├── .gitignore ├── cloud-plugin ├── manifest.json ├── injectHeader.js └── readme.md ├── apps ├── protected-api.json ├── keyless-plugin-api.json └── client-mtls-api.json ├── docker-compose.yml ├── middleware └── injectHeader.js ├── useful_api_calls.http ├── tyk.standalone.conf ├── certs ├── tyk-gateway.localhost.pem ├── tyk-gateway-2.localhost.pem ├── tyk-gateway-2.localhost-key.pem ├── tyk-gateway.localhost-key.pem └── concat.pem ├── tyk.with_dashboard.conf ├── get-started ├── your-first-plugin.md ├── your-first-token.md ├── your-first-api.md └── docker-run.md ├── tyk.standalone.tls.conf ├── tyk.hybrid.conf └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | NOTES.md 2 | tyk.compose.conf 3 | bundle.zip -------------------------------------------------------------------------------- /cloud-plugin/manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "custom_middleware": { 3 | "pre": [ 4 | { 5 | "name": "testJSVMData", 6 | "require_session": true, 7 | "raw_body_only": false, 8 | "path": "injectHeader.js" 9 | } 10 | ], 11 | "driver": "otto" 12 | }, 13 | "file_list": [ 14 | "injectHeader.js" 15 | ] 16 | } -------------------------------------------------------------------------------- /apps/protected-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Tyk Test API", 3 | "api_id": "1", 4 | "org_id": "default", 5 | "definition": { 6 | "location": "header", 7 | "key": "version" 8 | }, 9 | "auth": { 10 | "auth_header_name": "authorization" 11 | }, 12 | "version_data": { 13 | "not_versioned": true, 14 | "versions": { 15 | "Default": { 16 | "name": "Default" 17 | } 18 | } 19 | }, 20 | "proxy": { 21 | "listen_path": "/tyk-api-test/", 22 | "target_url": "http://httpbin.org", 23 | "strip_listen_path": true 24 | } 25 | } -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | services: 3 | tyk-gateway: 4 | image: docker.tyk.io/tyk-gateway/tyk-gateway:v5.5.0 5 | ports: 6 | - 8080:8080 7 | networks: 8 | - tyk 9 | volumes: 10 | - ./tyk.standalone.conf:/opt/tyk-gateway/tyk.conf 11 | - ./apps:/opt/tyk-gateway/apps 12 | - ./middleware:/opt/tyk-gateway/middleware 13 | - ./certs:/opt/tyk-gateway/certs 14 | - ./policies:/opt/tyk-gateway/policies 15 | environment: 16 | - TYK_GW_SECRET=foo 17 | depends_on: 18 | - tyk-redis 19 | tyk-redis: 20 | image: redis:6.2.20-alpine 21 | networks: 22 | - tyk 23 | ports: 24 | - 6379:6379 25 | 26 | networks: 27 | tyk: 28 | -------------------------------------------------------------------------------- /cloud-plugin/injectHeader.js: -------------------------------------------------------------------------------- 1 | var testJSVMData = new TykJS.TykMiddleware.NewMiddleware({}); 2 | 3 | testJSVMData.NewProcessRequest(function(request, session, config) { 4 | 5 | log(JSON.stringify(request.Headers)) 6 | 7 | request.SetHeaders['custom-header'] = 'hello world'; 8 | request.SetHeaders['custom-uid'] = create_UUID(); 9 | 10 | return testJSVMData.ReturnData(request, {}); 11 | }); 12 | 13 | function create_UUID(){ 14 | var dt = new Date().getTime(); 15 | var uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { 16 | var r = (dt + Math.random()*16)%16 | 0; 17 | dt = Math.floor(dt/16); 18 | return (c=='x' ? r :(r&0x3|0x8)).toString(16); 19 | }); 20 | return uuid; 21 | } -------------------------------------------------------------------------------- /middleware/injectHeader.js: -------------------------------------------------------------------------------- 1 | var testJSVMData = new TykJS.TykMiddleware.NewMiddleware({}); 2 | 3 | testJSVMData.NewProcessRequest(function(request, session, config) { 4 | 5 | log(JSON.stringify(request.Headers)) 6 | 7 | request.SetHeaders['custom-header'] = 'hello world'; 8 | request.SetHeaders['custom-uid'] = create_UUID(); 9 | 10 | return testJSVMData.ReturnData(request, {}); 11 | }); 12 | 13 | function create_UUID(){ 14 | var dt = new Date().getTime(); 15 | var uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { 16 | var r = (dt + Math.random()*16)%16 | 0; 17 | dt = Math.floor(dt/16); 18 | return (c=='x' ? r :(r&0x3|0x8)).toString(16); 19 | }); 20 | return uuid; 21 | } -------------------------------------------------------------------------------- /apps/keyless-plugin-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Tyk Test Keyless API", 3 | "api_id": "keyless", 4 | "org_id": "default", 5 | "definition": { 6 | "location": "header", 7 | "key": "version" 8 | }, 9 | "use_keyless": true, 10 | "version_data": { 11 | "not_versioned": true, 12 | "versions": { 13 | "Default": { 14 | "name": "Default" 15 | } 16 | } 17 | }, 18 | "custom_middleware": { 19 | "driver": "otto", 20 | "pre": [ 21 | { 22 | "name": "testJSVMData", 23 | "path": "./middleware/injectHeader.js", 24 | "require_session": false, 25 | "raw_body_only": false 26 | } 27 | ] 28 | }, 29 | "proxy": { 30 | "listen_path": "/keyless-test/", 31 | "target_url": "http://httpbin.org", 32 | "strip_listen_path": true 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /cloud-plugin/readme.md: -------------------------------------------------------------------------------- 1 | How to generate a bundle to publish to the Tyk Cloud 2 | 3 | ### 1. Generate bundle 4 | 5 | ```bash 6 | $ cd cloud-plugin 7 | 8 | $ docker run \ 9 | --rm \ 10 | -v $(pwd):/cloudplugin \ 11 | --entrypoint "/bin/sh" -it \ 12 | -w "/cloudplugin" \ 13 | docker.tyk.io/tyk-gateway/tyk-gateway:v3.2.1 \ 14 | -c '/opt/tyk-gateway/tyk bundle build -y' 15 | 16 | [Jan 25 21:50:38] INFO tyk: Building bundle using 'manifest.json' 17 | [Jan 25 21:50:38] WARN tyk: Using default bundle path 'bundle.zip' 18 | [Jan 25 21:50:38] WARN tyk: The bundle will be unsigned 19 | [Jan 25 21:50:38] INFO tyk: Wrote 'bundle.zip' (890 bytes) 20 | ``` 21 | 22 | ### 2. Push it to Cloud 23 | 24 | ```bash 25 | $ ~/mservctl.macos.amd64 --config ~/tyk/ara.mservctl.yaml push bundle.zip 26 | INFO[0000] Using config file:/Users/sedky/tyk/ara.mservctl.yaml app=mservctl 27 | Middleware uploaded successfully, ID: fdb89c5d-c698-433c-8ffe-f921da0b13db 28 | ``` 29 | 30 | ### 3. Update API definition with following ID from above: 31 | 32 | `fdb89c5d-c698-433c-8ffe-f921da0b13db` 33 | -------------------------------------------------------------------------------- /useful_api_calls.http: -------------------------------------------------------------------------------- 1 | # Check the gateway is up and running 2 | http://localhost:8080/hello 3 | 4 | ### 5 | # Get list of all the existing APIs 6 | http://localhost:8080/tyk/apis 7 | X-Tyk-Authorization: foo 8 | 9 | ### 10 | # Create your first API in Tyk gateway 11 | POST http://localhost:8080/tyk/apis/ HTTP/1.1 12 | X-Tyk-Authorization: foo 13 | Content-Type: application/json 14 | 15 | { 16 | "name": "Tyk Test Keyless API", 17 | "api_id": "my-keyless-test", 18 | "org_id": "default", 19 | "definition": { 20 | "location": "header", 21 | "key": "version" 22 | }, 23 | "use_keyless": true, 24 | "version_data": { 25 | "not_versioned": true, 26 | "versions": { 27 | "Default": { 28 | "name": "Default" 29 | } 30 | } 31 | }, 32 | "custom_middleware": { 33 | "pre": [ 34 | { 35 | "name": "testJSVMData", 36 | "path": "./middleware/injectHeader.js", 37 | "require_session": false, 38 | "raw_body_only": false 39 | } 40 | ] 41 | }, 42 | "driver": "otto", 43 | "proxy": { 44 | "listen_path": "/my-keyless-test/", 45 | "target_url": "http://httpbin.org", 46 | "strip_listen_path": true 47 | } 48 | } 49 | 50 | -------------------------------------------------------------------------------- /tyk.standalone.conf: -------------------------------------------------------------------------------- 1 | { 2 | "log_level": "info" , 3 | "listen_port": 8080, 4 | "secret": "352d20ee67be67f6340b4c0605b044b7", 5 | "template_path": "/opt/tyk-gateway/templates", 6 | "tyk_js_path": "/opt/tyk-gateway/js/tyk.js", 7 | "middleware_path": "/opt/tyk-gateway/middleware", 8 | "use_db_app_configs": false, 9 | "app_path": "/opt/tyk-gateway/apps/", 10 | "storage": { 11 | "type": "redis", 12 | "host": "tyk-redis", 13 | "port": 6379, 14 | "username": "", 15 | "password": "", 16 | "database": 0, 17 | "optimisation_max_idle": 2000, 18 | "optimisation_max_active": 4000 19 | }, 20 | "enable_analytics": false, 21 | "analytics_config": { 22 | "type": "", 23 | "ignored_ips": [] 24 | }, 25 | "health_check": { 26 | "enable_health_checks": false, 27 | "health_check_value_timeouts": 60 28 | }, 29 | "enable_non_transactional_rate_limiter": true, 30 | "enable_sentinel_rate_limiter": false, 31 | "enable_redis_rolling_limiter": false, 32 | "allow_master_keys": false, 33 | "policies": { 34 | "policy_source": "file", 35 | "policy_path": "/opt/tyk-gateway/policies" 36 | }, 37 | "hash_keys": true, 38 | "close_connections": false, 39 | "http_server_options": { 40 | "enable_websockets": true 41 | }, 42 | "allow_insecure_configs": true, 43 | "coprocess_options": { 44 | "enable_coprocess": true, 45 | "coprocess_grpc_server": "" 46 | }, 47 | "enable_bundle_downloader": true, 48 | "bundle_base_url": "", 49 | "global_session_lifetime": 100, 50 | "force_global_session_lifetime": false, 51 | "max_idle_connections_per_host": 500, 52 | "enable_jsvm": true 53 | } 54 | -------------------------------------------------------------------------------- /certs/tyk-gateway.localhost.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqTCCAxGgAwIBAgIQVZdHA6qklHhBCNYBA8tK8jANBgkqhkiG9w0BAQsFADCB 3 | vzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMUowSAYDVQQLDEFzZWRr 4 | eWFib3Utc2hhbWFsYWhAU2Vka3lzLU1hY0Jvb2stUHJvLmxvY2FsIChTZWRreSBB 5 | Ym91LVNoYW1hbGFoKTFRME8GA1UEAwxIbWtjZXJ0IHNlZGt5YWJvdS1zaGFtYWxh 6 | aEBTZWRreXMtTWFjQm9vay1Qcm8ubG9jYWwgKFNlZGt5IEFib3UtU2hhbWFsYWgp 7 | MB4XDTIxMDMxNzE2MTQwNFoXDTIzMDYxNzE2MTQwNFowdTEnMCUGA1UEChMebWtj 8 | ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMUowSAYDVQQLDEFzZWRreWFib3Ut 9 | c2hhbWFsYWhAU2Vka3lzLU1hY0Jvb2stUHJvLmxvY2FsIChTZWRreSBBYm91LVNo 10 | YW1hbGFoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuoe0UCRoMG 11 | HCBuvKzfrUBHj92I7ddKT0C7uB4PWkDX8rwHG09K8QkHR/OE1je/sc9aK1PG9apj 12 | qKx0mYuRU44A0gPEToMXAt7HuZVLuju/9ptqfue8DClE2T1LmedOWnZs0CSwOS2u 13 | L8YGw3S/fTHjV4FOlYBPIBSbDlDu7LH6oj34roIuMhoogwhyM3zLKhEdgBPESrUJ 14 | qxhBp4yTv/wdYySTxqCf3gp8eOCirZihVgx/cIcW8EsR5IpbmP0dh3qawcD3DL4B 15 | jInWU7YKw4QtQyye0teUGPO7zhbbg9ZJ+fAfKr+QMwMkNytcL84Jn+Xr4+3/BfPc 16 | uEhI9Q2RHdECAwEAAaNqMGgwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG 17 | AQUFBwMBMB8GA1UdIwQYMBaAFF++huCfpjxp+FDDjJz2X+tRIUIHMCAGA1UdEQQZ 18 | MBeCFXR5ay1nYXRld2F5LmxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAYEAHm0B 19 | LdFno4Q7fVMehGHz1sdiG6auLneXKnEhY/7gbowrRUXMZzttvyI8Vx50bEu2b1o0 20 | oR+9MImYMKQ43oT2AfnqvM3aBahl41IlNfgay03vjEqGJ7pdhcg88k79CAT1xjOU 21 | XMZK2RabT+gW9ZY5XPszqM7mVmafRujNixHutVN4MYRTnnA6nKwSAsnAZ+q8ZzHZ 22 | PB03aktYA7E15MaAv4sP7jkvA4mCNy8g+UhyyGwJeqVG50fjg3esmHNUeKr9k/Rf 23 | /TbI9G6ffYiZYGD2OKteqL24opGX9RbR/HyszbhxrCbek4kiDjOyfgA+eL0g86Je 24 | ZBJicXP2s9wVgTstB93HuYpPLElaktxcaSa70+LZstZUIVrtGEoTeGGPOQBIgYoQ 25 | O1POL/f9ZxkeOBr11UjECKV5N4yXaEhKRfjnDEy95OkLcck0dAIe79mSt6vlhTYE 26 | dtySg+RhOorV9s8ZGRsefbBVcMgdQ4mUKDCm3HEU6QlVCZBOFFzKez3mVvxU 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /certs/tyk-gateway-2.localhost.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqzCCAxOgAwIBAgIQSEGJ15H8WBNNCi5EaskFHjANBgkqhkiG9w0BAQsFADCB 3 | vzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMUowSAYDVQQLDEFzZWRr 4 | eWFib3Utc2hhbWFsYWhAU2Vka3lzLU1hY0Jvb2stUHJvLmxvY2FsIChTZWRreSBB 5 | Ym91LVNoYW1hbGFoKTFRME8GA1UEAwxIbWtjZXJ0IHNlZGt5YWJvdS1zaGFtYWxh 6 | aEBTZWRreXMtTWFjQm9vay1Qcm8ubG9jYWwgKFNlZGt5IEFib3UtU2hhbWFsYWgp 7 | MB4XDTIxMDMxNzE2MjAxNloXDTIzMDYxNzE2MjAxNlowdTEnMCUGA1UEChMebWtj 8 | ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMUowSAYDVQQLDEFzZWRreWFib3Ut 9 | c2hhbWFsYWhAU2Vka3lzLU1hY0Jvb2stUHJvLmxvY2FsIChTZWRreSBBYm91LVNo 10 | YW1hbGFoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMualFL8hbyw 11 | /LnKay/6t6uawVkyFGH8R2ZuuS3rZ76kw0SwnRPrP6JM+sqS1JqxXDCmGE30TVJa 12 | LpAB5czE54QbRWQlfjkKCie8fE9DgAeKdbB8PKx5MxxIySfcxVht7qyindwbzd3Q 13 | 5/mskR4k7Ipm+oLohdTr1nkqOA0ccyLBtZxVjQmLs3BNCA39CmDLfNl7JeNyXhgS 14 | BqmgutwQFKXmHnsim8bey4TVbD9WhoabK9sn9mJQMuLvcgQtOtG3RRvEKO/li7NH 15 | aJv07Ts0Iv4a6C9nmIduCcXW8+Le0iIsXNet3KmKgt/MXbYUe0c7s+B0zDddvU2w 16 | yi84p8eMypMCAwEAAaNsMGowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG 17 | AQUFBwMBMB8GA1UdIwQYMBaAFF++huCfpjxp+FDDjJz2X+tRIUIHMCIGA1UdEQQb 18 | MBmCF3R5ay1nYXRld2F5LTIubG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQB+ 19 | GkDjwRTIuVrsjLnyddEQIdHMoJr9ZLfAo7eFP95URe2o73iMVz5jw9lubRq6ZQrU 20 | MuWucgCbsruBw9UfpDoZjreGgds056MSZPz53xrGd+jMfjApfatF0lXRmyMyIvI8 21 | aX9fahL5ZB/UjewTwxTLbGOtUZCYqr1+KIlFAkJDluoz0aHeJgt2t5FNAIM8zyMM 22 | WA+O2Wlon2BwR0pebBHcCjkFwMEy5lc6R7uxK3ej1T7NilFldFzK/joDxgXwQJI6 23 | 67oOG38lPq4buNQs7mFkBGsPjuueFQxBLW8GJF9L4sjF6QjMhsS7Uf0xPMqNgv1h 24 | zqQ5ZCjQA6N8vUzqXUmZRHol2VIAYq6OPh0c2GKOQcpoMgSSRaTzB2lFMd5oLoOU 25 | aK8AWzWRkQtgPIf74btbElb7YJH+KurCWHdKvJ9dVi9tNFdanFgrRzCfRC3UApfg 26 | NWeqwZDClEPWRsd/3oC86/B/M1350UD9lhCXn6pCOkfvnKEiRgRH2vDCZLE9+QU= 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /certs/tyk-gateway-2.localhost-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLmpRS/IW8sPy5 3 | ymsv+rermsFZMhRh/Edmbrkt62e+pMNEsJ0T6z+iTPrKktSasVwwphhN9E1SWi6Q 4 | AeXMxOeEG0VkJX45CgonvHxPQ4AHinWwfDyseTMcSMkn3MVYbe6sop3cG83d0Of5 5 | rJEeJOyKZvqC6IXU69Z5KjgNHHMiwbWcVY0Ji7NwTQgN/Qpgy3zZeyXjcl4YEgap 6 | oLrcEBSl5h57IpvG3suE1Ww/VoaGmyvbJ/ZiUDLi73IELTrRt0UbxCjv5YuzR2ib 7 | 9O07NCL+GugvZ5iHbgnF1vPi3tIiLFzXrdypioLfzF22FHtHO7PgdMw3Xb1NsMov 8 | OKfHjMqTAgMBAAECggEALzjK7fRjkD/8XZr1AUvFDaf28BkNYSyB4uALUvsmNLFC 9 | GMxdoiENwTbZc+JaLQa1uxLK0Em5JUCFTCEkizmf+KPalD+d5tzNPioZKskdCKK0 10 | aRpneBkkIYtAHF635qqYkLGmq0ZHmQq6ws2jWrp1oiQANhx37cpFFBUWqvPOQGED 11 | NwRXUEC/pGEsM5yPFrjv8OsJXCry8pVMbyDydwiF3DUHMLY1IBiM870eLm0OuiKR 12 | X479XqbOGuYWIBsWFIYRmfRooz222uyrUUtjC2lGZeRuT/X7MS71W36A7H/4M1CI 13 | mVcyJ8g0ZfpWgJLxxRbW8NP0izpPkQ59P4u7biQbAQKBgQDj6Rk0+pgomEAgwGHZ 14 | YwZ38bF7BiKOfauCqc/iN/PTfwoSj2hTrkJ6nQCl7KgpXqs+JbtDJlm1KLz+rFgn 15 | vhL/yv2ZeLVZ7ipdgS4824/gDDNbdsFZ1zpXGp9jfXuLL2XFlFKUlt74YXPNkoRd 16 | UCXOJvoZN57x1NeZJqI3zTJbbwKBgQDkspHLldJmG/GtSSWnxh9zOUDfBWQJT+MH 17 | bYkjsJcv02inlHZGpIGwF6C743f6aFHSubrmNFjnVRLnpsSITemxGseYOrgbzA92 18 | 7ak+RZCPOFL/tmvZyNKTxdR1Q2tIPYrWJ1WyzT2o+YRG7YJVnGW6escjpxuU2NBT 19 | 1CiTptMBHQKBgQCryvDtNlergdgU1+7p5fLiRpT5ns49igzWGRpR8ssgCQqWovKI 20 | 4TnLIr1yVMkNJgb+eYKGQ0ore+G6Nj7c9jFsDp7KKGrKtvPIN6+awAXbZFbyAroL 21 | 9mhLcA3k+Jk/eSLFo9/7kR3RK+QWePK9Q8S7eDXc/EgbEczR7IUqesoSkQKBgBGX 22 | TrGbL5jdE2Th2HykN60UPVIqRvyUYYEjwsW1ApwSJd2mBMcARl12I83v/D2NoqWT 23 | 1bV5V1FL8O1SnZFidNRDnBCwi5LPymy6cScyEKGDkpbKwFb7JH9rWyE981WWLkS0 24 | t9nOAa0qrCsMf9b39bc3VHQAmZWEa9nW2twom9hdAoGAFJO2PTorGFosZ6gDHNvm 25 | fanyMpuoGMRsR/kYCGIm7aV8eVypCoiEly9FElFHUkoXnWvp2cDsZvqWXraOcqod 26 | h9Yyqeui55VGqVP/HQAUxVtxVLc79+14zZYyJvkuc0XnHGOYpfyAaxfsBQCzK3xs 27 | EKrgn3H8ywXWluVQJ+5GX+w= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /certs/tyk-gateway.localhost-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7qHtFAkaDBhwg 3 | brys361AR4/diO3XSk9Au7geD1pA1/K8BxtPSvEJB0fzhNY3v7HPWitTxvWqY6is 4 | dJmLkVOOANIDxE6DFwLex7mVS7o7v/aban7nvAwpRNk9S5nnTlp2bNAksDktri/G 5 | BsN0v30x41eBTpWATyAUmw5Q7uyx+qI9+K6CLjIaKIMIcjN8yyoRHYATxEq1CasY 6 | QaeMk7/8HWMkk8agn94KfHjgoq2YoVYMf3CHFvBLEeSKW5j9HYd6msHA9wy+AYyJ 7 | 1lO2CsOELUMsntLXlBjzu84W24PWSfnwHyq/kDMDJDcrXC/OCZ/l6+Pt/wXz3LhI 8 | SPUNkR3RAgMBAAECggEBAJSbcLsOeT5rSTzZ1Opl27JquWArfoYeX7KYtc6AQ+3T 