Remote Admin Kong

[jred...@luc.id]

Maybe this is a stupid question, but is there a way to call Kong's admin API remotely (i.e. not localhost)?  More importantly is there a secure way to do this, like register the admin API to an auth plugin?  I need to have a different server be able to programmatically add consumers, assign auth keys, update what ACL groups different consumers are in, etc. Sorry if I'm missing something obvious.

Thanks

[Ahmad Nassri]

the best practice here is to loop the admin API into Kong itself and setup security access to it.

On Tue, Oct 13, 2015, 12:14 PM  <jred...@luc.id> wrote:

Maybe this is a stupid question, but is there a way to call Kong's admin API remotely (i.e. not localhost)?  More importantly is there a secure way to do this, like register the admin API to an auth plugin?  I need to have a different server be able to programmatically add consumers, assign auth keys, update what ACL groups different consumers are in, etc. Sorry if I'm missing something obvious.

Thanks

--
You received this message because you are subscribed to the Google Groups "KONG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to konglayer+...@googlegroups.com.
To post to this group, send email to kong...@googlegroups.com.
Visit this group at http://groups.google.com/group/konglayer.
To view this discussion on the web visit https://groups.google.com/d/msgid/konglayer/20b5c877-168f-49ef-932e-3bc3ff2c6563%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Ahmad Nassri

[Marco]

The admin API can be called from anywhere, as long as you have an IP address to talk with the machine, or a DNS address. Best advice would be to make it accessible through a VPN, so you get both Internet access and security.

[Tselentis Panagis]

There are actually a couple of ways to do it.

A simple way is to create an API using Kong's admin API URL as upstream_url (ex. upstream_url : http://127.0.0.1:8001) and put that API after an authentication plugin so only authenticated consumers are granted access.

Example API configuration
-------------------------
name : kong
request_path : /kong
strip_request_path : true
preserve_host : true
upstream_url : http://127.0.0.1:8001

Assign an Authentication plugin to that API and you can access it from 127.0.0.1:800/kong/(kong-api-segments-here-on) via an Authenticated consumer.

Another way is to use a third party software that allows you to access Kong's API remotely.
I have developed Konga an open source admin GUI to Kong's admin API.
You can find it here: https://github.com/pantsel/konga

Konga is based on separate backed and frontend modules so that you can have Konga's backend in the same server that Kong resides, and the frontend wherever you like. May it be localhost or any other server. You can then manage Kong's admin API with ease after logging in Konga.