TYK-Gateway service won't start

Trying to stand up a new instance of TYK in AWS.

Dashboard looks good. I have APIs and policies. But I can’t get the tyk-gateway service to start correctly.

When i start the service with ./tyk, it looks to start up, but it’s not responding to any calls. 404s all day.

Service Status error:
ubuntu@ip-172-31-10-184:/opt/tyk-gateway$ sudo service tyk-gateway status
● tyk-gateway.service - Tyk API Gateway
Loaded: loaded (/lib/systemd/system/tyk-gateway.service; disabled; vendor preset: enabled)
Active: inactive (dead)

Oct 17 17:59:56 ip-172-31-10-184 tyk[2382]: /home/tyk/go/src/github.com/lonelycode/tyk/main.go:1201 +0x79a
Oct 17 17:59:56 ip-172-31-10-184 tyk[2382]: main.init()
Oct 17 17:59:56 ip-172-31-10-184 tyk[2382]: /home/tyk/go/src/github.com/lonelycode/tyk/version.go:4 +0x7db
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: tyk-gateway.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: tyk-gateway.service: Unit entered failed state.
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: tyk-gateway.service: Failed with result ‘exit-code’.
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: tyk-gateway.service: Service hold-off time over, scheduling restart.
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: Stopped Tyk API Gateway.
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: tyk-gateway.service: Start request repeated too quickly.
Oct 17 17:59:56 ip-172-31-10-184 systemd[1]: Failed to start Tyk API Gateway.

Can you share the error logs?

I don’t have any logs in /var/logs/upstart or /var/logs.

Where else should I look?

Ah, have you tried to start it with:

service start tyk-gateway

Have you run the setup.sh script to make sure that the gateway is configured correctly?

If you want to run Tyk directly and see the logs live, you can run it like this:

cd /opt/tyk-gateway
./tyk --conf=/opt/tyk-gateway/tyk.conf

(Depending on port you may need to sudo)

M.

So after running setup.sh again, the service will start up.

Setup.sh output:
==> File written to ./tyk.conf
==> File copied to /opt/tyk-gateway/install/…/tyk.conf
ubuntu@ip-172-31-10-184:/opt/tyk-gateway/install$ sudo ./setup.sh
Listen Port = 8080
Redis Host = localhost
Redis Port = 6379
Redis PW =
Domain = tyk.local
==> File written to ./tyk.conf
==> File copied to /opt/tyk-gateway/install/…/tyk.conf

ubuntu@ip-172-31-10-184:/opt/tyk-gateway/install$ service tyk-gateway status
● tyk-gateway.service - Tyk API Gateway
Loaded: loaded (/lib/systemd/system/tyk-gateway.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2016-10-17 18:28:36 UTC; 12min ago
Main PID: 2814 (tyk)
Tasks: 7
Memory: 5.9M
CPU: 130ms
CGroup: /system.slice/tyk-gateway.service
└─2814 /opt/tyk-gateway/tyk --conf=/opt/tyk-gateway/tyk.conf

Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg="–> Loading API: Tyk Test API"
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg="----> Tracking: (no host)"
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg="----> Checking security policy: Token"
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg="----> Setting Listen Path: /tyk-api-test/"
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg=“Loading uptime tests…”
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg=“Initialised API Definitions”
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=error msg=“Couldn’t load policy file: open policies: no such file or directory”
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg=“Gateway started (v2.2.0.27)”
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg="–> Listening on address: "
Oct 17 18:28:37 ip-172-31-10-184 tyk[2814]: time=“Oct 17 18:28:37” level=info msg="–> Listening on port: 8080"

I noticed in the setup.sh script, that domain is tyk.local. should this be the public URL?

Glad to hear it’s working now

I would leave it, unless you want the gateway API to bind to a single domain name (not recommended)

leaving it open sound good to me.

So that problem looks to be resolved. However, I am still not able to get data in, or out of the gateway.

even when I do the API health test, I get a 403. when I try to get a URL to pass though to an app, i just get a 404.

It still seems like something in my config is missing.

So according to that log output, you have one API running under:

http://{hostname}:8080/tyk-api-test/{resource}

Which is protected using a token, so you’ll need to generate a token and use that to access Resources that are proxies on the URL above (your ‘app’).

That token will likely need to be added as an Authorization header in order to allow the request through the gateway.

The logs also state that there’s something wrong with the connection string for your policies as it’s trying to load them from a file instead of from the dashboard, you’ll need to address that if you want to use those.

The health check will need a special secret (which is in the Tyk.conf file), and use it for that api as an X-tyk-authorisation header.

Let me know if we need a new thread, but is there a reason why the gateway isn’t loading data from the DB?

If I create a json file, based on the sample, and I can get 401s back.

So it’s seeing the flat files. But not the DB. Am I missing a connection string somewhere?

Yes, you’ve misconfigured Tyk with dashboard, you should follow this guide:

https://tyk.io/tyk-documentation/get-started/with-tyk-on-premise/installation/on-ubuntu/gateway/#configure-tyk-gateway-with-dashboard

Basically run the setup script to target the dashboard, it will set up the connection strings for you.