammon.com.au/scripts/doc.php?lua=string.byte) ##### str.[char](https://www.gammon.com.au/scripts/doc.php?lua=string.char) ##### str.[dump](https://www.gammon.com.au/scripts/doc.php?lua=string.dump) @@ -1347,7 +1347,7 @@ Table containing useful string helper methods. ##### str.[title](https://stevedonovan.github.io/Penlight/api/libraries/pl.stringx.html#title) ##### str.[shorten](https://stevedonovan.github.io/Penlight/api/libraries/pl.stringx.html#shorten) ##### str.[quote_string](https://stevedonovan.github.io/Penlight/api/libraries/pl.stringx.html#quote_string) - + ### tbl @@ -1367,6 +1367,7 @@ Table containing useful table helper methods {% endraw %} #### Methods + ##### tbl.[getn](https://www.gammon.com.au/scripts/doc.php?lua=table.getn) ##### tbl.[setn](https://www.gammon.com.au/scripts/doc.php?lua=table.setn) ##### tbl.[maxn](https://www.gammon.com.au/scripts/doc.php?lua=table.maxn) @@ -1412,3 +1413,4 @@ Table containing useful table helper methods ##### tbl.[merge](https://stevedonovan.github.io/Penlight/api/libraries/pl.tablex.html#merge) ##### tbl.[difference](https://stevedonovan.github.io/Penlight/api/libraries/pl.tablex.html#difference) ##### tbl.[zip](https://stevedonovan.github.io/Penlight/api/libraries/pl.tablex.html#zip) + diff --git a/src/gateway/get-started/comprehensive/expose-services.md b/src/gateway/get-started/comprehensive/expose-services.md index 682bb14a36c2..53e0ae45ea7d 100644 --- a/src/gateway/get-started/comprehensive/expose-services.md +++ b/src/gateway/get-started/comprehensive/expose-services.md @@ -71,14 +71,14 @@ The service is created, and the page automatically redirects back to the {% navtabs codeblock %} {% navtab cURL %} ```sh -curl -i -X POST http://:8001/services \ +curl -i -X POST http://:8001/services \ --data name=example_service \ --data url='http://mockbin.org' ``` {% endnavtab %} {% navtab HTTPie %} ```sh -http POST :8001/services \ +http POST http://:8001/services \ name=example_service \ url='http://mockbin.org' ``` @@ -99,7 +99,7 @@ curl -i http://:8001/services/example_service {% endnavtab %} {% navtab HTTPie %} ```sh -http :8001/services/example_service +http http://:8001/services/example_service ``` {% endnavtab %} {% endnavtabs %} @@ -288,17 +288,16 @@ A `201` message indicates the Route was created successfully. ## Verify the Route is forwarding requests to the Service +By default, {{site.base_gateway}} handles proxy requests on port `8000`. The proxy is often referred to as the data plane. + {% navtabs %} {% navtab Using a Web Browser %} -By default, {{site.base_gateway}} handles proxy requests on port `:8000`. - -From a web browser, enter `http://:8000/mock`. +From a web browser, navigate to `http://:8000/mock/request`. {% endnavtab %} -{% navtab Using the Admin API %} -Using the Admin API, issue the following: +{% navtab Using the Admin API %} {% navtabs codeblock %} @@ -309,7 +308,7 @@ curl -i -X GET http://:8000/mock/request {% endnavtab %} {% navtab HTTPie %} ```sh -http :8000/mock/request +http http://:8000/mock/request ``` {% endnavtab %} {% endnavtabs %} diff --git a/src/gateway/get-started/comprehensive/secure-services.md b/src/gateway/get-started/comprehensive/secure-services.md index a2334cb46ca6..4b69e71cb985 100644 --- a/src/gateway/get-started/comprehensive/secure-services.md +++ b/src/gateway/get-started/comprehensive/secure-services.md @@ -27,7 +27,7 @@ With authentication turned on, {{site.base_gateway}} won’t proxy requests unle In this example, you’re going to enable the **Key Authentication plugin**. API key authentication is one of the most popular ways to conduct API authentication and can be implemented to create and delete access keys as required. -For more information, see [What is API Gateway Authentication?](https://konghq.com/learning-center/api-gateway/api-gateway-authentication/). +For more information, see [What is API Gateway Authentication?](https://konghq.com/learning-center/api-gateway/api-gateway-authentication). ## Set up the Key Authentication Plugin diff --git a/src/gateway/get-started/quickstart/configuring-a-service.md b/src/gateway/get-started/quickstart/configuring-a-service.md index 34d41b21540d..4981cbfeb859 100644 --- a/src/gateway/get-started/quickstart/configuring-a-service.md +++ b/src/gateway/get-started/quickstart/configuring-a-service.md @@ -3,29 +3,29 @@ title: Configuring a Service --- In this section, you'll be adding an API to Kong. In order to do this, you'll -first need to add a _Service_; that is the name Kong uses to refer to the upstream APIs and microservices +first need to add a [Service](/gateway/{{page.kong_version}}/admin-api/#service-object); that is the name Kong uses to refer to the upstream APIs and microservices it manages. For the purpose of this guide, we'll create a Service pointing to the [Mockbin API][mockbin]. Mockbin is an "echo" type public website which returns the requests it gets back to the requester, as responses. This makes it helpful for learning how Kong proxies your API requests. -Before you can start making requests against the Service, you will need to add a _Route_ to it. -Routes specify how (and _if_) requests are sent to their Services after they reach Kong. A single -Service can have many Routes. +Before you can start making requests against the Service, you will need to add a [Route](/gateway/{{page.kong_version}}/admin-api/#route-object) to it. +Routes specify how (and if) requests are sent to their Services after they reach Kong. There can be multiple Routes to a Service. -After configuring the Service and the Route, you'll be able to make requests through Kong using them. +After configuring the Service and a Route, you'll be able to proxy a request through Kong to Mockbin. -Kong exposes a [RESTful Admin API][API] on port `:8001`. Kong's configuration, including adding Services and -Routes, is made via requests on that API. +By default, Kong exposes a [RESTful Admin API][API] on port `8001`. +You can use the Admin API to modify Kong's configuration, including adding +Services and Routes. ## Before you start You have installed and started {{site.base_gateway}}, either through the [Docker quickstart](/gateway/{{page.kong_version}}/get-started/quickstart) or a more [comprehensive installation](/gateway/{{page.kong_version}}/install-and-run). -## 1. Add your Service using the Admin API +## 1. Add a Service using the Admin API -Issue the following cURL request to add your first Service (pointing to the [Mockbin API][mockbin]) -to Kong: +Issue the following `POST` request to add your first Service to Kong. +This instructs Kong to create a new Service named `example-service` which will accept traffic at `http://mockbin.org`. ```bash curl -i -X POST \ @@ -60,6 +60,10 @@ Connection: keep-alive ## 2. Add a Route for the Service +Issue the following `POST` request to add a Route to the `example-service`. +Here, we are instructing Kong to proxy requests with a `Host` header that contains +`example.com` to the `example-service`. + ```bash curl -i -X POST \ --url http://localhost:8001/services/example-service/routes \ @@ -99,9 +103,8 @@ Kong is now aware of your Service and ready to proxy requests. ## 3. Forward your requests through Kong -Issue the following cURL request to verify that Kong is properly forwarding -requests to your Service. Note that [by default][proxy-port] Kong handles proxy -requests on port `:8000`: +Issue the following request to verify that Kong is properly forwarding +requests with the `Host` header to the `example-service`. Take note that proxy requests are handled on port `8000` [by default][proxy-port]. ```bash curl -i -X GET \ @@ -109,14 +112,7 @@ curl -i -X GET \ --header 'Host: example.com' ``` -A successful response means Kong is now forwarding requests made to -`http://localhost:8000` to the `url` we configured in step #1, -and is forwarding the response back to us. Kong knows to do this through -the header defined in the above cURL request: - -
    -
  • Host: <given host>
    • -
+A successful response means Kong is now forwarding requests with a `Host: example.com` header to the Mockbin Service we configured in step #1.
