Setting up TCP Proxy

Hi @selvamp

Thanks for sharing the config and log files.

From the log files we can see multiple issues but we will take one step at a time

Port Whitelisting issue

time=“Aug 12 06:23:43” level=error msg=“Can’t start listener” error=“tcp:18780 trying to open disabled

By default, you will not be able to run a service on a custom port, until you whitelist the required ports. So to fix the error above you would need specify the ports or disable whitelisting and allow any TCP port in the config file. More information can be found here

Redis connection issue

time=“Aug 12 06:20:22” level=error msg=“Connection to Redis failed, reconnect in 10s” err=EOF prefix=pub-sub

Could you check if you can manually connect to redis?

Tyk Installation issue

time=“Aug 12 06:21:06” level=fatal msg=“Error initialising system: couldn’t unmarshal config: invalid character '”’ after object key:value pair" prefix=main

This may be caused by improper syntax of the config files. However, I formatted the config file you shared and did not find any issues.

To investigate further, could you share your API definition. Based on the logs, we noticed about 3 APIs trying to be loaded. Are there any APIs on the dashboard that work? If yes, then please share the API definitions of the ones that do not work.

Greetings @Olu.
I have referred to the TCP Proxy website and followed the exact same instructions, but when I include the following code in my tyk.conf file, the Tyk gateway refuses to start; when I save and restart the Gateway.
Code included in tyk.conf file:

“ports_whitelist”: {
“https”: {
“ranges”: [
{
“from”: 10000,
“to”: 11000
},
{
“from”: 65000,
“to”: 66000
}
]
}
}

Redis:
Tried accessing Redis manually (http://localhost:6379/), but the page is not loading. Hence this proves that Redis is not up and running. A thing to note here is that in docker, Redis is up and running on port 6379. Please let me know, how I could go about enabling Redis.

Regards,
Prashanth

As per your request @Olu, please find the API definition below:

