I recently configured Tyk to use SSL connections but when I created a new API and tried to access it I got a 404 error.
Where did yu add the ssl settings?
Inside the http_server_options.
My tyk_analytics file has the following configuration:
{
"redis_password":null,
"tyk_api_config":{
"Host":"https://localhost",
"Port":"80",
"Secret":"352d20ee67be67f6340b4c0605b044b7"
},
"http_server_options":{
"certificates":[
{
"key_file":"/etc/ssl/private/shetools-selfsigned.key",
"cert_file":"/etc/ssl/certs/shetools-selfsigned.crt",
"domain_name":"*.she.tools"
}
],
"use_ssl":true
},
"show_org_id":true,
"listen_port":3000,
"identity_broker":{
"host":{
"connection_string":"http://localhost:3010",
"secret":"934893845123491238192381486djfhr87234827348"
},
"enabled":false
},
"license_owner":"Sharing Economy Tools",
"home_dir":"/opt/tyk-dashboard",
"page_size":10,
"enable_aggregate_lookups":true,
"shared_node_secret":"352d20ee67be67f6340b4c0605b044b7",
"email_backend":{
},
"admin_secret":"12345",
"notify_on_change":true,
"hide_listen_path":false,
"force_api_defaults":false,
"host_config":{
"enable_host_names":false,
"hostname":"192.168.1.87",
"disable_org_slug_prefix":true,
"secure_cookies":true,
"portal_domains":{
},
"portal_root_path":"/portal",
"generate_secure_paths":true,
"override_hostname":"she.tools"
},
"oauth_redirect_uri_separator":";",
"private_key_path":"",
"license_key":"",
"enable_duplicate_slugs":true,
"use_sentry":false,
"sentry_code":"",
"dashboard_session_lifetime":60,
"sentry_js_code":"",
"redis_host":"localhost",
"ui":{
"default_lang":"en",
"designer":{
},
"login_page":{
},
"uptime":{
},
"languages":{
"Korean":"ko",
"Chinese":"cn",
"English":"en"
},
"nav":{
},
"portal":{
}
},
"redis_port":6379,
"aggregate_lookup_cutoff":"01/07/2016",
"security":{
"login_failure_ip_limit":12,
"login_failure_username_limit":3,
"login_failure_expiration":900,
"audit_log_path":"/opt/tyk-dashboard/portal"
},
"mongo_url":"mongodb://127.0.0.1/tyk_analytics",
"hash_keys":true
}
and the tyk.conf:
{
"listen_address": "",
"listen_port": 80,
"secret": "352d20ee67be67f6340b4c0605b044b7",
"node_secret": "352d20ee67be67f6340b4c0605b044b7",
"template_path": "/opt/tyk-gateway/templates",
"tyk_js_path": "",
"middleware_path": "/opt/tyk-gateway/middleware",
"policies": {
"policy_source": "service",
"policy_connection_string": "https://she.tools:3000",
"policy_record_name": "tyk_policies",
"allow_explicit_policy_id": true
},
"use_db_app_configs": true,
"db_app_conf_options": {
"connection_string": "https://she.tools:3000",
"node_is_segmented": false,
"tags": [
"test2"
]
},
"disable_dashboard_zeroconf": false,
"app_path": "/opt/tyk-gateway/apps",
"storage": {
"type": "redis",
"host": "localhost",
"port": 6379,
"hosts": null,
"username": "",
"password": "",
"database": 0,
"optimisation_max_idle": 100,
"optimisation_max_active": 4000,
"enable_cluster": false
},
"enable_separate_cache_store": false,
"cache_storage": {
"type": "",
"host": "",
"port": 0,
"hosts": null,
"username": "",
"password": "",
"database": 0,
"optimisation_max_idle": 0,
"optimisation_max_active": 0,
"enable_cluster": false
},
"enable_analytics": true,
"analytics_config": {
"type": "mongo",
"ignored_ips": [],
"enable_detailed_recording": true,
"enable_geo_ip": false,
"geo_ip_db_path": "",
"normalise_urls": {
"enabled": true,
"normalise_uuids": true,
"normalise_numbers": true,
