Skip to content
Kong Summit 2022: Where API Innovation Runs Wild  —Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Konnect Cloud
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Kong Konnect Platform

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Request Demo
  • Kong Gateway
  • Konnect Cloud
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Kong Konnect Platform

  • Docs contribution guidelines
  • 2.8.x (latest)
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (0.31-2.5)
  • Older OSS versions (0.13-2.5)
  • Archive (pre-0.13)
    • Version Support Policy
    • Changelog
    • Kubernetes
    • Helm
    • OpenShift with Helm
    • Docker
    • Amazon Linux
    • CentOS
    • macOS
    • Debian
    • RHEL
    • Ubuntu
    • Migrating from OSS to EE
    • Upgrade Kong Gateway
    • Upgrade Kong Gateway OSS
      • Configuring a Service
      • Configuring a gRPC Service
      • Enabling Plugins
      • Adding Consumers
      • Prepare to Administer
      • Expose your Services
      • Protect your Services
      • Improve Performance
      • Secure Services
      • Set Up Intelligent Load Balancing
      • Manage Administrative Teams
      • Publish, Locate, and Consume Services
    • Running Kong as a Non-Root User
    • Resource Sizing Guidelines
      • Deploy Kong Gateway in Hybrid Mode
    • Kubernetes Deployment Options
    • Control Kong Gateway through systemd
    • Performance Testing Framework
    • DNS Considerations
    • Default Ports
      • Access Your License
      • Deploy Your License
      • Monitor License Usage
      • Start Kong Gateway Securely
      • Keyring and Data Encryption
      • Kong Security Update Process
      • Authentication Reference
        • OpenID Connect with Curity
        • OpenID Connect with Azure AD
        • OpenID Connect with Google
        • OpenID Connect with Okta
        • OpenID Connect with Auth0
        • OpenID Connect with Cognito
        • OpenID Connect Plugin Reference
      • Allowing Multiple Authentication Methods
        • Create a Super Admin
        • Configure Networking
        • Configure Kong Manager to Send Email
        • Reset Passwords and RBAC Tokens
        • Configure Workspaces
        • Basic Auth
        • LDAP
        • OIDC
        • Sessions
        • Add a Role
        • Add a User
        • Add an Admin
      • Mapping LDAP Service Directory Groups to Kong Roles
      • Enable the Dev Portal
      • Structure and File Types
      • Portal API
      • Working with Templates
      • Using the Editor
          • Basic Auth
          • Key Auth
          • OIDC
          • Sessions
          • Adding Custom Registration Fields
        • SMTP
        • Workspaces
        • Manage Developers
        • Developer Roles and Content Permissions
          • Authorization Provider Strategy
          • Enable Application Registration
          • Enable Key Authentication for Application Registration
          • External OAuth2 Support
          • Set up Okta and Kong for external OAuth
          • Set Up Azure AD and Kong for External Authentication
          • Manage Applications
        • Easy Theme Editing
        • Migrating Templates Between Workspaces
        • Markdown Rendering Module
        • Customizing Portal Emails
        • Adding and Using JavaScript Assets
        • Single Page App in Dev Portal
        • Alternate OpenAPI Renderer
      • Helpers CLI
    • Configure gRPC Plugins
    • GraphQL Quickstart
    • Logging Reference
    • Network and Firewall
      • Metrics
      • Reports
      • Vitals with InfluxDB
      • Vitals with Prometheus
      • Estimate Vitals Storage in PostgreSQL
    • Prometheus plugin
    • Zipkin plugin
      • DB-less Mode
      • Declarative Configuration
      • Supported Content Types
      • Information Routes
      • Health Routes
      • Tags
      • Service Object
      • Route Object
      • Consumer Object
      • Plugin Object
      • Certificate Object
      • CA Certificate Object
      • SNI Object
      • Upstream Object
      • Target Object
        • Licenses Reference
        • Licenses Examples
        • Workspaces Reference
        • Workspace Examples
        • RBAC Reference
        • RBAC Examples
        • API Reference
        • Examples
        • API Reference
        • Examples
        • Event Hooks Reference
        • Examples
      • Audit Logging
      • Keyring and Data Encryption
      • Securing the Admin API
    • DB-less and Declarative Configuration
    • Configuration Reference
    • CLI Reference
    • Load Balancing Reference
    • Proxy Reference
    • Rate Limiting Library
    • Health Checks and Circuit Breakers Reference
    • Clustering Reference
      • kong.client
      • kong.client.tls
      • kong.cluster
      • kong.ctx
      • kong.ip
      • kong.log
      • kong.nginx
      • kong.node
      • kong.request
      • kong.response
      • kong.router
      • kong.service
      • kong.service.request
      • kong.service.response
      • kong.table
      • Introduction
      • File structure
      • Implementing custom logic
      • Plugin configuration
      • Accessing the datastore
      • Storing custom entities
      • Caching custom entities
      • Extending the Admin API
      • Writing tests
      • (un)Installing your plugin
    • Plugins in Other Languages