9 | 1XLXgeYCJ+0Jag5LpMTTNoFJG8Sla4h6kWm4kJu5A10SAz5eZ/ph77Dyo2G6bYnB 10 | lA4xgLwM6+iGkC59PyywnOzpcM+NCkrFhSmh04kR15f5PCO3Uqcggfwval/nRWQP 11 | Bsqn23ijpfpPoQ2d/uIdSiqrdeil95VJ1Rln25yVOOKpiMpgrSFtxskLESVjxBUR 12 | 5DOBiWxuytLERdfHwZRQKDg0hVt94HHEPMfQyzCgJ9neGExBOo44UxFpZn4TCQ91 13 | Lk6zE3SmvzqP28ucmdeEFXXfJoKjB6++mvPPfkHyuP0CgYEA1etrmMY2WQszglF5 14 | 2x598eStxluFg0msbzNQ3DuQ6IIPkKFrOGpw8kGc3siRBu7ANnqCWRA+6bwWYM2s 15 | XeEt0w/icTuOwdQRGTUJyW7Aod34fy0llyMJTcO/MMRA062W0c87lIrWokxN95M2 16 | 1ja6CTcoTjNzi9RQLzetzGutG5sCgYEA4JKVa6OTWMy2oKZmq+W/I0TowBPOSyPL 17 | UbDHKFWW5KM+mqP7ot/A84jlyVtDFXOvNVsZbNlDnE0n2y7VRlNdrPyLoHby2KuY 18 | 0vchQi5BL6mt0TDqemWo4al0wn9t/Nq87LDHFcfXIx0soJpCkt+Zb39zrcqO+kZZ 19 | Cjq5TomlkQMCgYEAkZ/v4VKd0MQlToO0lowNZMwt2CiZnSRcNF8UnrgWD5HqkqSw 20 | Xvlm5iPwbGDRCY0iYHPJpGPA0FDwUvnwawBNt67KkhbfOefps+U9QlkY3ZhEAB91 21 | xYteXAfzcXlIQFGdqDqQ7rANKPMU6ILZA77BqmBYGdRAxmHELECVGeH7OB0CgYAS 22 | D9gSszJLpxNdMmT5mF3aIVWy9STXaEaXCGfMN64OL47+cwfvHp3vOGh63Gs103sZ 23 | CH2wAn1smcwF1etzX4seOaWlP0vi31JITXYQU5YMllITjCKfu4NsuutYJVWcS598 24 | Te+FMfB8s4D+XcnS9Ebr781HAg6j1Hqe1wBGb82wLwKBgFQMTPEv/0rU/v2vAjWI 25 | OwBn9pIhynPdBt5vOpeT6eyG0++g+wbiynALbRgD4+dAUe7bkYczhmd4dTlKvwrJ 26 | vQpmlb4g6euIDhdGnElffESeggbSpGcaifOfAwa3mvWEFvLjcK8QsvMI/+/DBLeZ 27 | JdO9HlX5eyXEYRVnQmnwvoeD 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /tyk.with_dashboard.conf: -------------------------------------------------------------------------------- 1 | { 2 | "listen_port": 8080, 3 | "secret": "352d20ee67be67f6340b4c0605b044b7", 4 | "node_secret": "352d20ee67be67f6340b4c0605b044b7", 5 | "template_path": "/opt/tyk-gateway/templates", 6 | "tyk_js_path": "/opt/tyk-gateway/js/tyk.js", 7 | "middleware_path": "/opt/tyk-gateway/middleware", 8 | "use_db_app_configs": true, 9 | "db_app_conf_options": { 10 | "connection_string": "http://tyk_dashboard:3000", 11 | "node_is_segmented": false, 12 | "tags": [ 13 | "test2" 14 | ] 15 | }, 16 | "app_path": "/opt/tyk-gateway/apps/", 17 | "storage": { 18 | "type": "redis", 19 | "host": "redis", 20 | "port": 6379, 21 | "username": "", 22 | "password": "", 23 | "database": 0, 24 | "optimisation_max_idle": 2000, 25 | "optimisation_max_active": 4000 26 | }, 27 | "enable_analytics": true, 28 | "analytics_config": { 29 | "type": "", 30 | "ignored_ips": [] 31 | }, 32 | "health_check": { 33 | "enable_health_checks": false, 34 | "health_check_value_timeouts": 60 35 | }, 36 | "enable_non_transactional_rate_limiter": true, 37 | "enable_sentinel_rate_limiter": false, 38 | "enable_redis_rolling_limiter": false, 39 | "allow_master_keys": false, 40 | "policies": { 41 | "policy_source": "service", 42 | "policy_connection_string": "http://tyk_dashboard:3000", 43 | "policy_record_name": "tyk_policies" 44 | }, 45 | "hash_keys": true, 46 | "close_connections": false, 47 | "http_server_options": { 48 | "enable_websockets": true 49 | }, 50 | "allow_insecure_configs": true, 51 | "coprocess_options": { 52 | "enable_coprocess": false, 53 | "coprocess_grpc_server": "" 54 | }, 55 | "enable_bundle_downloader": true, 56 | "bundle_base_url": "", 57 | "global_session_lifetime": 100, 58 | "force_global_session_lifetime": false, 59 | "max_idle_connections_per_host": 500 60 | } 61 | -------------------------------------------------------------------------------- /get-started/your-first-plugin.md: -------------------------------------------------------------------------------- 1 | 2 | This guide assumes you've been following the quick get-started installation guide. 3 | 4 | ## Custom Plugins 5 | 6 | What does the flow of developing a custom plugin look like? 7 | 8 | We have a plugin included in the middleware directory. It's a JS plugin that injects a header. We can cURL the API that runs the plugin: 9 | 10 | ```bash 11 | $ curl localhost:8080/keyless-test/get 12 | 13 | { 14 | "args": {}, 15 | "headers": { 16 | "Accept": "*/*", 17 | "Accept-Encoding": "gzip", 18 | "Custom-Header": "f4ce942f-63ee-4dde-b58d-00df0d666f7f", 19 | "Host": "httpbin.org", 20 | "User-Agent": "curl/7.64.1", 21 | "X-Amzn-Trace-Id": "Root=1-5fff2f39-0ffa06383a4261810e20439b" 22 | }, 23 | "origin": "172.29.0.1, 99.242.139.220", 24 | "url": "http://httpbin.org/get" 25 | } 26 | ``` 27 | 28 | 1. Let's modify the plugin to change the value of custom-header to something else: 29 | 30 | `./middleware/injectHeader.js` 31 | from: 32 | ```bash 33 | request.SetHeaders['custom-header'] = create_UUID(); 34 | ``` 35 | 36 | to: 37 | ```bash 38 | request.SetHeaders['custom-header'] = 'hello-world' 39 | ``` 40 | 41 | 42 | 2. Reload Tyk in order to pick up the plugin changes 43 | ```bash 44 | $ curl localhost:8080/tyk/reload --header "x-tyk-authorization: foo" 45 | {"status":"ok","message":""} 46 | ``` 47 | 48 | 3. Try the curl again: 49 | ```bash 50 | $ curl localhost:8080/keyless-test/get 51 | { 52 | "args": {}, 53 | "headers": { 54 | "Accept": "*/*", 55 | "Accept-Encoding": "gzip", 56 | "Custom-Header": "hello world", 57 | "Host": "httpbin.org", 58 | "User-Agent": "curl/7.64.1", 59 | "X-Amzn-Trace-Id": "Root=1-5fff2fc2-7ee63c03157a338531f31c1a" 60 | }, 61 | "origin": "172.29.0.1, 99.242.139.220", 62 | "url": "http://httpbin.org/get" 63 | } 64 | ``` 65 | 66 | That's it! You're now writing custom plugins in Tyk. 67 | 68 | **Note**, the process for Go plugins and gRPC plugins is different. 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /tyk.standalone.tls.conf: -------------------------------------------------------------------------------- 1 | { 2 | "listen_port": 8080, 3 | "secret": "352d20ee67be67f6340b4c0605b044b7", 4 | "template_path": "/opt/tyk-gateway/templates", 5 | "tyk_js_path": "/opt/tyk-gateway/js/tyk.js", 6 | "middleware_path": "/opt/tyk-gateway/middleware", 7 | "use_db_app_configs": false, 8 | "app_path": "/opt/tyk-gateway/apps/", 9 | "storage": { 10 | "type": "redis", 11 | "host": "tyk-redis", 12 | "port": 6379, 13 | "username": "", 14 | "password": "", 15 | "database": 0, 16 | "optimisation_max_idle": 2000, 17 | "optimisation_max_active": 4000 18 | }, 19 | "enable_analytics": false, 20 | "analytics_config": { 21 | "type": "", 22 | "purge_delay": -1, 23 | "ignored_ips": [] 24 | }, 25 | "health_check": { 26 | "enable_health_checks": false, 27 | "health_check_value_timeouts": 60 28 | }, 29 | "enable_non_transactional_rate_limiter": true, 30 | "enable_sentinel_rate_limiter": false, 31 | "enable_redis_rolling_limiter": false, 32 | "allow_master_keys": false, 33 | "policies": { 34 | "policy_source": "file", 35 | "policy_record_name": "/opt/tyk-gateway/policies/policies.json" 36 | }, 37 | "hash_keys": true, 38 | "close_connections": false, 39 | "allow_insecure_configs": true, 40 | "coprocess_options": { 41 | "enable_coprocess": true, 42 | "coprocess_grpc_server": "" 43 | }, 44 | "enable_bundle_downloader": true, 45 | "bundle_base_url": "", 46 | "global_session_lifetime": 100, 47 | "force_global_session_lifetime": false, 48 | "max_idle_connections_per_host": 500, 49 | "enable_jsvm": true, 50 | "http_server_options": { 51 | "override_defaults": false, 52 | "read_timeout": 0, 53 | "write_timeout": 0, 54 | "use_ssl": true, 55 | "use_ssl_le": false, 56 | "enable_websockets": true, 57 | "certificates": [ 58 | { 59 | "domain_name": "tyk-gateway-2.localhost", 60 | "cert_file": "certs/tyk-gateway-2.localhost.pem", 61 | "key_file": "certs/tyk-gateway-2.localhost-key.pem" 62 | } 63 | ] 64 | }, 65 | "server_name": "tyk-gateway-2.localhost", 66 | "min_version": 771, 67 | "flush_interval": 0, 68 | "ssl_insecure_skip_verify": true 69 | } 70 | -------------------------------------------------------------------------------- /tyk.hybrid.conf: -------------------------------------------------------------------------------- 