Installation#
To install Gluu Gateway, follow these steps:
- Add the required third party repositories
- Install the
gluu-gateway
package - Run
setup-gluu-gateway.py
Note
Before installing Gluu Gateway, be sure to have a Gluu Server installed and operational. The Gluu Gateway setup script requires an existing Gluu Server's hostname be provided.
Minimum Requirements#
Gluu Gateway needs to be deployed on a server or VM with the following minimum requirements:
CPU Unit | RAM | Disk Space | Processor Type |
---|---|---|---|
1 | 2 GB | 10 GB | 64 Bit |
Pre-requirements#
Gluu Gateway requires an OAuth 2.0 Authorization Server (AS), typically the Gluu Server, to issue OAuth clients and scopes, and perform client authentication.
Gluu Gateway is compatible with the following versions of Gluu:
- Gluu Server CE 4.0
Required Third Party repositories#
Important
Always run the following commands as root.
Ubuntu 18#
- Add the Gluu repo:
echo "deb https://repo.gluu.org/ubuntu/ bionic main" > /etc/apt/sources.list.d/gluu-repo.list
curl https://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add -
- Add the PostgreSQL 10 repo:
echo "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main" > /etc/apt/sources.list.d/psql.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
- Add the Node repo:
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
Ubuntu 16#
- Add the Gluu repo:
echo "deb https://repo.gluu.org/ubuntu/ xenial main" > /etc/apt/sources.list.d/gluu-repo.list
curl https://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add -
- Add the PostgreSQL 10 repo:
echo "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main" > /etc/apt/sources.list.d/psql.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
CentOS 7#
- Add the Gluu repo:
wget https://repo.gluu.org/centos/Gluu-centos7.repo -O /etc/yum.repos.d/Gluu.repo
wget https://repo.gluu.org/centos/RPM-GPG-KEY-GLUU -O /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
- Add the PostgreSQL 10 repo:
rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
- Add the Node repo:
curl -sL https://rpm.nodesource.com/setup_8.x | sudo -E bash -
RHEL 7#
- Add the Gluu repo:
wget https://repo.gluu.org/rhel/Gluu-rhel7.repo -O /etc/yum.repos.d/Gluu.repo
wget https://repo.gluu.org/rhel/RPM-GPG-KEY-GLUU -O /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
- Add the PostgreSQL 10 repo:
rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
- Add the Node repo:
curl -sL https://rpm.nodesource.com/setup_8.x | sudo -E bash -
Install the Gluu Gateway package#
Important
The Gluu Gateway package installs the following required components: PostgreSQL v10, oxd Server 4.0, NodeJS v8, Kong Community Edition v0.14.1.
Ubuntu 16, 18#
apt update
apt install gluu-gateway=4.0~*
Centos 7, RHEL 7#
yum clean all
yum install gluu-gateway-4.0
Run the setup script#
Important
Before start setup, stop your all services which run on ports 443, 8443, 1338, 8000 and 8001.
Info
If you are behind the corporate proxy, you need to export HTTP_PROXY
, HTTPS_PROXY
. More details
cd /opt/gluu-gateway/setup/
python setup-gluu-gateway.py
After acknowledging the Gluu Stepped-Up Support License, you will be prompted to answer several questions. Just hit Enter to accept the default values, which are specified in square brackets.
Important
When prompted to provide a two-letter value, make sure to follow the instructions. A mistake may result in the lack of certificates.
Question | Explanation |
---|---|
Enter IP Address | IP Address of your API gateway |
Enter Hostname | Internet-facing FQDN to generate certificates and metadata. Do not use an IP address or localhost. |
Enter two-letter Country Code | Used to generate web X.509 certificates |
Enter two-letter State Code | Used to generate web X.509 certificates |
Enter your City or locality | Used to generate web X.509 certificates |
Enter Organization name | Used to generate web X.509 certificates |
Enter Email Address | Used to generate web X.509 certificates |
Password | If you already have a postgres database password for user postgres , enter it here. Otherwise, enter a new password. |
OP Server Host | The hostname of the Gluu Server that will be used for OAuth 2.0 client credentials and access management. Example: your-op.server.com |
Install OXD Server? | If you choose Y(yes) then it will install fresh oxd server in your machine. If you choose N(No) then it will ask you next question Enter your existing OXD server URL , where you need to enter your existing oxd server URL. Check here for more details about oxd server. |
OXD Server URL | If oxd is installed on a different hostname than Gluu Gateway, provide its URL. If not, enter the hostname for Gluu Gateway |
Generate client credentials to call oxd-server API's? | Register an OpenID Client for Konga, or enter existing client credentials manually. Take care about yuor Client at your OP server side; make sure to extend this expiration date. If you enter existing client details, make sure your client in Redirect Login URIs and Post Logout Redirect URIs field has the value https://localhost:1338 . |
OXD Id | Used to manually set the oxd ID. |
Client Id | Used to manually set the client ID. |
Client Secret | Used to manually set the client secret. |
During setup, the metrics endpoint is registered with the Gluu license server. GG configures the following:
- Kong Service object with
name: gluu-org-metrics-service
andurl: http://localhost:8001
- Kong Route object with
methods: GET
,paths: /gluu-metrics
,strip_path: false
andservice: above_service_id
. - Kong IP Restriction plugin, which ensures this endpoint is only accessible to the Gluu license server.
- Configures the Gluu
gluu-metrics
plugin globally. - Registers the customer at the Gluu license server,
https://license.gluu.org
.
Finish the setup#
Gluu Gateway configuration successful!!! https://localhost:1338
If you see the above message, it means the installation was successful. To log in to the Gluu Gateway admin portal, create an SSH tunnel on port 1338 to the Gluu Gateway server, and point the browser at https://localhost:1338
. Use the login and password used to access the Gluu Server.
At Linux terminal you can create the tunnel as:
ssh -L 1338:localhost:1338 user@your_linux_host
Important
To diagnose errors during setup, check the log files: /opt/gluu-gateway/setup/gluu-gateway-setup.log
and /opt/gluu-gateway/setup/gluu-gateway-setup_error.log
Note
If you do not want an SSH tunnel connection, see the FAQ for global access configuration. After these settings, you also need to update the OP clients redirect URL and post logout URL using the oxd update-site API.
If automating installation, the JSON values can be passed directly to the setup script. The JSON values can be found here.
Applications and their ports#
Port | Description |
---|---|
1338 | Gluu Gateway Admin GUI |
8001 | Kong Admin API |
8000 | Kong Proxy Endpoint |
443 | Kong SSL Proxy Endpoint. By default, Kong uses 8443 port for SSL proxy, but during setup it is changed to 443. |
8443 | oxd Server |
To change the port and configurations, you can update the specific application's config file. For details, see the Configuration section.
Removal#
Important
Always run the following commands as root.
Choose one of the following three options:
-
Use
apt-get
to remove only the gluu-gateway package. Any dependencies installed at the same time, as well as configuration, will remain.apt-get remove gluu-gateway
-
If you want to also remove the configuration files (/etc/init.d/gluu-gateway and /opt/gluu-gateway/konga/config), use
purge
.apt-get purge gluu-gateway
-
Using the
--auto-remove
parameter will also remove the package dependencies (kong-community-edition, lua-cjson, nodejs, oxd-server, postgresql).apt-get remove --auto-remove gluu-gateway
Info
To remove all other GGs sub components, use apt-get purge gluu-gateway kong* postgresql-* oxd-server*