We’re back with another handy tutorial. We recently started offering API hosting service, and we decided to use Kong for proxy and authentication layers. It’s a very nice and versatile piece of software but lacks a cruical feature, an easy way to secure Kong Admin API. That’s what we’re going to do!
Since we published this post, we started providing a Kong Admin service. You can secure your admin in 2 steps. More information is available here.
For purposes of this tutorial, we’re assuming your proxy port is 8000 and admin port is 8001. We’re going to be looping Kong admin back to it’s own proxy. This is quite neat trick and hats off to people who suggested this over forums and lists.
Step 1 – Add Kong Admin as an API
Simply do a curl call to your kong admin and create an API.
Step 2 – Check New API
Step 3 – Add Authentication
Kong offers many authentication plugins. For simplicity, we’re going to use key-auth plugin, but you can use any mechanism you want.
This will secure your api from unauthentication calls
Then create a consumer, we used kong as our username
Finally create a key for your consumer and note the key
Let’s see how it works
Perfect! Now we have to ssh/connect to our server and make some firewall changes.
Step 4 – Close port 8001 to Outside World
You can use ufw (for Ubuntu) or iptables or any firewall software your’e comfortable with. For this tutorial we’ll go with ufw.
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 8000
sudo ufw enable
We’re done with server part.
Step 5 – Check Result and Enjoy
First check port 8000. It works and authentication is enabled.
Second check port 8001. It’s not enabled, so we’re now secure from uninvited guests.
Now you have an authentication enabled and secure Kong Admin. Enjoy.