Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Kong Gateway Operator
      Manage your Kong deployments on Kubernetes using YAML Manifests
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Gateway
2.7.x
  • Home icon
  • Kong Gateway
  • Install And Run
  • Install Kong Gateway on Docker
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Kong Gateway Operator
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.4.x (latest)
  • 3.3.x
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Archive (pre-2.6)
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Prerequisites
  • Install Kong Gateway with a database
    • Prepare the database
    • Start Kong Gateway
    • Get started with Kong Gateway
    • Clean up containers
  • Install Kong Gateway in DB-less mode
    • Create a Docker network
    • Prepare your configuration file
    • Start Kong Gateway in DB-less mode
    • Get started with Kong Gateway
    • Clean up containers
  • Troubleshooting
You are browsing documentation for an outdated version. See the latest documentation here.

Install Kong Gateway on Docker

See the list of Docker tags and pull the Docker image:

  • Kong Gateway
  • Kong Gateway (OSS)

(latest Kong Gateway version: 2.7.2.0)

Kong Gateway supports both PostgreSQL 9.5+ and Cassandra 3.11.* as its datastore. This guide provides steps to configure PostgreSQL.

If you prefer to use the open-source Kong Gateway image with Docker Compose, Kong also provides a Docker Compose template with built-in orchestration and scalability.

Some older Kong Gateway images are not publicly accessible. If you need a specific patch version and can’t find it on Kong’s public Docker Hub page, contact Kong Support.

The Kong Gateway software is governed by the Kong Software License Agreement. Kong Gateway (OSS) is licensed under an Apache 2.0 license.

Prerequisites

  • A Docker-enabled system with proper Docker access
  • (Enterprise only) A license.json file from Kong

Choose a path to install Kong Gateway:

  • With a database: Use a database to store Kong entity configurations. Can use the Admin API or declarative configuration files to configure Kong.
  • Without a database (DB-less mode): Store Kong configuration in-memory on the node. In this mode, the Admin API is read only, and you have to manage Kong using declarative configuration.

If this is your first time trying out Kong Gateway, we recommend installing it with a database.

Install Kong Gateway with a database

Set up a Kong Gateway container with a PostgreSQL database to store Kong configuration.

Deprecation warning: Cassandra as a backend database for Kong Gateway is deprecated. Support for Cassandra will be removed in a future release.
Our target for Cassandra removal is the Kong Gateway 3.4 release. Starting with the Kong Gateway 3.0 release, some new features might not be supported with Cassandra.

Prepare the database

  1. Create a custom Docker network to allow the containers to discover and communicate with each other:

     docker network create kong-net
    

    You can name this network anything you want. We use kong-net as an example throughout this guide.

  2. Start a PostgreSQL container:

     docker run -d --name kong-database \
      --network=kong-net \
      -p 5432:5432 \
      -e "POSTGRES_USER=kong" \
      -e "POSTGRES_DB=kong" \
      -e "POSTGRES_PASSWORD=kongpass" \
      postgres:9.6
    
    • POSTGRES_USER and POSTGRES_DB: Set these values to kong. This is the default value that Kong Gateway expects.
    • POSTGRES_PASSWORD: Set the database password to any string.

    In this example, the Postgres container named kong-database can communicate with any containers on the kong-net network.

  3. Prepare the Kong database:

    Kong Gateway
    Kong Gateway (OSS)
    docker run --rm --network=kong-net \
     -e "KONG_DATABASE=postgres" \
     -e "KONG_PG_HOST=kong-database" \
     -e "KONG_PG_PASSWORD=kongpass" \
     -e "KONG_PASSWORD=test" \
    kong/kong-gateway:2.7.2.0-alpine kong migrations bootstrap
    docker run --rm --network=kong-net \
     -e "KONG_DATABASE=postgres" \
     -e "KONG_PG_HOST=kong-database" \
     -e "KONG_PG_PASSWORD=kongpass" \
    kong:2.7.2-alpine kong migrations bootstrap

    Where:

    • KONG_DATABASE: Specifies the type of database that Kong is using.
    • KONG_PG_HOST: The name of the Postgres Docker container that is communicating over the kong-net network, from the previous step.
    • KONG_PG_PASSWORD: The password that you set when bringing up the Postgres container in the previous step.
    • KONG_PASSWORD (Enterprise only): The default password for the admin super user for Kong Gateway.
    • {IMAGE-NAME:TAG} kong migrations bootstrap: In order, this is the Kong Gateway container name and tag, followed by the command to Kong to prepare the Postgres database.

Start Kong Gateway

Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.


If you need to expose the admin_listen port to the internet in a production environment,

secure it with authentication.

  1. Run the following command to start a container with Kong Gateway:

    Kong Gateway
    Kong Gateway (OSS)
    docker run -d --name kong-gateway \
     --network=kong-net \
     -e "KONG_DATABASE=postgres" \
     -e "KONG_PG_HOST=kong-database" \
     -e "KONG_PG_USER=kong" \
     -e "KONG_PG_PASSWORD=kongpass" \
     -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
     -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
     -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
     -e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
     -p 8000:8000 \
     -p 8443:8443 \
     -p 8001:8001 \
     -p 8444:8444 \
     -p 8002:8002 \
     -p 8445:8445 \
     -p 8003:8003 \
     -p 8004:8004 \
     kong/kong-gateway:2.7.2.0-alpine
    docker run -d --name kong-gateway \
     --network=kong-net \
     -e "KONG_DATABASE=postgres" \
     -e "KONG_PG_HOST=kong-database" \
     -e "KONG_PG_USER=kong" \
     -e "KONG_PG_PASSWORD=kongpass" \
     -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
     -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
     -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
     -p 8000:8000 \
     -p 8443:8443 \
     -p 127.0.0.1:8001:8001 \
     -p 127.0.0.1:8444:8444 \
     kong:2.7.2-alpine