diff --git a/src/gateway/index.md b/src/gateway/index.md index 95db9a233909..715ae77ad81f 100644 --- a/src/gateway/index.md +++ b/src/gateway/index.md @@ -18,9 +18,9 @@ With {{site.base_gateway}}, users can: * Create a thriving API developer ecosystem * Proactively identify API-related anomalies and threats * Secure and govern APIs/services, and improve API visibility across the -entire organization +entire organization. -## Extending the Kong Gateway +## Extending the {{site.base_gateway}} {{site.base_gateway}} is a Lua application running in Nginx. {{site.base_gateway}} is distributed along with [OpenResty](https://openresty.org/), which is a bundle @@ -43,20 +43,20 @@ the [PDK reference](/gateway/{{page.kong_version}}/pdk), and the guide on {{site.base_gateway}} is available in the following modes: -**Kong Gateway (OSS)**: an open-source package containing the basic API gateway +**{{site.base_gateway}} (OSS)**: an open-source package containing the basic API gateway functionality and open-source plugins. You can manage the open-source Gateway with Kong's [Admin API](#kong-admin-api) or with [declarative configuration](#deck). -**Kong Gateway** (available in +**{{site.base_gateway}}** (available in [Free, Plus, or Enterprise modes](https://konghq.com/pricing)): Kong's API gateway with added functionality. -* In **Free mode** , +* In **Free mode**, this package adds [Kong Manager](#kong-manager) to the basic open-source functionality. -* In **Plus mode** , you have access to more +* In **Plus mode**, you have access to more {{site.base_gateway}} features, but only through {{site.konnect_saas}}. See the [{{site.konnect_saas}} documentation](/konnect/) and the **Plus**-labelled plugins on the [Plugin Hub](/hub/) for more information. -* With an **Enterprise** subscription , +* With an **Enterprise** subscription, it also includes: * [Dev Portal](#kong-dev-portal) * [Vitals](#kong-vitals) @@ -89,6 +89,12 @@ using the Kong Admin API. ### Kong Manager {:.badge .free} +{:.note} +> **Note**: If you are running Kong in traditional mode, increased traffic could +> lead to potential performance with Kong Proxy. +> Server-side sorting and filtering large quantities of entities will also cause increased CPU usage in both Kong CP and database. + + [Kong Manager](/gateway/{{page.kong_version}}/configure/auth/kong-manager) is the graphical user interface (GUI) for {{site.base_gateway}}. It uses the Kong Admin API under the hood to administer and control {{site.base_gateway}}. @@ -116,7 +122,7 @@ object-level health using intuitive, customizable dashboards {{site.base_gateway}} can run natively on Kubernetes with its custom [ingress controller](/kubernetes-ingress-controller/), Helm chart, and Operator. A Kubernetes ingress controller is a proxy that exposes Kubernetes services from applications (for example, Deployments, ReplicaSets) running on a Kubernetes cluster to client applications running outside of the cluster. The intent of an ingress controller is to provide a single point of control for all incoming traffic into the Kubernetes cluster. -### Kong Gateway plugins +### {{site.base_gateway}} plugins [{{site.base_gateway}} plugins](/hub/) provide advanced functionality to better manage your API and microservices. With turnkey capabilities to meet the most challenging use cases, {{site.base_gateway}} plugins ensure maximum control and minimizes unnecessary overhead. Enable features like authentication, rate-limiting, and transformations by enabling {{site.base_gateway}} plugins through Kong Manager or the Admin API. @@ -129,17 +135,17 @@ Kong also provides API lifecycle management tools that you can use with {{site.b ### decK [decK](/deck) helps manage {{site.base_gateway}}’s configuration in a declarative fashion. -This means that a developer can define the desired state of Kong Gateway or -Konnect – services, routes, plugins, and more – and let decK handle +This means that a developer can define the desired state of {{site.base_gateway}} or +{{site.konnect_short_name}} – services, routes, plugins, and more – and let decK handle implementation without needing to execute each step manually, as you would with the Kong Admin API. -## Get started with Kong Gateway +## Get started with {{site.base_gateway}} -[Download and install Kong Gateway](/gateway/{{page.kong_version}}/install-and-run). +[Download and install {{site.base_gateway}}](/gateway/{{page.kong_version}}/install-and-run). To test it out, you can choose either the open-source package, or -run Kong Gateway in free mode and also try out Kong Manager. +run {{site.base_gateway}} in free mode and also try out Kong Manager. After installation, get started with one of our introductory guides: * **[Quickstart](/gateway/{{page.kong_version}}/get-started/quickstart)**: An introduction to @@ -149,7 +155,7 @@ The complete {{site.base_gateway}} getting started guide provides in-depth examples, explanations, and step-by-step instructions, and explores Kong's many available tools for managing the gateway. -### Try in Konnect +### Try in {{site.konnect_short_name}} [{{site.konnect_product_name}}](/konnect/) can manage {{site.base_gateway}} instances. With this setup, Kong hosts the control plane and you host your diff --git a/src/gateway/install-and-run/amazon-linux.md b/src/gateway/install-and-run/amazon-linux.md index cc725cdcdbe3..7f6272042679 100644 --- a/src/gateway/install-and-run/amazon-linux.md +++ b/src/gateway/install-and-run/amazon-linux.md @@ -3,7 +3,7 @@ title: Install Kong Gateway on Amazon Linux --- The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). Kong is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). @@ -19,12 +19,12 @@ You can install {{site.base_gateway}} by downloading an installation package or {% navtabs %} {% navtab Package %} -Install {{site.base_gateway}} on Debian from the command line. +Install {{site.base_gateway}} on Amazon Linux from the command line. 1. Download the Kong package: {% capture download_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.amzn2.noarch.rpm "{{ site.links.download }}/gateway-2.x-amazonlinux-2/Packages/k/kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.amzn2.noarch.rpm" @@ -35,7 +35,7 @@ curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-ver curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.aws.amd64.rpm "{{ site.links.download }}/gateway-2.x-amazonlinux-2/Packages/k/kong-{{page.kong_versions[page.version-index].ce-version}}.aws.amd64.rpm" ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ download_package | indent | replace: " ", "" }} @@ -43,7 +43,7 @@ curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.aws.amd64.rp 2. Install the package: {% capture install_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.amzn2.noarch.rpm @@ -54,7 +54,7 @@ sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index sudo yum install kong-{{page.kong_versions[page.version-index].ce-version}}.aws.amd64.rpm ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_package | indent | replace: " ", "" }} @@ -72,7 +72,7 @@ Install the YUM repository from the command line. 2. Install Kong: {% capture install_from_repo %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}} @@ -83,7 +83,7 @@ sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index sudo yum install kong-{{page.kong_versions[page.version-index].ce-version}} ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_from_repo | indent | replace: " ", "" }} diff --git a/src/gateway/install-and-run/centos.md b/src/gateway/install-and-run/centos.md index 66a05a000131..51f5810b9b54 100644 --- a/src/gateway/install-and-run/centos.md +++ b/src/gateway/install-and-run/centos.md @@ -12,23 +12,9 @@ Starting with Kong Gateway 2.8.0.0, Kong is not building new open-source CentOS > Kong Gateway Enterprise subscriptions can still use CentOS in 2.8, but support for CentOS is planned to be removed in 3.0. - - - -{:.install-banner} -> Download the latest **Kong Gateway {{page.kong_version}}** package for Centos: -> * [**CentOS 7**]({{ site.links.download }}/gateway-2.x-centos-7/Packages/k/kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.el7.noarch.rpm){:.install-link} -> * [**CentOS 8**]({{ site.links.download }}/gateway-2.x-centos-8/Packages/k/kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.el8.noarch.rpm){:.install-link} -> -> (latest version: {{page.kong_versions[page.version-index].ee-version}}) ->

