I'm facing a configuration issue while setting up Kong API Gateway (Open Source Edition) in a containerized environment.
Following the official Kong documentation, I used the commands below to set up Kong:
Network Creation:
docker network create kong-net
PostgreSQL Container Setup:
docker run -d --name kong-database \
--network=kong-net \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kongpass" \
postgres:13
Database Bootstrap:
docker run --rm --network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kongpass" \
kong/kong-gateway:3.7.1.2 kong migrations bootstrap
Kong Gateway Setup:
docker run -d --name kong-gateway \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kongpass" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
-e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
-e KONG_LICENSE_DATA \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
-p 8002:8002 \
-p 8445:8445 \
kong/kong-gateway:3.7.1.2
While this setup works, and I can access the Kong Manager on port 8002, I'm having trouble enabling HTTPS. When I change the manager URL to https://localhost:8445, the GUI shows a CORS error when trying to access the Admin API on port 8444.
How can I properly configure HTTPS for the Kong Manager without encountering CORS issues? The CORS plugin is not the solution because it should be related to the API endpoint.
I've tried several things like removing the
KONG_ADMIN_GUI_URL
parameter, but nothing seems to work.
If you dont set ADMIN_GUI_URL then Kong will use whats requested in the browser i.e. https://localhost:8445 admin_gui_url
BUT the catch comes in with the admin API, ADMIN_GUI_API_URL - the docs say this admin_gui_api_url
Hierarchical part of a URI which is composed optionally of a host, port, and path at which the Admin API accepts HTTP or HTTPS traffic. When this config is disabled, Kong Manager will use the window protocol + host and append the resolved admin_listen HTTP/HTTPS port.
The issue is not the hostname or the protocol because this is taken from your Manager request but the port. Because admin API runs on port 8444 and Manager off 8445 you need to specify this. The same goes if you are using DNS and they are different subdomains you need to tell Kong that.
So you adjust your config you need to use the following
docker run -d --name kong-gateway \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kongpass" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_GUI_URL=https://localhost:8445" \
-e "KONG_ADMIN_GUI_API_URL=localhost:8444" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8444 http2 ssl"
-e KONG_LICENSE_DATA \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
-p 8002:8002 \
-p 8445:8445 \
kong/kong-gateway:3.7.1.2
Once you are running the containers, because its a certificate the browser doesnt trust you will need to go to https://localhost:8444 and trust the cert and then go to https://localhost:8445 and trust the cert again and Manager will now work over SSL.
I have tested the above docker command and it works.