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Prerequisites
  • Install Kong Gateway with a database
    • Prepare the database
    • Start Kong Gateway
    • Get started with Kong Gateway
    • Clean up containers
  • Install Kong Gateway in DB-less mode
    • Create a Docker network
    • Prepare your configuration file
    • Start Kong Gateway in DB-less mode
    • Get started with Kong Gateway
    • Clean up containers
  • Troubleshooting
Kong Gateway
2.7.x
  • Home
  • Kong Gateway
  • Install and run
You are browsing documentation for an outdated version. See the latest documentation here.

Install Kong Gateway on Docker

See the list of Docker tags and pull the Docker image:

  • Kong Gateway
  • Kong Gateway (OSS)

(latest Kong Gateway version: 2.7.2.0)

Kong Gateway supports both PostgreSQL 9.5+ and Cassandra 3.11.* as its datastore. This guide provides steps to configure PostgreSQL.

If you prefer to use the open-source Kong Gateway image with Docker Compose, Kong also provides a Docker Compose template with built-in orchestration and scalability.

Some older Kong Gateway images are not publicly accessible. If you need a specific patch version and can’t find it on Kong’s public Docker Hub page, contact Kong Support.

The Kong Gateway software is governed by the Kong Software License Agreement. Kong Gateway (OSS) is licensed under an Apache 2.0 license.

Prerequisites

  • A Docker-enabled system with proper Docker access
  • (Enterprise only) A license.json file from Kong

Choose a path to install Kong Gateway:

  • With a database: Use a database to store Kong entity configurations. Can use the Admin API or declarative configuration files to configure Kong.
  • Without a database (DB-less mode): Store Kong configuration in-memory on the node. In this mode, the Admin API is read only, and you have to manage Kong using declarative configuration.

If this is your first time trying out Kong Gateway, we recommend installing it with a database.

Install Kong Gateway with a database

Set up a Kong Gateway container with a PostgreSQL database to store Kong configuration.

Deprecation warning: Cassandra as a backend database for Kong Gateway is deprecated. This means the feature will eventually be removed.
Our target for Cassandra removal is the Kong Gateway 4.0 release. Starting with the Kong Gateway 3.0 release, some new features might not be supported with Cassandra.

Prepare the database

  1. Create a custom Docker network to allow the containers to discover and communicate with each other:

     docker network create kong-net
    

    You can name this network anything you want. We use kong-net as an example throughout this guide.

  2. Start a PostgreSQL container:

     docker run -d --name kong-database \
      --network=kong-net \
      -p 5432:5432 \
      -e "POSTGRES_USER=kong" \
      -e "POSTGRES_DB=kong" \
      -e "POSTGRES_PASSWORD=kongpass" \
      postgres:9.6
    
    • POSTGRES_USER and POSTGRES_DB: Set these values to kong. This is the default value that Kong Gateway expects.
    • POSTGRES_PASSWORD: Set the database password to any string.

    In this example, the Postgres container named kong-database can communicate with any containers on the kong-net network.

