Dear @Josh
We have use Tyk completed POC, use api key and Oauth2.0. we want to setup tyk dashboard and gateway are use SSL(https ).
First: I have add domain for hostname:
127.0.0.1 www.tyk.com
127.0.0.1 www.port1.com
Second: I used the following commands to generate the certificate:
openssl genrsa -out Tyk-Gateway.key 1024
openssl req -new -key Tyk-Gateway.key -out Tyk-server.csr
openssl x509 -req -days 365 -in Tyk-server.csr -signkey Tyk-Gateway.key -out Tyk-Gateway.crt
Thrid: Change the tyk.conf and tyk_analytics.conf for SSL configure:
the tyk.conf data as follow:
{
“listen_port”: 8080,
“node_secret”: “352d20ee67be67f6340b4c0605b044b7”,
“secret”: “352d20ee67be67f6340b4c0605b044b7”,
“template_path”: “/opt/tyk-gateway/templates”,
“use_db_app_configs”: true,
“db_app_conf_options”: {
“connection_string”: “https://www.tyk.com:443”,
“node_is_segmented”: false,
“tags”: []
},
“disable_dashboard_zeroconf”: false,
“app_path”: “/opt/tyk-gateway/apps”,
“middleware_path”: “/opt/tyk-gateway/middleware”,
“storage”: {
“type”: “redis”,
“host”: “localhost”,
“port”: 6379,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 2000,
“optimisation_max_active”: 4000
},
“enable_analytics”: true,
“analytics_config”: {
“type”: “mongo”,
“ignored_ips”: [],
“enable_detailed_recording”: true,
“enable_geo_ip”: false,
“geo_ip_db_path”: “”,
“normalise_urls”: {
“enabled”: true,
“normalise_uuids”: true,
“normalise_numbers”: true,
“custom_patterns”: []
}
},
“health_check”: {
“enable_health_checks”: true,
“health_check_value_timeouts”: 60
},
“optimisations_use_async_session_write”: true,
“allow_master_keys”: false,
“policies”: {
“policy_source”: “service”,
“policy_connection_string”: “https://www.tyk.com:443”,
“policy_record_name”: “policies”,
“allow_explicit_policy_id”: true
},
“hash_keys”: false,
“suppress_redis_signal_reload”: false,
“use_redis_log”: true,
“close_connections”: false,
“enable_non_transactional_rate_limiter”: true,
“enable_sentinel_rate_limiter”: false,
“enable_hashed_keys_listing”:true,
“experimental_process_org_off_thread”: false,
“local_session_cache”: {
“disable_cached_session_state”: false
},
“http_server_options”: {
“override_defaults”: true,
“read_timeout”: 0,
“write_timeout”: 0,
“use_ssl”: true,
“use_ssl_le”: false,
“ssl_insecure_skip_verify”: false,
“enable_websockets”: true,
“certificates”: [
{
“domain_name”: “*.www.tyk.com”,
“cert_file”: “/etc/pki/tls/tyk-Gateway.crt”,
“key_file”: “/etc/pki/tls/tyk-Gateway.key”
}
],
“ssl_certificates”: null,
“server_name”: “”,
“min_version”: 0,
“flush_interval”: 0,
“skip_url_cleaning”: false
},
“uptime_tests”: {
“disable”: false,
“config”: {
“enable_uptime_analytics”: true,
“failure_trigger_sample_size”: 2,
“time_wait”: 10,
“checker_pool_size”: 50,
“enable_uptime_analytics”: true
}
},
“hostname”: “www.tyk.com”,
“enable_custom_domains”: true,
“enable_jsvm”: true,
“oauth_redirect_uri_separator”: “;”,
“coprocess_options”: {
“enable_coprocess”: false,
“coprocess_grpc_server”: “”
},
“pid_file_location”: “./tyk-gateway.pid”,
“allow_insecure_configs”: true,
“public_key_path”: “”,
“close_idle_connections”: false,
“allow_remote_config”: false,
“enable_bundle_downloader”: true,
“bundle_base_url”: “”,
“global_session_lifetime”: 100,
“force_global_session_lifetime”: false,
“allow_remote_config”: true,
“legacy_enable_allowance_countdown”: false,
“max_idle_connections_per_host”: 100,