1 | { 2 | "listen_port": 8080, 3 | "secret": "foo", 4 | "template_path": "/opt/tyk-gateway/templates", 5 | "tyk_js_path": "/opt/tyk-gateway/js/tyk.js", 6 | "middleware_path": "/opt/tyk-gateway/middleware", 7 | "use_db_app_configs": false, 8 | "app_path": "/opt/tyk-gateway/apps/", 9 | "storage": { 10 | "type": "redis", 11 | "host": "tyk-redis", 12 | "port": 6379, 13 | "username": "", 14 | "password": "", 15 | "database": 0, 16 | "optimisation_max_idle": 2000, 17 | "optimisation_max_active": 4000 18 | }, 19 | "enable_analytics": true, 20 | "analytics_config": { 21 | "type": "rpc", 22 | "ignored_ips": [] 23 | }, 24 | "health_check": { 25 | "enable_health_checks": false, 26 | "health_check_value_timeouts": 60 27 | }, 28 | "enable_non_transactional_rate_limiter": true, 29 | "enable_sentinel_rate_limiter": false, 30 | "enable_redis_rolling_limiter": false, 31 | "allow_master_keys": false, 32 | "policies": { 33 | "policy_source": "rpc", 34 | "policy_record_name": "tyk_policies" 35 | }, 36 | "hash_keys": true, 37 | "close_connections": false, 38 | "http_server_options": { 39 | "enable_websockets": true 40 | }, 41 | "allow_insecure_configs": true, 42 | "coprocess_options": { 43 | "enable_coprocess": true, 44 | "coprocess_grpc_server": "" 45 | }, 46 | "enable_bundle_downloader": true, 47 | "bundle_base_url": "", 48 | "global_session_lifetime": 100, 49 | "force_global_session_lifetime": false, 50 | "max_idle_connections_per_host": 500, 51 | "enable_jsvm": true, 52 | "slave_options": { 53 | "use_rpc": true, 54 | "rpc_key": "", 55 | "api_key": "", 56 | "connection_string": ":443", 57 | "enable_rpc_cache": true, 58 | "bind_to_slugs": false, 59 | "group_id": "ny", 60 | "use_ssl": true, 61 | "ssl_insecure_skip_verify": true 62 | }, 63 | "auth_override": { 64 | "force_auth_provider": true, 65 | "auth_provider": { 66 | "name": "", 67 | "storage_engine": "rpc", 68 | "meta": {} 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /get-started/your-first-token.md: -------------------------------------------------------------------------------- 1 | This guide assumes you've been following the quick get-started installation guide. 2 | 3 | ### Your First Protected API 4 | 5 | Let's look inside our apps directory at our protected API: 6 | 7 | ```json 8 | { 9 | "name": "Tyk Test API", 10 | "api_id": "1", 11 | "org_id": "default", 12 | "definition": { 13 | "location": "header", 14 | "key": "version" 15 | }, 16 | "auth": { 17 | "auth_header_name": "authorization" 18 | }, 19 | "version_data": { 20 | "not_versioned": true, 21 | "versions": { 22 | "Default": { 23 | "name": "Default" 24 | } 25 | } 26 | }, 27 | "proxy": { 28 | "listen_path": "/tyk-api-test/", 29 | "target_url": "http://httpbin.org", 30 | "strip_listen_path": true 31 | } 32 | } 33 | ``` 34 | 35 | We can try to hit this API through Tyk: 36 | 37 | ```bash 38 | $ curl http://localhost:8080/tyk-api-test/get 39 | { 40 | "error": "Authorization field missing" 41 | } 42 | ``` 43 | 44 | We need to create our first token through Tyk in order to access this API. 45 | Looking at the Gateway's [REST API reference](https://site-dev.tykbeta.com/docs/tyk-gateway-api/), we can create a token through this API: 46 | ```bash 47 | $ curl localhost:8080/tyk/keys -X POST --header "x-tyk-authorization: foo" -d ' 48 | { 49 | "quota_max": 0, 50 | "rate": 2, 51 | "per": 5, 52 | "org_id": "default", 53 | "access_rights": { 54 | "1": { 55 | "api_name": "Tyk Test API", 56 | "api_id": "1", 57 | "versions": [ 58 | "Default" 59 | ], 60 | "allowed_urls": [], 61 | "limit": null, 62 | "allowance_scope": "" 63 | } 64 | } 65 | }' 66 | 67 | ## Response 68 | {"key":"default3349f3ea7d734d2b88e4d1e6baebcf89","status":"ok","action":"added","key_hash":"8bcf94d4"} 69 | ``` 70 | 71 | Now we can use the generated key to access our API: 72 | 73 | ```bash 74 | $ curl http://localhost:8080/tyk-api-test/get -H "Authorization:default3349f3ea7d734d2b88e4d1e6baebcf89" 75 | ``` 76 | Response: 77 | ```json 78 | { 79 | "args": {}, 80 | "headers": { 81 | "Accept": "*/*", 82 | "Accept-Encoding": "gzip", 83 | "Authorization": "default3349f3ea7d734d2b88e4d1e6baebcf89", 84 | "Host": "httpbin.org", 85 | "User-Agent": "curl/7.64.1", 86 | "X-Amzn-Trace-Id": "Root=1-6005f28e-666d69ee5afca26c6a022cfb" 87 | }, 88 | "origin": "192.168.112.1, 99.242.139.220", 89 | "url": "http://httpbin.org/get" 90 | } 91 | ``` 92 | 93 | Careful, we only gave this key access to 2 requests per 5 seconds. If you exceed that, you'll get a `429 - rate limit exceeded` error. 94 | 95 | -------------------------------------------------------------------------------- /get-started/your-first-api.md: -------------------------------------------------------------------------------- 1 | This guide assumes you've been following the quick get-started installation guide. 2 | 3 | ### Your First API 4 | 5 | Now that Tyk is running, we are ready to protect our APIs. 6 | 7 | On the Tyk Gateway's file system, there is an "apps" directory. That is where we place our API definitions that tell Tyk how to protect and reverse proxy our APIs. 8 | 9 | #### Included API 10 | 11 | Inside the docker-compose directory: 12 | ```bash 13 | $ ls -l apps 14 | keyless-plugin-api.json 15 | protected-api.json 16 | ``` 17 | 18 | Let's look at our keyless API 19 | 20 | `"apps/keyless-plugin-api.json"` 21 | ```json 22 | { 23 | "name": "Tyk Test Keyless API", 24 | "api_id": "keyless", 25 | "org_id": "default", 26 | "definition": { 27 | "location": "header", 28 | "key": "version" 29 | }, 30 | "use_keyless": true, 31 | "version_data": { 32 | "not_versioned": true, 33 | "versions": { 34 | "Default": { 35 | "name": "Default" 36 | } 37 | } 38 | }, 39 | "custom_middleware": { 40 | "pre": [ 41 | { 42 | "name": "testJSVMData", 43 | "path": "./middleware/injectHeader.js", 44 | "require_session": false, 45 | "raw_body_only": false 46 | } 47 | ] 48 | }, 49 | "driver": "otto", 50 | "proxy": { 51 | "listen_path": "/keyless-test/", 52 | "target_url": "http://httpbin.org", 53 | "strip_listen_path": true 54 | } 55 | } 56 | ``` 57 | 58 | The things we care about are: 59 | 60 | ```json 61 | "proxy": { 62 | "listen_path": "/keyless-test/", 63 | "target_url": "http://httpbin.org", 64 | "strip_listen_path": true 65 | } 66 | ``` 67 | 68 | So we can see that the Gateway is listening on the `/keyless-test/` path for this API, and reverse proxying that traffic to `http://httpbin.org`, which is a mock server that will echo our HTTP request. 69 | 70 | Let's try hitting the equivalent of `http://httpbin.org/get` 71 | ```bash 72 | $ curl http://httpbin.org/get 73 | { 74 | "args": {}, 75 | "headers": { 76 | "Accept": "*/*", 77 | "Host": "httpbin.org", 78 | "User-Agent": "curl/7.64.1", 79 | "X-Amzn-Trace-Id": "Root=1-6005eefc-339c26631235a98376c98973" 80 | }, 81 | "origin": "99.242.139.220", 82 | "url": "http://httpbin.org/get" 83 | } 84 | 85 | $ curl http://localhost:8080/keyless-test/get 86 | { 87 | "args": {}, 88 | "headers": { 89 | "Accept": "*/*", 90 | "Accept-Encoding": "gzip", 91 | "Custom-Header": "hello world", 92 | "Host": "httpbin.org", 93 | "User-Agent": "curl/7.64.1", 94 | "X-Amzn-Trace-Id": "Root=1-6005ef18-3c24aa511227f7384b0213b7" 95 | }, 96 | "origin": "192.168.112.1, 99.242.139.220", 97 | "url": "http://httpbin.org/get" 98 | } 99 | ``` 100 | We can see the only difference between the two responses is the "custom-header" that was added by Tyk, as well as the extra hop in `origin`. 101 | 102 | **Some of Tyk's built-in capabilities:** 103 | 104 | - Rate Limiting 105 | - Authentication (Auth token, JWT, OAuth, OIDC, mTLS, more!) 106 | - Native Plugins 107 | - Round Robin Load Balancing 108 | 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /certs/concat.