-> View the list of all 2.x packages for -> [**CentOS 7**]({{ site.links.download }}/gateway-2.x-centos-7/Packages/k/){:.install-listing-link} or -> [**CentOS 8**]({{ site.links.download }}/gateway-2.x-centos-8/Packages/k/){:.install-listing-link} - The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). Kong is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). diff --git a/src/gateway/install-and-run/debian.md b/src/gateway/install-and-run/debian.md index 1ef9ca87bb8b..322a601f0967 100644 --- a/src/gateway/install-and-run/debian.md +++ b/src/gateway/install-and-run/debian.md @@ -3,7 +3,7 @@ title: Install Kong Gateway on Debian --- The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). {{site.ce_product_name}} is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). @@ -28,10 +28,10 @@ Install {{site.base_gateway}} on Debian from the command line. 1. Download the Kong package: {% capture download_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash -curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.all.deb "{{ site.links.download }}/gateway-2.x-debian-$(lsb_release -cs)/pool/all/k/kong-enterprise-edition/kong_{{page.kong_versions[page.version-index].ee-version}}_all.deb" +curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.all.deb "{{ site.links.download }}/gateway-2.x-debian-$(lsb_release -cs)/pool/all/k/kong-enterprise-edition/kong-enterprise-edition_{{page.kong_versions[page.version-index].ee-version}}_all.deb" ``` {% endnavtab %} {% navtab Kong Gateway (OSS) %} @@ -39,7 +39,7 @@ curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-ver curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb "{{ site.links.download }}/gateway-2.x-debian-$(lsb_release -cs)/pool/all/k/kong/kong_{{page.kong_versions[page.version-index].ce-version}}_amd64.deb" ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ download_package | indent | replace: " ", "" }} @@ -47,7 +47,7 @@ curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb "{ 2. Install the package: {% capture install_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash sudo dpkg -i kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.all.deb @@ -58,7 +58,7 @@ sudo dpkg -i kong-enterprise-edition-{{page.kong_versions[page.version-index].ee sudo dpkg -i kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_package | indent | replace: " ", "" }} @@ -80,7 +80,7 @@ Install the APT repository from the command line. 3. Install Kong: {% capture install_from_repo %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash apt install -y kong-enterprise-edition={{page.kong_versions[page.version-index].ee-version}} @@ -91,7 +91,7 @@ apt install -y kong-enterprise-edition={{page.kong_versions[page.version-index]. apt install -y kong={{page.kong_versions[page.version-index].ce-version}} ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_from_repo | indent | replace: " ", "" }} diff --git a/src/gateway/install-and-run/docker.md b/src/gateway/install-and-run/docker.md index 0d4c6f638d21..61bac5f50091 100644 --- a/src/gateway/install-and-run/docker.md +++ b/src/gateway/install-and-run/docker.md @@ -16,7 +16,7 @@ find it on [Kong's public Docker Hub page](https://hub.docker.com/r/kong/kong-ga [Kong Support](https://support.konghq.com/). The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). {{site.ce_product_name}} is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). @@ -77,7 +77,7 @@ communicate with each other: 1. Prepare the Kong database: {% capture migrations %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```sh docker run --rm --network=kong-net \ @@ -97,7 +97,7 @@ docker run --rm --network=kong-net \ kong:{{page.kong_versions[page.version-index].ce-version}}-alpine kong migrations bootstrap ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ migrations | indent | replace: " ", "" }} @@ -137,7 +137,7 @@ export the license key to a variable: 1. Run the following command to start a container with {{site.base_gateway}}: {% capture start_container %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```sh docker run -d --name kong-gateway \ @@ -184,7 +184,7 @@ docker run -d --name kong-gateway \ kong:{{page.kong_versions[page.version-index].ce-version}}-alpine ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ start_container | indent | replace: " ", "" }} @@ -326,7 +326,7 @@ export the license key to a variable: run the following command to start a container with {{site.base_gateway}}: {% capture start_container %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```sh docker run -d --name kong-dbless \ @@ -371,7 +371,7 @@ docker run -d --name kong-dbless \ kong:{{page.kong_versions[page.version-index].ce-version}}-alpine ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ start_container | indent | replace: " ", "" }} diff --git a/src/gateway/install-and-run/helm.md b/src/gateway/install-and-run/helm.md index 21eaabbcb020..d7dfc3fb203b 100644 --- a/src/gateway/install-and-run/helm.md +++ b/src/gateway/install-and-run/helm.md @@ -12,7 +12,7 @@ Configuration for both options is flexible and depends on your environment. The documentation on installing with a [flat Kubernetes manifest](/gateway/{{page.kong_version}}/install-and-run/kubernetes) also explains how to install in DB-less mode for both Enterprise and OSS deployments. The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). {{site.ce_product_name}} is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). diff --git a/src/gateway/install-and-run/index.md b/src/gateway/install-and-run/index.md index 3f6712614451..d96183e05bc2 100644 --- a/src/gateway/install-and-run/index.md +++ b/src/gateway/install-and-run/index.md @@ -79,7 +79,7 @@ Choose your preferred mode when following installation steps: * **Free Mode**: Install {{site.base_gateway}} without a license, gaining access to Kong Manager. * **Enterprise**: Install {{site.base_gateway}} and add a license. -If you install the {{site.base_gateway}} (not open-source), you can add a license +If you install the {{site.base_gateway}} Enterprise in Free mode, you can add a license at any time to gain access to Enterprise features. {:.note} diff --git a/src/gateway/install-and-run/kubernetes.md b/src/gateway/install-and-run/kubernetes.md index 760c5b26dfdf..c1826056caed 100644 --- a/src/gateway/install-and-run/kubernetes.md +++ b/src/gateway/install-and-run/kubernetes.md @@ -6,10 +6,10 @@ This page explains how to install {{site.base_gateway}} with {{site.kic_product_ This page also includes the equivalent commands for OpenShift. -Note that in DB-less mode on Kubernetes, config is stored in etcd, the Kubernetes native datastore. For more information see [Kubernetes Deployment Options](/gateway/{{page.kong_version}}/plan-and-deploy/kubernetes-deployment-options). +In DB-less mode on Kubernetes, the config is stored in etcd, the Kubernetes native data store. For more information, see [Kubernetes Deployment Options](/gateway/{{page.kong_version}}/plan-and-deploy/kubernetes-deployment-options). The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). {{site.ce_product_name}} is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). @@ -83,13 +83,22 @@ oc new-project kong oc get pods -n kong ``` -1. To make HTTP requests, you need the IP address of the load balancer. Get the LoadBalancer address and store it in a local PROXY_IP environment variable: +1. To make HTTP requests, you need the IP address of the load balancer. Get the `loadBalancer` address and store it in a local `PROXY_IP` environment variable: + + {:.note} + > **Note:** Some cluster providers only provide a DNS name for load balancers. In this case, specify `.hostname` instead of `.ip`. ```sh export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong kong-proxy) ``` -1. Check that the value of $PROXY_IP is the value of the external host: +1. Verify that the value of `$PROXY_IP` matches the value of the external host: + + ```sh + echo $PROXY_IP + ``` + + This should match the `EXTERNAL_IP` value of the `kong-proxy` service returned by the Kubernetes API: ```sh kubectl get service kong-proxy -n kong @@ -101,8 +110,16 @@ oc new-project kong oc get service kong-proxy -n kong ``` - {:.note} - > **Note:** Some cluster providers provide only a DNS name for load balancers. In this case, specify `.hostname` instead of `.ip`. +1. Invoke a test request: + ```sh + curl $PROXY_IP + ``` + + This should return the following response from Gateway: + + ```sh + {"message":"no Route matched with those values"} + ``` ## Next steps diff --git a/src/gateway/install-and-run/openshift.md b/src/gateway/install-and-run/openshift.md index a2a2ce4762a2..8d52ca0f180c 100644 --- a/src/gateway/install-and-run/openshift.md +++ b/src/gateway/install-and-run/openshift.md @@ -6,7 +6,7 @@ badge: enterprise This page explains how to install {{site.base_gateway}} with {{site.kic_product_name}} with a database. To install in DB-less mode, see the documentation on installing with a [flat Kubernetes manifest](/gateway/{{page.kong_version}}/install-and-run/kubernetes). The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). {{site.ce_product_name}} is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). diff --git a/src/gateway/install-and-run/rhel.md b/src/gateway/install-and-run/rhel.md index 4feb6d849b24..a4dd1f506ff4 100644 --- a/src/gateway/install-and-run/rhel.md +++ b/src/gateway/install-and-run/rhel.md @@ -3,13 +3,13 @@ title: Install Kong Gateway on RHEL --- The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). Kong is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). ## Prerequisites -* A [supported system](/gateway/{{page.kong_version}}/install-and-run/os-support) with root or [root-equivalent](/gateway/{{page.kong_version}}/plan-and-deploy/kong-user) access. +* A supported system with root or [root-equivalent](/gateway/{{page.kong_version}}/plan-and-deploy/kong-user) access. * (Enterprise only) A `license.json` file from Kong ## Download and Install @@ -19,12 +19,12 @@ You can install {{site.base_gateway}} by downloading an installation package or {% navtabs %} {% navtab Package %} -Install {{site.base_gateway}} on Amazon Linux from the command line. +Install {{site.base_gateway}} on RHEL from the command line. 1. Download the Kong package: {% capture download_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.rpm $( rpm --eval "{{ site.links.download }}/gateway-2.x-rhel-%{rhel}/Packages/k/kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.rhel%{rhel}.noarch.rpm") @@ -35,15 +35,19 @@ curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-ver curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.rpm $(rpm --eval "{{ site.links.download }}/gateway-2.x-rhel-%{rhel}/Packages/k/kong-{{page.kong_versions[page.version-index].ce-version}}.rhel%{rhel}.amd64.rpm") ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ download_package | indent | replace: " ", "" }} -2. Install the package: +2. Install the package using `yum` or `rpm`. + + If you use the `rpm` install method, the packages _only_ contain {{site.base_gateway}}. They don't include any dependencies. {% capture install_package %} -{% navtabs codeblock %} +{% navtabs %} +{% navtab yum %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.rpm @@ -54,11 +58,24 @@ sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index sudo yum install kong-{{page.kong_versions[page.version-index].ce-version}}.rpm ``` {% endnavtab %} +{% endnavtabs_ee %} +{% endnavtab %} +{% navtab rpm %} + +{:.important} +> The `rpm` method is only available for open-source packages. For the `kong-enterprise-edition` package, use `yum`. + +```bash +rpm -iv kong-{{page.kong_versions[page.version-index].ce-version}}.rpm +``` +{% endnavtab %} {% endnavtabs %} {% endcapture %} {{ install_package | indent | replace: " ", "" }} + Installing directly using `rpm` is suitable for Red Hat's [Universal Base Image](https://developers.redhat.com/blog/2020/03/24/red-hat-universal-base-images-for-docker-users) "minimal" variant. You will need to install Kong's dependencies separately via `microdnf`. + {% endnavtab %} {% navtab YUM repository %} @@ -71,7 +88,7 @@ Install the YUM repository from the command line. 2. Install Kong: {% capture install_from_repo %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}} @@ -82,7 +99,7 @@ sudo yum install kong-enterprise-edition-{{page.kong_versions[page.version-index sudo yum install kong-{{page.kong_versions[page.version-index].ce-version}} ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_from_repo | indent | replace: " ", "" }} diff --git a/src/gateway/install-and-run/ubuntu.md b/src/gateway/install-and-run/ubuntu.md index 1482103d3a66..32672cb1d767 100644 --- a/src/gateway/install-and-run/ubuntu.md +++ b/src/gateway/install-and-run/ubuntu.md @@ -3,18 +3,25 @@ title: Install Kong Gateway on Ubuntu --- The {{site.base_gateway}} software is governed by the -[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense/). +[Kong Software License Agreement](https://konghq.com/kongsoftwarelicense). Kong is licensed under an [Apache 2.0 license](https://github.com/Kong/kong/blob/master/LICENSE). ## Prerequisites -* A [supported system](/gateway/{{page.kong_version}}/install-and-run/os-support) with root or [root-equivalent](/gateway/{{page.kong_version}}/plan-and-deploy/kong-user) access. +* A supported system with root or [root-equivalent](/gateway/{{page.kong_version}}/plan-and-deploy/kong-user) access. * (Enterprise only) A `license.json` file from Kong ## Download and install -You can install {{site.base_gateway}} by downloading an installation package or using our APT repository. +You can install {{site.base_gateway}} by downloading an installation package or using our APT repository. We currently package Kong Gateway for Ubuntu Bionic, Focal, and Xenial. + +{:.note .no-icon} +> We currently package Kong Gateway for Ubuntu Bionic, Focal and Xenial. +> If you are using a different release, replace `$(lsb_release -sc)` with `xenial` in the commands below. +>

+> To check your release name run `lsb_release -sc`. + {% navtabs %} {% navtab Package %} @@ -24,18 +31,18 @@ Install {{site.base_gateway}} on Ubuntu from the command line. 1. Download the Kong package: {% capture download_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash -curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.all.deb "{{ site.links.download }}/gateway-2.x-ubuntu-$(lsb_release -cs)/pool/all/k/kong-enterprise-edition/kong_{{page.kong_versions[page.version-index].ee-version}}_all.deb" +curl -Lo kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.all.deb "{{ site.links.download }}/gateway-2.x-ubuntu-$(lsb_release -sc)/pool/all/k/kong-enterprise-edition/kong-enterprise-edition_{{page.kong_versions[page.version-index].ee-version}}_all.deb" ``` {% endnavtab %} {% navtab Kong Gateway (OSS) %} ```bash -curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb "{{ site.links.download }}/gateway-2.x-ubuntu-$(lsb_release -cs)/pool/all/k/kong/kong_{{page.kong_versions[page.version-index].ce-version}}_amd64.deb" +curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb "{{ site.links.download }}/gateway-2.x-ubuntu-$(lsb_release -sc)/pool/all/k/kong/kong_{{page.kong_versions[page.version-index].ce-version}}_amd64.deb" ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ download_package | indent | replace: " ", "" }} @@ -43,7 +50,7 @@ curl -Lo kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb "{ 2. Install the package: {% capture install_package %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash sudo dpkg -i kong-enterprise-edition-{{page.kong_versions[page.version-index].ee-version}}.all.deb @@ -54,7 +61,7 @@ sudo dpkg -i kong-enterprise-edition-{{page.kong_versions[page.version-index].ee sudo dpkg -i kong-{{page.kong_versions[page.version-index].ce-version}}.amd64.deb ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_package | indent | replace: " ", "" }} @@ -78,10 +85,10 @@ Install the APT repository from the command line. 3. Install Kong: {% capture install_from_repo %} -{% navtabs codeblock %} +{% navtabs_ee codeblock %} {% navtab Kong Gateway %} ```bash -apt install -y kong-enterprise-edition={{page.kong_versions[page.version-index].ee-version}} +sudo apt install -y kong-enterprise-edition={{page.kong_versions[page.version-index].ee-version}} ``` {% endnavtab %} {% navtab Kong Gateway (OSS) %} @@ -89,7 +96,7 @@ apt install -y kong-enterprise-edition={{page.kong_versions[page.version-index]. apt install -y kong={{page.kong_versions[page.version-index].ce-version}} ``` {% endnavtab %} -{% endnavtabs %} +{% endnavtabs_ee %} {% endcapture %} {{ install_from_repo | indent | replace: " ", "" }} diff --git a/src/gateway/install-and-run/upgrade-oss.md b/src/gateway/install-and-run/upgrade-oss.md index 96021eadab07..cbc4e9c77a3b 100644 --- a/src/gateway/install-and-run/upgrade-oss.md +++ b/src/gateway/install-and-run/upgrade-oss.md @@ -2,6 +2,7 @@ # Generated via autodoc/upgrading/generate.lua in the kong/kong repo title: Upgrade Kong Gateway OSS badge: oss +source_url: https://github.com/Kong/kong/blob/master/UPGRADE.md --- This document guides you through the process of upgrading {{site.ce_product_name}} to the **latest version**. diff --git