404 Not Found on Hybrid Deployment

Hi Martin,

I have setup hybrid deployment as follows:

1- Docker Proxy behind a firewall pointing to my API on my local network.
2- Configured the API’s target url on tyk cloud to point to my local API.
3- Published the API on the portal and received an API key.

When I try to consume the API, I’m getting 404 Not found error.

Is there a way to see a log on the docker proxy of incoming and outgoing requests (I’m trying to figure out where my problem is)?


  1. Is this the Tyk Cloud subsdomain address or your load balancer / internal IP?
  2. Cna you share your curl command?
  3. Can you provide a screenshot of the error, need to see if it’s us doing the 404.

Yup, this is a pretty standard docker command to tail the output of a docker container.

Hi Martin,

Its a Get to the following url: http://api.rerouteme.com/events/

Authorization: 569e992ac962eb000100007d0f7a83e2a50e4d3b5de9e46697e6b589

The tyk cloud url is: http://self-employed-inc.cloud.tyk.io/events/

Ok, so there’s the issue - the 404 is coming from the gateway, and it’s because the URL is wrong.

Tyk Hybrid containers do not use the api-slug, they are pretty raw, so you need to use the API ID to route to the API, and you need to target the gateway directly:


You can find the API ID in the API list in your cloud dashboard.

If you want to use port 80, or use NGinX, then you’ll need to do some more work, Tyk Docker Hybrids have nginx installed, but require manual configuration to respect domain names, you can see here:

That the container mounts a confs folder into the sites-enabled folder of Nginx in the container, you can use this to put an Tyk NGinX configuration in place to handle domains.

However, I’d start off with targeting the API directly over the gateway on port 8080 and the APIID.

Hi Martin,

I am trying the url: http://api.rerouteme.com/[APIID] and passing the authorization header in request.

I am getting 400 Bad Request with “Authorization field missing”

It seems that the headers are not passed to the gateway.

I don’t know how to solve this.

That error means that the Authorization header is not in the request that gets to the gateway, so tyk cannot find the header when the request lands, and is telling you so.

that’s all there is to it, are you sure you have added the header to the request properly, does it work with Curl? Postman?

I have tried curl also and getting same error. It seems the hybrid proxy is not passing the headers to tyk gateway.

I don’t know why.

Hi Martin,

I really appreciate your great help and guidance.

The API now is working. The firewall on our side was stripping the headers.

We still have 2 important things to have the setup complete:

1- Using a friendly name instead of APIID in API url.
2- Setting up the dashboard and portal to run and accessed as http://api.rerouteme.com/portal.

Kindly do you have a kind of documentation or guidance to have these things done properly?


Glad to hear it :slightly_smiling:

This is a little trickier, now the Tyk Hybrid container runs nginx, and you can basically write your own URL rewrite rules for the hybrid. See here:

The local confs directory gets mounted into the docker nginx sites-enabled folder. You you can just include a domain.tconf or domain.conf file in there that hanles your domain routing inside the container to rewrite your api-slug to the API ID.

There’s a sample config here

The portal is hosted in Tyk Cloud, not the hybrid, so you’ll need to use your cloud domain, or upgrade your account to a startup plan so we can give you a custom CNAME.

Thanks Martin for the reply.

So what I understand regarding the portal is that the only options to have the portal running under our domain:

  • Use CNAME with a startup account plan or higher.

  • Use tyk fully hosted on our servers rather than using tyk cloud.

Is my assumption correct?

Hi Ahmad,

Yes, your assumption is correct. The hybrid container is for API traffic only, not dashboard or portal, that lives in our cloud.

Many thanks,

Hello Martin,
We tried to follow your instructions above regarding rewriting the API slug to the APIID using the domain.tconf as you suggested.

So we created the file and it looks like this (not sure if we’re on the right track here):
server {

    server_name tyk_hybrid_prod1;

    gzip              on;
    gzip_buffers      16 8k;
    gzip_comp_level   4;
    gzip_http_version 1.1;
    gzip_min_length   1280;
    gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp;
    gzip_vary         on;

    # The Go application server
    location / {
       rewrite /events/ /03b66ebd9408467c7cf5ca4a3XXXXXXX/ break;

        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://tyk;

It didn’t work. So I mounted the docker image to see if the file is there and it’s not:
root@43b7d73fb7d5:/etc/nginx/sites-enabled# ls

I checked the nginx error log and I saw this:
2016/02/21 01:40:11 [warn] 35#0: conflicting server name “tyk_hybrid_prod1” on, ignored

Can we please get yours thoughts on this?

Thanks for all the help.

That error means that you have a duplicate server name configured in NginX, do you have multiple nginx configurations you are mounting? When the docker image starts, the whole confs directory is mounted, so any other files in there might also being interpreted by NginX.