{
“created_at”: “2021-08-12T06:05:44Z”,
“api_model”: {},
“api_definition”: {
“api_id”: “016bbba4554248225bfd9cc0a6f2eb5f”,
“jwt_issued_at_validation_skew”: 0,
“upstream_certificates”: {},
“use_keyless”: true,
“enable_coprocess_auth”: false,
“base_identity_provided_by”: “”,
“custom_middleware”: {
“pre”: [],
“post”: [],
“post_key_auth”: [],
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false,
“raw_body_only”: false
},
“response”: [],
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: {}
}
},
“disable_quota”: false,
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 60,
“enable_cache”: true,
“cache_all_safe_requests”: false,
“cache_response_codes”: [],
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”,
“cache_by_headers”: []
},
“enable_ip_blacklisting”: false,
“tag_headers”: [],
“jwt_scope_to_policy_mapping”: {},
“pinned_public_keys”: {},
“expire_analytics_after”: 0,
“domain”: “”,
“openid_options”: {
“providers”: [],
“segregate_by_client”: false
},
“jwt_policy_field_name”: “”,
“enable_proxy_protocol”: false,
“jwt_default_policies”: [],
“active”: true,
“jwt_expires_at_validation_skew”: 0,
“config_data”: {},
“notifications”: {
“shared_secret”: “”,
“oauth_on_keychange_url”: “”
},
“jwt_client_base_field”: “”,
“auth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“check_host_against_uptime_tests”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“blacklisted_ips”: [],
“graphql”: {
“enabled”: false,
“execution_mode”: “proxyOnly”,
“schema”: “”,
“type_field_configurations”: [],
“playground”: {
“enabled”: false,
“path”: “”
}
},
“hmac_allowed_clock_skew”: -1,
“dont_set_quota_on_create”: false,
“uptime_tests”: {
“check_list”: [],
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“cache_timeout”: 60
},
“recheck_wait”: 0
}
},
“enable_jwt”: false,
“do_not_track”: false,
“name”: “tcp”,
“slug”: “tcp”,
“oauth_meta”: {
“allowed_access_types”: [],
“allowed_authorize_types”: [],
“auth_login_redirect”: “”
},
“CORS”: {
“enable”: false,
“max_age”: 24,
“allow_credentials”: false,
“exposed_headers”: [],
“allowed_headers”: [
“Origin”,
“Accept”,
“Content-Type”,
“X-Requested-With”,
“Authorization”
],
“options_passthrough”: false,
“debug”: false,
“allowed_origins”: [
“*”
],
“allowed_methods”: [
“GET”,
“POST”,
“HEAD”
]
},
“event_handlers”: {
“events”: {}
},
“proxy”: {
“target_url”: “tcp://6.tcp.ngrok.io:10677”,
“service_discovery”: {
“endpoint_returns_list”: false,
“cache_timeout”: 0,
“parent_data_path”: “”,
“query_endpoint”: “”,
“use_discovery_service”: false,
“_sd_show_port_path”: false,
“target_path”: “”,
“use_target_list”: false,
“use_nested_query”: false,
“data_path”: “”,
“port_data_path”: “”
},
“check_host_against_uptime_tests”: false,
“transport”: {
“ssl_insecure_skip_verify”: false,
“ssl_min_version”: 0,
“proxy_url”: “”,
“ssl_ciphers”: []
},
“target_list”: [],
“preserve_host_header”: false,
“strip_listen_path”: true,
“enable_load_balancing”: false,
“listen_path”: “/tcp/”,
“disable_strip_slash”: false
},
“client_certificates”: [],
“use_basic_auth”: false,
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
},
“use_extended_paths”: true,
“extended_paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: [],
“transform”: [],
“transform_response”: [],
“transform_jq”: [],
“transform_jq_response”: [],
“transform_headers”: [],
“transform_response_headers”: [],
“hard_timeouts”: [],
“circuit_breakers”: [],
“url_rewrites”: [],
“virtual”: [],
“size_limits”: [],
“method_transforms”: [],
“track_endpoints”: [],
“do_not_track_endpoints”: [],
“validate_json”: [],
“internal”: []
},
“global_headers”: {},
“global_headers_remove”: [],
“global_response_headers”: {},
“global_response_headers_remove”: [],
“ignore_endpoint_case”: false,
“global_size_limit”: 0,
“override_target”: “”
}
}
},
“jwt_scope_claim_name”: “”,
“use_standard_auth”: false,
“session_lifetime”: 0,
“hmac_allowed_algorithms”: [],
“disable_rate_limit”: false,
“definition”: {
“location”: “header”,
“key”: “x-api-version”,
“strip_path”: false
},
“use_oauth2”: false,
“jwt_source”: “”,
“jwt_signing_method”: “”,
“jwt_not_before_validation_skew”: 0,
“use_go_plugin_auth”: false,
“jwt_identity_base_field”: “”,
“allowed_ips”: [],
“request_signing”: {
“is_enabled”: false,
“secret”: “”,
“key_id”: “”,
“algorithm”: “”,
“header_list”: [],
“certificate_id”: “”,
“signature_header”: “”
},
“org_id”: “6110d2c856a2ac00017a6f31”,
“enable_ip_whitelisting”: false,
“global_rate_limit”: {
“rate”: 0,
“per”: 0
},
“protocol”: “tcp”,
“enable_context_vars”: false,
“tags”: [
“edge”
],
“basic_auth”: {
“disable_caching”: false,
“cache_ttl”: 0,
“extract_from_body”: false,
“body_user_regexp”: “”,
“body_password_regexp”: “”
},
“listen_port”: 0,
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“auth_configs”: {
“authToken”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“basic”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“coprocess”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“hmac”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“jwt”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“oauth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“oidc”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
}
},
“strip_auth_data”: false,
“id”: “6114ba3856a2ac0001f32db5”,
“certificates”: [],
“enable_signature_checking”: false,
“use_openid”: false,
“internal”: false,
“jwt_skip_kid”: false,
“enable_batch_request_support”: false,
“enable_detailed_recording”: true,
“response_processors”: [],
“use_mutual_tls_auth”: false
},
“hook_references”: [],
“is_site”: false,
“sort_by”: 0,
“user_group_owners”: [],
“user_owners”: []
}

Were there any errors in the logs that showed why the gateway did not start up? If so, then could you share those errors?

Are you using the tyk-pro-docker-demo? If so, then could you list the port bindings that redis container is using?

