-
Notifications
You must be signed in to change notification settings - Fork 9
Gluu Gateway
samuel kungu edited this page May 7, 2020
·
13 revisions
This page shows how you can run Gluu Gateway Server using docker-compose
For the server to run smoothly, there are some preparations that need to be done. That includes preparing the TLS certificates.
To create a self-signed certificate, openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out certificate.pem. Place the files in the same directory with docker-compose.yaml. The directory should look like the one shown below
├── README.md
├── certificate.pem
├── docker-compose.yaml
└── key.pem
└── pg-init-scripts
└── create-multiple-dbs.sh
create-multiple-dbs.sh
#!/bin/bash
set -e
set -u
# helper function
function create_user_database() {
local database=$(echo $1 | tr ',' ' ' | awk '{print $1}')
local owner=$(echo $1 | tr ',' ' ' | awk '{print $2}')
local password=$(echo $1 | tr ',' ' ' | awk '{print$3}' )
echo " Creating database '$database' "
psql -v ON_ERROR_STOP=1 -U postgres <<-EOSQL
CREATE USER $owner WITH PASSWORD '$password';
CREATE DATABASE $database;
GRANT ALL PRIVILEGES ON DATABASE $database TO $owner;
EOSQL
}
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
echo "Creating multiple databases: $POSTGRES_MULTIPLE_DATABASES "
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ':' ' '); do
create_user_database $db
done
echo "Multiple databases created"
fi
Provided below is the docker-compose.yaml the file used to orchestrate Gluu Gateway Server.
version: "3.7"
networks:
kong-net:
driver: bridge
services:
#######################################
# Postgres: The database used by Kong
#######################################
kong-database:
image: postgres:10.6
restart: always
networks:
- kong-net
volumes:
- ./pg-init-scripts:/docker-entrypoint-initdb.d
environment:
POSTGRES_MULTIPLE_DATABASES: "${GG_DB_NAME},${GG_DB_USERNAME},${GG_DB_PASSWORD}: ${GG_UI_DB_NAME},${GG_UI_DB_USER},${GG_UI_DB_PASSWORD}" # db,user,password
ports:
- "5432:5432"
healthcheck:
test: ["CMD", "pg_isready", "-U", "kong"]
interval: 5s
timeout: 5s
retries: 5
#######################################
# Kong database migration
#######################################
kong-migration:
image: gluufederation/gluu-gateway:4.1.0_dev
entrypoint: sh -c "sleep 5 && kong migrations bootstrap -v"
networks:
- kong-net
restart: on-failure
environment:
KONG_DATABASE: ${DB_ADAPTER}
KONG_PG_HOST: ${DB_HOST}
KONG_PG_USER: ${GG_DB_USERNAME}
KONG_PG_PASSWORD: ${GG_DB_PASSWORD}
KONG_PG_DATABASE: ${GG_DB_NAME}
links:
- kong-database
depends_on:
- kong-database
#######################################
# Kong: The API Gateway
#######################################
gg-kong:
image: gluufederation/gluu-gateway:4.1.0_dev
networks:
- kong-net
restart: on-failure
environment:
KONG_DATABASE: ${DB_ADAPTER}
KONG_PG_HOST: ${DB_HOST}
KONG_PG_DATABASE: ${GG_DB_NAME}
KONG_PG_USER: ${GG_DB_USERNAME}
KONG_PG_PASSWORD: ${GG_DB_PASSWORD}
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: 0.0.0.0:8000
KONG_ADMIN_LISTEN: 0.0.0.0:8001,0.0.0.0:8444 ssl
depends_on:
- kong-migration
# - kong-database
links:
- kong-database
healthcheck:
test: ["CMD", "curl", "-f", "http://gg-kong:8001"]
interval: 5s
timeout: 2s
retries: 15
ports:
- "8001:8001"
- "8000:8000"
- "8443:8443"
- "8444:8444"
#######################################
# Konga/ UI database prepare
#######################################
ui-prepare:
image: gluufederation/gluu-gateway-ui:4.1.0_dev