"custom_patterns": []
},
"pool_size": 100
},
"health_check": {
"enable_health_checks": true,
"health_check_value_timeouts": 60
},
"optimisations_use_async_session_write": true,
"allow_master_keys": false,
"hash_keys": false,
"suppress_redis_signal_reload": false,
"suppress_default_org_store": false,
"use_redis_log": true,
"sentry_code": "",
"use_sentry": false,
"use_syslog": false,
"use_graylog": false,
"use_logstash": false,
"graylog_network_addr": "",
"logstash_network_addr": "",
"syslog_transport": "",
"logstash_transport": "",
"syslog_network_addr": "",
"statsd_connection_string": "",
"statsd_prefix": "",
"enforce_org_data_age": false,
"enforce_org_data_detail_logging": false,
"enforce_org_quotas": false,
"experimental_process_org_off_thread": true,
"enable_non_transactional_rate_limiter": true,
"enable_sentinel_rate_limiter": false,
"enable_redis_rolling_limiter": false,
"management_node": false,
"monitor": {
"enable_trigger_monitors": false,
"configuration": {
"method": "",
"target_path": "",
"template_path": "",
"header_map": null,
"event_timeout": 0
},
"global_trigger_limit": 0,
"monitor_user_keys": false,
"monitor_org_keys": false
},
"oauth_refresh_token_expire": 0,
"oauth_token_expire": 0,
"oauth_redirect_uri_separator": ";",
"slave_options": {
"use_rpc": false,
"use_ssl": false,
"ssl_insecure_skip_verify": false,
"connection_string": "",
"rpc_key": "",
"api_key": "",
"enable_rpc_cache": false,
"bind_to_slugs": false,
"disable_keyspace_sync": false,
"group_id": "",
"call_timeout": 0,
"ping_timeout": 0
},
"disable_virtual_path_blobs": false,
"local_session_cache": {
"disable_cached_session_state": false,
"cached_session_timeout": 0,
"cached_session_eviction": 0
},
"http_server_options": {
"override_defaults": true,
"read_timeout": 0,
"write_timeout": 0,
"use_ssl": true,
"use_ssl_le": false,
"ssl_insecure_skip_verify": true,
"enable_websockets": true,
"certificates": [
{
"domain_name": "*.she.tools",
"cert_file": "/etc/ssl/certs/shetools-selfsigned.crt",
"key_file": "/etc/ssl/private/shetools-selfsigned.key"
}
],
"ssl_certificates": null,
"server_name": "",
"min_version": 0,
"flush_interval": 0,
"skip_url_cleaning": false
},
"service_discovery": {
"default_cache_timeout": 0
},
"close_connections": true,
"auth_override": {
"force_auth_provider": false,
"auth_provider": {
"name": "",
"storage_engine": "",
"meta": null
},
"force_session_provider": false,
"session_provider": {
"name": "",
"storage_engine": "",
"meta": null
}
},
"uptime_tests": {
"disable": false,
"config": {
"failure_trigger_sample_size": 2,
"time_wait": 10,
"checker_pool_size": 50,
"enable_uptime_analytics": true
}
},
"hostname": "she.tools",
"enable_api_segregation": false,
"control_api_hostname": "",
"control_api_port": 0,
"enable_custom_domains": true,
"enable_jsvm": true,
"coprocess_options": {
"enable_coprocess": false,
"coprocess_grpc_server": "",
"python_path_prefix": ""
},
"hide_generator_header": false,
"event_handlers": {
"events": null
},
"event_trigers_defunct": null,
"pid_file_location": "./tyk-gateway.pid",
"allow_insecure_configs": true,
"public_key_path": "",
"close_idle_connections": false,
"drl_notification_frequency": 0,
"global_session_lifetime": 100,
"force_global_session_lifetime": false,
"bundle_base_url": "",
"enable_bundle_downloader": true,
"allow_remote_config": true,
