Install Kong Gateway on RHEL
This guide walks through downloading, installing, and starting Kong Gateway (Enterprise) on RHEL.
The configuration shown in this guide is intended as an example. Depending on your
environment, you may need to make modifications and take measures to properly conclude
the installation and configuration.
Kong Gateway supports both PostgreSQL 9.5+ and Cassandra 3.11.* as its datastore. This guide provides
steps to configure PostgreSQL. For assistance in setting up Cassandra, please contact your Sales or Support representative.
This software is governed by the
Kong Software License Agreement.
The following instructions assume that you are deploying Kong Gateway in classic embedded mode.
If you want to run Kong Gateway in Hybrid mode, the instructions in this topic will walk you though setting up a Control Plane instance. Afterward, you will need to bring up additional gateway instances for the Data Planes, and perform further configuration steps. See Hybrid Mode Setup for details.
To complete this installation you will need a supported RHEL system with
Step 1. Prepare to install Kong Gateway
There are two options to install Kong Gateway on RHEL.
Step 2. Install Kong Gateway
Step 3. Set up PostgreSQL
Follow the instructions available at https://www.postgresql.org/download/linux/redhat/ to install a supported version of PostgreSQL. Kong supports version 9.5 and higher. As an example, you can run a command set similar to:
$ sudo dnf install postgresql-server
Initialize the PostgreSQL database and enable automatic start.
$ sudo /usr/bin/postgresql-setup initdb
$ sudo systemctl enable postgresql
$ sudo systemctl start postgresql
Switch to PostgreSQL user and launch PostgreSQL.
$ sudo -i -u postgres
Create a Kong database with a username and password.
⚠️Note: Make sure the username and password for the Kong Database are
kept safe. This example uses a simple username and password for illustration purposes only. Note the database name, username and password for later.
$ psql> CREATE USER kong; CREATE DATABASE kong OWNER kong; ALTER USER kong WITH password 'kong';
Exit from PostgreSQL and return to your terminal account.
Edit the the PostgreSQL configuration file
/var/lib/pgsql/data/pg_hba.conf using your preferred editor.
Under IPv4 local connections replace
ident authentication by default. To allow the
kong user to communicate with the database locally, change the authentication method to
md5 by modifying the PostgreSQL configuration file.
$ sudo systemctl restart postgresql
Step 4. Modify Kong Gateway’s configuration file to work with PostgreSQL
Make a copy of Kong Gateway’s default configuration file.
$ sudo cp /etc/kong/kong.conf.default /etc/kong/kong.conf
Uncomment and update the PostgreSQL database properties in
/etc/kong/kong.conf using your preferred text editor.
pg_user = kong
pg_password = kong
pg_database = kong
Step 5. Seed the Super Admin password and bootstrap Kong Gateway
When you start Kong, the Nginx master process runs
, and the worker processes run as
default. If this is not the desired behavior, you can switch the Nginx master process to run on the built-in
user or to a custom non-root user before starting Kong.
For more information, see
Running Kong as a Non-Root User
Setting a password for the Super Admin before initial start-up is strongly recommended. This will permit the use of RBAC (Role Based Access Control) at a later time, if needed.
Create an environment variable with the desired Super Admin password and store the password in a safe place. Run migrations to prepare the Kong database:
$ sudo KONG_PASSWORD=<password-only-you-know> /usr/local/bin/kong migrations bootstrap -c /etc/kong/kong.conf
Start Kong Gateway:
$ sudo /usr/local/bin/kong start -c /etc/kong/kong.conf
Verify Kong Gateway is working:
$ curl -i -X GET --url http://localhost:8001/services
You should receive a
HTTP/1.1 200 OK message.
Step 6. Finalize configuration and verify installation
Enable and configure Kong Manager
To access the gateway’s Graphical User Interface, Kong Manager, update the
admin_gui_url property in
/etc/kong/kong.conf file the to the DNS, or IP address, of the RHEL system. For example:
admin_gui_url = http://<DNSorIP>:8002
This setting needs to resolve to a network path that will reach the RHEL host.
It is necessary to update the administration API setting to listen on the needed network interfaces on the RHEL host. A setting of
0.0.0.0:8001 will listen on port
8001 on all available network interfaces.
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
You may also list network interfaces separately as in this example:
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl, 127.0.0.1:8001, 127.0.0.1:8444 ssl
Restart Kong for the setting to take effect:
$ sudo /usr/local/bin/kong restart
You may now access Kong Manager on port
(Optional) Enable the Dev Portal
Deploy a license.
Enable the Dev Portal by setting the
portal property to
on and the
portal_gui_host property to the DNS or IP address of the RHEL system. For
portal = on
portal_gui_host = <DNSorIP>:8003
Restart Kong Gateway for the setting to take effect:
$ sudo /usr/local/bin/kong restart
Enable the Dev Portal for a workspace. Execute the following command,
DNSorIP to reflect the IP or valid DNS for the RHEL system:
$ curl -X PATCH http://<DNSorIP>:8001/workspaces/default \
Access the Dev Portal for the default workspace using the following URL,
substituting your own DNS or IP:
If you did not receive an
HTTP/1.1 200 OK message, or need assistance completing
your setup, reach out to your Kong Support contact or go to the
Check out Kong Gateway’s series of
Getting Started guides to get the most
out of Kong Gateway.
If you have an Enterprise subscription, add the license using the
/licenses Admin API endpoint.