command: "-c prepare -a postgres -u postgresql://${GG_UI_DB_USER}:${GG_UI_DB_PASSWORD}@kong-database:5432/${GG_UI_DB_NAME}"
volumes:
- ./certificate.pem:/etc/certs/certificate.pem
- ./key.pem:/etc/certs/key.pem
environment:
KONG_ADMIN_URL: ${GG_UI_KONG_ADMIN_URL}
DB_ADAPTER: ${DB_ADAPTER}
POSTGRES_VERSION: ${POSTGRES_VERSION}
DB_HOST: ${DB_HOST}
DB_DATABASE: ${GG_UI_DB_NAME}
DB_USER: ${GG_UI_DB_USER}
DB_PASSWORD: ${GG_UI_DB_PASSWORD}
DB_PORT: ${GG_UI_DB_PORT}
SSL_KEY_PATH: ${GG_UI_SSL_KEY_PATH}
SSL_CERT_PATH: ${GG_UI_SSL_CERT_PATH}
CLIENT_SECRET: ${GG_UI_CLIENT_SECRET}
NODE_ENV: ${GG_UI_NODE_ENV}
PORT: ${GG_UI_PORT}
OXD_SERVER_URL: ${GG_UI_OXD_SERVER_URL}
OP_SERVER_URL: ${GG_UI_OP_SERVER_URL} # --->> This gluu's server URL
OXD_ID: ${GG_UI_OXD_ID}
CLIENT_ID: ${GG_UI_CLIENT_ID}
CLIENT_SECRET: ${GG_UI_CLIENT_SECRET}
OXD_SERVER_VERSION: ${GG_UI_OXD_SERVER_VERSION}
GG_HOST: ${GG_UI_GG_SERVER_HOST}
GG_UI_REDIRECT_URL_HOST: ${GG_UI_REDIRECT_URL_HOST}
EXPLICIT_HOST: ${GG_UI_EXPLICIT_HOST}
GG_VERSION: ${GG_UI_GG_SERVER_VERSION}
DB_SSL: ${GG_UI_DB_SSL}
networks:
- kong-net
restart: on-failure
links:
- kong-database
depends_on:
- kong-database
# #######################################
# # gg-ui: GG GUI
# #######################################
gg-ui:
image: gluufederation/gluu-gateway-ui:4.1.0_dev
restart: always
volumes:
- ./certificate.pem:/etc/certs/certificate.pem
- ./key.pem:/etc/certs/key.pem
networks:
- kong-net
environment:
KONG_ADMIN_URL: ${GG_UI_KONG_ADMIN_URL}
DB_ADAPTER: ${DB_ADAPTER}
POSTGRES_VERSION: ${POSTGRES_VERSION}
DB_HOST: ${DB_HOST}
DB_DATABASE: ${GG_UI_DB_NAME}
DB_USER: ${GG_UI_DB_USER}
DB_PASSWORD: ${GG_UI_DB_PASSWORD}
DB_PORT: ${GG_UI_DB_PORT}
SSL_KEY_PATH: ${GG_UI_SSL_KEY_PATH}
SSL_CERT_PATH: ${GG_UI_SSL_CERT_PATH}
CLIENT_SECRET: ${GG_UI_CLIENT_SECRET}
NODE_ENV: ${GG_UI_NODE_ENV}
PORT: ${GG_UI_PORT}
OXD_SERVER_URL: ${GG_UI_OXD_SERVER_URL}
OP_SERVER_URL: ${GG_UI_OP_SERVER_URL} # --->> This gluu's server URL
OXD_ID: ${GG_UI_OXD_ID}
CLIENT_ID: ${GG_UI_CLIENT_ID}
CLIENT_SECRET: ${GG_UI_CLIENT_SECRET}
OXD_SERVER_VERSION: ${GG_UI_OXD_SERVER_VERSION}
GG_HOST: ${GG_UI_GG_SERVER_HOST}
GG_UI_REDIRECT_URL_HOST: ${GG_UI_REDIRECT_URL_HOST}
EXPLICIT_HOST: ${GG_UI_EXPLICIT_HOST}
GG_VERSION: ${GG_UI_GG_SERVER_VERSION}
DB_SSL: ${GG_UI_DB_SSL}
depends_on:
- kong-database
- ui-prepare
ports:
- "1337:1337"
Follow these docs here to connect Gluu Gateway with OXD server and Gluu server.
Make sure to create .env file in the same directory with docker-compose.yaml. An example of required variables are shown below.
.env
# COMMONS
DB_ADAPTER=postgres
DB_HOST=kong-database
POSTGRES_VERSION=10.6
# GG SETTINGS
GG_DB_NAME=kong
GG_DB_USERNAME=kong
GG_DB_PASSWORD=kongpassword
#GG-UI SETTINGS
GG_UI_KONG_ADMIN_URL=http://gg-kong:8001 # http://gluu.local.org:8001
GG_UI_DB_USER=konga
GG_UI_DB_NAME=konga
GG_UI_DB_PASSWORD=kongapassword
GG_UI_DB_SSL=false
GG_UI_DB_PORT=5432
GG_UI_SSL_KEY_PATH=./key.pem
GG_UI_SSL_CERT_PATH=./certificate.pem
GG_UI_CLIENT_SECRET=km1GUr4RkcQD7DewhJPNXrCuZwcKmqjb
GG_UI_DB_DATABASE=kong
GG_UI_NODE_ENV=production
GG_UI_PORT=1337
GG_UI_OXD_SERVER_URL=https://docker.for.mac.localhost:8443
GG_UI_OP_SERVER_URL=https://demoexample.gluu.org
GG_UI_OXD_ID=c936dca1-95c6-4c74-8a45-54b8145fef15
GG_UI_CLIENT_ID=e025fbcd-05f5-4e61-98cd-241b7aa53e98
GG_UI_CLIENT_SECRET=25235607-7169-428e-a401-831e8c972435
GG_UI_OXD_SERVER_VERSION=4.1
GG_UI_GG_SERVER_HOST=https://demoexample.gluu.org
GG_UI_REDIRECT_URL_HOST=https://localhost:1337
GG_UI_EXPLICIT_HOST=0.0.0.0
GG_UI_GG_SERVER_VERSION=4.1
With all that in place, run docker-compose up to start Gluu Gateway Server