a/src/gateway/pdk/index.md b/src/gateway/pdk/index.md index 2d6c44cd32b7..9358f76dbd43 100644 --- a/src/gateway/pdk/index.md +++ b/src/gateway/pdk/index.md @@ -8,6 +8,7 @@ title: PDK pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- The Plugin Development Kit (PDK) is set of Lua functions and variables @@ -161,7 +162,3 @@ Instance of Kong's database caching object, from the `kong.cache` module. **Note:** Usage of this module is currently reserved to the core or to advanced users. - - - - diff --git a/src/gateway/pdk/kong.client.md b/src/gateway/pdk/kong.client.md index cc487bbb1c13..f0e140d74e8a 100644 --- a/src/gateway/pdk/kong.client.md +++ b/src/gateway/pdk/kong.client.md @@ -8,6 +8,7 @@ title: kong.client pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Client information module. @@ -287,5 +288,3 @@ Returns the protocol matched by the current route (`"http"`, `"https"`, `"tcp"` ``` lua kong.client.get_protocol() -- "http" ``` - - diff --git a/src/gateway/pdk/kong.client.tls.md b/src/gateway/pdk/kong.client.tls.md index 02bb68d68374..9cdc72e0d9dd 100644 --- a/src/gateway/pdk/kong.client.tls.md +++ b/src/gateway/pdk/kong.client.tls.md @@ -8,6 +8,7 @@ title: kong.client.tls pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Client TLS connection module. @@ -144,5 +145,3 @@ Overrides the client's verification result generated by the log serializer. ``` lua kong.client.tls.set_client_verify("FAILED:unknown CA") ``` - - diff --git a/src/gateway/pdk/kong.cluster.md b/src/gateway/pdk/kong.cluster.md index c5ffcadadce6..64441df64f38 100644 --- a/src/gateway/pdk/kong.cluster.md +++ b/src/gateway/pdk/kong.cluster.md @@ -8,6 +8,7 @@ title: kong.cluster pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Cluster-level utilities. @@ -47,5 +48,3 @@ end -- use id here ``` - - diff --git a/src/gateway/pdk/kong.ctx.md b/src/gateway/pdk/kong.ctx.md index 198f82fa135c..1331ad7a5473 100644 --- a/src/gateway/pdk/kong.ctx.md +++ b/src/gateway/pdk/kong.ctx.md @@ -8,6 +8,7 @@ title: kong.ctx pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Contextual data for the current request. @@ -107,5 +108,3 @@ function plugin_handler:log(conf) kong.log(value) -- "hello world" end ``` - - diff --git a/src/gateway/pdk/kong.ip.md b/src/gateway/pdk/kong.ip.md index 80b3f589ef46..743ae80e324e 100644 --- a/src/gateway/pdk/kong.ip.md +++ b/src/gateway/pdk/kong.ip.md @@ -8,6 +8,7 @@ title: kong.ip pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Trusted IPs module. @@ -53,5 +54,3 @@ if kong.ip.is_trusted("1.1.1.1") then kong.log("The IP is trusted") end ``` - - diff --git a/src/gateway/pdk/kong.log.md b/src/gateway/pdk/kong.log.md index 8999e076078f..3886d570a952 100644 --- a/src/gateway/pdk/kong.log.md +++ b/src/gateway/pdk/kong.log.md @@ -8,6 +8,7 @@ title: kong.log pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- This namespace contains an instance of a logging facility, which is a @@ -447,5 +448,3 @@ Generates a table with useful information for logging. ``` lua kong.log.serialize() ``` - - diff --git a/src/gateway/pdk/kong.nginx.md b/src/gateway/pdk/kong.nginx.md index 92c6122f783f..bd8de011e6a4 100644 --- a/src/gateway/pdk/kong.nginx.md +++ b/src/gateway/pdk/kong.nginx.md @@ -8,6 +8,7 @@ title: kong.nginx pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Nginx information module. @@ -37,5 +38,3 @@ Returns the current Nginx subsystem this function is called from. Can be ``` lua kong.nginx.get_subsystem() -- "http" ``` - - diff --git a/src/gateway/pdk/kong.node.md b/src/gateway/pdk/kong.node.md index 2bd67cba948c..6227a3cf64aa 100644 --- a/src/gateway/pdk/kong.node.md +++ b/src/gateway/pdk/kong.node.md @@ -8,6 +8,7 @@ title: kong.node pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Node-level utilities. @@ -120,5 +121,3 @@ Returns the name used by the local machine. ``` lua local hostname = kong.node.get_hostname() ``` - - diff --git a/src/gateway/pdk/kong.request.md b/src/gateway/pdk/kong.request.md index 7f243ce38461..1669d846300f 100644 --- a/src/gateway/pdk/kong.request.md +++ b/src/gateway/pdk/kong.request.md @@ -8,6 +8,7 @@ title: kong.request pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Client request module. @@ -671,5 +672,3 @@ local body, err, mimetype = kong.request.get_body() body.name -- "John Doe" body.age -- "42" ``` - - diff --git a/src/gateway/pdk/kong.response.md b/src/gateway/pdk/kong.response.md index 93e25f8bf0bc..6628732ab461 100644 --- a/src/gateway/pdk/kong.response.md +++ b/src/gateway/pdk/kong.response.md @@ -8,6 +8,7 @@ title: kong.response pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Client response module. @@ -625,5 +626,3 @@ return kong.response.error(403, "Access Forbidden") return kong.response.error(403) ``` - - diff --git a/src/gateway/pdk/kong.router.md b/src/gateway/pdk/kong.router.md index f439b5872893..2198a443f975 100644 --- a/src/gateway/pdk/kong.router.md +++ b/src/gateway/pdk/kong.router.md @@ -8,6 +8,7 @@ title: kong.router pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Router module. @@ -65,5 +66,3 @@ else -- routed by a route without a service end ``` - - diff --git a/src/gateway/pdk/kong.service.md b/src/gateway/pdk/kong.service.md index b4d3d1152e74..75fd3598e53b 100644 --- a/src/gateway/pdk/kong.service.md +++ b/src/gateway/pdk/kong.service.md @@ -8,6 +8,7 @@ title: kong.service pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- The service module contains a set of functions to manipulate the connection @@ -244,5 +245,3 @@ if not ok then -- do something with error end ``` - - diff --git a/src/gateway/pdk/kong.service.request.md b/src/gateway/pdk/kong.service.request.md index a9f7e8093d46..ebbf5c002df7 100644 --- a/src/gateway/pdk/kong.service.request.md +++ b/src/gateway/pdk/kong.service.request.md @@ -8,6 +8,7 @@ title: kong.service.request pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Module for manipulating the request sent to the Service. @@ -476,5 +477,3 @@ if not ok then -- do something with error end ``` - - diff --git a/src/gateway/pdk/kong.service.response.md b/src/gateway/pdk/kong.service.response.md index af6b7277a531..6f390a397cd4 100644 --- a/src/gateway/pdk/kong.service.response.md +++ b/src/gateway/pdk/kong.service.response.md @@ -8,6 +8,7 @@ title: kong.service.response pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Module for manipulating the response from the Service. @@ -184,5 +185,3 @@ Returns the decoded buffered body. local body = kong.service.response.get_body() ``` - - diff --git a/src/gateway/pdk/kong.table.md b/src/gateway/pdk/kong.table.md index 40133b301556..a7f4539b5b2c 100644 --- a/src/gateway/pdk/kong.table.md +++ b/src/gateway/pdk/kong.table.md @@ -8,6 +8,7 @@ title: kong.table pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- Utilities for Lua tables. @@ -92,5 +93,3 @@ local t1 = {1, 2, 3, foo = "f"} local t2 = {4, 5, bar = "b"} local t3 = kong.table.merge(t1, t2) -- {4, 5, 3, foo = "f", bar = "b"} ``` - - diff --git a/src/gateway/pdk/kong.vault.md b/src/gateway/pdk/kong.vault.md index d616eeead666..b4db921f1e13 100644 --- a/src/gateway/pdk/kong.vault.md +++ b/src/gateway/pdk/kong.vault.md @@ -8,6 +8,7 @@ title: kong.vault pdk: true toc: true +source_url: https://github.com/Kong/kong/tree/master/kong/pdk --- This module can be used to resolve, parse, and verify vault references. diff --git a/src/gateway/plan-and-deploy/hybrid-mode/hybrid-mode-setup.md b/src/gateway/plan-and-deploy/hybrid-mode/hybrid-mode-setup.md index 0d38184daabc..75386d9de580 100644 --- a/src/gateway/plan-and-deploy/hybrid-mode/hybrid-mode-setup.md +++ b/src/gateway/plan-and-deploy/hybrid-mode/hybrid-mode-setup.md @@ -148,7 +148,7 @@ Certificate: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: - TLS Web Client Authentication + TLS Web Server Authentication X509v3 Subject Key Identifier: 70:C7:F0:3B:CD:EB:8D:1B:FF:6A:7C:E0:A4:F0:C6:4C:4A:19:B8:7F X509v3 Authority Key Identifier: diff --git a/src/gateway/plan-and-deploy/licenses/access-license.md b/src/gateway/plan-and-deploy/licenses/access-license.md index 45d86c023210..a386b9980be4 100644 --- a/src/gateway/plan-and-deploy/licenses/access-license.md +++ b/src/gateway/plan-and-deploy/licenses/access-license.md @@ -7,7 +7,7 @@ To enable Enterprise features, {{site.base_gateway}} requires a license file. You will receive this file from Kong when you sign up for a {{site.konnect_product_name}} Enterprise subscription. -[Contact Kong](https://konghq.com/get-started/) for more information. +[Contact Kong](https://konghq.com/get-started) for more information.