Hi @Olu. After updating Docker (Windows) and system restart, I was able to successfully save the tyk.conf file with the whitelisted ports. After saving i tried to run the API via Tyk, but it still return 404-Not found. I have shared the Docker logs below for your reference.

time="Aug 13 11:42:32" level=info msg="API bind on custom port:11128" prefix=main

time="Aug 13 11:42:32" level=error msg="Can't start listener" error="tcp:11128 trying to open disabled port" prefix=main

time="Aug 13 11:42:32" level=info msg="Initialised API Definitions" prefix=main

time="Aug 13 11:42:32" level=info msg="API reload complete" prefix=main

time="Aug 13 11:42:32" level=info msg="reload: complete" prefix=main

time="Aug 13 11:42:32" level=info msg="Initiating coprocess reload" prefix=main

time="Aug 13 11:42:32" level=info msg="Reloading middlewares" prefix=coprocess

time="Aug 13 11:42:32" level=info msg="coprocess reload complete" prefix=main

time="Aug 13 11:42:32" level=info msg="reload: cycle completed in 86.4426ms" prefix=main

time="Aug 13 11:43:11" level=info msg="Reloading endpoints" prefix=pub-sub

time="Aug 13 11:43:11" level=info msg="Reload queued" prefix=main

time="Aug 13 11:43:12" level=info msg="reload: initiating" prefix=main

time="Aug 13 11:43:12" level=info msg="Loading policies" prefix=main

time="Aug 13 11:43:12" level=info msg="Using Policies from Dashboard Service" prefix=main

time="Aug 13 11:43:12" level=info msg="Mutex lock acquired... calling" prefix=policy

time="Aug 13 11:43:12" level=info msg="Calling dashboard service for policy list" prefix=policy

time="Aug 13 11:43:12" level=info msg="Processing policy list" prefix=policy

time="Aug 13 11:43:12" level=info msg="Policies found (3 total):" prefix=main

time="Aug 13 11:43:12" level=info msg="Detected 4 APIs" prefix=main

time="Aug 13 11:43:12" level=info msg="Loading API configurations." prefix=main

time="Aug 13 11:43:12" level=info msg="Tracking hostname" api_name=ibmUsingNgrok domain="(no host)" prefix=main

time="Aug 13 11:43:12" level=info msg="Tracking hostname" api_name=OAuthApi domain="(no host)" prefix=main

time="Aug 13 11:43:12" level=info msg="Tracking hostname" api_name=ownApi domain="(no host)" prefix=main

time="Aug 13 11:43:12" level=info msg="Tracking hostname" api_name=tcp domain="(no host)" prefix=main

time="Aug 13 11:43:12" level=info msg="Initialising Tyk REST API Endpoints" prefix=main

time="Aug 13 11:43:12" level=info msg="API bind on custom port:0" prefix=main

time="Aug 13 11:43:12" level=info msg="Checking security policy: Open" api_id=ff397e6f6d4545465c7faeec0d1f7824 api_name=ibmUsingNgrok org_id=6110d2c856a2ac00017a6f31

time="Aug 13 11:43:12" level=info msg="API Loaded" api_id=ff397e6f6d4545465c7faeec0d1f7824 api_name=ibmUsingNgrok org_id=6110d2c856a2ac00017a6f31 prefix=gateway server_name=-- user_id=-- user_ip=--

time="Aug 13 11:43:12" level=info msg="API bind on custom port:0" prefix=main

time="Aug 13 11:43:12" level=info msg="Checking security policy: OAuth" api_id=7408e04130fc48ec79054e4878b7c3a9 api_name=OAuthApi org_id=6110d2c856a2ac00017a6f31

time="Aug 13 11:43:12" level=info msg="API Loaded" api_id=7408e04130fc48ec79054e4878b7c3a9 api_name=OAuthApi org_id=6110d2c856a2ac00017a6f31 prefix=gateway server_name=-- user_id=-- user_ip=--

time="Aug 13 11:43:12" level=info msg="API bind on custom port:0" prefix=main

time="Aug 13 11:43:12" level=info msg="Checking security policy: OpenID" api_id=676bbe26e0ca4cda61fa68f4ccbb476e api_name=ownApi org_id=6110d2c856a2ac00017a6f31

time="Aug 13 11:43:12" level=info msg="API Loaded" api_id=676bbe26e0ca4cda61fa68f4ccbb476e api_name=ownApi org_id=6110d2c856a2ac00017a6f31 prefix=gateway server_name=-- user_id=-- user_ip=--

time="Aug 13 11:43:12" level=info msg="API bind on custom port:11128" prefix=main

time="Aug 13 11:43:12" level=error msg="Can't start listener" error="tcp:11128 trying to open disabled port" prefix=main

time="Aug 13 11:43:12" level=info msg="Initialised API Definitions" prefix=main

time="Aug 13 11:43:12" level=info msg="API reload complete" prefix=main

time="Aug 13 11:43:12" level=info msg="reload: complete" prefix=main

time="Aug 13 11:43:12" level=info msg="Initiating coprocess reload" prefix=main

time="Aug 13 11:43:12" level=info msg="Reloading middlewares" prefix=coprocess

time="Aug 13 11:43:12" level=info msg="coprocess reload complete" prefix=main

time="Aug 13 11:43:12" level=info msg="reload: cycle completed in 97.7359ms" prefix=main

Dear @Olu, this is regarding the Redis.

