Portal domain routing - self hosted Tyk Gateway & Dashboard

jaykola · March 7, 2017, 8:59am

Hi,

I have set up self hosted instances of tyk-gateway and dashboard (connected via pump). So far everything about tyk has been brilliant and it fits with very well with our own platform offering.

I have configured the gateway to detect APIs registered via the dashboard. I am able to get the dashboard up and running - no issues creating organisations, APIs, setting limits, etc.

However, no matter what I try, the portal always seems to detect the internal IP of the host and not the public IP. I have then tried to configure the ‘portal’ via the dashboard frontend and also the backend (as suggested in #225). I suspect there is some clever internal routing that is making tyk pick up the internal host. I saw a reference to the ‘host manager’ doing some additional bits to get the docker instances to work. Is the behaviour I am seeing a result of that host manager (now merged into dashboard?) trying to be a bit too clever or something I did to mess up my configuration?

I am happy to give you access to our throw away instance of tyk dashboard if you would like to have a look at the issue.

I am using the rpm based version of the following components and versions:

tyk-dashboard.x86_64 —> 1.3.1.2-1
tyk-gateway.x86_64 —> 2.3.3-1
tyk-pump.x86_64 ----> 0.4.1.1-1
Happy to provide other config files that will help with this issue. Our instances are all provisioned via Ansible, so once we get this issue sorted, I’d be happy to contribute those Ansible scripts to the tyk community.

Best Regards,
Jay

Kos · March 7, 2017, 10:37am

Hi jaykola,

could you please share your tyk_analytics.conf ?

Thanks,
Kos @ Tyk Support Team

jaykola · March 7, 2017, 10:53am

Hi Kos,

Here is the tyk_analytics.conf as requested. I should also mention that there is an Nginx sitting in front of our tyk instance.

[root@apid jaykola]# cat /opt/tyk-dashboard/tyk_analytics.conf { "listen_port": 3000, "tyk_api_config": { "Host": "http://localhost", "Port": "8228", "Secret": "352d20ee67be67f6340b4c0605b044b7" }, "mongo_url": "mongodb://127.0.0.1/tyk_analytics", "page_size": 10, "admin_secret": "12345", "shared_node_secret": "352d20ee67be67f6340b4c0605b044b7", "redis_port": 6379, "redis_host": "127.0.0.1", "redis_password": "", "enable_cluster": false, "force_api_defaults": false, "notify_on_change": true, "license_key": "MEHHH MY LICENSE REMOVED FROM HERE", "redis_database": 0, "redis_hosts": null, "hash_keys": true, "email_backend": { "enable_email_notifications": false, "code": "", "settings": null, "default_from_email": "", "default_from_name": "" }, "hide_listen_path": false, "sentry_code": "", "sentry_js_code": "", "use_sentry": false, "enable_master_keys": false, "enable_duplicate_slugs": true, "show_org_id": true, "host_config": { "enable_host_names": true, "disable_org_slug_prefix": true, "hostname": "apid.noesis.limited", "override_hostname": "CentOS-73-64-minimal", "portal_domains": {}, "portal_root_path": "/portal", "generate_secure_paths": false, "use_strict_hostmatch": false }, "http_server_options": { "use_ssl": false, "certificates": [ { "domain_name": "", "cert_file": "", "key_file": "" } ], "min_version": 0 }, "ui": { "languages": { "Chinese": "cn", "English": "en", "Korean": "ko" }, "hide_help": false, "default_lang": "en", "login_page": {}, "nav": {}, "uptime": {}, "portal_section": null, "designer": {}, "dont_show_admin_sockets": false, "dont_allow_license_management": false, "dont_allow_license_management_view": false }, "home_dir": "/opt/tyk-dashboard", "identity_broker": { "enabled": false, "host": { "connection_string": "http://localhost:3010", "secret": "934893845123491238192381486djfhr87234827348" } }, "tagging_options": { "tag_all_apis_by_org": false }, "use_sharded_analytics": false, "enable_aggregate_lookups": true, "enable_analytics_cache": false, "aggregate_lookup_cutoff": "01/07/2016", "maintenance_mode": false, "allow_explicit_policy_id": false, "private_key_path": "", "node_schema_path": "", "oauth_redirect_uri_separator": ";", "statsd_connection_string": "", "statsd_prefix": "" }

Kos · March 7, 2017, 3:20pm

Hi Jay,

an other user seemed to have had a similar issue, you may check this topic .

Let me know if that helps.

Thanks,
Kos @ Tyk Support Team

Martin · March 8, 2017, 1:35am

Change "override_hostname": "CentOS-73-64-minimal" to: ` “override_hostname”: “apid.noesis.limited”, this address should be used instead of whatever the portal detects.

Also, I assume that your portal domain is working correctly and not exposing numeric IDs in the generated URLs?

Lastly, when you created orgs, did you set enable_cname to true? Otherwise the portal will never use the CNAME you set via the UI.

cosjef · March 12, 2017, 3:20pm

Why do you have NGINX sitting in front of Tyk? What does that get you?

Martin · March 12, 2017, 7:59pm

With older versions of Tyk, you’d use NginX to handle domain names and SSL offloading, but it’s not been needed for a while now…

M.