Tyk Patch Release v2.3.2 and Dashboard v1.3.1.2


#1

We have released a new version of Tyk and Tyk Dashboard to address some critical issues, the release notes are below:

Release notes for Tyk v2.3.2

  • Fix for URL parameters that contain http:// as a field group (even url encoded) are misinterpreted when the proxy URL is reconstructed
  • RPC (Hybrid/MDCB) Fixed potential slow memory leak
  • RPC (Hybrid/MDCB) Fixed connections leak on network partitions
  • Fixed bug where JWT claims would not be included in the middleware context in subsequent requests
  • Fixed runtime panic when an OAuth client is added with an API that does not exist in the gateway yet

Release notes for Tyk Dashboard 1.3.1.2

  • Added Organisation name to dashboard UI for multi-tenant installations
  • Fixed 'Search by key" in the key analytics view
  • Fixed API Import schema to support a missing field
  • Fixed import/export API for policies where the ACL would not be properly set on import
  • Uptime tests UI fixed base64 encoding issue for multi-line request bodies

Both releases are available via our package cloud repositories, for Tyk Hybrid customers the latest docker containers are now available.

Docker containers should be available shortly, please check Docker Hub


#2

Great ! Thank you for this new release !

I’ve redeployed tyk on docker cloud (new release 232) and it seems that URL params that contain ‘http://’ are still rewritten and tyk still redirects with a 301 HTTP code. Is there a conf variable to set anywhere ?


#3

Yes, we should fix description, you should set http_server_options.skip_url_cleaning to true

Also, GitHub release page have some more information: links to relevant issues/pr’s https://github.com/TykTechnologies/tyk/releases/tag/v2.3.2

Leonid, Tyk Team


#4

Thank you Leon. It works when i set the value in tyk.conf but, it doesn’t work with the TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING variable set to true.


#5

Can you try TYK_GW_HTTP_SERVER_OPTIONS_SKIP_URL_CLEANING ?


#6

Unfortunately it doesn’t work.

I tried these variables :

- TYK_GW_HTTPSERVEROPTIONS_OVERRIDEDEFAULTS=true
- TYK_GW_HTTP_SERVER_OPTIONS_SKIP_URL_CLEANING=true

#7

Sorry for playing this hide and seek game! I personally just checked and your first guess with TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING actually was right. Documentation should be more clearer indeed.

So, for me combination of TYK_GW_HTTPSERVEROPTIONS_OVERRIDEDEFAULTS=true TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING=true worked well.

Can you ensure that when Tyk Gateway starting it prints to logs “Version: 2.3.2”? Maybe this is issue with updating docker image?


#8

Yes, i’m on 2.3.2

I only set environment variables, i did not mount the volume for config file

I do not want to mount any volume to my Tyk Gateway container, I want to configure my Gateway through env variables only

Here is a part of my stackfile (for tyk-gateway) :

tyk-gateway:
  environment:
    - TYK_GW_ENABLEANALYTICS=true
    - TYK_GW_ANALYTICSCONFIG_TYPE=mongo
    - TYK_GW_NORMALISEURLS_ENABLED=true
    - TYK_GW_NORMALISEURLS_NORMALISEUUIDS=true
    - TYK_GW_NORMALISEURLS_NORMALISENUMBERS=true

    - TYK_GW_USEDBAPPCONFIGS=true
    - TYK_GW_DBAPPCONFOPTIONS_CONNECTIONSTRING=http://tyk-dashboard:3000
    - TYK_GW_DBAPPCONFOPTIONS_NODEISSEGMENTED=false
    - TYK_GW_DBAPPCONFOPTIONS_TAGS=stats
    
    - TYK_GW_HASHKEYS=false
    - TYK_GW_LISTENPORT=80
    - TYK_GW_NODESECRET=352d20ee67be67f6340b4c0605b044b7
    - TYK_GW_SECRET=352d20ee67be67f6340b4c0605b044b7
    
    - TYK_GW_POLICIES_POLICYSOURCE=service
    - TYK_GW_POLICIES_POLICYCONNECTIONSTRING=http://tyk-dashboard:3000'
    - TYK_GW_POLICIES_POLICYRECORDNAME=tyk_policies
    - TYK_GW_POLICIES_ALLOWEXPLICITPOLICYID=true

    - TYK_GW_STORAGE_TYPE=redis
    - TYK_GW_STORAGE_HOST=tyk-redis
    - TYK_GW_STORAGE_PORT=6379
    - TYK_GW_STORAGE_DATABASE=0
    - TYK_GW_STORAGE_MAXIDLE=100
    - TYK_GW_STORAGE_MAXACTIVE=5000,
    - TYK_GW_STORAGE_ENABLECLUSTER=false

    - TYK_GW_HTTPSERVEROPTIONS_OVERRIDEDEFAULTS=true
    - TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING=true

  image: 'tykio/tyk-gateway:latest'
  ports:
    - '80:80'

If i add these lines, it works because tyk is reading conf from the file, not environment variables :

volumes:
  - '/usr/src/app/tyk/confs/tyk.conf:/opt/tyk-gateway/tyk.conf'

#9

The env variablle will be:

TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING

It will also require the custom HTTP Server options to be enabled:

TYK_GW_HTTPSERVEROPTIONS_OVERRIDEDEFAULTS=true

This has some other implications, so be aware that all of these settings are also now exposed and processed on start:

type HttpServerOptionsConfig struct {
	OverrideDefaults bool       `json:"override_defaults"`
	ReadTimeout      int        `json:"read_timeout"`
	WriteTimeout     int        `json:"write_timeout"`
	UseSSL           bool       `json:"use_ssl"`
	UseLE_SSL        bool       `json:"use_ssl_le"`
	EnableWebSockets bool       `json:"enable_websockets"`
	Certificates     []CertData `json:"certificates"`
	ServerName       string     `json:"server_name"`
	MinVersion       uint16     `json:"min_version"`
	FlushInterval    int        `json:"flush_interval"`
	SkipURLCleaning  bool       `json:"skip_url_cleaning"`
}

There are safe defaults in place I think, but it’s worth keeping in mind (anything that is a boolean will default to false, so can be ignored).


#10

Thank you Martin

Unfortunately, this is what i did and it doesn’t work…(i edited my previous message to replace TYK_GW_HTTP_SERVER_OPTIONS_SKIP_URL_CLEANING to TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING).

I had to mount a volume to pass tyk.conf to my tyk-gateway, so that it works


#11

Did you use TYK_GW_HTTPSERVEROPTIONS_OVERRIDEDEFAULTS=true?


#12

Yes…Like I said previously, I used both variables :

- TYK_GW_HTTPSERVEROPTIONS_OVERRIDEDEFAULTS=true
- TYK_GW_HTTPSERVEROPTIONS_SKIPURLCLEANING=true

#13

I see - we’ll need to look into that, could you raise an issue on Github?