Search code examples
google-cloud-platformproxybitnamikong

Kong GCP Stack Issue: Proxy Ports Setup

I'm using Kong Bitnami GCP Stack (version 2.2.0) as API Gateway: https://console.cloud.google.com/marketplace/product/bitnami-launchpad/kong

It's working well for HTTP with port 8000 and HTTPS with port 8443 (default config). However, when I tried to change HTTP/HTTPS listen ports to 80/443 for production environment, following this link: https://docs.bitnami.com/google/apps/kong/configuration/kong-production/, there are several issues:

  • In my Kong GCP stack, there is no file named "kong_nginx.tmpl", so I cannot fully implement as the reference link
  • I got these two issues when I just cahnge the in kong.conf:
    • bind() to 0.0.0.0:80 failed (13: Permission denied)
    • bind() to 0.0.0.0:443 failed (13: Permission denied)

Below is my current steps for configuration:

  1. run: sudo /opt/bitnami/ctlscript.sh stop kong
  2. change /opt/bitnami/kong/conf/kong.conf: change proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl to proxy_listen = 0.0.0.0:80, 0.0.0.0:443 ssl
  3. run: sudo /opt/bitnami/ctlscript.sh restart kong

Any comments or feedbacks will be really appreciated. Thanks so much!

Best regards,

Solution

  • The reason for this error should be related to the user that is running the process in charge of kong. Checking at its modules we can find

    /root/.nami/registry.json

    "com.bitnami.kong": {
            "id": "com.bitnami.kong",
            "name": "kong",
            "version": "2.2.1",
            "revision": "3",
            "installedAsRoot": false,
            "lifecycle": "installed",
            "installdir": "/opt/bitnami/kong",
            "installPrefix": "/opt/bitnami",
            "values": {
...
                "systemUser": "kong",
                "systemGroup": "kong",
...

    Here we need to change 'com.bitnami.kong'.values.systemUser and 'com.bitnami.kong'.values.systemGroup to root as well.

    In addition, we must change it in another file,

    /root/.nami/components/com.bitnami.kong/nami.json

       "service":     {
        "confFile": "{{$app.confDir}}/kong.conf",
        "pidFile": "{{$app.installdir}}/server/pids/nginx.pid",
        "logFile": "{{$app.installdir}}/server/logs/error.log",
        "ports":         [
            "{{$app.proxyHttpPort}}",
            "{{$app.proxyHttpsPort}}",
            "{{$app.adminHttpPort}}",
            "{{$app.adminHttpsPort}}"
        ],
        "start":         {
            "timeout": 180,
            "wait": 5,
            "username": "kong",
            "command": "{{$app.installdir}}/bin/kong start && tail -f {{$app.installdir}}/server/logs/error.log",
            "env": {"PATH": "{{$app.installdir}}/openresty/bin:{{$app.installdir}}/openresty/luajit/bin:{{$app.installdir}}/openresty/nginx/sbin:{{$global.env.PATH}}"}
        }
    },

    Then we must change service.start.username to root.

    After that, perform the steps that you executed.

    Note that you have to be root to update those files.

    Hopefully, this helps you!