"legacy_enable_allowance_countdown": false,
"max_idle_connections_per_host": 100,
"reload_wait_time": 0,
"proxy_ssl_insecure_skip_verify": true,
"proxy_default_timeout": 0,
"log_level": "",
"security": {
"private_certificate_encoding_secret": "",
"control_api_use_mutual_tls": false,
"certificates": {
"apis": null,
"upstream": null,
"control_api": null,
"dashboard_api": null,
"mdcb_api": null
}
}
}
You will want to make these 443
I have modified the ports, but the message persists, in the log of the dashboard says:
[Jan 8 19:07:44] INFO Using /opt/tyk-dashboard/tyk_analytics.conf for configuration
[Jan 8 19:07:44] INFO Creating new Redis connection pool
[Jan 8 19:07:44] INFO Creating new Redis connection pool
[Jan 8 19:07:44] INFO Creating new Redis connection pool
[Jan 8 19:07:44] INFO Creating new Redis connection pool
[Jan 8 19:07:44] INFO Adding available nodes...
[Jan 8 19:07:44] ERROR error opening audit log file: open /opt/tyk-dashboard/portal: is a directory
[Jan 8 19:07:44] INFO Tyk Analytics Dashboard v1.4.2
[Jan 8 19:07:44] INFO Copyright Martin Buhr 2016
[Jan 8 19:07:44] INFO https://www.tyk.io
[Jan 8 19:07:44] INFO Listening on port: 443
[Jan 8 19:07:44] INFO Loading routes...
[Jan 8 19:07:44] INFO Registering nodes...
[Jan 8 19:07:44] INFO Adding available nodes...
[Jan 8 19:07:44] INFO Creating new Redis connection pool
[Jan 8 19:07:44] INFO ui-notifications: Socket server started
[Jan 8 19:07:44] INFO --> Using SSL (https) for UI notifications
[Jan 8 19:07:44] INFO --> Using SSL (https) for dashboard and API
[Jan 8 19:07:44] INFO Starting zeroconf heartbeat
[Jan 8 19:07:44] INFO Starting notification handler for gateway cluster
2018/01/08 19:07:44 http2: server: error reading preface from client 177.224.189.61:40272: remote error: tls: bad certificate
2018/01/08 19:07:50 http2: server: error reading preface from client 177.224.189.61:40274: remote error: tls: bad certificate
Sorry for my questions, I’m still learning about server configuration.
I used the following commands to generate the certificate:
openssl genrsa -out shetools-selfsigned.key 1024
openssl req -new -key shetools-selfsigned.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey shetools-selfsigned.key -out shetools-selfsigned.crt
If it’s a self-signed certificate you will need to enable the skip_verify options in the tyk.conf and tyk_analytics.conf files.
Thanks for all Martin, was a problem with the certificate
Me again. We bought the certificates and we were able to create APIs and consult them without problem but when consulting the logs about the use of the APIs they are not shown and the logs of the Dashboard show the following message:
[Jan 16 18:20:50] INFO Using /opt/tyk-dashboard/tyk_analytics.conf for configuration
[Jan 16 18:20:50] INFO Creating new Redis connection pool
[Jan 16 18:20:50] INFO Creating new Redis connection pool
[Jan 16 18:20:50] INFO Creating new Redis connection pool
[Jan 16 18:20:50] INFO Creating new Redis connection pool
[Jan 16 18:20:50] INFO Adding available nodes...
[Jan 16 18:20:50] ERROR error opening audit log file: open /opt/tyk-dashboard/portal: is a directory
[Jan 16 18:20:50] INFO Tyk Analytics Dashboard v1.4.2
[Jan 16 18:20:50] INFO Copyright Martin Buhr 2016
[Jan 16 18:20:50] INFO https://www.tyk.io
[Jan 16 18:20:50] INFO Listening on port: 443
[Jan 16 18:20:50] INFO Loading routes...