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqTCCAxGgAwIBAgIQVZdHA6qklHhBCNYBA8tK8jANBgkqhkiG9w0BAQsFADCB 3 | vzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMUowSAYDVQQLDEFzZWRr 4 | eWFib3Utc2hhbWFsYWhAU2Vka3lzLU1hY0Jvb2stUHJvLmxvY2FsIChTZWRreSBB 5 | Ym91LVNoYW1hbGFoKTFRME8GA1UEAwxIbWtjZXJ0IHNlZGt5YWJvdS1zaGFtYWxh 6 | aEBTZWRreXMtTWFjQm9vay1Qcm8ubG9jYWwgKFNlZGt5IEFib3UtU2hhbWFsYWgp 7 | MB4XDTIxMDMxNzE2MTQwNFoXDTIzMDYxNzE2MTQwNFowdTEnMCUGA1UEChMebWtj 8 | ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMUowSAYDVQQLDEFzZWRreWFib3Ut 9 | c2hhbWFsYWhAU2Vka3lzLU1hY0Jvb2stUHJvLmxvY2FsIChTZWRreSBBYm91LVNo 10 | YW1hbGFoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuoe0UCRoMG 11 | HCBuvKzfrUBHj92I7ddKT0C7uB4PWkDX8rwHG09K8QkHR/OE1je/sc9aK1PG9apj 12 | qKx0mYuRU44A0gPEToMXAt7HuZVLuju/9ptqfue8DClE2T1LmedOWnZs0CSwOS2u 13 | L8YGw3S/fTHjV4FOlYBPIBSbDlDu7LH6oj34roIuMhoogwhyM3zLKhEdgBPESrUJ 14 | qxhBp4yTv/wdYySTxqCf3gp8eOCirZihVgx/cIcW8EsR5IpbmP0dh3qawcD3DL4B 15 | jInWU7YKw4QtQyye0teUGPO7zhbbg9ZJ+fAfKr+QMwMkNytcL84Jn+Xr4+3/BfPc 16 | uEhI9Q2RHdECAwEAAaNqMGgwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG 17 | AQUFBwMBMB8GA1UdIwQYMBaAFF++huCfpjxp+FDDjJz2X+tRIUIHMCAGA1UdEQQZ 18 | MBeCFXR5ay1nYXRld2F5LmxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAYEAHm0B 19 | LdFno4Q7fVMehGHz1sdiG6auLneXKnEhY/7gbowrRUXMZzttvyI8Vx50bEu2b1o0 20 | oR+9MImYMKQ43oT2AfnqvM3aBahl41IlNfgay03vjEqGJ7pdhcg88k79CAT1xjOU 21 | XMZK2RabT+gW9ZY5XPszqM7mVmafRujNixHutVN4MYRTnnA6nKwSAsnAZ+q8ZzHZ 22 | PB03aktYA7E15MaAv4sP7jkvA4mCNy8g+UhyyGwJeqVG50fjg3esmHNUeKr9k/Rf 23 | /TbI9G6ffYiZYGD2OKteqL24opGX9RbR/HyszbhxrCbek4kiDjOyfgA+eL0g86Je 24 | ZBJicXP2s9wVgTstB93HuYpPLElaktxcaSa70+LZstZUIVrtGEoTeGGPOQBIgYoQ 25 | O1POL/f9ZxkeOBr11UjECKV5N4yXaEhKRfjnDEy95OkLcck0dAIe79mSt6vlhTYE 26 | dtySg+RhOorV9s8ZGRsefbBVcMgdQ4mUKDCm3HEU6QlVCZBOFFzKez3mVvxU 27 | -----END CERTIFICATE----- 28 | -----BEGIN PRIVATE KEY----- 29 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7qHtFAkaDBhwg 30 | brys361AR4/diO3XSk9Au7geD1pA1/K8BxtPSvEJB0fzhNY3v7HPWitTxvWqY6is 31 | dJmLkVOOANIDxE6DFwLex7mVS7o7v/aban7nvAwpRNk9S5nnTlp2bNAksDktri/G 32 | BsN0v30x41eBTpWATyAUmw5Q7uyx+qI9+K6CLjIaKIMIcjN8yyoRHYATxEq1CasY 33 | QaeMk7/8HWMkk8agn94KfHjgoq2YoVYMf3CHFvBLEeSKW5j9HYd6msHA9wy+AYyJ 34 | 1lO2CsOELUMsntLXlBjzu84W24PWSfnwHyq/kDMDJDcrXC/OCZ/l6+Pt/wXz3LhI 35 | SPUNkR3RAgMBAAECggEBAJSbcLsOeT5rSTzZ1Opl27JquWArfoYeX7KYtc6AQ+3T 36 | 1XLXgeYCJ+0Jag5LpMTTNoFJG8Sla4h6kWm4kJu5A10SAz5eZ/ph77Dyo2G6bYnB 37 | lA4xgLwM6+iGkC59PyywnOzpcM+NCkrFhSmh04kR15f5PCO3Uqcggfwval/nRWQP 38 | Bsqn23ijpfpPoQ2d/uIdSiqrdeil95VJ1Rln25yVOOKpiMpgrSFtxskLESVjxBUR 39 | 5DOBiWxuytLERdfHwZRQKDg0hVt94HHEPMfQyzCgJ9neGExBOo44UxFpZn4TCQ91 40 | Lk6zE3SmvzqP28ucmdeEFXXfJoKjB6++mvPPfkHyuP0CgYEA1etrmMY2WQszglF5 41 | 2x598eStxluFg0msbzNQ3DuQ6IIPkKFrOGpw8kGc3siRBu7ANnqCWRA+6bwWYM2s 42 | XeEt0w/icTuOwdQRGTUJyW7Aod34fy0llyMJTcO/MMRA062W0c87lIrWokxN95M2 43 | 1ja6CTcoTjNzi9RQLzetzGutG5sCgYEA4JKVa6OTWMy2oKZmq+W/I0TowBPOSyPL 44 | UbDHKFWW5KM+mqP7ot/A84jlyVtDFXOvNVsZbNlDnE0n2y7VRlNdrPyLoHby2KuY 45 | 0vchQi5BL6mt0TDqemWo4al0wn9t/Nq87LDHFcfXIx0soJpCkt+Zb39zrcqO+kZZ 46 | Cjq5TomlkQMCgYEAkZ/v4VKd0MQlToO0lowNZMwt2CiZnSRcNF8UnrgWD5HqkqSw 47 | Xvlm5iPwbGDRCY0iYHPJpGPA0FDwUvnwawBNt67KkhbfOefps+U9QlkY3ZhEAB91 48 | xYteXAfzcXlIQFGdqDqQ7rANKPMU6ILZA77BqmBYGdRAxmHELECVGeH7OB0CgYAS 49 | D9gSszJLpxNdMmT5mF3aIVWy9STXaEaXCGfMN64OL47+cwfvHp3vOGh63Gs103sZ 50 | CH2wAn1smcwF1etzX4seOaWlP0vi31JITXYQU5YMllITjCKfu4NsuutYJVWcS598 51 | Te+FMfB8s4D+XcnS9Ebr781HAg6j1Hqe1wBGb82wLwKBgFQMTPEv/0rU/v2vAjWI 52 | OwBn9pIhynPdBt5vOpeT6eyG0++g+wbiynALbRgD4+dAUe7bkYczhmd4dTlKvwrJ 53 | vQpmlb4g6euIDhdGnElffESeggbSpGcaifOfAwa3mvWEFvLjcK8QsvMI/+/DBLeZ 54 | JdO9HlX5eyXEYRVnQmnwvoeD 55 | -----END PRIVATE KEY----- 56 | -------------------------------------------------------------------------------- /get-started/docker-run.md: -------------------------------------------------------------------------------- 1 | # Running Tyk gateway using docker 2 | 3 | Tyk will run with a default configuration unless it has been overridden with the `-v` flag. Two sample configurations have been provided to run the Tyk Gateway as standalone (no DB or dashboard, file-based configurations) or with the Tyk Dashboard and MongoDB. 4 | 5 | ## Configure a network 6 | 7 | ``` 8 | docker network create tyk 9 | ab1084d034c7e95735e10de804fc54aa940c031d2c4bb91d984675e5de2755e7 10 | 11 | docker network ls 12 | NETWORK ID NAME DRIVER SCOPE 13 | ---snip--- 14 | ab1084d034c7 tyk bridge local 15 | ``` 16 | 17 | ## Redis Dependency 18 | 19 | You will need a local Redis container or external Redis server for the Gateway to communicate with. 20 | 21 | In a production environment, we would recommend that Redis is highly available and deployed as a cluster. 22 | 23 | ```bash 24 | # NOT FOR PRODUCTION 25 | docker pull redis:4.0-alpine 26 | docker run -itd --rm --name redis --network tyk -p 127.0.0.1:6379:6379 redis:4.0-alpine 27 | 28 | docker ps 29 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 30 | b713c61fd8fe redis:4.0-alpine "docker-entrypoint.s…" 5 seconds ago Up 4 seconds 127.0.0.1:6379->6379/tcp redis 31 | ``` 32 | 33 | ## Deploy Tyk Gateway 34 | 35 | ```bash 36 | docker pull docker.tyk.io/tyk-gateway/tyk-gateway:latest 37 | ``` 38 | 39 | Now that you have the Gateway locally, you will need to grab a configuration file. You may use `tyk.standalone.conf` or 40 | `tyk.with_dashboard.conf` from https://github.com/TykTechnologies/tyk-gateway-docker as a base template using the 41 | appropriate version for your use-case. 42 | 43 | Documentation for gateway configuration can be found here: https://tyk.io/docs/tyk-configuration-reference/tyk-gateway-configuration-options/ 44 | 45 | Alternatively, should you wish to configure tyk using environment variables, see https://tyk.io/docs/tyk-configuration-reference/environment-variables/ for details of how our environment variables are constructed. 46 | 47 | Please note that you should set the Gateway secret in the `TYK_GW_SECRET` environment variable. If you do not, the entrypoint script will attempt to set `TYK_GW_SECRET` environment variable from the value of `secret` in tyk.conf. 48 | 49 | ```bash 50 | TYK_GW_SECRET=foo 51 | ``` 52 | 53 | We will now run the Gateway by mounting [tyk.standalone.conf](./../tyk.standalone.conf), our modified version of `tyk.conf`. 54 | 55 | ### Run Tyk OSS Gateway 56 | 57 | You may use example api definitions from https://github.com/TykTechnologies/tyk/tree/master/apps 58 | Store your API configurations inside local directory [./apps](./../apps/). 59 | 60 | You can now start the Gateway: 61 | 62 | ```bash 63 | docker run -d \ 64 | --name tyk_gateway \ 65 | --network tyk \ 66 | -p 8080:8080 \ 67 | -v $(pwd)/tyk.standalone.conf:/opt/tyk-gateway/tyk.conf \ 68 | -v $(pwd)/apps:/opt/tyk-gateway/apps \ 69 | docker.tyk.io/tyk-gateway/tyk-gateway:latest 70 | ``` 71 | 72 | ### Tyk OSS Gateway used by Tyk Self Managed 73 | 74 | The OSS Gateway is also used with the Tyk Self managed installation (Tyk's licensed product). We will assume that the Tyk manager service is 75 | installed, and running. If not, we would recommend that you follow the [instructions](https://tyk.io/docs/tyk-self-managed/install/) for Tyk manager installation or this [doc](https://github.com/TykTechnologies/tyk-dashboard-docker). 76 | 77 | **FYI** For a quick docker compsoe of Tyk Self managed switch to [Tyk docker demo repo](https://github.com/TykTechnologies/tyk-pro-docker-demo). 78 | 79 | 80 | The Gateway relies upon the Dashboard service to load its API definitions & proxy configurations. 81 | As such, there is **no need** to mount any app directory. 