Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.2.x (latest)
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)
    • Overview of Kong Gateway
    • Version Support Policy
    • Stages of Software Availability
    • Changelog
    • Overview
    • Kubernetes
    • Helm
    • OpenShift with Helm
    • Docker
    • Amazon Linux
    • CentOS
    • Debian
    • RHEL
    • Ubuntu
    • Migrating from OSS to EE
    • Upgrade Kong Gateway
    • Upgrade Kong Gateway OSS
      • Configuring a Service
      • Configuring a gRPC Service
      • Enabling Plugins
      • Adding Consumers
      • Prepare to Administer
      • Expose your Services
      • Protect your Services
      • Improve Performance
      • Secure Services
      • Set Up Intelligent Load Balancing
      • Manage Administrative Teams
      • Publish, Locate, and Consume Services
    • Running Kong as a Non-Root User
    • Resource Sizing Guidelines
      • Deploy Kong Gateway in Hybrid Mode
    • Kubernetes Deployment Options
    • Control Kong Gateway through systemd
    • Performance Testing Framework
    • DNS Considerations
    • Default Ports
      • Access Your License
      • Deploy Your License
      • Monitor License Usage
      • Start Kong Gateway Securely
      • Keyring and Data Encryption
      • Kong Security Update Process
        • Getting Started
        • Advanced Usage
          • Environment Variables
          • AWS Secrets Manager
          • GCP Secrets Manager
          • Hashicorp Vault
        • Reference Format
      • Authentication Reference
        • OpenID Connect with Curity
        • OpenID Connect with Azure AD
        • OpenID Connect with Google
        • OpenID Connect with Okta
        • OpenID Connect with Auth0
        • OpenID Connect with Cognito
        • OpenID Connect Plugin Reference
      • Allowing Multiple Authentication Methods
        • Create a Super Admin
        • Configure Networking
        • Configure Kong Manager to Send Email
        • Reset Passwords and RBAC Tokens
        • Configure Workspaces
        • Basic Auth
        • LDAP
        • OIDC
        • Sessions
        • Add a Role
        • Add a User
        • Add an Admin
      • Mapping LDAP Service Directory Groups to Kong Roles
    • Configure gRPC Plugins
    • GraphQL Quickstart
    • Logging Reference
    • Network and Firewall
    • Overview
    • Enable the Dev Portal
    • Structure and File Types
    • Portal API Documentation
    • Working with Templates
    • Using the Editor
        • Basic Auth
        • Key Auth
        • OIDC
        • Sessions
        • Adding Custom Registration Fields
      • SMTP
      • Workspaces
      • Manage Developers
      • Developer Roles and Content Permissions
        • Authorization Provider Strategy
        • Enable Application Registration
        • Enable Key Authentication for Application Registration
        • External OAuth2 Support
        • Set up Okta and Kong for external OAuth
        • Set Up Azure AD and Kong for External Authentication
        • Manage Applications
      • Easy Theme Editing
      • Migrating Templates Between Workspaces
      • Markdown Rendering Module
      • Customizing Portal Emails
      • Adding and Using JavaScript Assets
      • Single Page App in Dev Portal
      • Alternate OpenAPI Renderer
    • Helpers CLI
      • Metrics
      • Reports
      • Vitals with InfluxDB
      • Vitals with Prometheus
      • Estimate Vitals Storage in PostgreSQL
    • Prometheus plugin
    • Zipkin plugin
      • DB-less Mode
      • Declarative Configuration
      • Supported Content Types
      • Information Routes
      • Health Routes
      • Tags
      • Service Object
      • Route Object
      • Consumer Object
      • Plugin Object
      • Certificate Object
      • CA Certificate Object
      • SNI Object
      • Upstream Object
      • Target Object
      • Vaults Beta
        • Licenses Reference
        • Licenses Examples
        • Workspaces Reference
        • Workspace Examples
        • RBAC Reference
        • RBAC Examples
        • API Reference
        • Examples
      • Developers
        • API Reference
        • Examples
        • Event Hooks Reference
        • Examples
      • Audit Logging
      • Keyring and Data Encryption
      • Securing the Admin API
    • DB-less and Declarative Configuration
    • Configuration Reference
    • CLI Reference
    • Load Balancing Reference
    • Proxy Reference
    • Rate Limiting Library
    • Health Checks and Circuit Breakers Reference
    • Clustering Reference
      • kong.client
      • kong.client.tls
      • kong.cluster
      • kong.ctx
      • kong.ip
      • kong.log
      • kong.nginx
      • kong.node
      • kong.request
      • kong.response
      • kong.router
      • kong.service
      • kong.service.request
      • kong.service.response
      • kong.table
      • kong.vault
      • Introduction
      • File structure
      • Implementing custom logic
      • Plugin configuration
      • Accessing the datastore
      • Storing custom entities
      • Caching custom entities
      • Extending the Admin API
      • Writing tests
      • (un)Installing your plugin
    • Plugins in Other Languages
    • File Permissions Reference

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Prerequisites
  • Download and Install
  • Set up configs
    • Using a database
    • Using a yaml declarative config file
  • Start Kong Gateway
  • Verify install
  • Post-install configuration
    • Apply Enterprise license
    • Enable Kong Manager
    • Enable Dev Portal
  • Troubleshooting and support
  • Next steps
Kong Gateway
2.8.x
  • Home
  • Kong Gateway
  • Install And Run
  • Install Kong Gateway on Amazon Linux
You are browsing documentation for an outdated version. See the latest documentation here.