[Jan 16 18:20:50] INFO Registering nodes...
[Jan 16 18:20:50] INFO Adding available nodes...
[Jan 16 18:20:50] INFO Creating new Redis connection pool
[Jan 16 18:20:50] INFO ui-notifications: Socket server started
[Jan 16 18:20:50] INFO --> Using SSL (https) for UI notifications
[Jan 16 18:20:50] INFO --> Using SSL (https) for dashboard and API
[Jan 16 18:20:50] INFO Starting zeroconf heartbeat
[Jan 16 18:20:50] INFO Starting notification handler for gateway cluster
2018/01/16 18:20:52 http: TLS handshake error from 94.177.198.18:56006: remote error: tls: bad certificate
2018/01/16 18:20:57 http: TLS handshake error from 94.177.198.18:56012: remote error: tls: bad certificate
This is my Dashboard configuration:
{
"redis_password":null,
"tyk_api_config":{
"Host":"https://mina.cloud",
"Port":"8000",
"Secret":"e6f3WbC1yrTZlfE5gC7IMIHHyU0LIOaRenW8vHYPQ1OYkYVCMzZYFgO"
},
"http_server_options":{
"certificates":[
{
"key_file":"/root/ssl/private/server.key",
"cert_file":"/root/ssl/certificates/server.crt",
"domain_name":"*.mina.cloud"
}
],
"use_ssl":true,
"ssl_insecure_skip_verify":false
},
"show_org_id":true,
"listen_port":443,
"identity_broker":{
"host":{
"connection_string":"http://localhost:3010",
"secret":"934893845123491238192381486djfhr87234827348"
},
"enabled":false
},
"license_owner":"Sharing Economy Tools",
"home_dir":"/opt/tyk-dashboard",
"page_size":10,
"enable_aggregate_lookups":true,
"proxy_ssl_insecure_skip_verify":false,
"shared_node_secret":"e6f3WbC1yrTZlfE5gC7IMIHHyU0LIOaRenW8vHYPQ1OYkYVCMzZYFgO",
"email_backend":{
},
"admin_secret":"12345",
"notify_on_change":true,
"hide_listen_path":false,
"force_api_defaults":false,
"host_config":{
"enable_host_names":false,
"hostname":"mina.cloud",
"disable_org_slug_prefix":true,
"secure_cookies":true,
"portal_domains":{
},
"portal_root_path":"/portal",
"generate_secure_paths":true,
"override_hostname":"mina.cloud"
},
"allow_insecure_configs":false,
"oauth_redirect_uri_separator":";",
"private_key_path":"/root/keys/privkey.pem",
"license_key":"...",
"enable_duplicate_slugs":true,
"use_sentry":false,
"sentry_code":"",
"dashboard_session_lifetime":60,
"sentry_js_code":"",
"redis_host":"localhost",
"ui":{
"default_lang":"en",
"designer":{
},
"login_page":{
},
"uptime":{
},
"languages":{
"Korean":"ko",
"Chinese":"cn",
"English":"en"
},
"nav":{
},
"portal":{
}
},
"redis_port":6379,
"aggregate_lookup_cutoff":"01/07/2016",
"security":{
"login_failure_ip_limit":12,
"login_failure_username_limit":3,
"login_failure_expiration":900,
"audit_log_path":"/opt/tyk-dashboard/portal"
},
"mongo_url":"mongodb://127.0.0.1/tyk_analytics",
"hash_keys":true
}
Thanks for the support
Theere is another certificate error, what is on this IP?
is where tyk is installed, the hostname redirect to that IP
Is the certificate that is being used there self signed?
No, it is a purchased certificate, although, before buying it, I added a selfsigned certificate manually. I’m going to try a clean installation with the same configuration.