Red Hat (RHEL / CentOS)
Last updated: 5 minutes read.
Select the preferred way of installing Tyk by selecting Shell or Ansible tab for instructions.
Supported Distributions
Distribution | Version | Supported |
---|---|---|
CentOS | 7 | ✅ |
RHEL | 9 | ✅ |
RHEL | 8 | ✅ |
RHEL | 7 | ✅ |
Install and Configure Dependencies
Redis
Tyk Gateway has a dependency on Redis. Follow the steps provided by Red Hat to make the installation of Redis, conducting a search for the correct version and distribution.
Storage Database
Tyk Dashboard has a dependency on a storage database that can be PostgreSQL or MongoDB.
Install PostgreSQL
Check the PostgreSQL supported versions. Follow the steps provided by PostgreSQL to install it.
Configure PostgreSQL
Create a new role/user
sudo -u postgres createuser --interactive
The name of the role can be “tyk” and say yes to make it a superuser
Create a matching DB with the same name. Postgres authentication system assumes by default that for any role used to log in, that role will have a database with the same name which it can access.
sudo -u postgres createdb tyk
Add another user to be used to log into your operating system
sudo adduser tyk
Log in to your Database
sudo -u tyk psql
Update the user “tyk” to have a password
ALTER ROLE tyk with PASSWORD '123456';
Create a DB (my example is tyk_analytics)
sudo -u tyk createdb tyk_analytics
Check the MongoDB supported versions. Follow the steps provided by MongoDB to install it.
Optionally initialize the database and enable automatic start:
# Optionally ensure that MongoDB will start following a system reboot
sudo systemctl enable mongod
# start MongoDB server
sudo systemctl start mongod
Install Tyk Self-Managed on Red Hat (RHEL) / CentOS
You can install Tyk on RHEL or CentOS using our YUM repositories. Follow the guides and tutorials in this section to have Tyk up and running in no time.
The order is to install Tyk Dashboard, then Tyk Pump and then Tyk Gateway for a full stack.
Note
For a production environment, we recommend that the Tyk Gateway, Tyk Dashboard and Tyk Pump are installed on separate machines. If installing multiple Tyk Gateways, you should install each on a separate machine. See Planning for Production for more details.
Supported Distributions
Distribution | Version | Supported |
---|---|---|
CentOS | 7 | ✅ |
RHEL | 8 | ✅ |
RHEL | 7 | ✅ |
Requirements
Ansible - required for running the commands below.
Getting Started
- clone the tyk-ansible repositry
$ git clone https://github.com/TykTechnologies/tyk-ansible
cd
into the directory
$ cd tyk-ansible
- Run initialisation script to initialise environment
$ sh scripts/init.sh
-
Modify
hosts.yml
file to update ssh variables to your server(s). You can learn more about the hosts file here -
Run ansible-playbook to install the following:
- Redis
- MongoDB or PostgreSQL
- Tyk Dashboard
- Tyk Gateway
- Tyk Pump
$ ansible-playbook playbook.yaml -t tyk-pro -t redis -t `mongodb` or `pgsql`
You can choose to not install Redis, MongoDB or PostgreSQL by removing the -t redis
or -t mongodb
or -t pgsql
However Redis and MongoDB or PostgreSQL are a requirement and need to be installed for the Tyk Pro installation to run.
