Tyk has it’s own signed RPMs in a Yum repository hosted by the kind folks at packagecloud.io, which makes it easy, safe and secure to install a trusted distribution of the Tyk Gateway stack.
This tutorial will run on an Amazon AWS Red Hat Enterprise Linux 7.1 instance. We will install both the Tyk Gateway and the Tyk Dashboard with all dependencies stored locally.
We’re installing on a
t2.micro because this is a demo, you’ll need more RAM and more cores for better performance.
This configuration should also work (with some tweaks) for CentOS.
- Ensure port
8080is open: this is used in this guide for Gateway traffic (API traffic to be proxied)
- Ensure port
3000is open: This is used by the dashboard to provide the GUI and the Developer Portal
1. Set up our YUM repositories:
First, we need to install some software hat allows us to use signed packages:
sudo yum install pygpgme yum-utils wget
Next, we need to set up the various repository configurations for Tyk and MongoDB:
Create a file named
/etc/yum.repos.d/tyk_tyk-gateway.repo that contains the repository configuration below:
[tyk_tyk-gateway] name=tyk_tyk-gateway baseurl=https://packagecloud.io/tyk/tyk-gateway/el/7/$basearch repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt [tyk_tyk-gateway-source] name=tyk_tyk-gateway-source baseurl=https://packagecloud.io/tyk/tyk-gateway/el/7/SRPMS repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt
Create a file named
/etc/yum.repos.d/tyk_tyk-dashboard.repo that contains the repository configuration below.
[tyk_tyk-dashboard] name=tyk_tyk-dashboard baseurl=https://packagecloud.io/tyk/tyk-dashboard/el/7/$basearch repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt [tyk_tyk-dashboard-source] name=tyk_tyk-dashboard-source baseurl=https://packagecloud.io/tyk/tyk-dashboard/el/7/SRPMS repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt
Create a file named /etc/yum.repos.d/tyk_tyk-pump.repo that contains the repository configuration below.
Make sure to replace
7 in the config below with your Linux distribution and version:
[tyk_tyk-pump] name=tyk_tyk-pump baseurl=https://packagecloud.io/tyk/tyk-pump/el/7/$basearch repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt [tyk_tyk-pump-source] name=tyk_tyk-pump-source baseurl=https://packagecloud.io/tyk/tyk-pump/el/7/SRPMS repo_gpgcheck=1 enabled=1 gpgkey=http://keyserver.tyk.io/tyk.io.rpm.signing.key https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt
Create a /etc/yum.repos.d/mongodb-org-3.0.repo file so that you can install MongoDB directly, using yum.
[mongodb-org-3.0] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/ gpgcheck=0 enabled=1
What’s this? EPEL (Extra Packages for Enterprise Linux) is a free, community based repository project from Fedora which provides high quality add-on software packages for Linux distribution including RHEL, CentOS, and Scientific Linux. Epel isn’t not a part of RHEL/CentOS but it is designed for major Linux distributions. In our case we need it for Redis
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm sudo rpm -ivh epel-release-7-5.noarch.rpm
Finally we’ll need to update our local cache, so run:
sudo yum -q makecache -y --disablerepo='*' --enablerepo='tyk_tyk-dashboard' --enablerepo='tyk_tyk-gateway' --enablerepo='tyk_tyk-pump' --enablerepo=epel info zabbix
2. Install our packages:
We’re ready to go, you can now install the relevant packages using yum:
sudo yum install -y mongodb-org redis tyk-gateway tyk-dashboard tyk-pump
(you may be asked to accept the GPG key for our two repos and when the package installs, hit yes to continue)
3. Start Mongo and Redis
In many cases Mongo and Redis will not be running, so lets start those:
sudo service mongod start sudo service redis start
4. Configure Tyk Gateway
You can set up the core settings for Tyk Gateway with a single setup script, however for more involved deployments, you will want to provide your own configuration file, to get things running lets run:
sudo /opt/tyk-gateway/install/setup.sh --dashboard=http://YOUR-DASHBOARD_DOMAIN:3000 --listenport=8080 --redishost=localhost --redisport=6379 --domain=""
What we’ve done here is told the setup script that:
--dashboard=http://YOUR-DASHBOARD_DOMAIN:3000: We want to use the dashboard, since Tyk Gateway gets all it’s API Definitions from the dashboard service, we need to tell it where the dashboard is. This MUST be the same domain that you use in step 4 below
--listenport=8080Tyk should listen on port 8080 for API traffic
--redishost=localhostUse redis on the hostname: localhost
--redisport=6379Use the default redis port
--domain=""Do not set a domain for the gateway, see the note on domains below for more about this
Pro Tip: Domains with Tyk Gateway
Tyk Gateway has full built in domain support, you can:
- Set Tyk to listen only on a specific domain for all API traffic
- Set an API to listen on a specific domain (e.g. api1.com, api2.com)
- Split APIs over a domain using a path (e.g. api.com/api1, api.com/api2, moreapis.com/api1, moreapis.com/api2 etc.)
- If you have set a hostname for the gateway, then all non-domain-bound APIs will be on this hostname + the
In this example, we don’t want Tyk to listen on a single domain, and we can always set up custom domains at the API level in the dashboard. It is recommended to leave the Tyk gateway domain unbounded for flexibility and ease of deployment.
4. Configure Tyk Dashboard
We can set the dashboard up with a similar setup command, the below will get the dashboard set up for the local instance, make sure to use the actual DNS hostname or the public IP of your instance as the last parameter:
sudo /opt/tyk-dashboard/install/setup.sh --listenport=3000 --redishost=localhost --redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics --tyk_api_hostname=$HOSTNAME --tyk_node_hostname=http://localhost --tyk_node_port=8080 --portal_root=/portal --domain="XXX.XXX.XXX.XXX"
What we have done here is:
--listenport=3000Told Tyk Dashboard (and Portal) to listen on port 3000
--redishost=localhostTyk Dashboard should use the local redis instance
--redisport=6379Tyk Dashboard should use the default port
--domain="XXX.XXX.XXX.XXX"Bind the dashboard to the IP or DNS hostname of this instance (required)
--mongo=mongodb://127.0.0.1/tyk_analyticsUse the local MongoDB (should always be the same as the gateway)
--tyk_api_hostname=$HOSTNAME– Tyk Dashboard has no idea what hostname has been given to Tyk, so we need to tell it, in this instance we are just using the local HOSTNAME env variable, but you could set this to the public-hostname/IP of the instance
--tyk_node_hostname=http://localhost– Tyk Dashboard needs to see a Tyk node in order to create new tokens, so we need to tell it where we can find one, in this case, use the one installed locally
--tyk_node_port=8080Tell the dashboard that the Tyk node it should communicate with is on port 8080
--portal_root=/portal– We want the portal to be shown on /portal of whichever domain we set for the portal
5. Configure Tyk Pump
If you don;t complete this step, you won’t see any analytics in your dashboard, so to enable the analytics servvice, we need to ensure Tyk Pump is running and configured properly, to configure Tyk Pump is versy simple:
sudo /opt/tyk-pump/install/setup.sh --redishost=localhost --redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics
6. Start Tyk Pump and Tyk dashboard:
sudo service tyk-pump start sudo service tyk-dashboard start
Notice how we haven;t actually started the gateway yet, because this is a Pro install, we need to enter a license first.
7. Enter your dashboard license
And you will see a screen asking for a license, enter it in the section marked “Already have a license?” and click
Use this license
That’s it, your Dashboard is now ready to be bootstrapped.
Note: You can bypass this step by adding your license manually to the
/var/opt/tyk-dashboard/tyk_analytics.conf file directly in the field marked
If all is going well, you will be taken to a log in screen – we’ll get to that soon.
8. Restart the dashboard and start the gateway process
Because we’ve just entered a license via the UI, we need to make sure that these changes get picked up, so to make sure things run smoothly, we restart the dashboard process (you only ned to do this once) and then start the gateway:
sudo service tyk-dashboard restart sudo service tyk-gateway start
9. Bootstrap the dashboard with an initial user and organisation:
When Tyk Dashboard is created for the first time, it has no initial user base or organisation to add data to, so we need to add this.
The best way to add this data is with the Admin API, to make it really easy we’ve supplied a bootstrap script that will set you up. If you want to customise it, take a look at the file in
Pre-requisites for this command
- This command assumes you are running on a linux shell such as bash
- This command assumes you have python2.6 or 2.7 installed
To bootstrap your instance:
sudo /opt/tyk-dashboard/install/bootstrap.sh XXX.XXX.XXX.XXX
This command tells the bootstrap script to use the localhost as the base for the API calls, you can run the bootstrap remotely and change the first command line parameter to the DNS hostname of your instance.
You will now be able to log into and test your Tyk instance with the values given to you by the bootstrap script.