Install Kong Gateway on Amazon Linux

The Kong Gateway software is governed by the Kong Software License Agreement. Kong is licensed under an Apache 2.0 license.

Prerequisites

  • A supported system with root or root-equivalent access.
  • (Enterprise only) A license.json file from Kong.

Download and Install

You can install Kong Gateway by downloading an installation package or using our yum repository.

Package
YUM repository

Install Kong Gateway on Amazon Linux from the command line.

  1. Download the Kong package:

    Kong Gateway
    Kong Gateway (OSS)
    curl -Lo kong-enterprise-edition-2.8.2.4.amzn2.noarch.rpm "https://download.konghq.com/gateway-2.x-amazonlinux-2/Packages/k/kong-enterprise-edition-2.8.2.4.amzn2.noarch.rpm"
    
    curl -Lo kong-2.8.3.aws.amd64.rpm "https://download.konghq.com/gateway-2.x-amazonlinux-2/Packages/k/kong-2.8.3.aws.amd64.rpm"
    
  2. Install the package:

    Kong Gateway
    Kong Gateway (OSS)
    sudo yum install kong-enterprise-edition-2.8.2.4.amzn2.noarch.rpm
    
    sudo yum install kong-2.8.3.aws.amd64.rpm
    

Install the YUM repository from the command line.

  1. Download the Kong APT repository:
     curl https://download.konghq.com/gateway-2.x-amazonlinux-2/config.repo | sudo tee /etc/yum.repos.d/kong.repo
    
  2. Install Kong:

    Kong Gateway
    Kong Gateway (OSS)
    sudo yum install kong-enterprise-edition-2.8.2.4
    
    sudo yum install kong-2.8.3
    

Set up configs

Kong Gateway comes with a default configuration property file that can be found at /etc/kong/kong.conf.default if you installed Kong Gateway with one of the official packages. This configuration file is used for setting Kong Gateway’s configuration properties at startup.

Kong Gateway offers two options for storing the configuration properties for all of Kong Gateway’s configured entities, a database or a yaml declarative configuration file. Before starting Kong Gateway you must update the kong.conf.default configuration property file with a reference to your data store.

To alter the default properties listed in the kong.conf.default file and configure Kong Gateway, make a copy of the file, rename it (for example kong.conf), make your updates, and save it to the same location.

Using a database

First, configure Kong Gateway using the kong.conf configuration file so it can connect to your database. See the data store section of the Configuration Property Reference for all relevant configuration parameters.

The following instructions use PostgreSQL as a database to store Kong configuration.

We don’t recommend using Cassandra with Kong Gateway, because support for Cassandra is deprecated and planned to be removed.

  1. Provision a database and a user before starting Kong Gateway:

     CREATE USER kong WITH PASSWORD 'super_secret'; CREATE DATABASE kong OWNER kong;
    
  2. Run one of the following Kong Gateway migrations:

    • In Enterprise environments, we strongly recommend seeding a password for the Super Admin user with the kong migrations command. This allows you to use RBAC (Role Based Access Control) at a later time, if needed. Create an environment variable with the desired Super Admin password and store the password in a safe place:
       KONG_PASSWORD={PASSWORD} kong migrations bootstrap -c {PATH_TO_KONG.CONF_FILE}
      

      Important: Setting your Kong password (KONG_PASSWORD) using a value containing four ticks (for example, KONG_PASSWORD="a''a'a'a'a") causes a PostgreSQL syntax error on bootstrap. To work around this issue, do not use special characters in your password.

    • If you aren’t using Enterprise, run the following:
       kong migrations bootstrap -c {PATH_TO_KONG.CONF_FILE}
      

Note: Older versions of PostgreSQL use ident authentication by default, newer versions (PSQL 10+) use scram-sha-256. To allow the kong user to communicate with the database locally, change the authentication method to md5 by modifying the PostgreSQL configuration file.

Using a yaml declarative config file

If you want to store the configuration properties for all of Kong Gateway’s configured entities in a yaml declarative configuration file, also referred to as DB-less mode, you must create a kong.yml file and update the kong.conf configuration file to include the file path to the kong.yml file.

First, the following command will generate a kong.yml declarative configuration file in your current folder:

kong config init

The generated kong.yml file contains instructions for how to configure Kong Gateway using the file.