Yes, I am using tyk-pro-docker-demo and Redis seems to be running on port: 6379. I have attached a SS for your reference.

Thanks,
Prashanth

Could you confirm 2 things

  1. The protocol. It should be TCP
  2. The port number

Your whitelist should be something like this

"ports_whitelist": {
    "tcp": {
      "ranges": [
        {
          "from": 11128,
          "to": 18780
        }
      ]
    },
    "tcp": {
      "ports": [
        11128,
        18780
      ]
    }
  }

Hi @Olu. That’s right! I’m using TCP as the protocol and I’m using the correct port number as well. Every time i run the TCP service, it gives me a custom port no. (This time it is port no. 19905). I have shared the logs of the docker again.

time="Aug 13 13:38:38" level=info msg="Reloading endpoints" prefix=pub-sub

time="Aug 13 13:38:38" level=info msg="Reload queued" prefix=main

time="Aug 13 13:38:38" level=info msg="reload: initiating" prefix=main

time="Aug 13 13:38:38" level=info msg="Loading policies" prefix=main

time="Aug 13 13:38:38" level=info msg="Using Policies from Dashboard Service" prefix=main

time="Aug 13 13:38:38" level=info msg="Mutex lock acquired... calling" prefix=policy

time="Aug 13 13:38:38" level=info msg="Calling dashboard service for policy list" prefix=policy

time="Aug 13 13:38:38" level=info msg="Processing policy list" prefix=policy

time="Aug 13 13:38:38" level=info msg="Policies found (3 total):" prefix=main

time="Aug 13 13:38:38" level=info msg="Detected 4 APIs" prefix=main

time="Aug 13 13:38:38" level=info msg="Loading API configurations." prefix=main

time="Aug 13 13:38:38" level=info msg="Tracking hostname" api_name=ibmUsingNgrok domain="(no host)" prefix=main

time="Aug 13 13:38:38" level=info msg="Tracking hostname" api_name=OAuthApi domain="(no host)" prefix=main

time="Aug 13 13:38:38" level=info msg="Tracking hostname" api_name=ownApi domain="(no host)" prefix=main

time="Aug 13 13:38:38" level=info msg="Tracking hostname" api_name=tcp domain="(no host)" prefix=main

time="Aug 13 13:38:38" level=info msg="Initialising Tyk REST API Endpoints" prefix=main

time="Aug 13 13:38:38" level=info msg="API bind on custom port:0" prefix=main

time="Aug 13 13:38:38" level=info msg="Checking security policy: Open" api_id=ff397e6f6d4545465c7faeec0d1f7824 api_name=ibmUsingNgrok org_id=6110d2c856a2ac00017a6f31

time="Aug 13 13:38:38" level=info msg="API Loaded" api_id=ff397e6f6d4545465c7faeec0d1f7824 api_name=ibmUsingNgrok org_id=6110d2c856a2ac00017a6f31 prefix=gateway server_name=-- user_id=-- user_ip=--

time="Aug 13 13:38:38" level=info msg="API bind on custom port:0" prefix=main

time="Aug 13 13:38:38" level=info msg="Checking security policy: OAuth" api_id=7408e04130fc48ec79054e4878b7c3a9 api_name=OAuthApi org_id=6110d2c856a2ac00017a6f31

time="Aug 13 13:38:38" level=info msg="API Loaded" api_id=7408e04130fc48ec79054e4878b7c3a9 api_name=OAuthApi org_id=6110d2c856a2ac00017a6f31 prefix=gateway server_name=-- user_id=-- user_ip=--

time="Aug 13 13:38:38" level=info msg="API bind on custom port:0" prefix=main

time="Aug 13 13:38:38" level=info msg="Checking security policy: OpenID" api_id=676bbe26e0ca4cda61fa68f4ccbb476e api_name=ownApi org_id=6110d2c856a2ac00017a6f31

time="Aug 13 13:38:38" level=info msg="API Loaded" api_id=676bbe26e0ca4cda61fa68f4ccbb476e api_name=ownApi org_id=6110d2c856a2ac00017a6f31 prefix=gateway server_name=-- user_id=-- user_ip=--

time="Aug 13 13:38:38" level=info msg="API bind on custom port:19905" prefix=main

