kong

Securing RESTful API with Firebase OAuth?

我的未来我决定 提交于 2019-12-10 21:57:31
问题 I'm using Firebase in my iOS and web app to handle user authentication. I need to make sure a user is logged in before he can make any requests to my API. How would I accomplish such a thing with Firebase? I'm thinking about using Kong - https://getkong.org - as a middleman for my API. Kong has a few options in relation to authenticating incoming requests - https://getkong.org/plugins. What would work with Firebase? JWT authentication? OAuth authentication? Key authentication? Can you point

Centos 7安装kong

谁说我不能喝 提交于 2019-12-10 17:30:23
依赖 gcc pcre zlib openssl postgresql9.5+ gcc 安装 安装 gcc 编译环境: yum -y install gcc pcre 安装 pcre(Perl Compatible Regular Expressions) 是一个 Perl 库,包括 perl 兼容的正则表达式,nginx 的 http 库使用 pcre 解析正则表达式。 yum install -y pcre pcre-devel zlib 安装 zlib 库提供多种压缩和加压缩的方式。 sudo yum install -y zlib zlib-devel openssl 安装 openssl 是一个请打的安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议。 yum install -y openssl openssl-devel postgresql 安装 PostgreSQL是完全由社区驱动的开源项目,由全世界超过1000名贡献者所维护。它提供了单个完整功能的版本。可靠性是PostgreSQL的最高优先级。Kong 默认使用 postgresql 作为数据库。 // 添加 rpm yum install -y https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-7

Is keycloak behind api gateway a good practice?

空扰寡人 提交于 2019-12-10 14:53:06
问题 What are good arguments in favor to use or not to use Keycloak behind Api gateway (Kong)? 回答1: There is a tradeoff to putting it behind the proxy: you will not be able to easily protect all of your services by applying the OIDC plugin on the global level. Instead, you will need to individually configure every service with its own OIDC plugin. This is because you will need at least one service that is not protected by the OIDC plugin so that user-agents can authenticate through that service.

User registration + authentication for microservices integrated with kong

故事扮演 提交于 2019-12-10 09:52:07
问题 I am in the process of developing a node.js microservices-based application. The individual microservices are developed including one that already handles the authentication, authorization and registration processes. I am reviewing using kong as the api gateway but am looking for clarity regarding how I can handle authentication, etc. through kong but still use the user service I already created, which already has a db associated with it. Ideally, I would prefer if I could have kong pass the

NgInx as reverse proxy with Kong

百般思念 提交于 2019-12-09 12:51:28
问题 I wanna use Kong as my API Gateway, running in a Docker container. Each request must go first through a NgInx server and if the requested uri matches example.com/api it must result in the api, registered inside Kong. To achieve this I've added my API to Kong with the following command: curl -i -X POST --url ipnumber:8001/apis -d 'name=my-api' -d `enter code here`'upstream_url=http://httpbin.org' -d 'hosts=example.com' -d 'uris=/api/my-api' By executing the following command I get the correct

JWT and KONG with custom authrizations

放肆的年华 提交于 2019-12-08 15:06:30
I went through this tutorial on KONG https://getkong.org/plugins/jwt/ I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}. It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it? Kong community edition can handle only the authentication process, (give or deny access to a customer). Authorization process (what a given customer can do in your application) is handled by your application

JWT and KONG with custom authrizations

房东的猫 提交于 2019-12-08 06:38:21
问题 I went through this tutorial on KONG https://getkong.org/plugins/jwt/ I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}. It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it? 回答1: Kong community edition can handle only the authentication process, (give or deny access to a customer

konga的初步使用

三世轮回 提交于 2019-12-06 13:59:15
目录 1. 设置连接 2. konga的重要功能 Dashboard Snapshots Settings 3. 通过konga 实现kong api配置 前言 : 在 上篇文章 中,我们已经创建了一个到kong的链接,本文整理一些konga的使用方法。 1. 设置连接 点击 CONNECTIONS 页面,我们可以看到先前添加的与Kong实例建立的连接 ,但是没有激活。 点击激活按钮。如果配置正确,Konga将连接到Kong,界面如下: 2. konga的重要功能 Dashboard 仪表板显示当前连接到的Kong实例,基础数据库和可用插件的基本信息。更多详细信息可在INFO页面中找到。 Snapshots 快照功能允许您轻松地跨节点备份,恢复和移动Kong配置。您还可以安排Kong实例的自动快照。 Settings 设置页面提供了配置Konga并为用户帐户设置基本ACL的简单方法。 请记住,用户权限是全局设置的,并将用户帐户称为实体。尚不支持单个用户ACL。 3. 通过konga 实现kong api配置 当你通过konga配置连接到kong后,发现可以通过konga配置可以kong api涉及的各个对象: routes services upstreams:包含target plugins 以及consumers、snapshots等。

Kong的核心对象

↘锁芯ラ 提交于 2019-12-06 10:26:58
目录 Kong 的管理方式 1. kong的关键术语 Service: Route: Upstream: Target: API: Consumer: Plugin: 2. 举例kong service的配置步骤 kong的重要对象关系 kong对象特征 前言须知: 从0.13开始 kong就弃用的api改用service来组织api 增加了service Route Upstream Target service 相当于原来的api,但是没有路由信息,可以直接挂载物理host,也可以挂一个Upstream的host Route指kong的路由实体。Route是Kong的入口,定义了请求的匹配规则,路由到指定的服务。就是专门定义外部访问的分发hosts,strip_path,preserve_host,protocols,甚至method都在这里定义,和service关联 Upstream,这个是新东西,一个虚拟的后端服务, 需要结合Target一起使用, 好处是可以在这里就完成负载均衡,还有健康检查 给Upstream添加实际的物理节点,实现的负载均衡 Kong 的管理方式 Kong 简单易用的背后,便是其所有的操作都是基于 HTTP Restful API 来进行的,Kong 在port上公开了 RESTful Admin API :8001

Kong install by Docker 中文翻译

谁说我不能喝 提交于 2019-12-06 08:25:20
目录 带数据库模式 无数据库模式 查看原文 关于如何在 Docker 中使用 Kong 的细节讨论可以在存有 Kong 镜像的 DockerHub 页面上找到。我们也有一个 Docker Compose template ,内置了群组和可扩展性。 带数据库模式 以下是一个简单例子,展示了如何将一个 kong 容器连接至 Cassandra 或 PostgreSQL。 创建 docker 网络 你需要手动创建一个网络,用于容器之间互相发现和沟通。在本例中,kong-net是网络的名称,你可以随便改个名字。 $ docker network create kong-net 运行数据库 期望使用 Cassandra 容器: $ docker run -d --name kong-database \ --network=kong-net \ -p 9042:9042 \ cassandra:3 期望使用 PostgreSQL 容器: $ docker run -d --name kong-database \ --network=kong-net \ -p 5432:5432 \ -e POSTGRES_USER=kong \ -e POSTGRES_DB=kong \ postgres:9.6 准备数据库 用一个临时 Kong 容器运行迁移。 $ docker run --rm \ -
订阅 kong