  3. Prepare the Kong database:

    Kong Gateway
    Kong Gateway (OSS)
    docker run --rm --network=kong-net \
      -e "KONG_DATABASE=postgres" \
      -e "KONG_PG_HOST=kong-database" \
      -e "KONG_PG_PASSWORD=kongpass" \
      -e "KONG_PASSWORD=test" \
     kong/kong-gateway:2.7.2.0-alpine kong migrations bootstrap
    
    docker run --rm --network=kong-net \
      -e "KONG_DATABASE=postgres" \
      -e "KONG_PG_HOST=kong-database" \
      -e "KONG_PG_PASSWORD=kongpass" \
     kong:2.7.2-alpine kong migrations bootstrap
    

    Where:

    • KONG_DATABASE: Specifies the type of database that Kong is using.
    • KONG_PG_HOST: The name of the Postgres Docker container that is communicating over the kong-net network, from the previous step.
    • KONG_PG_PASSWORD: The password that you set when bringing up the Postgres container in the previous step.
    • KONG_PASSWORD (Enterprise only): The default password for the admin super user for Kong Gateway.
    • {IMAGE-NAME:TAG} kong migrations bootstrap: In order, this is the Kong Gateway container name and tag, followed by the command to Kong to prepare the Postgres database.

Start Kong Gateway

Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.


If you need to expose the admin_listen port to the internet in a production environment, secure it with authentication.

  1. Run the following command to start a container with Kong Gateway:

    Kong Gateway
    Kong Gateway (OSS)
    docker run -d --name kong-gateway \
      --network=kong-net \
      -e "KONG_DATABASE=postgres" \
      -e "KONG_PG_HOST=kong-database" \
      -e "KONG_PG_USER=kong" \
      -e "KONG_PG_PASSWORD=kongpass" \
      -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
      -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
      -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
      -e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
      -p 8000:8000 \
      -p 8443:8443 \
      -p 8001:8001 \
      -p 8444:8444 \
      -p 8002:8002 \
      -p 8445:8445 \
      -p 8003:8003 \
      -p 8004:8004 \
      kong/kong-gateway:2.7.2.0-alpine
    
    docker run -d --name kong-gateway \
      --network=kong-net \
      -e "KONG_DATABASE=postgres" \
      -e "KONG_PG_HOST=kong-database" \
      -e "KONG_PG_USER=kong" \
      -e "KONG_PG_PASSWORD=kongpass" \
      -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
      -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
      -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
      -p 8000:8000 \
      -p 8443:8443 \
      -p 127.0.0.1:8001:8001 \
      -p 127.0.0.1:8444:8444 \
      kong:2.7.2-alpine
    

    Where:

    • --name and --network: The name of the container to create, and the Docker network it communicates on.
    • KONG_DATABASE: Specifies the type of database that Kong is using.
    • KONG_PG_HOST: The name of the Postgres Docker container that is communicating over the kong-net network.
    • KONG_PG_USER and KONG_PG_PASSWORD: The Postgres username and password. Kong Gateway needs the login information to store configuration data in the KONG_PG_HOST database.
    • All _LOG parameters: set filepaths for the logs to output to, or use the values in the example to print messages and errors to stdout and stderr.
    • KONG_ADMIN_LISTEN: The port that the Kong Admin API listens on for requests.
    • KONG_ADMIN_GUI_URL: (Enterprise only) The URL for accessing Kong Manager, preceded by a protocol (for example, http://).
  2. Verify your installation:

    Access the /services endpoint using the Admin API:

     curl -i -X GET --url http://localhost:8001/services
    

    You should receive a 200 status code.

  3. (Not available in OSS) Verify that Kong Manager is running by accessing it using the URL specified in KONG_ADMIN_GUI_URL:

     http://localhost:8002
    

Get started with Kong Gateway

Now that you have a running Gateway instance, Kong provides a series of getting started guides to help you set up and enhance your first Service.

In particular, right after installation you might want to:

  • Create a service and a route
  • Configure a plugin
  • Secure your services with authentication
  • Load balance traffic across targets

Clean up containers

If you’re done testing Kong Gateway and no longer need the containers, you can clean them up using the following commands:

docker kill kong-gateway
docker kill kong-database
docker container rm kong-gateway
docker container rm kong-database
docker network rm kong-net

Install Kong Gateway in DB-less mode

The following steps walk you through starting Kong Gateway in DB-less mode.

