Install Kong Gateway on CentOS

Download the latest 2.6.x package for Centos:

View the list of all 2.x packages for CentOS 7 or CentOS 8

The Kong Gateway software is governed by the Kong Software License Agreement. Kong is licensed under an Apache 2.0 license.

Prerequisites

  • A supported system with root or root-equivalent access.
  • (Enterprise only) A license.json file from Kong.

Download and Install

You can install Kong Gateway by downloading an installation package or using our YUM repository.

Package

YUM repository

Install Kong Gateway on CentOS from the command line.

  1. Download the Kong package:

    Kong Gateway

    Kong Gateway (OSS)

    1. curl -Lo kong-enterprise-edition-2.6.0.4.rpm $(rpm --eval "https://download.konghq.com/gateway-2.x-centos-%{centos_ver}/Packages/k/kong-enterprise-edition-2.6.0.4.el%{centos_ver}.noarch.rpm")
    1. curl -Lo kong-2.6.0.rpm $(rpm --eval "https://download.konghq.com/gateway-2.x-centos-%{centos_ver}/Packages/k/kong-2.6.0.el%{centos_ver}.amd64.rpm")
  2. Install the package:

    Kong Gateway

    Kong Gateway (OSS)

    1. sudo yum install kong-enterprise-edition-2.6.0.4.rpm
    1. sudo yum install kong-2.6.0.rpm

Install the YUM repository from the command line.

  1. Download the Kong APT repository:

    1. curl $(rpm --eval "https://download.konghq.com/gateway-2.x-centos-%{centos_ver}/config.repo") | sudo tee /etc/yum.repos.d/kong.repo
  2. Install Kong:

    Kong Gateway

    Kong Gateway (OSS)

    1. sudo yum install kong-enterprise-edition-2.6.0.4
    1. sudo yum install kong-2.6.0

Set up configs

Kong Gateway comes with a default configuration property file that can be found at /etc/kong/kong.conf.default if you installed Kong Gateway with one of the official packages. This configuration file is used for setting Kong Gateway’s configuration properties at startup.

Kong Gateway offers two options for storing the configuration properties for all of Kong Gateway’s configured entities, a database or a yaml declarative configuration file. Before starting Kong Gateway you must update the kong.conf.default configuration property file with a reference to your datastore.

To alter the default properties listed in the kong.conf.default file and configure Kong Gateway, make a copy of the file, rename it (for example kong.conf), make your updates, and save it to the same location.

For more information on how to configure Kong Gateway to connect to your datastore, see the Datastore section of the Configuration property Reference.

Using a database

First, you must configure Kong Gateway using the kong.conf configuration file so it can connect to your database.

For more information on how to configure Kong Gateway to connect to your database, see the Datastore section of the Configuration property Reference.

Deprecation warning: Cassandra as a backend database for Kong Gateway is deprecated. This means the feature will eventually be removed.
Our target for Cassandra removal is the Kong Gateway 4.0 release. Starting with the Kong Gateway 3.0 release, some new features might not be supported with Cassandra.

Kong Gateway supports both PostgreSQL and Cassandra as its datastore.

If you are using Postgres, provision a database and a user before starting Kong Gateway, for example:

  1. CREATE USER kong; CREATE DATABASE kong OWNER kong;

Then, run the Kong Gateway migrations, using the following command:

  1. kong migrations bootstrap -c {PATH_TO_KONG.CONF_FILE}

Note: Older versions of PostgreSQL use ident authentication by default, newer versions (PSQL 10+) use scram-sha-256. To allow the kong user to communicate with the database locally, change the authentication method to md5 by modifying the PostgreSQL configuration file.

Using a yaml declarative config file

If you want to store the configuration properties for all of Kong Gateway’s configured entities in a yaml declarative configuration file, also referred to as DB-less mode, you must create a kong.yml file and update the kong.conf configuration file to include the file path to the kong.yml file.

First, the following command will generate a kong.yml declarative configuration file in your current folder:

  1. kong config init

The generated kong.yml file contains instructions for how to configure Kong Gateway using the file.

Second, you must configure Kong Gateway using the kong.conf configuration file so it is aware of your declarative configuration file.

Set the database option to off and the declarative_config option to the path of your kong.yml file as in the following example:

  1. database = off
  2. declarative_config = {PATH_TO_KONG.CONF_FILE}

Seed Super Admin

Setting a password for the Super Admin before initial start-up is strongly recommended. This will permit the use of RBAC (Role Based Access Control) at a later time, if needed.

