git clone git@github.com:Kong/docker-kong.git
cd docker-kong/compose
docker-compose up -d
- Kong Admin runs at
http://localhost:8001
- Kong Proxy runs at
http://localhost:8000
Note: Change {your-service-name}
to your own service name
http POST http://localhost:8001/services \
name="{your-service-name}" \
url="http://192.168.99.100:32248"
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 258
Content-Type: application/json; charset=utf-8
Date: Wed, 21 Nov 2018 04:53:42 GMT
Server: kong/0.14.1
{
"connect_timeout": 60000,
"created_at": 1542776022,
"host": "192.168.99.100",
"id": "a1d35b57-da18-4a1c-8734-deaa7f63761c", # Copy this Id
"name": "user-svc",
"path": null,
"port": 30846,
"protocol": "http",
"read_timeout": 60000,
"retries": 5,
"updated_at": 1542776022,
"write_timeout": 60000
}
- Add the custom host name to your hosts file.
- Assume that we use the hostname
service.local
. So, just execute this commandecho "127.0.0.1 service.local" >> /etc/hosts
- Replace
{your-service-id}
by the service id in the previous step.
http POST http://localhost:8001/routes \
hosts:='["service.local"]' \
paths:='["/"]' \
service:='{"id": "{your-service-id}"}'
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 291
Content-Type: application/json; charset=utf-8
Date: Wed, 21 Nov 2018 04:56:21 GMT
Server: kong/0.14.1
{
"created_at": 1542776181,
"hosts": [
"service.local"
],
"id": "2f76bb47-8e10-4f8a-92d2-798153d71425", # Copy this Id
"methods": null,
"paths": [
"/"
],
"preserve_host": false,
"protocols": [
"http",
"https"
],
"regex_priority": 0,
"service": {
"id": "a1d35b57-da18-4a1c-8734-deaa7f63761c"
},
"strip_path": true,
"updated_at": 1542776181
}
- Replace
{your-route-id}
by the route id in the previous step.
http POST http://localhost:8001/routes/{your-route-id}/plugins name="jwt"
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 315
Content-Type: application/json; charset=utf-8
Date: Wed, 21 Nov 2018 07:31:45 GMT
Server: kong/0.14.1
{
"config": {
"anonymous": "",
"cookie_names": {},
"key_claim_name": "iss",
"maximum_expiration": 0,
"run_on_preflight": true,
"secret_is_base64": true,
"uri_param_names": [
"jwt"
]
},
"created_at": 1542785506000,
"enabled": true,
"id": "5367122d-121c-4d73-a88e-9eb5e524292f",
"name": "jwt",
"route_id": "2f76bb47-8e10-4f8a-92d2-798153d71425"
}
Find out more here
http POST http://localhost:8001/consumers \
username="sam"
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 104
Content-Type: application/json; charset=utf-8
Date: Wed, 21 Nov 2018 07:39:38 GMT
Server: kong/0.14.1
{
"created_at": 1542785978,
"custom_id": null,
"id": "c50e47ea-38c1-48e1-a0c0-e2fde00475f6",
"username": "sam"
}
http POST http://localhost:8001/consumers/sam/jwt
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 231
Content-Type: application/json; charset=utf-8
Date: Wed, 21 Nov 2018 07:40:18 GMT
Server: kong/0.14.1
{
"algorithm": "HS256",
"consumer_id": "c50e47ea-38c1-48e1-a0c0-e2fde00475f6",
"created_at": 1542786019000,
"id": "c44261b4-3fdd-4d42-be40-cfcbd4ffebae",
"key": "CYDqzeQ0427MfZQ7wABuYSXPxBkQpgWh", # Issuer
"secret": "orYGrUbXyQ1VBFPRwnlDwakS18gOQNZI" # Sigin key
}
Key and Secret were used for generate access token.
Craft JWT using https://www.jsonwebtoken.io/
- Issuer (key from above): CYDqzeQ0427MfZQ7wABuYSXPxBkQpgWh
- Signin Key (secret from above): orYGrUbXyQ1VBFPRwnlDwakS18gOQNZI
- Create the payload similiar like this
{
"iss": "CYDqzeQ0427MfZQ7wABuYSXPxBkQpgWh",
# you can add extra data if you want
}
Results in JWT String: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJZUkdFSFNPcDNsWUxlcWl2VTE2UkZtWXNaWTNTandCMiIsImp0aSI6ImY2YjJiMDZlLTljYmYtNDVmOC05ZDFhLTBjOGU4NDk0OGIzMCIsImlhdCI6MTU0Mjc4NjMxMSwiZXhwIjoxNTQyNzg5OTExfQ.gP2y-yx7_pLidKYP_SnIqLs38mjXVX3e7HqFTONDnKY
curl http://service.local:8000/ \
-H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJZUkdFSFNPcDNsWUxlcWl2VTE2UkZtWXNaWTNTandCMiIsImp0aSI6ImY2YjJiMDZlLTljYmYtNDVmOC05ZDFhLTBjOGU4NDk0OGIzMCIsImlhdCI6MTU0Mjc4NjMxMSwiZXhwIjoxNTQyNzg5OTExfQ.gP2y-yx7_pLidKYP_SnIqLs38mjXVX3e7HqFTONDnKY'