Create a Docker network

Run the following command:

docker network create kong-net

You can name this network anything you want. We use kong-net as an example throughout this guide.

This step is not strictly needed for running Kong in DB-less mode, but it is a good precaution in case you want to add other things in the future (like a Rate Limiting plugin backed up by a Redis cluster).

Prepare your configuration file

  1. Prepare your declarative configuration file in .yml or .json format.

    The syntax and properties are described in the Declarative Configuration format guide. Add whatever core entities (Services, Routes, Plugins, Consumers, etc) you need to this file.

    For example, a simple file with a Service and a Route could look something like this:

     _format_version: "1.1"
     _transform: true
    
     services:
     - host: mockbin.org
       name: example_service
       port: 80
       protocol: http
       routes:
       - name: example_route
         paths:
         - /mock
         strip_path: true
    

    This guide assumes you named the file kong.yml.

  2. Save your declarative configuration locally, and note the filepath.

Start Kong Gateway in DB-less mode

Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.


If you need to expose the admin_listen port to the internet in a production environment, secure it with authentication.

  1. From the same directory where you just created the kong.yml file, run the following command to start a container with Kong Gateway:

    Kong Gateway
    Kong Gateway (OSS)
    docker run -d --name kong-dbless \
      --network=kong-net \
      -v "$(pwd):/kong/declarative/" \
      -e "KONG_DATABASE=off" \
      -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
      -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
      -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
      -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
      -e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
      -p 8000:8000 \
      -p 8443:8443 \
      -p 8001:8001 \
      -p 8444:8444 \
      -p 8002:8002 \
      -p 8445:8445 \
      -p 8003:8003 \
      -p 8004:8004 \
      kong/kong-gateway:2.7.2.0-alpine
    
    docker run -d --name kong-dbless \
      --network=kong-net \
      -v "$(pwd):/kong/declarative/" \
      -e "KONG_DATABASE=off" \
      -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
      -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
      -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
      -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
      -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
      -p 8000:8000 \
      -p 8443:8443 \
      -p 127.0.0.1:8001:8001 \
      -p 127.0.0.1:8444:8444 \
      kong:2.7.2-alpine
    

    Where:

    • --name and --network: The name of the container to create, and the Docker network it communicates on.
    • -v $(pwd):/path/to/target/: Mount the current directory on your local filesystem to a directory in the Docker container. This makes the kong.yml file visible from the Docker container.
    • KONG_DATABASE: Sets the database to off to tell Kong not to use any backing database for configuration storage.
    • KONG_DECLARATIVE_CONFIG: The path to a declarative configuration file inside the container. This path should match the target path that you’re mapping with -v.
    • All _LOG parameters: set filepaths for the logs to output to, or use the values in the example to print messages and errors to stdout and stderr.
    • KONG_ADMIN_LISTEN: The port that the Kong Admin API listens on for requests.
    • KONG_ADMIN_GUI_URL: (Enterprise only) The URL for accessing Kong Manager, preceded by a protocol (for example, http://).
  2. Verify that Kong Gateway is running:

     curl -i http://localhost:8001
    

    Test an endpoint. For example, get a list of services:

     curl -i http://localhost:8001/services
    

Get started with Kong Gateway

Now that you have a running Gateway instance, Kong provides a series of getting started guides to help you set up and enhance your first Service.

If you use the sample kong.yml in this guide, you already have a Service and a Route configured. Here are a few more things to check out:

  • Configure a plugin
  • Secure your services with authentication
  • Load balance traffic across targets

Clean up containers

If you’re done testing Kong Gateway and no longer need the containers, you can clean them up using the following commands:

docker kill kong-dbless
docker container rm kong-dbless
docker network rm kong-net

Troubleshooting

If you did not receive a 200 OK status code or need assistance completing setup, reach out to your support contact or head over to the Support Portal.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2022