We are in the process of evaluating Tyk for API gateway use cases. We are using Tyk community edition for our evaluation. We have used the helm chart available in the tyk github account and could bring Tyk gateway component (community edition) up and running on our kubernetes on premises cluster. We know, we wont be having access to Dashboard in the Tyk Community Edition.
We could define and test api proxy configuration for a set of scenarios where no authorization and authorization header passing is required. But, when we tried to define api proxy configuration and testing it, we have been getting “There was a problem proxying the request tyk gateway” error. To debug and understand more on the root cause of this issue, we are not able to locate the logs information. We have searched in the tyk gateway pod’s /var/log/* and /etc/tyk-gateway/* folders.
Can someone help us by providing information on where to look for tyk-gateway’s log messages?
Check the pod logs while you make the requests. It’s most likely some 500 code related to TLS or network availability between the gateway and your upstream service. i.e. IP not reachable, misconfigured cert etc
Also try curl from the gateway pod to your upstream to see if you can make requests at all.
Thank you for your reply. We could check the pod logs while we make the requests. The error message was due to certs.
level=error msg="http: proxy error: x509: cannot validate certificate for xx.xx.xx.xxx because it doesn't contain any IP SANs" api_id=1 api_name="portal_keyless" mw=ReverseProxy org_id=default prefix=proxy server_name="xx.xx.xx.xxx:xxxxx" user_id=-- user_ip=127.0.0.1 user_name=
Now we would like to skip SSL verification on proxied backend. In another thread, it was suggested to modify Gateway config to set the value of “proxy_ssl_insecure_skip_verify” to true.
Do you think only changing the config value of proxy_ssl_insecure_skip_verify to true will help us.If yes, how do we change tyk configuration on a tyk kubernetes setup?
We have added the config for proxy_ssl_insecure_skip_verify in tyk-headless/configs/tyk_mgmt.conf file and redeployed tyk on k8s cluster. We were just wondering, if there is any better way to do this without redeploying tyk.