Variables
vars/tyk.yaml
Variable | Default | Comments |
---|---|---|
secrets.APISecret | 352d20ee67be67f6340b4c0605b044b7 |
API secret |
secrets.AdminSecret | 12345 |
Admin secret |
redis.host | Redis server host if different than the hosts url | |
redis.port | 6379 |
Redis server listening port |
redis.pass | Redis server password | |
redis.enableCluster | false |
Enable if redis is running in cluster mode |
redis.storage.database | 0 |
Redis server database |
redis.tls | false |
Enable if redis connection is secured with SSL |
mongo.host | MongoDB server host if different than the hosts url | |
mongo.port | 27017 |
MongoDB server listening port |
mongo.tls | false |
Enable if mongo connection is secured with SSL |
pgsql.host | PGSQL server host if different than the hosts url | |
pgsql.port | 5432 |
PGSQL server listening port |
pgsql.tls | false |
Enable if pgsql connection is secured with SSL |
dash.license | Dashboard license | |
dash.service.host | Dashboard server host if different than the hosts url | |
dash.service.port | 3000 |
Dashboard server listening port |
dash.service.proto | http |
Dashboard server protocol |
dash.service.tls | false |
Set to true to enable SSL connections |
gateway.service.host | Gateway server host if different than the hosts url | |
gateway.service.port | 8080 |
Gateway server listening port |
gateway.service.proto | http |
Gateway server protocol |
gateway.service.tls | false |
Set to true to enable SSL connections |
gateway.sharding.enabled | false |
Set to true to enable filtering (sharding) of APIs |
gateway.sharding.tags | The tags to use when filtering (sharding) Tyk Gateway nodes. Tags are processed as OR operations. If you include a non-filter tag (e.g. an identifier such as node-id-1 , this will become available to your Dashboard analytics) |
|
gateway.rpc.connString | Use this setting to add the URL for your MDCB or load balancer host | |
gateway.rpc.useSSL | true |
Set this option to true to use an SSL RPC connection |
gateway.rpc.sslInsecureSkipVerify | true |
Set this option to true to allow the certificate validation (certificate chain and hostname) to be skipped. This can be useful if you use a self-signed certificate |
gateway.rpc.rpcKey | Your organization ID to connect to the MDCB installation | |
gateway.rpc.apiKey | This the API key of a user used to authenticate and authorize the Gateway’s access through MDCB. The user should be a standard Dashboard user with minimal privileges so as to reduce any risk if the user is compromised. The suggested security settings are read for Real-time notifications and the remaining options set to deny | |
gateway.rpc.groupId | This is the zone that this instance inhabits, e.g. the cluster/data-center the Gateway lives in. The group ID must be the same across all the Gateways of a data-center/cluster which are also sharing the same Redis instance. This ID should also be unique per cluster (otherwise another Gateway cluster can pick up your keyspace events and your cluster will get zero updates). |
vars/redis.yaml
Variable | Default | Comments |
---|---|---|
redis_bind_interface | 0.0.0.0 |
Binding address of Redis |
Read more about Redis configuration here.
vars/mongodb.yaml
Variable | Default | Comments |
---|---|---|
bind_ip | 0.0.0.0 |
Binding address of MongoDB |
mongodb_version | 4.4 |
MongoDB version |
Read more about MongoDB configuration here.
vars/pgsql.yaml
Variable | Default | Comments |
---|---|---|
postgresql_databases[] | [] |
Array of DBs to be created |
postgresql_databases[].name | tyk_analytics |
Database name |
postgresql_users[] | [] |
Array of users to be created |
postgresql_users[0 ].name |
default |
User name |
postgresql_users[0 ].password |
topsecretpassword |
User password |
postgresql_global_config_options[] | [] |
Postgres service config options |
postgresql_global_config_options[1 ].option |
listen_addresses |
Listen address binding for the service |
postgresql_global_config_options[1 ].value |
* |
Default value to listen to all addresses |
postgresql_hba_entries[] | [] |
Host based authenticaiton list |
postgresql_hba_entries[4 ].type |
host |
Entry type |
postgresql_hba_entries[4 ].database |
tyk_analytics |
Which database this entry will give access to |
postgresql_hba_entries[4 ].user |
default |
What users this gain access from this entry |
postgresql_hba_entries[4 ].address |
0.0.0.0/0 |
What addresses this gain access from this entry |
postgresql_hba_entries[4 ].auth_method |
md5 |
What authentication method to to use for the users |
Read more about PostgreSQL configuration here.