82 | 83 | ```bash 84 | docker run -d \ 85 | --name tyk_gateway \ 86 | --network tyk \ 87 | -p 8080:8080 \ 88 | -v $(pwd)/tyk.with_dashboard.conf:/opt/tyk-gateway/tyk.conf \ 89 | docker.tyk.io/tyk-gateway/tyk-gateway:latest 90 | ``` 91 | 92 | ### Check everything is up and running 93 | 94 | ```bash 95 | curl http://localhost:8080/hello -i 96 | HTTP/1.1 200 OK 97 | Content-Type: application/json 98 | Date: Mon, 25 Jul 2022 19:16:45 GMT 99 | Content-Length: 156 100 | 101 | { 102 | "status": "pass", 103 | "version": "v3.2.1", 104 | "description": "Tyk GW", 105 | "details": { 106 | "redis": { 107 | "status": "pass", 108 | "componentType": "datastore", 109 | "time": "2022-07-25T19:16:16Z" 110 | } 111 | } 112 | } 113 | 114 | ``` 115 | 116 | ## Rich plugins 117 | 118 | The Tyk Gateway supports rich plugins as a part of the main binary since v2.9.0, making the `TYKLANG` environment variable deprecated and it is now ignored. 119 | 120 | If you're running an image tag older than v2.9.0, To run Tyk with rich plugins support, you must set the `TYKLANG` environment variable. Currently supported value is `-python` for Python support. 121 | 122 | An additional requirement is to provide a directory for the plugin bundles: 123 | ``` 124 | $ mkdir bundles 125 | $ docker run -d --name tyk_gateway -p 8080:8080 --link tyk_redis:redis -v $(pwd)/tyk.standalone.conf:/opt/tyk-gateway/tyk.conf -v $(pwd)/apps:/opt/tyk-gateway/apps -v $(pwd)/bundles:/opt/tyk-gateway/middleware/bundles -e TYKLANG='-python' docker.tyk.io/tyk-gateway/tyk-gateway` 126 | ``` 127 | 128 | Remember to modify your `tyk.conf` to include the required global parameters, essentially: 129 | 130 | ```json 131 | "coprocess_options": { 132 | "enable_coprocess": true, 133 | }, 134 | "enable_bundle_downloader": true, 135 | "bundle_base_url": "http://my-bundle-server.com/bundles/", 136 | ``` 137 | 138 | These global parameters are covered in this [Python Tutorial](https://tyk.io/docs/plugins/rich-plugins/python/tutorial-add-demo-plugin-api/#a-name-global-settings-a-global-settings). 139 | 140 | For more information, see our [rich plugins documentation](https://tyk.io/docs/plugins/rich-plugins/). 141 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Tyk Gateway Docker 2 | 3 | ## About 4 | This repository serves as a playground to help you experiment with `Tyk Gateway`. It includes a _Docker Compose_ file that allows you to quickly set up _Tyk Gateway_ and _Redis_. Additionally, the repository provides several example API definitions and plugins to showcase the gateway's capabilities and help you learn some of its features. 5 | 6 | ## Getting started 7 | Click [here](#start-up-the-deployment) to get up and running but please remember to revisit the [next section](#useful-reading) later as it provides valuable yet concise insights on how to make the most of your time while using this repository and learning to know Tyk 8 | 9 | ## Useful Reading 10 | 11 | ### Requirements 12 | These settings apply to any Tyk OSS deployment, for development as well as production environments. 13 | 14 | 1. [**Redis**](https://redis.io/docs/about/) - Tyk gateway requires a running Redis. To make an easy start this repo has a _Docker Compose_ that spins up the gateway and Redis. If you use our `docker compose`, [the config of the gateway](./tyk.standalone.conf) is already set up to connect to the Redis service. As soon as it's up the gateway is ready to use. 15 | 2. **API definitions** - This is the way to set Tyk Gateway to service your API. To quickly get from zero to a live API behind _Tyk Gateway_ use the API definition examples under the [./apps](./apps) directory. 16 | 3. **Gateway configurations** - `tyk.conf` is set up appropriately and ready to use, including the API key to access/config the gateway via its APIs. 17 | 18 | ### Project Structure 19 | This repo has a few libraries that contain the file required to demo some of the Tyk gateway capabilities: 20 | - This README - please continue reading it before anything else, it will get you up and running. 21 | - [./get-started](./get-started/) - this docs directory has instructions to create your first API, API key, first plugin etc. 22 | - [Your First API](get-started/your-first-api.md) 23 | - [Your first token](get-started/your-first-token.md) 24 | - [Your First Plugin](get-started/your-first-plugin.md) 25 | - [./app/](./apps/) - Store your API configurations inside local directory `./apps`. You can also find in it example API definitions ready to use. 26 | - [./middleware/](./middleware/) - Store your plugins in this directory. For more information, Check [JavaScript Middleware documentation](https://tyk.io/docs/plugins/supported-languages/javascript-middleware/install-middleware/tyk-ce/). You can also find a Javascript example ready to use. 27 | - [./cloud-plugin/](./cloud-plugin/) - Many times you wouldn't want to store your plugin in the gateway, for that you can also use [a server to serve your plugins](https://tyk.io/docs/plugins/how-to-serve-plugins/plugin-bundles/) and the Tyk gateway will load them from that service. This directory explains how to do that when using [Tyk cloud](https://tyk.io/docs/tyk-cloud/configuration-options/using-plugins/uploading-bundle/#how-do-i-upload-my-bundle-file-to-my-amazon-s3-bucket) while the gateway is functioning as a Hybrid gateway. 28 | - [./certs](./certs/) - 29 | 30 | 31 | ### Important settings when using Tyk 32 | These settings apply to any Tyk OSS deployment, this one using Docker Compose as well as test and production environments. 33 | 34 | 1. [**Redis**](https://redis.io/docs/about/) - Tyk gateway requires a running Redis. To make an easy start this repo has a _Docker Compose_ that spins up the gateway and Redis. If you use our `docker compose`, [the config of the gateway](./tyk.standalone.conf) is already set up to connect to the Redis service. As soon as it's up the gateway is ready to use. 35 | 2. **API definitions** - This is the way to set Tyk Gateway to service your API. To quickly get from zero to a live API behind _Tyk Gateway_ use the API definition examples under the [./apps](./apps) directory. 36 | 3. **Gateway configurations** - `tyk.conf` is set up appropriately and ready to use, including the API key to access/config the gateway via its APIs. 37 | 38 | --- 39 | 40 | **To spin up Tyk deployment - Please continue reading** 41 | 42 | ## Option 1 - Running Full Tyk Deployment Using Docker Compose 43 | 44 | In this section, you will spin up a full Tyk OSS Deployment Using *Docker Compose* 45 | 46 | 47 | ### Requirements 48 | 49 | Before you start, please install the following binaries: 50 | - `docker compose` 51 | - An HTTP Client - There are lots of options in the market: 52 | - Most common command line - [curl](https://everything.curl.dev/get) 53 | - For GUI users, the most common one is [Postman](https://www.postman.com/downloads/) 54 | - For VS Code users, you can get any of these [VSCode extensions](https://marketplace.visualstudio.com/search?term=http%20client&target=VSCode&category=All%20categories&sortBy=Relevance)). 55 | - If you chose [REST Client](https://marketplace.visualstudio.com/items?itemName=humao.rest-client) extention, then you can use our example file [./useful_api_calls.http](useful_api_calls.http) to quickly get up and running. 56 | - [jq](https://stedolan.github.io/jq/download/) - Optional. If you are using a command line HTTP client like `curl`, `jq` will help you to beautify the returned JSON. 57 | 58 | ### Start up the deployment 59 | Use [docker-compose.yml](./docker-compose.yml) to spin up a Tyk OSS environment with one command. This will start two services, Tyk gateway and Redis use the following command 60 | 61 | ```console 62 | $ docker-compose up -d 63 | ``` 64 | 65 | ### Check everything is up and running 66 | 67 | In the example below we call the `/hello` endpoint using curl (you can use any HTTP client you want): 68 | 69 | 70 | ```curl 71 | curl http://localhost:8080/hello -i 72 | ``` 73 | 74 | It returns the gateway's version and the connection status of Redis. 