time="Aug 13 13:38:38" level=info msg="--> Standard listener (tcp)" port=":19905" prefix=main

time="Aug 13 13:38:38" level=warning msg="Starting TCP server on:[::]:19905" prefix=main

time="Aug 13 13:38:38" level=info msg="Initialised API Definitions" prefix=main

time="Aug 13 13:38:38" level=info msg="API reload complete" prefix=main

time="Aug 13 13:38:38" level=info msg="reload: complete" prefix=main

time="Aug 13 13:38:38" level=info msg="Initiating coprocess reload" prefix=main

time="Aug 13 13:38:38" level=info msg="Reloading middlewares" prefix=coprocess

time="Aug 13 13:38:38" level=info msg="coprocess reload complete" prefix=main

time="Aug 13 13:38:38" level=info msg="reload: cycle completed in 40.6977ms" prefix=main

After all this, when i try to access the TCP service via Tyk, it returns a response of 404(Not Found). Please help me out here and I really appreciate your help. Thanks!

Are you using the API URL to access your API?

We think you may be using that considering you are getting an http response (404 not found)

Also, we just tested and confirmed you would need to map the custom port (19905) in the docker compose file as well.

image

1 Like

Yes @Olu. I’m using the API URL to access my API (The one generated after i deploy the API in Tyk).
Thanks for letting me know, I’ll change the docker compose.yml file as well with the updated port.

Thanks for the info.

Also try accessing the gateway via tcp or telnet

Hi @Olu.

  1. I have made the requisite changes in tyk.conf and the docker-compose.yml file reflecting the port I’m trying to access, still I’m returned with a Status Code:404 (Not Found).
  2. Don’t you think that “tcp” key is duplicated. Will that lead to overriding of the ports that will be accessible?

Hi @selvamp

How are you connecting to the gateway? We feel every other setup is fine and this is the may be the main challenge.

We were able to reproduce your setup with ngrok and I have a attached a screenshot of some of our steps

  1. Python server bound to localhost exactly the way it is written
  2. ngrok client
  3. Gateway logs filtering based on the word “tcp-proxy”
  4. Connection to the gateway via tcp.

Could you check the listen port is set correctly in the API definition. If that is not set correctly then none of it is going to work. There may be a bug in the UI setting the value, so kindly edit the value in the API definition.

image

If you are trying to connect using the API URL, then it won’t work. It’s not a http service and there is no http connection involved. It’s just pure tcp connection.

If you are using tcp then a screenshot of how you are accessing the gateway will help us understand a bit more.

Regarding the duplicate tcp key, you should remove the http key in the config file. It would not have any effect on the connection.

image

Hi @Olu.

  1. You’re absolutely right. The process/sequence of steps followed by you are one and the same as mine.
  2. I have also verified if the “listen_port” is set up successfully in the API definition, and yes it is set up appropriately.
  3. As rightly mentioned by you, I’m trying to access the API using the API URL which is provided by Tyk (The HTTP one!) and hence that may be the reason why it fails and returns a 404 (Not Found).

If you may please tell me how I can access the TCP service which is getting proxied via Tyk Gateway (Using an API Call or a URL), then my use case will be achieved.

Thanks a million @Olu.

An API call or URL uses the HTTP protocol which is different from the TCP protocol. The way you connect to your TCP service would have to be with a TCP client.

We are not sure how you want to make the connection but maybe if you paint the scenario a bit better, then we might be able to help out.

Thanks for the reply @Olu.
I have a legacy system that can only interact via a TCP Port. My ultimate goal is to secure all calls made to and from the server that is running on that particular TCP Port. This is where Tyk comes into the picture, wherein Tyk acts as a Gatekeeper that proxies request to and from that TCP port exposed.
For more context please refer Support for Non-HTTP host - #7 by selvamp.

With regards,
@selvamp (Prashanth)

If the intent is to secure the connection, then we would suggest using TLS rather than just TCP service in Tyk and maybe use client certificates to identify users and grant/deny access.

Or you can you use your own custom auth plugin instead.

The use of client certs and TLS is generally dependent on the capability of the client app.

If the intent is to take the data (Headers and Body) and forward the same to a TCP Port, then I don’t know how achieve that unfortunately

Thanks @Olu for a detailed explanation. But, unfortunately my use case is one and the same as mentioned in the last sentence of your former message.
Anyways, cheers for the help and I hope the community can pitch in regarding how this use case can be achieved.

With regards,
Prashanth (@selvamp)