    Where:

    • --name and --network: The name of the container to create, and the Docker network it communicates on.
    • KONG_DATABASE: Specifies the type of database that Kong is using.
    • KONG_PG_HOST: The name of the Postgres Docker container that is communicating over the kong-net network.
    • KONG_PG_USER and KONG_PG_PASSWORD: The Postgres username and password. Kong Gateway needs the login information to store configuration data in the KONG_PG_HOST database.
    • All _LOG parameters: set filepaths for the logs to output to, or use the values in the example to print messages and errors to stdout and stderr.
    • KONG_ADMIN_LISTEN: The port that the Kong Admin API listens on for requests.
    • KONG_ADMIN_GUI_URL: (Enterprise only) The URL for accessing Kong Manager, preceded by a protocol (for example, http://).
  2. Verify your installation:

    Access the /services endpoint using the Admin API:

     curl -i -X GET --url http://localhost:8001/services
    

    You should receive a 200 status code.

  3. (Not available in OSS) Verify that Kong Manager is running by accessing it using the URL specified in KONG_ADMIN_GUI_URL:

     http://localhost:8002
    

Get started with Kong Gateway

Now that you have a running Gateway instance, Kong provides a series of getting started guides to help you set up and enhance your first Service.

In particular, right after installation you might want to:

  • Create a service and a route
  • Configure a plugin
  • Secure your services with authentication
  • Load balance traffic across targets

Clean up containers

If you’re done testing Kong Gateway and no longer need the containers, you can clean them up using the following commands:

docker kill kong-gateway
docker kill kong-database
docker container rm kong-gateway
docker container rm kong-database
docker network rm kong-net

Install Kong Gateway in DB-less mode

The following steps walk you through starting Kong Gateway in DB-less mode.

Create a Docker network

Run the following command:

docker network create kong-net

You can name this network anything you want. We use kong-net as an example throughout this guide.

This step is not strictly needed for running Kong in DB-less mode, but it is a good precaution in case you want to add other things in the future (like a Rate Limiting plugin backed up by a Redis cluster).

Prepare your configuration file

  1. Prepare your declarative configuration file in .yml or .json format.

    The syntax and properties are described in the Declarative Configuration format guide. Add whatever core entities (Services, Routes, Plugins, Consumers, etc) you need to this file.

    For example, a simple file with a Service and a Route could look something like this:

     _format_version: "1.1"
     _transform: true
    
     services:
     - host: mockbin.org
       name: example_service
       port: 80
       protocol: http
       routes:
       - name: example_route
         paths:
         - /mock
         strip_path: true
    

    This guide assumes you named the file kong.yml.

  2. Save your declarative configuration locally, and note the filepath.

Start Kong Gateway in DB-less mode

Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.


If you need to expose the admin_listen port to the internet in a production environment,

secure it with authentication.

  1. From the same directory where you just created the kong.yml file, run the following command to start a container with Kong Gateway:

    Kong Gateway
    Kong Gateway (OSS)
    docker run -d --name kong-dbless \
     --network=kong-net \
     -v "$(pwd):/kong/declarative/" \
     -e "KONG_DATABASE=off" \
     -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
     -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
     -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
     -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
     -e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
     -p 8000:8000 \
     -p 8443:8443 \
     -p 8001:8001 \
     -p 8444:8444 \
     -p 8002:8002 \
     -p 8445:8445 \
     -p 8003:8003 \
     -p 8004:8004 \
     kong/kong-gateway:2.7.2.0-alpine
    docker run -d --name kong-dbless \
     --network=kong-net \
     -v "$(pwd):/kong/declarative/" \
     -e "KONG_DATABASE=off" \
     -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
     -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
     -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
     -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
     -p 8000:8000 \
     -p 8443:8443 \
     -p 127.0.0.1:8001:8001 \
     -p 127.0.0.1:8444:8444 \
     kong:2.7.2-alpine

    Where:

    • --name and --network: The name of the container to create, and the Docker network it communicates on.
    • -v $(pwd):/path/to/target/: Mount the current directory on your local filesystem to a directory in the Docker container. This makes the kong.yml file visible from the Docker container.
    • KONG_DATABASE: Sets the database to off to tell Kong not to use any backing database for configuration storage.
    • KONG_DECLARATIVE_CONFIG: The path to a declarative configuration file inside the container. This path should match the target path that you’re mapping with -v.
    • All _LOG parameters: set filepaths for the logs to output to, or use the values in the example to print messages and errors to stdout and stderr.
    • KONG_ADMIN_LISTEN: The port that the Kong Admin API listens on for requests.
    • KONG_ADMIN_GUI_URL: (Enterprise only) The URL for accessing Kong Manager, preceded by a protocol (for example, http://).
  2. Verify that Kong Gateway is running:

     curl -i http://localhost:8001
    

    Test an endpoint. For example, get a list of services:

     curl -i http://localhost:8001/services
    

Get started with Kong Gateway

Now that you have a running Gateway instance, Kong provides a series of getting started guides to help you set up and enhance your first Service.

If you use the sample kong.yml in this guide, you already have a Service and a Route configured. Here are a few more things to check out:

  • Configure a plugin
  • Secure your services with authentication
  • Load balance traffic across targets

Clean up containers

If you’re done testing Kong Gateway and no longer need the containers, you can clean them up using the following commands:

docker kill kong-dbless
docker container rm kong-dbless
docker network rm kong-net

Troubleshooting

If you did not receive a 200 OK status code or need assistance completing setup, reach out to your support contact or head over to the Support Portal.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023