Hey,
I am trying to properly set SSL
on both my Dash and Gateway using Lets Encrypt and seeing the docs i added this
"http_server_options": {
"use_ssl": true,
"use_ssl_le": true
}
My tyk.conf
looks like this
{
"allow_insecure_configs": true,
"listen_address": "",
"listen_port": 443,
"secret": "352d20ee67be67f6340b4c0605b044b7",
"node_secret": "352d20ee67be67f6340b4c0605b044b7",
"template_path": "/opt/tyk-gateway/templates",
"use_db_app_configs": true,
"db_app_conf_options": {
"connection_string": "http://localhost:3000"
},
"app_path": "/opt/tyk-gateway/apps",
"middleware_path": "/opt/tyk-gateway/middleware",
"storage": {
"type": "redis",
"host": "localhost",
"port": 6379,
"optimisation_max_idle": 2000,
"optimisation_max_active": 4000
},
"enable_analytics": true,
"analytics_config": {
"type": "",
"ignored_ips": []
},
"optimisations_use_async_session_write": true,
"allow_master_keys": false,
"policies": {
"policy_source": "service",
"policy_connection_string": "http://localhost:3000",
"policy_record_name": "tyk_policies",
"allow_explicit_policy_id": true
},
"hash_keys": true,
"max_idle_connections_per_host": 500,
"http_server_options": {
"use_ssl": true,
"use_ssl_le": true
}
}
and my tyk_analytics.conf
looks like this
{
"listen_port": 3000,
"tyk_api_config": {
"Host": "http://localhost",
"Port": "443",
"Secret": "352d20ee67be67f6340b4c0605b044b7"
},
"mongo_url": "mongodb://localhost/tyk_analytics",
"mongo_use_ssl": false,
"mongo_ssl_insecure_skip_verify": false,
"mongo_session_consistency": "",
"page_size": 10,
"admin_secret": "12345",
"shared_node_secret": "352d20ee67be67f6340b4c0605b044b7",
"redis_port": 6379,
"redis_host": "localhost",
"redis_password": "",
"enable_cluster": false,
"redis_use_ssl": false,
"redis_ssl_insecure_skip_verify": false,
"force_api_defaults": false,
"notify_on_change": true,
"license_key": "key....."
"redis_database": 0,
"redis_hosts": null,
"hash_keys": true,
"email_backend": {
"enable_email_notifications": false,
"code": "",
"settings": null,
"default_from_email": "",
"default_from_name": "",
"dashboard_hostname": ""
},
"hide_listen_path": false,
"sentry_code": "",
"sentry_js_code": "",
"use_sentry": false,
"enable_master_keys": false,
"enable_duplicate_slugs": true,
"show_org_id": true,
"host_config": {
"enable_host_names": true,
"disable_org_slug_prefix": true,
"hostname": "localhost",
"override_hostname": "localhost",
"portal_domains": {},
"portal_root_path": "/portal",
"generate_secure_paths": false,
"secure_cookies": false,
"use_strict_hostmatch": false
},
"security": {
"allow_admin_reset_password": false,
"login_failure_username_limit": 0,
"login_failure_ip_limit": 0,
"login_failure_expiration": 0,
"login_disallow_forward_proxy": false,
"audit_log_path": ""
},
"ui": {
"languages": {
"Chinese": "cn",
"English": "en",
"French": "fr",
"Korean": "ko"
},
"hide_help": false,
"default_lang": "en",
"login_page": {},
"nav": {},
"uptime": {},
"portal_section": null,
"designer": {},
"dont_show_admin_sockets": false,
"dont_allow_license_management": false,
"dont_allow_license_management_view": false,
"cloud": false
},
"home_dir": "/opt/tyk-dashboard",
"identity_broker": {
"enabled": false,
"host": {
"connection_string": "http://localhost:3010",
"secret": "934893845123491238192381486djfhr87234827348"
}
},
"tagging_options": {
"tag_all_apis_by_org": false
},
"use_sharded_analytics": false,
"enable_aggregate_lookups": true,
"enable_analytics_cache": false,
"aggregate_lookup_cutoff": "01/07/2016",
"maintenance_mode": false,
"allow_explicit_policy_id": false,
"private_key_path": "",
"node_schema_path": "",
"oauth_redirect_uri_separator": ";",
"statsd_connection_string": "",
"statsd_prefix": "",
"disable_parallel_sessions": false,
"dashboard_session_lifetime": 0,
"alternative_dashboard_url": "",
"sso_permission_defaults": null,
"sso_default_group_id": "",
"sso_custom_login_url": "",
"sso_custom_portal_login_url": "",
"notifications_listen_port": 5000,
"portal_session_lifetime": 0,
"enable_delete_key_by_hash": false
}
There is no SSL on both my dashboard
and gateway
.
Also
Logs for tyk-dashboard
are
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="connecting to MongoDB: [localhost]"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="mongo connection established"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Creating new Redis connection pool"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Creating new Redis connection pool"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Creating new Redis connection pool"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Creating new Redis connection pool"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Adding available nodes..."
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Tyk Analytics Dashboard v1.7.5"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Copyright Martin Buhr 2016"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="https://www.tyk.io"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Listening on port: 3000"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Registering nodes..."
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Adding available nodes..."
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Creating new Redis connection pool"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Socket server started"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="--> Standard listener (http) for UI notifications" addr=":5000"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="--> Standard listener (http) for dashboard and API"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Starting zeroconf heartbeat"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Starting notification handler for gateway cluster"
Mar 30 09:06:52 gateway tyk-analytics[2816]: time="Mar 30 09:06:52" level=info msg="Loading routes..."
Mar 30 09:06:55 gateway tyk-analytics[2816]: time="Mar 30 09:06:55" level=info msg="Got configuration for nodeID: 38e801d9-f6c3-4ee1-7640-17c3e81b56ea|gateway"
Mar 30 09:07:03 gateway tyk-analytics[2816]: time="Mar 30 09:07:03" level=info msg="Sending config request for node: 38e801d9-f6c3-4ee1-7640-17c3e81b56ea-gateway"
Mar 30 09:07:03 gateway tyk-analytics[2816]: time="Mar 30 09:07:03" level=info msg="Got configuration for nodeID: 38e801d9-f6c3-4ee1-7640-17c3e81b56ea|gateway"
Mar 30 09:07:19 gateway tyk-analytics[2816]: time="Mar 30 09:07:19" level=error msg="No nodes available"
Mar 30 09:07:24 gateway tyk-analytics[2816]: time="Mar 30 09:07:24" level=error msg="No nodes available"
Mar 30 09:07:32 gateway tyk-analytics[2816]: time="Mar 30 09:07:32" level=info msg="Sending config request for node: 38e801d9-f6c3-4ee1-7640-17c3e81b56ea-gateway"
Mar 30 09:07:32 gateway tyk-analytics[2816]: time="Mar 30 09:07:32" level=info msg="Got configuration for nodeID: 38e801d9-f6c3-4ee1-7640-17c3e81b56ea|gateway"
Mar 30 09:08:12 gateway tyk-analytics[2816]: time="Mar 30 09:08:12" level=warning msg="Login opened from: 122.179.41.30:59660"
and tyk-gateway
are
Mar 30 09:07:19 gateway tyk[2898]: time="Mar 30 09:07:19" level=info msg="Redis connection pools are ready after number of retires" currRetry=0
Mar 30 09:07:19 gateway tyk[2898]: time="Mar 30 09:07:19" level=info msg="Redis connection pools are ready"
Mar 30 09:07:19 gateway tyk[2898]: time="Mar 30 09:07:19" level=info msg="--> Using SSL (https)"
Mar 30 09:07:19 gateway tyk[2898]: time="Mar 30 09:07:19" level=info msg="Setting up Server"
Mar 30 09:07:19 gateway tyk[2898]: time="Mar 30 09:07:19" level=info msg="Registering node."
Mar 30 09:07:19 gateway tyk[2898]: time="Mar 30 09:07:19" level=error msg="Response failed with code 404; retrying in 5s"
Mar 30 09:07:20 gateway tyk[2898]: time="Mar 30 09:07:20" level=warning msg="Insecure configuration detected (allowing)!"
Mar 30 09:07:24 gateway tyk[2898]: time="Mar 30 09:07:24" level=error msg="Response failed with code 404; retrying in 5s"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Starting Poller"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Node registered" id=38e801d9-f6c3-4ee1-7640-17c3e81b56ea
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Gateway started (v2.7.6)"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Initialising distributed rate limiter"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="--> Listening on address: (open interface)"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="--> Listening on port: 443"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="--> PID: 2898"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Loading policies"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Using Policies from Dashboard Service"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Mutex lock acquired... calling"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Calling dashboard service for policy list"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Starting gateway rate limiter notifications..."
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Processing policy list"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Policies found (0 total):"
Mar 30 09:07:29 gateway tyk[2898]: time="Mar 30 09:07:29" level=info msg="Detected 22 APIs"
How do i properly set SSL
on both my Dash and Gateway using Lets Encrypt?