Second, you must configure Kong Gateway using the kong.conf configuration file so it is aware of your declarative configuration file.

Set the database option to off and the declarative_config option to the path of your kong.yml file as in the following example:

database = off
declarative_config = {PATH_TO_KONG.CONF_FILE}

Start Kong Gateway

Important: When you start Kong Gateway, the NGINX master process runs as root, and the worker processes run as kong by default. If this is not the desired behavior, you can switch the NGINX master process to run on the built-in kong user or to a custom non-root user before starting Kong Gateway.

For more information, see Running Kong as a Non-Root User.

Start Kong Gateway using the following command:

kong start -c {PATH_TO_KONG.CONF_FILE}

Verify install

If everything went well, you should see a message (Kong started) informing you that Kong Gateway is running.

You can also check using the Admin API:

curl -i http://localhost:8001

You should receive a 200 status code.

By default, listens on the following ports:

  • :8000: Port on which listens for incoming HTTP traffic from your clients, and forwards it to your upstream services.
  • :8443: Port on which listens for incoming HTTPS traffic. This port has similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled with the kong.confconfiguration file.
  • :8001: Port on which the Admin API used to configure listens.
  • :8444: Port on which the Admin API listens for HTTPS traffic.

Post-install configuration

The following steps are all optional and depend on the choices you want to make for your environment.

Apply Enterprise license

If you have an Enterprise license for Kong Gateway, apply it using one of the methods below, depending on your environment.

With a database
Without a database

Apply the license using the Admin API. The license data must contain straight quotes to be considered valid JSON (' and ", not ’ or “).

POST the contents of the provided license.json license to your Kong Gateway instance:

Note: The following license is only an example. You must use the following format, but provide your own content.

cURL
HTTPie
curl -i -X POST http://localhost:8001/licenses \
  -d payload='{"license":{"payload":{"admin_seats":"1","customer":"Example Company, Inc","dataplanes":"1","license_creation_date":"2017-07-20","license_expiration_date":"2017-07-20","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU","product_subscription":"Konnect Enterprise","support_plan":"None"},"signature":"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b","version":"1"}}'
http POST :8001/licenses \
  payload='{"license":{"payload":{"admin_seats":"1","customer":"Example Company, Inc","dataplanes":"1","license_creation_date":"2017-07-20","license_expiration_date":"2017-07-20","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU","product_subscription":"Konnect Enterprise","support_plan":"None"},"signature":"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b","version":"1"}}'

Securely copy the license.json file to your home directory on the filesystem where you have installed Kong Gateway:

$ scp license.json <system_username>@<server>:~

Then, copy the license file again, this time to the /etc/kong directory:

$ scp license.json /etc/kong/license.json

Kong Gateway will look for a valid license in this location.

Enable Kong Manager

  1. Update the admin_gui_url property in the kong.conf configuration file to the DNS, or IP address, of your system. For example:
     admin_gui_url = http://localhost:8002
    

    This setting needs to resolve to a network path that will reach the operating system (OS) host.

  2. Update the Admin API setting in the kong.conf file to listen on the needed network interfaces on the OS host. A setting of 0.0.0.0:8001 will listen on port 8001 on all available network interfaces.

    Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.


    If you need to expose the admin_listen port to the internet in a production environment,

    secure it with authentication.

    Example configuration:

     admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
    

    You may also list network interfaces separately as in this configuration example:

     admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl, 127.0.0.1:8001, 127.0.0.1:8444 ssl
    
  3. Restart Kong Gateway for the setting to take effect, using the following command:

     kong restart -c {PATH_TO_KONG.CONF_FILE}
    
  4. Access Kong Manager on port 8002.

Enable Dev Portal

If you’re running Kong Gateway with a database (either in traditional or hybrid mode), you can enable the Dev Portal.

  1. Enable the Dev Portal in the kong.conf file by setting the portal property to on and the portal_gui_host property to the DNS or IP address of the system. For example:

     portal = on
     portal_gui_host = localhost:8003
    
  2. Restart Kong Gateway for the setting to take effect, using the following command:

     kong restart -c {PATH_TO_KONG.CONF_FILE}
    
  3. To enable the Dev Portal for a workspace, execute the following command, updating DNSorIP to reflect the IP or valid DNS for the system:

    curl -X PATCH http://localhost:8001/workspaces/default \
     --data "config.portal=true"
    
  4. Access the Dev Portal for the default workspace using the following URL, substituting your own DNS or IP:

     http://localhost:8003/default
    

Troubleshooting and support

For troubleshooting license issues, see:

  • Deployment options for licenses
  • /licenses API reference
  • /licenses API examples If you did not receive an HTTP/1.1 200 OK message or need assistance completing your setup, reach out to your Kong Support contact or go to the Support Portal.

Next steps

Check out Kong Gateway’s series of Getting Started guides to get the most out of Kong Gateway.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023