Note: The free mode does not require a license. See diff --git a/src/gateway/plan-and-deploy/security/start-kong-securely.md b/src/gateway/plan-and-deploy/security/start-kong-securely.md index e9209ce3c5b6..a8394b34422e 100644 --- a/src/gateway/plan-and-deploy/security/start-kong-securely.md +++ b/src/gateway/plan-and-deploy/security/start-kong-securely.md @@ -41,7 +41,7 @@ admin_gui_session_conf = {"secret":"secret","storage":"kong","cookie_secure":fal admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl ``` -⚠️**Important:** the Sessions Plugin requries a secret and is configured securely by default. +⚠️**Important:** the Sessions Plugin requires a secret and is configured securely by default. * Under all circumstances, the `secret` must be manually set to a string. * If using HTTP instead of HTTPS, `cookie_secure` must be manually set to `false`. * If using different domains for the Admin API and Kong Manager, `cookie_samesite` must be set to `off`. @@ -52,6 +52,9 @@ Learn more about these properties in [Session Security in Kong Manager](/gateway Set a password for the Super Admin. This environment variable must be present in the environment where database migrations will run. +{:.important} +> **Important**: Setting your Kong password (`KONG_PASSWORD`) using a value containing four ticks (for example, `KONG_PASSWORD="a''a'a'a'a"`) causes a PostgreSQL syntax error on bootstrap. To work around this issue, do not use special characters in your password. + ``` $ export KONG_PASSWORD= ``` @@ -70,7 +73,7 @@ To add additional Super Admins it is necessary to ## Step 2 -Issue the following command to prepare your datastore by running the Kong migrations: +Issue the following command to prepare your data store by running the Kong migrations: ``` $ kong migrations bootstrap [-c /path/to/kong.conf] diff --git a/src/gateway/plugin-development/custom-logic.md b/src/gateway/plugin-development/custom-logic.md index 5c6417fb9421..8e62dff557d6 100644 --- a/src/gateway/plugin-development/custom-logic.md +++ b/src/gateway/plugin-development/custom-logic.md @@ -8,12 +8,12 @@ chapter: 3 > **Note**: This chapter assumes that you are familiar with [Lua](http://www.lua.org/). -A {{site.ce_product_name}} plugin allows you to inject custom logic (in Lua) at several +A {{site.base_gateway}} plugin allows you to inject custom logic (in Lua) at several entry-points in the life-cycle of a request/response or a tcp stream -connection as it is proxied by {{site.ce_product_name}}. To do so, the file +connection as it is proxied by {{site.base_gateway}}. To do so, the file `kong.plugins..handler` must return a table with one or more functions with predetermined names. Those functions will be -invoked by {{site.ce_product_name}} at different phases when it processes traffic. +invoked by {{site.base_gateway}} at different phases when it processes traffic. The first parameter they take is always `self`. All functions except `init_worker` can receive a second parameter which is a table with the plugin configuration. @@ -28,7 +28,7 @@ kong.plugins..handler If you define any of the following functions in your `handler.lua` file you'll implement custom logic at various entry-points -of {{site.ce_product_name}}'s execution life-cycle: +of {{site.base_gateway}}'s execution life-cycle: - **[HTTP Module]** *is used for plugins written for HTTP/HTTPS requests* @@ -44,9 +44,9 @@ of {{site.ce_product_name}}'s execution life-cycle: | `log` | [log] | Executed when the last response byte has been sent to the client. {:.note} -> **Note:** If a module implements the `response` function, {{site.ce_product_name}} will automatically activate the "buffered proxy" mode, as if the [`kong.service.request.enable_buffering()` function][enable_buffering] had been called. Because of a current Nginx limitation, this doesn't work for HTTP/2 or gRPC upstreams. +> **Note:** If a module implements the `response` function, {{site.base_gateway}} will automatically activate the "buffered proxy" mode, as if the [`kong.service.request.enable_buffering()` function][enable_buffering] had been called. Because of a current Nginx limitation, this doesn't work for HTTP/2 or gRPC upstreams. -To reduce unexpected behaviour changes, {{site.ce_product_name}} does not start if a plugin implements both `response` and either `header_filter` or `body_filter`. +To reduce unexpected behaviour changes, {{site.base_gateway}} does not start if a plugin implements both `response` and either `header_filter` or `body_filter`. - **[Stream Module]** *is used for Plugins written for TCP and UDP stream connections* @@ -58,12 +58,12 @@ To reduce unexpected behaviour changes, {{site.ce_product_name}} does not start | `certificate` | [ssl_certificate] | Executed during the SSL certificate serving phase of the SSL handshake. All of those functions, except `init_worker`, take one parameter which is given -by {{site.ce_product_name}} upon its invocation: the configuration of your plugin. This parameter +by {{site.base_gateway}} upon its invocation: the configuration of your plugin. This parameter is a Lua table, and contains values defined by your users, according to your plugin's schema (described in the `schema.lua` module). More on plugins schemas in the [next chapter]({{page.book.next}}). -Note that UDP streams don't have real connections. {{site.ce_product_name}} will consider all +Note that UDP streams don't have real connections. {{site.base_gateway}} will consider all packets with the same origin and destination host and port as a single connection. After a configurable time without any packet, the connection is considered closed and the `log` function is executed. @@ -83,8 +83,8 @@ considered closed and the `log` function is executed. ## handler.lua specifications -{{site.ce_product_name}} processes requests in **phases**. A plugin is a piece of code that gets -activated by {{site.ce_product_name}} as each phase is executed while the request gets proxied. +{{site.base_gateway}} processes requests in **phases**. A plugin is a piece of code that gets +activated by {{site.base_gateway}} as each phase is executed while the request gets proxied. Phases are limited in what they can do. For example, the `init_worker` phase does not have access to the `config` parameter because that information isn't @@ -93,13 +93,13 @@ available when kong is initializing each worker. A plugin's `handler.lua` must return a table containing the functions it must execute on each phase. -{{site.ce_product_name}} can process HTTP and stream traffic. Some phases are executed +{{site.base_gateway}} can process HTTP and stream traffic. Some phases are executed only when processing HTTP traffic, others when processing stream, and some (like `init_worker` and `log`) are invoked by both kinds of traffic. In addition to functions, a plugin must define two fields: -* `VERSION` is an informative field, not used by {{site.ce_product_name}} directly. It usually +* `VERSION` is an informative field, not used by {{site.base_gateway}} directly. It usually matches the version defined in a plugin's Rockspec version, when it exists. * `PRIORITY` is used to sort plugins before executing each of their phases. Plugins with a higher priority are executed first. See the @@ -245,12 +245,12 @@ methods. Logic implemented in those phases will most likely have to interact with the request/response objects or core components (e.g. access the cache, and -database). {{site.ce_product_name}} provides a [Plugin Development Kit][pdk] (or "PDK") for such +database). {{site.base_gateway}} provides a [Plugin Development Kit][pdk] (or "PDK") for such purposes: a set of Lua functions and variables that can be used by Plugins to execute various gateway operations in a way that is guaranteed to be -forward-compatible with future releases of {{site.ce_product_name}}. +forward-compatible with future releases of {{site.base_gateway}}. -When you are trying to implement some logic that needs to interact with {{site.ce_product_name}} +When you are trying to implement some logic that needs to interact with {{site.base_gateway}} (e.g. retrieving request headers, producing a response from a plugin, logging some error or debug information), you should consult the [Plugin Development Kit Reference][pdk]. @@ -260,7 +260,7 @@ Kit Reference][pdk]. Some plugins might depend on the execution of others to perform some operations. For example, plugins relying on the identity of the consumer have -to run **after** authentication plugins. Considering this, {{site.ce_product_name}} defines +to run **after** authentication plugins. Considering this, {{site.base_gateway}} defines **priorities** between plugins execution to ensure that order is respected. Your plugin's priority can be configured via a property accepting a number in diff --git a/src/gateway/reference/cli.md b/src/gateway/reference/cli.md index 2a75a1734e10..294c0dab8f4f 100644 --- a/src/gateway/reference/cli.md +++ b/src/gateway/reference/cli.md @@ -5,6 +5,7 @@ # the files in https://github.com/Kong/kong/tree/master/autodoc/cli # title: CLI Reference +source_url: https://github.com/Kong/kong/tree/master/autodoc/cli --- The provided CLI (*Command Line Interface*) allows you to start, stop, and @@ -132,6 +133,8 @@ The available commands are: list List executed migrations. reset Reset the database. + The `reset` command erases all of the data + in Kong's database and deletes all of the schemas. migrate-community-to-enterprise Migrates Kong Community entities to Kong Enterprise in the default diff --git a/src/gateway/reference/clustering.md b/src/gateway/reference/clustering.md index 0af61390c768..2ffa8455a833 100644 --- a/src/gateway/reference/clustering.md +++ b/src/gateway/reference/clustering.md @@ -78,9 +78,7 @@ This makes Kong clusters **eventually consistent**. When using Postgres as the backend storage, you can optionally enable Kong to serve read queries from a separate database instance. -One of the common use cases of this feature is to deploy Kong with the -Amazon Aurora service as backend storage. Because Aurora natively supports -read-only instances, enabling the read-only connection support in Kong +Enabling the read-only connection support in Kong greatly reduces the load on the main database instance since read-only queries are no longer sent to it. diff --git a/src/gateway/reference/configuration.md b/src/gateway/reference/configuration.md index 7dcb0cae7bb8..4d5e318b77c4 100644 --- a/src/gateway/reference/configuration.md +++ b/src/gateway/reference/configuration.md @@ -5,6 +5,7 @@ # the files in https://github.com/Kong/docs.konghq.com/tree/main/autodoc-conf-ee # title: Configuration Reference for Kong Gateway +source_url: https://github.com/Kong/kong-ee/blob/master/kong.conf.default --- ## Configuration loading @@ -142,9 +143,9 @@ As always, be mindful of your shell's quoting rules specifying values containing spaces. For more details on the Nginx configuration file structure and block -directives, see https://nginx.org/en/docs/beginners_guide.html#conf_structure. +directives, see the [Nginx reference](https://nginx.org/en/docs/beginners_guide.html#conf_structure). -For a list of Nginx directives, see https://nginx.org/en/docs/dirindex.html. +For a list of Nginx directives, see the [Nginx directives index](https://nginx.org/en/docs/dirindex.html). Note however that some directives are dependent of specific Nginx modules, some of which may not be included with the official builds of Kong. @@ -225,6 +226,12 @@ which must specify an Nginx configuration template. Such a template uses the the given Kong configuration, before being dumped in your Kong prefix directory, moments before starting Nginx. +The following Lua functions are available in the [templating engine][pl.template]: + +- `pairs`, `ipairs` +- `tostring` +- `os.getenv` + The default template for Kong Gateway can be found by entering the following command on the system running your Kong instance: `find / -type d -name "templates" | grep kong`. For @@ -233,7 +240,7 @@ open-source Kong Gateway, you can also see the The template is split in two Nginx configuration files: `nginx.lua` and `nginx_kong.lua`. The former is -minimalistic and includes the latter, which contains everything Kong requires +minimal and includes the latter, which contains everything Kong requires to run. When `kong start` runs, right before starting Nginx, it copies these two files into the prefix directory, which looks like so: @@ -694,7 +701,7 @@ The list of Common Names that are allowed to connect to the control plane. Multiple entries may be supplied in a comma-separated string. When not set, only data planes with the same parent domain as the control plane cert are allowed to connect. - + This field is ignored if `cluster_mtls` is not set to `pki_check_cn`. **Default:** none @@ -738,6 +745,38 @@ node to which telemetry updates will be posted in `host:port` format. --- +#### data_plane_config_cache_mode +{:.badge .enterprise} + +Data planes can store their config to file system as a backup in case the node +is restarted or reloaded to faster bring the node in configured state or in case +there are issues connecting to control plane. + +This parameter can be used to control the behavior. + +To be used by data plane nodes only: `unencrypted` = stores config cache +unencrypted `encrypted` = stores config cache encrypted `off` = does not store +the config cache + +**Default:** `unencrypted` + +--- + +#### data_plane_config_cache_path +{:.badge .enterprise} + +The unencrypted config cache is stored by default to Kong `prefix` with a +filename `config.cache.json.gz`. + +The encrypted config cache is stored by default to Kong `prefix` with a +filename `.config.cache.jwt` Alternatively you can specify path for config cache +with this parameter, e.g. `/tmp/kong-config-cache`. + +**Default:** none + +--- + + ### Hybrid Mode Control Plane section #### cluster_listen @@ -3002,9 +3041,12 @@ portal_session_conf = { "cookie_name": "portal_session", \ Developer Portal Auto Approve Access -When this flag is set to `on`, a developer will automatically be marked as -"approved" after completing registration. Access can still be revoked through -the Admin GUI or API. +When set to `on`, a developer will automatically be marked as "approved" after +completing registration. Access can still be revoked through Kong Manager or the +Admin API. + +When set to `off`, a Kong admin will have to manually approve the Developer +using Kong Manager or the Admin API. **Default:** `off` @@ -3013,8 +3055,8 @@ the Admin GUI or API. #### portal_token_exp {:.badge .enterprise} -Duration in seconds for the expiration of portal login reset/account validation -token. +Duration in seconds for the expiration of the Dev Portal reset password token. +Default is `21600` (six hours). **Default:** `21600` @@ -3027,7 +3069,7 @@ Portal Developer Email Verification. When enabled Developers will receive an email upon registration to verify their account. Developers will not be able to use the Developer Portal until they -verify their account. +verify their account, even if auto-approve is enabled. Note: SMTP must be turned on in order to use this feature. @@ -3046,7 +3088,20 @@ particular workspace. #### portal_invite_email {:.badge .enterprise} -Enable or disable portal_invite_email +When enabled, Kong admins can invite developers to a Dev Portal by using the +Invite button in Kong Manager. + +The email looks like the following: + +``` +Subject: Invite to access Dev Portal +``` + +Hello Developer! + +You