Create an environment variable with the desired Super Admin password and store the password in a safe place. Run migrations to prepare the Kong database, using the following command:

  1. KONG_PASSWORD={PASSWORD} kong migrations bootstrap -c {PATH_TO_KONG.CONF_FILE}

Start Kong Gateway

Note: When you start Kong Gateway, the NGINX master process runs as root, and the worker processes run as kong by default. If this is not the desired behavior, you can switch the NGINX master process to run on the built-in kong user or to a custom non-root user before starting Kong Gateway. For more information, see Running Kong as a Non-Root User.

Start Kong Gateway using the following command:

  1. kong start -c {PATH_TO_KONG.CONF_FILE}

Verify install

If everything went well, you should see a message (Kong started) informing you that Kong Gateway is running.

You can also check using the Admin API:

  1. curl -i http://localhost:8001

You should receive a 200 status code.

By default, listens on the following ports:

  • :8000: Port on which listens for incoming HTTP traffic from your clients, and forwards it to your upstream services.
  • :8443: Port on which listens for incoming HTTPS traffic. This port has similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled with the kong.confconfiguration file.
  • :8001: Port on which the Admin API used to configure listens.
  • :8444: Port on which the Admin API listens for HTTPS traffic.

Post-install configuration

The following steps are all optional and depend on the choices you want to make for your environment.

Apply Enterprise license

If you have an Enterprise license for Kong Gateway, apply it using one of the methods below, depending on your environment.

With a database

Without a database

Apply the license using the Admin API. The license data must contain straight quotes to be considered valid JSON (' and ", not or ).

POST the contents of the provided license.json license to your Kong Gateway instance:

Note: The following license is only an example. You must use the following format, but provide your own content.

cURL

HTTPie

  1. curl -i -X POST http://localhost:8001/licenses \
  2. -d payload='{"license":{"payload":{"admin_seats":"1","customer":"Example Company, Inc","dataplanes":"1","license_creation_date":"2017-07-20","license_expiration_date":"2017-07-20","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU","product_subscription":"Konnect Enterprise","support_plan":"None"},"signature":"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b","version":"1"}}'
  1. http POST :8001/licenses \
  2. payload='{"license":{"payload":{"admin_seats":"1","customer":"Example Company, Inc","dataplanes":"1","license_creation_date":"2017-07-20","license_expiration_date":"2017-07-20","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU","product_subscription":"Konnect Enterprise","support_plan":"None"},"signature":"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b","version":"1"}}'

Securely copy the license.json file to your home directory on the filesystem where you have installed Kong Gateway:

  1. $ scp license.json <system_username>@<server>:~

Then, copy the license file again, this time to the /etc/kong directory:

  1. $ scp license.json /etc/kong/license.json

Kong Gateway will look for a valid license in this location.

Enable and configure Kong Manager

If you’re running Kong Gateway with a database (either in traditional or hybrid mode), you can enable Kong Gateway’s graphical user interface (GUI), Kong Manager.

  1. Update the admin_gui_url property in the kong.conf configuration file to the DNS, or IP address, of your system. For example:

    1. admin_gui_url = http://localhost:8002

    This setting needs to resolve to a network path that will reach the operating system (OS) host.

  2. Update the Admin API setting in the kong.conf file to listen on the needed network interfaces on the OS host. A setting of 0.0.0.0:8001 will listen on port 8001 on all available network interfaces.

    Example configuration:

    1. admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl

    You may also list network interfaces separately as in this configuration example:

    1. admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl, 127.0.0.1:8001, 127.0.0.1:8444 ssl
  3. Restart Kong Gateway for the setting to take effect, using the following command:

    1. kong restart -c {PATH_TO_KONG.CONF_FILE}
  4. Access Kong Manager on port 8002.

Enable Dev Portal

If you’re running Kong Gateway with a database (either in traditional or hybrid mode), you can enable the Dev Portal.

  1. Enable the Dev Portal in the kong.conf file by setting the portal property to on and the portal_gui_host property to the DNS or IP address of the system. For example:

    1. portal = on
    2. portal_gui_host = localhost:8003
  2. Restart Kong Gateway for the setting to take effect, using the following command:

    1. kong restart -c {PATH_TO_KONG.CONF_FILE}
  3. To enable the Dev Portal for a workspace, execute the following command, updating DNSorIP to reflect the IP or valid DNS for the system:

    1. curl -X PATCH http://localhost:8001/workspaces/default \
    2. --data "config.portal=true"
  4. Access the Dev Portal for the default workspace using the following URL, substituting your own DNS or IP:

    1. http://localhost:8003/default

Troubleshooting and support

For troubleshooting license issues, see:

If you did not receive an HTTP/1.1 200 OK message or need assistance completing your setup, reach out to your Kong Support contact or go to the Support Portal.

Next steps

Check out Kong Gateway’s series of Getting Started guides to get the most out of Kong Gateway.