Gateway on Ubuntu
Tyk has it’s own APT repositories hosted by the kind folks at packagecloud.io, which makes it easy, safe and secure to install a trusted distribution of the Tyk Gateway stack.
This tutorial has been tested on Ubuntu 16.04 & 18.04 with few if any modifications.
Please note however, that should you wish to write your own plugins in Python, we currently have a Python version dependency of 3.4. Python-3.4 ships with Ubuntu 14.04, however you may need to explicitly install it on newer Ubuntu Operating System releases.
- Ensure port
8080is available. This is used in this guide for Gateway traffic (API traffic to be proxied).
- You have MongoDB and Redis installed.
- You have installed firstly the Tyk Dashboard, then the Tyk Pump.
Step 1: Set up our APT Repositories
First, add our GPG key which signs our binaries:
curl -L https://packagecloud.io/tyk/tyk-gateway/gpgkey | sudo apt-key add -
sudo apt-get update
Since our repositories are installed via HTTPS, you will need to make sure APT supports this:
sudo apt-get install -y apt-transport-https
Create a file
/etc/apt/sources.list.d/tyk_tyk-gateway.list with the following contents:
deb https://packagecloud.io/tyk/tyk-gateway/ubuntu/ bionic main deb-src https://packagecloud.io/tyk/tyk-gateway/ubuntu/ bionic main
Now you can refresh the list of packages with:
sudo apt-get update
What we’ve done here is:
- Added the Tyk Gateway repository
- Updated our package list
Step 2: Install the Tyk Gateway
We’re now ready to install the Tyk Gateway. To install it, run:
sudo apt-get install -y tyk-gateway
What we’ve done here is instructed apt-get to install the Tyk Gateway without prompting, wait for the downloads to complete.
When Tyk has finished installing, it will have installed some init scripts, but will not be running yet. The next step will be to set up the Gateway - thankfully this can be done with three very simple commands, however it does depend on whether you are configuring Tyk Gateway for use with the Dashboard or without (the Community Edition).
Verify the origin key (optional)
Debian packages are signed with the repository keys. These keys are verified at the time of fetching the package and is taken care of by the
apt infrastructure. These keys are controlled by PackageCloud, our repository provider. For an additional guarantee, it is possible to verify that the package was indeed created by Tyk by verifying the
origin certificate that is attached to the package.
First, you have to fetch Tyk’s signing key and import it.
wget https://keyserver.tyk.io/tyk.io.deb.signing.key gpg --import tyk.io.deb.signing.key
Then, you have to either,
- sign the key with your ultimately trusted key
- trust this key ultimately
The downloaded package will be available in
/var/cache/apt/archives. Assuming you found the file
tyk-gateway-2.9.4_amd64.deb there, you can verify the origin signature.
gpg --verify d.deb gpg: Signature made Wed 04 Mar 2020 03:05:00 IST gpg: using RSA key F3781522A858A2C43D3BC997CA041CD1466FA2F8 gpg: Good signature from "Team Tyk (package signing) <[email protected]>" [ultimate]
This configuration assumes that you have already installed the Tyk Dashboard, and have decided on the domain names for your Dashboard and your Portal. They must be different. For testing purposes, it is easiest to add hosts entries to your (and your servers)
Set up Tyk
You can set up the core settings for Tyk Gateway with a single setup script, however for more involved deployments, you will want to provide your own configuration file.
NOTE: You need to replace
--redishost=<hostname>with your own value to run this script.
sudo /opt/tyk-gateway/install/setup.sh --dashboard=1 --listenport=8080 --redishost=<hostname> --redisport=6379
What we’ve done here is told the setup script that:
--dashboard=1: We want to use the Dashboard, since Tyk Gateway gets all it’s API Definitions from the Dashboard service, as of v2.3 Tyk will auto-detect the location of the dashboard, we only need to specify that we should use this mode.
--listenport=8080: Tyk should listen on port 8080 for API traffic.
--redishost=<hostname>: Use Redis on your hostname.
--redisport=6379: Use the default Redis port.
The Tyk Gateway can be started now that it is configured. Use this command to start the Tyk Gateway:
sudo service tyk-gateway start sudo service tyk-gateway enable
Pro Tip: Domains with Tyk Gateway
Tyk Gateway has full domain support built-in, you can:
- Set Tyk to listen only on a specific domain for all API traffic.
- Set an API to listen on a specific domain (e.g. api1.com, api2.com).
- Split APIs over a domain using a path (e.g. api.com/api1, api.com/api2, moreapis.com/api1, moreapis.com/api2 etc).
- If you have set a hostname for the Gateway, then all non-domain-bound APIs will be on this hostname + the