How to Secure Kong Admin

kongHi Everyone,
We’re back with another handy tutorial. We recently started offering API hosting service, and we decided to use Kong for proxy and authentication layers. It’s a very nice and versatile piece of software but lacks a cruical feature, an easy way to secure Kong Admin API. That’s what we’re going to do!

TL;DR

Since we published this post, we started providing a Kong Admin service. You can secure your admin in 2 steps. More information is available here.

Long Version

For purposes of this tutorial, we’re assuming your proxy port is 8000 and admin port is 8001.  We’re going to be looping Kong admin back to it’s own proxy. This is quite neat trick and hats off to people who suggested this over forums and lists.

Step 1 – Add Kong Admin as an API

Simply do a curl call to your kong admin and create an API.

kong1

Step 2 – Check New API 

Let’s see if our proxy is working. If it’s you should be able to do /kong/apis on your server.  
kong2

Step 3 – Add Authentication

Kong offers many authentication plugins. For simplicity, we’re going to use key-auth plugin, but you can use any mechanism you want.

First add key-auth pluginkong3

This will secure your api from unauthentication calls
kong4

Then create a consumer, we used kong as our username
kong5Finally create a key for your consumer and note the key
kong6Let’s see how it works
kong7

Perfect! Now we have to ssh/connect to our server and make some firewall changes.

Step 4 – Close port 8001 to Outside World

You can use ufw (for Ubuntu) or iptables or any firewall software your’e comfortable with. For this tutorial we’ll go with ufw.

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 8000
sudo ufw enable

We’re done with server part.

Step 5 – Check Result and Enjoy

First check port 8000. It works and authentication is enabled.
kong8

Second check port 8001. It’s not enabled, so we’re now secure from uninvited guests.
kong9

Now you have an authentication enabled and secure Kong Admin. Enjoy.

Be sure to check out API Plug for hassle-free API generation and management. We are preparing a Web based Kong Management Service. Signup API Plug to get Beta Access of this service.

CREATE YOUR FREE ACCOUNT NOW

 

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *