Tyk API Gateway and API Management Login 24/7 Support Community

Gateway on Ubuntu

Install Tyk Gateway on Ubuntu

Tyk has it’s own APT repositories hosted by the kind folks at packagecloud.io, which makes it easy, safe and secure to install a trusted distribution of the Tyk Gateway stack.

This tutorial has been tested on Ubuntu 16.04 & 18.04 with few if any modifications.

Please note however, that should you wish to write your own plugins in Python, we currently have a Python version dependency of 3.4. Python-3.4 ships with Ubuntu 14.04, however you may need to explicitly install it on newer Ubuntu Operating System releases.

Prerequisites

  • Ensure port 8080 is available. This is used in this guide for Gateway traffic (API traffic to be proxied).
  • You have MongoDB and Redis installed.
  • You have installed firstly the Tyk Dashboard, then the Tyk Pump.

Step 1: Set up our APT Repositories

First, add our GPG key which signs our binaries:

curl -L https://packagecloud.io/tyk/tyk-gateway/gpgkey | sudo apt-key add -

Run update:

sudo apt-get update

Since our repositories are installed via HTTPS, you will need to make sure APT supports this:

sudo apt-get install -y apt-transport-https 

Create a file /etc/apt/sources.list.d/tyk_tyk-gateway.list with the following contents:

deb https://packagecloud.io/tyk/tyk-gateway/ubuntu/ bionic main
deb-src https://packagecloud.io/tyk/tyk-gateway/ubuntu/ bionic main

Now you can refresh the list of packages with:

sudo apt-get update

What we’ve done here is:

  • Added the Tyk Gateway repository
  • Updated our package list

Step 2: Install the Tyk Gateway

We’re now ready to install the Tyk Gateway. To install it, run:

sudo apt-get install -y tyk-gateway

What we’ve done here is instructed apt-get to install the Tyk Gateway without prompting, wait for the downloads to complete.

When Tyk has finished installing, it will have installed some init scripts, but will not be running yet. The next step will be to set up the Gateway - thankfully this can be done with three very simple commands, however it does depend on whether you are configuring Tyk Gateway for use with the Dashboard or without (the Community Edition).

Verify the origin key (optional)

Debian packages are signed with the repository keys. These keys are verified at the time of fetching the package and is taken care of by the apt infrastructure. These keys are controlled by PackageCloud, our repository provider. For an additional guarantee, it is possible to verify that the package was indeed created by Tyk by verifying the origin certificate that is attached to the package.

First, you have to fetch Tyk’s signing key and import it.

wget https://keyserver.tyk.io/tyk.io.deb.signing.key
gpg --import tyk.io.deb.signing.key

Then, you have to either,

  • sign the key with your ultimately trusted key
  • trust this key ultimately

The downloaded package will be available in /var/cache/apt/archives. Assuming you found the file tyk-gateway-2.9.4_amd64.deb there, you can verify the origin signature.

gpg --verify d.deb
gpg: Signature made Wed 04 Mar 2020 03:05:00 IST
gpg:                using RSA key F3781522A858A2C43D3BC997CA041CD1466FA2F8
gpg: Good signature from "Team Tyk (package signing) <[email protected]>" [ultimate]

Configure Tyk Gateway with Dashboard

Prerequisites

This configuration assumes that you have already installed the Tyk Dashboard, and have decided on the domain names for your Dashboard and your Portal. They must be different. For testing purposes, it is easiest to add hosts entries to your (and your servers) /etc/hosts file.

Set up Tyk

You can set up the core settings for Tyk Gateway with a single setup script, however for more involved deployments, you will want to provide your own configuration file.

Note

You need to replace <hostname> for --redishost=<hostname>with your own value to run this script.

sudo /opt/tyk-gateway/install/setup.sh --dashboard=1 --listenport=8080 --redishost=<hostname> --redisport=6379

What we’ve done here is told the setup script that:

  • --dashboard=1: We want to use the Dashboard, since Tyk Gateway gets all it’s API Definitions from the Dashboard service, as of v2.3 Tyk will auto-detect the location of the dashboard, we only need to specify that we should use this mode.
  • --listenport=8080: Tyk should listen on port 8080 for API traffic.
  • --redishost=<hostname>: Use Redis on your hostname.
  • --redisport=6379: Use the default Redis port.

Starting Tyk

The Tyk Gateway can be started now that it is configured. Use this command to start the Tyk Gateway:

sudo service tyk-gateway start
sudo service tyk-gateway enable

Pro Tip: Domains with Tyk Gateway

Tyk Gateway has full domain support built-in, you can:

  • Set Tyk to listen only on a specific domain for all API traffic.
  • Set an API to listen on a specific domain (e.g. api1.com, api2.com).
  • Split APIs over a domain using a path (e.g. api.com/api1, api.com/api2, moreapis.com/api1, moreapis.com/api2 etc).
  • If you have set a hostname for the Gateway, then all non-domain-bound APIs will be on this hostname + the listen_path.