have been invited to create a Dev Portal account at %s. + +Please visit `` to create your account. **Default:** `on` @@ -3055,7 +3110,23 @@ Enable or disable portal_invite_email #### portal_access_request_email {:.badge .enterprise} -Enable or disable portal_access_request_email +When enabled, Kong admins specified by `smtp_admin_emails` will receive an +email when a developer requests access to a Dev Portal. + +When disabled, Kong admins will have to manually check the Kong Manager to view +any requests. + +The email looks like the following: + +``` +Subject: Request to access Dev Portal +``` + +Hello Admin! + +`` has requested Dev Portal access for ``. + +Please visit `` to review this request. **Default:** `on` @@ -3064,7 +3135,22 @@ Enable or disable portal_access_request_email #### portal_approved_email {:.badge .enterprise} -Enable or disable portal_approved_email +When enabled, developers will receive an email when access to a Dev Portal has +been approved. + +When disabled, developers will receive no indication that they have +beenapproved. It is suggested to only disable this feature if +`portal_auto_approve` is enabled. + +The email looks like the following: + +``` +Subject: Dev Portal access approved +``` + +Hello Developer! You have been approved to access ``. + +Please visit `` to login. **Default:** `on` @@ -3073,7 +3159,29 @@ Enable or disable portal_approved_email #### portal_reset_email {:.badge .enterprise} -Enable or disable portal_reset_email +When enabled, developers will be able to use the Reset Password flow on a Dev +Portal and will receive an email with password reset instructions. + +When disabled, developers will *not* be able to reset their account passwords. +Kong Admins will have to manually create new credentials for the Developer in +the Kong Manager. + +The email looks like the following: + +``` +Subject: Password Reset Instructions for Dev Portal ``. +``` + +Hello Developer, + +Please click the link below to reset your Dev Portal password. + +`` + +This link will expire in `` + +If you didn't make this request, keep your account secure by clicking the link +above to change your password. **Default:** `on` @@ -3082,16 +3190,96 @@ Enable or disable portal_reset_email #### portal_reset_success_email {:.badge .enterprise} -Enable or disable portal_reset_success_email +When enabled, developers will receive an email after successfully resetting +their Dev Portal account password. + +When disabled, developers will still be able to reset their account passwords, +but will not receive a confirmation email. + +The email looks like the following: + +``` +Subject: Dev Portal password change success +``` + +Hello Developer, We are emailing you to let you know that your Dev Portal +password at `` has been changed. + +Click the link below to sign in with your new credentials. + +`` **Default:** `on` --- +#### portal_application_status_email +{:.badge .enterprise} + +When enabled, developers will receive an email when the status changes for their +application service requests. + +When disabled, developers will still be able to view the status in their +developer portal application page. + +The email looks like the following: + +``` +Subject: Dev Portal application request () + +Hello Developer, +We are emailing you to let you know that your request for application access from the +Developer Portal account at is . + +Application: +Service: + +You will receive another email when your access has been approved. +``` + +**Default:** `off` + +--- + +#### portal_application_request_email +{:.badge .enterprise} + +When enabled, Kong admins specified by `smtp_admin_emails` will receive an +email when a developer requests access to service through an application. + +When disabled, Kong admins will have to manually check the Kong Manager to view +any requests. + +By default, `smtp_admin_emails` will be the recipients. This can be overriden +by `portal_smtp_admin_emails`, which can be set dynamically per workspace through +the Admin API. + +The email looks like the following: + + ``` +Subject: Request to access Dev Portal () service from + +Hello Admin, + + () has requested application access for . + +Requested workspace: +Requested application: +Requested service: + +Please visit to review this request. + +``` + +**Default:** `off` + +--- + #### portal_emails_from {:.badge .enterprise} -The name and email address for the `From` header for portal emails +The name and email address for the `From` header included in all Dev Portal +emails. Example: `portal_emails_from = Your Name ` @@ -3116,6 +3304,19 @@ associated with the account. --- +#### portal_smtp_admin_emails +{:.badge .enterprise} + +Comma separated list of admin emails to receive portal-related notifications. + +If none are set, the values in `smtp_admin_emails` will be used. + +Example `admin1@example.com, admin2@example.com` + +**Default:** none + +--- + ### Admin Smtp Configuration section @@ -3722,7 +3923,6 @@ to escape the sandbox. --- - [Penlight]: http://stevedonovan.github.io/Penlight/api/index.html [pl.template]: http://stevedonovan.github.io/Penlight/api/libraries/pl.template.html [templates]: https://github.com/kong/kong/tree/master/kong/templates diff --git a/src/gateway/reference/external-plugins.md b/src/gateway/reference/external-plugins.md index a1c52cb6ae1a..4c2e9c4d3de2 100644 --- a/src/gateway/reference/external-plugins.md +++ b/src/gateway/reference/external-plugins.md @@ -630,7 +630,7 @@ CMD ["kong", "docker-start"] [go-pluginserver]: https://github.com/Kong/go-pluginserver [go-plugins]: https://github.com/Kong/go-plugins [go-pdk]: https://github.com/Kong/go-pdk -[kong-pdk]: https://docs.konghq.com/latest/plugin-development/ +[kong-pdk]: /gateway/{{page.kong_version}}/pdk/ [go-hello]: https://github.com/Kong/go-plugins/blob/master/go-hello.go [kong-js-pdk]: https://github.com/Kong/kong-js-pdk [kong-python-pdk]: https://github.com/Kong/kong-python-pdk diff --git a/src/gateway/reference/health-checks-circuit-breakers.md b/src/gateway/reference/health-checks-circuit-breakers.md index a244e855a354..4fb20e3dcfa8 100644 --- a/src/gateway/reference/health-checks-circuit-breakers.md +++ b/src/gateway/reference/health-checks-circuit-breakers.md @@ -235,7 +235,7 @@ in order to re-enable it automatically. ### Enabling active health checks To enable active health checks, you need to specify the configuration items -under `healthchecks.active` in the [Upstream object][upstreamobjects] configuration. You +under `healthchecks.active` in the [Upstream object][upstreamobject] configuration. You need to specify the necessary information so that Kong can perform periodic probing on the target, and how to interpret the resulting information. @@ -347,6 +347,6 @@ upstreams. [targetobject]: /gateway/{{page.kong_version}}/admin-api#target-object [addupstream]: /gateway/{{page.kong_version}}/admin-api#add-upstream [clustering]: /gateway/{{page.kong_version}}/reference/clustering -[upstreamobjects]: /gateway/{{page.kong_version}}/admin-api#upstream-objects +[upstreamobject]: /gateway/{{page.kong_version}}/admin-api#upstream-object [balancercaveats]: /gateway/{{page.kong_version}}/reference/loadbalancing#balancing-caveats [dnscaveats]: /gateway/{{page.kong_version}}/reference/loadbalancing#dns-caveats diff --git a/tests/edit_link.test.js b/tests/edit_link.test.js index e5d122a14345..bcd15a63ef5a 100644 --- a/tests/edit_link.test.js +++ b/tests/edit_link.test.js @@ -19,7 +19,7 @@ test.describe("Edit this page link", () => { title: "/app/ page /latest/", src: "/gateway/latest/", expected: - "https://github.com/Kong/docs.konghq.com/edit/main/app/gateway/2.8.x/index.md", + "https://github.com/Kong/docs.konghq.com/edit/main/src/gateway/index.md", }, { title: "Single Sourced /latest/",