Skip to content
Edit

Gluu Gateway 4.0 is currently in open Beta. Questions and feedback can be directed to Gluu support. View known issues.

Installation#

To install Gluu Gateway, follow these steps:

  1. Add the required third party repositories
  2. Install the gluu-gateway package
  3. Run setup-gluu-gateway.py

Note

Before installing Gluu Gateway, be sure to have a Gluu Server installed and operational. The Gluu Gateway setup script requires an existing Gluu Server's hostname be provided.

Minimum Requirements#

Gluu Gateway needs to be deployed on a server or VM with the following minimum requirements:

CPU Unit RAM Disk Space Processor Type
1 2 GB 10 GB 64 Bit

Required Third Party repositories#

Important

Always run the following commands as root.

Ubuntu 16#

  • Add the Gluu repo:
    # echo "deb https://repo.gluu.org/ubuntu/ xenial-devel main" > /etc/apt/sources.list.d/gluu-repo.list
    # curl https://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add -
    
  • Add the PostgreSQL 10 repo:
    # echo "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main" > /etc/apt/sources.list.d/psql.list
    # wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
    
  • Add the Node repo:
    # curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
    

CentOS 7#

  • Add the Gluu repo:
    # wget https://repo.gluu.org/centos/Gluu-centos-7-testing.repo -O /etc/yum.repos.d/Gluu.repo
    # wget https://repo.gluu.org/centos/RPM-GPG-KEY-GLUU -O /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
    # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
    
  • Add the PostgreSQL 10 repo:
    # rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
    
  • Add the Node repo:
    # curl -sL https://rpm.nodesource.com/setup_8.x | sudo -E bash -
    

RHEL 7#

  • Add the Gluu repo:
    # wget https://repo.gluu.org/rhel/Gluu-rhel-7-testing.repo -O /etc/yum.repos.d/Gluu.repo
    # wget https://repo.gluu.org/rhel/RPM-GPG-KEY-GLUU -O /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
    # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-GLUU
    
  • Add the PostgreSQL 10 repo:
    # rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-redhat10-10-2.noarch.rpm
    
  • Add the Node repo:
    # curl -sL https://rpm.nodesource.com/setup_8.x | sudo -E bash -
    

Install the Gluu Gateway package#

Important

The Gluu Gateway package installs the following required components: PostgreSQL v10, oxd Server 4.0, NodeJS v8, Kong Community Edition v0.14.1.

Ubuntu 16#

 # apt update
 # apt install gluu-gateway

Centos 7, RHEL 7#

 # yum clean all
 # yum install gluu-gateway

Run the setup script#

Important

Before start setup, stop your all services which run on ports 443, 8443, 1338, 8000 and 8001.

Note

During setup, we are register your metrics endpoint at Gluu license server. GG configure below some things.

  • Kong Service object with name: gluu-org-metrics-service and url url: http://localhost:8001
  • Kong Route object with methods: GET, paths: /gluu-metrics, strip_path: false and service: above_service_id.
  • Kong IP Restriction plugin so that this endpoint only accessible to Gluu license server.
  • Configure Gluu gluu-metrics plugin globally.
  • Register customer at Gluu license server license.gluu.org.
 # cd /opt/gluu-gateway/setup
 # python setup-gluu-gateway.py

After acknowledging the Gluu Stepped-Up Support License, you will be prompted to answer several questions. Just hit Enter to accept the default values, which are specified in square brackets.

Important

When prompted to provide a two-letter value, make sure to follow the instructions. A mistake may result in the lack of certificates.

Question Explanation
Enter IP Address IP Address of your API gateway
Enter Hostname Internet-facing FQDN to generate certificates and metadata. Do not use an IP address or localhost.
Enter two-letter Country Code Used to generate web X.509 certificates
Enter two-letter State Code Used to generate web X.509 certificates
Enter your City or locality Used to generate web X.509 certificates
Enter Organization name Used to generate web X.509 certificates
Enter Email Address Used to generate web X.509 certificates
Password If you already have a postgres database password for user postgres, enter it here. Otherwise, enter a new password.
OP Server Host The hostname of the Gluu Server that will be used for OAuth 2.0 client credentials and access management. Example: your-op.server.com
Install OXD Server? If you choose Y(yes) then it will install fresh oxd server in your machine. If you choose N(No) then it will ask you next question Enter your existing OXD server URL, where you need to enter your existing oxd server URL.
OXD Server URL If oxd is installed on a different hostname than Gluu Gateway, provide its URL. If not, enter the hostname for Gluu Gateway
Generate client credentials to call oxd-server API's? Register an OpenID Client for Konga, or enter existing client credentials manually. Take care about yuor Client at your OP server side; make sure to extend this expiration date. If you enter existing client details, make sure your client in Redirect Login URIs and Post Logout Redirect URIs field has the value https://localhost:1338.
OXD Id Used to manually set the oxd ID.
Client Id Used to manually set the client ID.
Client Secret Used to manually set the client secret.

Finish the setup#

 Gluu Gateway configuration successful!!! https://localhost:1338

If you see the above message, it means the installation was successful. To log in to the Gluu Gateway admin portal, create an SSH tunnel on port 1338 from your workstation to the Gluu Gateway server, and point your browser at https://localhost:1338. Use the login and password that you also use to access the Gluu Server.

Important

If you get any error in setup then check the logs in log file /opt/gluu-gateway/setup/gluu-gateway-setup.log and /opt/gluu-gateway/setup/gluu-gateway-setup_error.log

Note

If you do not want an SSH tunnel connection. See FAQ for global access configuration. After this settings, you also need to update the OP clients redirect url and post logout url using oxd update-site api.

Applications and their ports#

Port Description
1338 Gluu Gateway Admin GUI
8001 Kong Admin API
8000 Kong Proxy Endpoint
443 Kong SSL Proxy Endpoint. By default, Kong uses 8443 port for SSL proxy, but during setup it is changed to 443.
8443 oxd Server

To change the port and configurations, you can update the specific application's config file. For details, see the Configuration section.

Removal#

Important

Always run the following commands as root.

Choose one of the following three options:

  1. Use apt-get to remove only the gluu-gateway package. Any dependencies installed at the same time, as well as configuration, will remain.

    # apt-get remove gluu-gateway
    
  2. If you want to also remove the configuration files (/etc/init.d/gluu-gateway and /opt/gluu-gateway/konga/config), use purge.

    # apt-get purge gluu-gateway
    

  3. Using the --auto-remove parameter will also remove the package dependencies (kong-community-edition, lua-cjson, nodejs, oxd-server, postgresql).

    # apt-get remove --auto-remove gluu-gateway