“reload_wait_time”: 0,
“proxy_ssl_insecure_skip_verify”: false,
“proxy_default_timeout”: 0,
“log_level”: “debug”,
“security”: {
“private_certificate_encoding_secret”: “”,
“control_api_use_mutual_tls”: false,
“certificates”: {
“apis”: null,
“upstream”: null,
“control_api”: null,
“dashboard_api”: null,
“mdcb_api”: null
}
}
}
The tyk_analytics.conf data as follow:
{
“listen_port”: 443,
“tyk_api_config”: {
“Host”: “https://localhost”,
“Port”: “8080”,
“Secret”: “352d20ee67be67f6340b4c0605b044b7”
},
“mongo_url”: “mongodb://127.0.0.1/tyk_analytics”,
“mongo_use_ssl”: false,
“mongo_ssl_insecure_skip_verify”: false,
“page_size”: 10,
“admin_secret”: “5b6a9a6b08fc771d8e65ac83”,
“shared_node_secret”: “352d20ee67be67f6340b4c0605b044b7”,
“redis_port”: 6379,
“redis_host”: “localhost”,
“redis_password”: “”,
“enable_cluster”: false,
“redis_use_ssl”: false,
“redis_ssl_insecure_skip_verify”: false,
“force_api_defaults”: false,
“notify_on_change”: true,
“license_key”: “xxxxxxxxxxxxxxxxxxxx”,
“redis_database”: 0,
“redis_hosts”: null,
“hash_keys”: true,
“email_backend”: {
“enable_email_notifications”: false,
“code”: “”,
“settings”: null,
“default_from_email”: “”,
“default_from_name”: “”,
“dashboard_hostname”: “”
},
“hide_listen_path”: false,
“sentry_code”: “”,
“sentry_js_code”: “”,
“use_sentry”: false,
“enable_master_keys”: false,
“enable_duplicate_slugs”: true,
“show_org_id”: true,
“host_config”: {
“enable_host_names”: false,
“disable_org_slug_prefix”: true,
“hostname”: “10.4.2.72”,
“override_hostname”: “www.tyk.com”,
“portal_domains”: {},
“portal_root_path”: “/portal”,
“generate_secure_paths”: true,
“secure_cookies”: true,
“use_strict_hostmatch”: false
},
“http_server_options”:{
“use_ssl”:true,
“certificates”:[
{
“key_file”:“/etc/pki/tls/tyk-Gateway.key”,
“cert_file”:“/etc/pki/tls/tyk-Gateway.crt”,
“domain_name”:“*.www.tyk.com”
}
]
},
“security”: {
“allow_admin_reset_password”: false,
“login_failure_username_limit”: 0,
“login_failure_ip_limit”: 0,
“login_failure_expiration”: 0,
“audit_log_path”: “/opt/tyk-dashboard/dashboard.log”
},
“ui”: {
“languages”: {
“Chinese”: “cn”,
“English”: “en”,
“French”: “fr”,
“Korean”: “ko”
},
“hide_help”: false,
“default_lang”: “en”,
“login_page”: {},
“nav”: {},
“uptime”: {},
“portal_section”: null,
“designer”: {},
“dont_show_admin_sockets”: false,
“dont_allow_license_management”: false,
“dont_allow_license_management_view”: false,
“cloud”: false
},
“home_dir”: “/opt/tyk-dashboard”,
“identity_broker”: {
“enabled”: false,
“host”: {
“connection_string”: “http://localhost:3010”,
“secret”: “test-secret”
}
},
“tagging_options”: {
“tag_all_apis_by_org”: false
},
“use_sharded_analytics”: false,
“enable_aggregate_lookups”: true,
“enable_analytics_cache”: false,
“aggregate_lookup_cutoff”: “01/07/2016”,
“maintenance_mode”: false,
“allow_explicit_policy_id”: false,
“private_key_path”: “”,
“node_schema_path”: “”,
“oauth_redirect_uri_separator”: “;”,
“statsd_connection_string”: “”,
“statsd_prefix”: “”,
“disable_parallel_sessions”: false,
“dashboard_session_lifetime”: 0,
“alternative_dashboard_url”: “”,
“sso_permission_defaults”: null,
“sso_default_group_id”: “”,
“sso_custom_login_url”: “”,
“sso_custom_portal_login_url”: “”,
“notifications_listen_port”: 5000,
“portal_session_lifetime”: 0,
“enable_delete_key_by_hash”: false
}
When I restart the tyk dashboard, it have appear error:
Started Tyk API Dashboard.