75 | 76 | ```curl 77 | HTTP/1.1 200 OK 78 | Content-Type: application/json 79 | Date: Mon, 25 Jul 2022 19:16:45 GMT 80 | Content-Length: 156 81 | 82 | { 83 | "status": "pass", 84 | "version": "v3.2.1", 85 | "description": "Tyk GW", 86 | "details": { 87 | "redis": { 88 | "status": "pass", 89 | "componentType": "datastore", 90 | "time": "2022-07-25T19:16:16Z" 91 | } 92 | } 93 | } 94 | 95 | ``` 96 | 97 | ### Check the loaded APIs 98 | 99 | To get the list of APIs that Tyk gateway services, run the following: 100 | 101 | ```curl 102 | curl http://localhost:8080/tyk/apis -H "X-Tyk-Authorization: foo" 103 | ``` 104 | 105 | or in VS Code in a `some-file.http`: 106 | ```http 107 | http://localhost:8080/tyk/apis 108 | X-Tyk-Authorization: foo 109 | ``` 110 | 111 | The response is a JSON array of the API definitions. 112 | To beautify the list, use `jq`: 113 | ```bash 114 | curl http://localhost:8080/tyk/apis -H "X-Tyk-Authorization: foo" | jq . 115 | ``` 116 | 117 | Notice that we used the API key (secret) to connect to the gateway. 118 | `/tyk/apis` is the way to configure or check the configuration of Tyk Gateway via APIs and as such it must be protected so only you can connect it. 119 | 120 | --- 121 | 122 | ## Option 2 - Running Tyk using Docker 123 | 124 | If you want to run `docker` (not `docker compose`), use [these instructions](get-started/docker-run.md). 125 | 126 | For production, in which you use `docker` (not `docker compose`), check the [instructions](get-started/docker-run.md) on our docs website. 127 | 128 | 129 | ### Build your own Tyk Docker image 130 | To you want to build an image yourself please use this [Dockerfile](https://raw.githubusercontent.com/TykTechnologies/tyk/master/Dockerfile) 131 | 132 | 133 | --- 134 | 135 | ## Tyk Hybrid Gateway - for paying users only! 136 | 137 | *Tyk Hybrid Gateway* is the same Tyk OSS gateway but here it's connecting to a control plane layer (specifically to a component called [MDCB](https://tyk.io/docs/tyk-multi-data-centre/)). The [control plane](https://tyk.io/price-comparison/) can be self-managed or via the SaaS offering on Tyk cloud. As such, this option can be used only by paying clients (including users that trial the paying option). 138 | 139 | 140 | **FYI** Tyk cloud has also a [Cloud Free plan](https://tyk.io/docs/tyk-cloud/account-billing/plans/) but Hybrid gateways are not part of it. 141 | 142 | To set up a Hybrid gateway/cluster of gateways, do the following: 143 | 144 | 1. Change the following 3 values in the gateway config file (in this repo it is referred to as [tyk.hybrid.conf](./tyk.hybrid.conf): 145 | ```json 146 | "slave_options": { 147 | "rpc_key": "", 148 | "api_key": "", 149 | "connection_string": ":443", 150 | ``` 151 | 152 | it should look like this: 153 | 154 | ```json 155 | "slave_options": { 156 | "rpc_key": "j3jf8as9991ad881349", 157 | "api_key": "adk12k9d891j48df824", 158 | "connection_string": "persistent-bangalore-hyb.aws-usw2.cloud-ara.tyk.io:443", 159 | ``` 160 | 161 | 2. Use the hybrid config file in `docker compose` by mounting it into the Gateway in `docker-compose.yml` 162 | 163 | Change from 164 | ```bash 165 | - ./tyk.standalone.conf:/opt/tyk-gateway/tyk.conf 166 | ``` 167 | 168 | To: 169 | ```bash 170 | - ./tyk.hybrid.conf:/opt/tyk-gateway/tyk.conf 171 | ``` 172 | 173 | That's it! Now run `docker-compose up` 174 | 175 | --- 176 | 177 | ## PRs 178 | PRs with new examples and fixes are most welcome. 179 | A contributor guide will be added in the future but for the time being, please explain your PR in the description and provide evidence for manual testing of the code. 180 | 181 | ### SLA 182 | First response (clarifying questions/guidance on improvements/answering questions) - Target: 48 hours 183 | Detailed review and feedback on PRs - Target: 7 days 184 | 185 | ---- 186 | 187 | ## Bugs 188 | 189 | We'd love to know about any bug or defect you find, no matter how small it is. 190 | 191 | ### SLA 192 | First response (clarifying questions/guidance on improvements/answering questions) - Target: 48 hours 193 | 194 | --- 195 | 196 | ## Features 197 | 198 | We'd love to hear from you. Any feedback, idea or feature request is most welcomed. 199 | 200 | ### SLA 201 | First response (clarifying questions/guidance on improvements/answering questions) - Target: 72 hours 202 | 203 | --- 204 | 205 | ## Todo 206 | 207 | Add Tyk pump to the `docker compose` so we can stream analytics to a data sink. 208 | 209 | --- 210 | 211 | ## Questions 212 | For question on products, please use [Tyk Community forum](https://community.tyk.io/). 213 | 214 | Clients can also use support@tyk.io. 215 | 216 | Potential clients and evaluators, please use info@tyk.io. 217 | -------------------------------------------------------------------------------- /apps/client-mtls-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "api_id": "4a77d8bfe76f41ad7ae5875b2259df3f", 3 | "jwt_issued_at_validation_skew": 0, 4 | "upstream_certificates": {}, 5 | "use_keyless": true, 6 | "enable_coprocess_auth": false, 7 | "base_identity_provided_by": "auth_token", 8 | "custom_middleware": { 9 | "pre": [], 10 | "post": [], 11 | "post_key_auth": [], 12 | "auth_check": { 13 | "name": "", 14 | "path": "", 15 | "require_session": false, 16 | "raw_body_only": false 17 | }, 18 | "response": [], 19 | "driver": "", 20 | "id_extractor": { 21 | "extract_from": "", 22 | "extract_with": "", 23 | "extractor_config": {} 24 | } 25 | }, 26 | "disable_quota": false, 27 | "custom_middleware_bundle": "", 28 | "cache_options": { 29 | "cache_timeout": 60, 30 | "enable_cache": true, 31 | "cache_all_safe_requests": false, 32 | "cache_response_codes": [], 33 | "enable_upstream_cache_control": false, 34 | "cache_control_ttl_header": "", 35 | "cache_by_headers": [] 36 | }, 37 | "enable_ip_blacklisting": false, 38 | "tag_headers": [], 39 | "jwt_scope_to_policy_mapping": {}, 40 | "pinned_public_keys": {}, 41 | "expire_analytics_after": 0, 42 | "domain": "", 43 | "openid_options": { 44 | "providers": [], 45 | "segregate_by_client": false 46 | }, 47 | "jwt_policy_field_name": "", 48 | "enable_proxy_protocol": false, 49 | "jwt_default_policies": [], 50 | "active": true, 51 | "jwt_expires_at_validation_skew": 0, 52 | "config_data": {}, 53 | "notifications": { 54 | "shared_secret": "", 55 | "oauth_on_keychange_url": "" 56 | }, 57 | "jwt_client_base_field": "", 58 | "auth": { 59 | "use_param": false, 60 | "param_name": "", 61 | "use_cookie": false, 62 | "cookie_name": "", 63 | "auth_header_name": "Authorization", 64 | "use_certificate": false, 65 | "validate_signature": false, 66 | "signature": { 67 | "algorithm": "", 68 | "header": "", 69 | "secret": "", 70 | "allowed_clock_skew": 0, 71 | "error_code": 0, 72 | "error_message": "" 73 | } 74 | }, 75 | "check_host_against_uptime_tests": false, 76 | "auth_provider": { 77 | "name": "", 78 | "storage_engine": "", 79 | "meta": {} 80 | }, 81 | "blacklisted_ips": [], 82 | "graphql": { 83 | "enabled": false, 84 | "execution_mode": "proxyOnly", 85 | "version": "2", 86 | "schema": "", 87 | "type_field_configurations": [], 88 | "playground": { 89 | "enabled": false, 90 | "path": "" 91 | }, 92 | "engine": { 93 | "field_configs": [], 94 | "data_sources": [] 95 | } 96 | }, 97 | "hmac_allowed_clock_skew": -1, 98 | "dont_set_quota_on_create": false, 99 | "uptime_tests": { 100 | "check_list": [], 101 | "config": { 102 | "expire_utime_after": 0, 103 | "service_discovery": { 104 | "use_discovery_service": false, 105 | "query_endpoint": "", 106 | "use_nested_query": false, 107 | "parent_data_path": "", 108 | "data_path": "", 109 | "cache_timeout": 60 110 | }, 111 | "recheck_wait": 0 112 | } 113 | }, 114 | "enable_jwt": false, 115 | "do_not_track": false, 116 | "name": "mTls", 117 | "slug": "mtls", 118 | "oauth_meta": { 119 | "allowed_access_types": [], 120 | "allowed_authorize_types": [], 121 | "auth_login_redirect": "" 122 | }, 123 | "CORS": { 124 | "enable": false, 125 | "max_age": 24, 126 | "allow_credentials": false, 127 | "exposed_headers": [], 128 | "allowed_headers": [ 129 | "Origin", 130 | "Accept", 131 | "Content-Type", 132 | "X-Requested-With", 133 | "Authorization" 134 | ], 135 | "options_passthrough": false, 136 | "debug": false, 137 | "allowed_origins": [ 138 | "*" 139 | ], 140 | "allowed_methods": [ 141 | "GET", 142 | "POST", 143 | "HEAD" 144 | ] 145 | }, 146 | "event_handlers": { 147 | "events": {} 148 | }, 149 | "proxy": { 150 | "target_url": "http://httpbin.org", 151 | "service_discovery": { 152 | "endpoint_returns_list": false, 153 | "cache_timeout": 0, 154 | "parent_data_path": "", 155 | "query_endpoint": "", 156 | "use_discovery_service": false, 157 | "_sd_show_port_path": false, 158 | "target_path": "", 159 | "use_target_list": false, 160 | "use_nested_query": false, 161 | "data_path": "", 162 | "port_data_path": "" 163 | }, 164 | "check_host_against_uptime_tests": false, 165 | "transport": { 166 | "ssl_insecure_skip_verify": false, 167 | "ssl_min_version": 0, 168 | "proxy_url": "", 169 | "ssl_ciphers": [] 170 | }, 171 | "target_list": [], 172 | "preserve_host_header": false, 173 | "strip_listen_path": true, 174 | "enable_load_balancing": false, 175 | "listen_path": "/mtls/", 176 | "disable_strip_slash": true 177 | }, 178 | "client_certificates": [ 179 | "certs/concat.pem" 180 | ], 181 | "use_basic_auth": false, 182 | "version_data": { 183 | "not_versioned": true, 184 | "default_version": "", 185 | "versions": { 186 | "Default": { 187 | "name": "Default", 188 | "expires": "", 189 | "paths": { 190 | "ignored": [], 191 | "white_list": [], 192 | "black_list": [] 193 | }, 194 | "use_extended_paths": true, 195 | "extended_paths": { 196 | "ignored": [], 197 | "white_list": [], 198 | "black_list": [], 199 | "transform": [], 200 | "transform_response": [], 201 | "transform_jq": [], 202 | "transform_jq_response": [], 203 | "transform_headers": [], 204 | "transform_response_headers": [], 205 | "hard_timeouts": [], 206 | "circuit_breakers": [], 207 | "url_rewrites": [], 208 | "virtual": [], 209 | "size_limits": [], 210 | "method_transforms": [], 211 | "track_endpoints": [], 212 | "do_not_track_endpoints": [], 213 | "validate_json": [], 214 | "internal": [] 215 | }, 216 | "global_headers": {}, 217 | "global_headers_remove": [], 218 | "global_response_headers": {}, 219 | "global_response_headers_remove": [], 220 | "ignore_endpoint_case": false, 221 | "global_size_limit": 0, 222 | "override_target": "" 223 | } 224 | } 225 | }, 226 | "jwt_scope_claim_name": "", 227 | "use_standard_auth": false, 228 | "session_lifetime": 0, 229 | "hmac_allowed_algorithms": [], 230 | "disable_rate_limit": false, 231 | "definition": { 232 | "location": "header", 233 | "key": "x-api-version", 234 | "strip_path": false 235 | }, 236 | "use_oauth2": false, 237 | "jwt_source": "", 238 | "jwt_signing_method": "", 239 | "jwt_not_before_validation_skew": 0, 240 | "use_go_plugin_auth": false, 241 | "jwt_identity_base_field": "", 242 | "allowed_ips": [], 243 | "request_signing": { 244 | "is_enabled": false, 245 | "secret": "", 246 | "key_id": "", 247 | "algorithm": "", 248 | "header_list": [], 249 | "certificate_id": "", 250 | "signature_header": "" 251 | }, 252 | "org_id": "5e9d9544a1dcd60001d0ed20", 253 | "enable_ip_whitelisting": false, 254 | "global_rate_limit": { 255 | "rate": 0, 256 | "per": 0 257 | }, 258 | "protocol": "", 259 | "enable_context_vars": false, 260 | "tags": [], 261 | "basic_auth": { 262 | "disable_caching": false, 263 | "cache_ttl": 0, 264 | "extract_from_body": false, 265 | "body_user_regexp": "", 266 | "body_password_regexp": "" 267 | }, 268 | "listen_port": 0, 269 | "session_provider": { 270 | "name": "", 271 | "storage_engine": "", 272 | "meta": {} 273 | }, 274 | "auth_configs": { 275 | "authToken": { 276 | "use_param": false, 277 | "param_name": "", 278 | "use_cookie": false, 279 | "cookie_name": "", 280 | "auth_header_name": "Authorization", 281 | "use_certificate": false, 282 | "validate_signature": false, 283 | "signature": { 284 | "algorithm": "", 285 | "header": "", 286 | "secret": "", 287 | "allowed_clock_skew": 0, 288 | "error_code": 0, 289 | "error_message": "" 290 | } 291 | }, 292 | "basic": { 293 | "use_param": false, 294 | "param_name": "", 295 | "use_cookie": false, 296 | "cookie_name": "", 297 | "auth_header_name": "Authorization", 298 | "use_certificate": false, 299 | "validate_signature": false, 300 | "signature": { 301 | "algorithm": "", 302 | "header": "", 303 | "secret": "", 304 | "allowed_clock_skew": 0, 305 | "error_code": 0, 306 | "error_message": "" 307 | } 308 | }, 309 | "coprocess": { 310 | "use_param": false, 311 | "param_name": "", 312 | "use_cookie": false, 313 | "cookie_name": "", 314 | "auth_header_name": "Authorization", 315 | "use_certificate": false, 316 | "validate_signature": false, 317 | "signature": { 318 | "algorithm": "", 319 | "header": "", 320 | "secret": "", 321 | "allowed_clock_skew": 0, 322 | "error_code": 0, 323 | "error_message": "" 324 | } 325 | }, 326 | "hmac": { 327 | "use_param": false, 328 | "param_name": "", 329 | "use_cookie": false, 330 | "cookie_name": "", 331 | "auth_header_name": "Authorization", 332 | "use_certificate": false, 333 | "validate_signature": false, 334 | "signature": { 335 | "algorithm": "", 336 | "header": "", 337 | "secret": "", 338 | "allowed_clock_skew": 0, 339 | "error_code": 0, 340 | "error_message": "" 341 | } 342 | }, 343 | "jwt": { 344 | "use_param": false, 345 | "param_name": "", 346 | "use_cookie": false, 347 | "cookie_name": "", 348 | "auth_header_name": "Authorization", 349 | "use_certificate": false, 350 | "validate_signature": false, 351 | "signature": { 352 | "algorithm": "", 353 | "header": "", 354 | "secret": "", 355 | "allowed_clock_skew": 0, 356 | "error_code": 0, 357 | "error_message": "" 358 | } 359 | }, 360 | "oauth": { 361 | "use_param": false, 362 | "param_name": "", 363 | "use_cookie": false, 364 | "cookie_name": "", 365 | "auth_header_name": "Authorization", 366 | "use_certificate": false, 367 | "validate_signature": false, 368 | "signature": { 369 | "algorithm": "", 370 | "header": "", 371 | "secret": "", 372 | "allowed_clock_skew": 0, 373 | "error_code": 0, 374 | "error_message": "" 375 | } 376 | }, 377 | "oidc": { 378 | "use_param": false, 379 | "param_name": "", 380 | "use_cookie": false, 381 | "cookie_name": "", 382 | "auth_header_name": "Authorization", 383 | "use_certificate": false, 384 | "validate_signature": false, 385 | "signature": { 386 | "algorithm": "", 387 | "header": "", 388 | "secret": "", 389 | "allowed_clock_skew": 0, 390 | "error_code": 0, 391 | "error_message": "" 392 | } 393 | } 394 | }, 395 | "strip_auth_data": false, 396 | "id": "60522b32a74aee000171cbbb", 397 | "certificates": [], 398 | "enable_signature_checking": false, 399 | "use_openid": false, 400 | "internal": false, 401 | "jwt_skip_kid": false, 402 | "enable_batch_request_support": false, 403 | "enable_detailed_recording": false, 404 | "response_processors": [], 405 | "use_mutual_tls_auth": true 406 | } --------------------------------------------------------------------------------