Dec 11 18:44:11 localhost systemd: Starting Tyk API Dashboard…
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Using /opt/tyk-dashboard/tyk_analytics.conf for configuration”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“connecting to MongoDB: [127.0.0.1]”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“mongo connection established”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Creating new Redis connection pool”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Creating new Redis connection pool”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Creating new Redis connection pool”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Creating new Redis connection pool”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Adding available nodes…”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Tyk Analytics Dashboard v1.7.0”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Copyright Martin Buhr 2016”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“https://www.tyk.io”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Listening on port: 443”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Registering nodes…”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Adding available nodes…”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Creating new Redis connection pool”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“Socket server started”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“–> Using SSL (https) for UI notifications” addr=“:5000”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=info msg=“–> Using SSL (https) for dashboard and API”
Dec 11 18:44:11 localhost tyk-analytics: time=“Dec 11 18:44:11” level=panic msg=“Server creation failed! listen tcp :443: bind: permission denied”
Dec 11 18:44:11 localhost tyk-analytics: panic: (*logrus.Entry) (0xc16b60,0xc420280730)
Dec 11 18:44:11 localhost tyk-analytics: goroutine 1 [running]:
Dec 11 18:44:11 localhost tyk-analytics: github.com/TykTechnologies/tyk-analytics/vendor/github.com/Sirupsen/logrus.Entry.log(0xc420082500, 0xc420434030, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc420280000, …)
Dec 11 18:44:11 localhost tyk-analytics: /src/github.com/TykTechnologies/tyk-analytics/vendor/github.com/Sirupsen/logrus/entry.go:124 +0x5eb
Dec 11 18:44:11 localhost tyk-analytics: github.com/TykTechnologies/tyk-analytics/vendor/github.com/Sirupsen/logrus.(*Entry).Panic(0xc420280000, 0xc42054dca0, 0x2, 0x2)
Dec 11 18:44:11 localhost tyk-analytics: /src/github.com/TykTechnologies/tyk-analytics/vendor/github.com/Sirupsen/logrus/entry.go:169 +0xa8
Dec 11 18:44:11 localhost tyk-analytics: github.com/TykTechnologies/tyk-analytics/vendor/github.com/Sirupsen/logrus.(*Logger).Panic(0xc420082500, 0xc42054dca0, 0x2, 0x2)
Dec 11 18:44:11 localhost tyk-analytics: /src/github.com/TykTechnologies/tyk-analytics/vendor/github.com/Sirupsen/logrus/logger.go:235 +0x6e
Dec 11 18:44:11 localhost tyk-analytics: main.main()
Dec 11 18:44:11 localhost tyk-analytics: /src/github.com/TykTechnologies/tyk-analytics/main.go:981 +0x728
Dec 11 18:44:11 localhost systemd: tyk-dashboard.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Dec 11 18:44:11 localhost systemd: Unit tyk-dashboard.service entered failed state.
Dec 11 18:44:11 localhost systemd: tyk-dashboard.service failed.
Dec 11 18:44:11 localhost systemd: tyk-dashboard.service holdoff time over, scheduling restart.