Not able to access Kong Admin API

1

Hi,

Setup:
I have Kong Gateway cluster running inside an AWS VPC on EC2 instances. Few commands o/p to verify the installation

[root@kong-api-gw ec2-user]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 2332/nginx: master
tcp 0 0 127.0.0.1:8444 0.0.0.0:* LISTEN 2332/nginx: master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 2332/nginx: master
tcp 0 0 127.0.0.1:8001 0.0.0.0:* LISTEN 2332/nginx: master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1689/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2435/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2218/master
tcp6 0 0 :::111 :::* LISTEN 1689/rpcbind
tcp6 0 0 :::22 :::* LISTEN 2435/sshd
[root@kong-api-gw ec2-user]#

[root@kong-api-gw ec2-user]# telnet localhost 8001
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
^CConnection closed by foreign host.
[root@kong-api-gw ec2-user]# curl http://localhost:8001
{“plugins”:{“enabled_in_cluster”:,“available_on_server”:{“grpc-web”:true,“correlation-id”:true,“pre-function”:true,“cors”:true,“rate-limiting”:true,“loggly”:true,“hmac-auth”:true,“zipkin”:true,"request-…

Problem: Kong admin API is not accessible from any machine in the same VPC or even in the same subnet.
[devtest@bastion ~]$ telnet 8001
Trying …
telnet: connect to address : Connection refused
[sgarg@bastion ~]$ curl http://:8001
curl: (7) Failed to connect to port 8001: Connection refused
[devtest@bastion ~]$

Please note that all traffic is allowed between the machines in this VPC.

Kindly suggest how to access Kong admin API from outside Kong Gateway Server

Thanks,
Saurabh

2

configuration problem. check admin_listen configurations

3

Thanks for your reply.

I have below config already applied explicitly in kong.conf for admin_listen

admin_listen = 127.0.0.1:8001 reuseport backlog=16384, 127.0.0.1:8444 http2 ssl reuseport backlog=16384

still not able to access the kong server on 8001 or 8444 from other machines with all traffic allowed.

Thanks,
Saurabh

4

@sgarg 127.0.0.1 is the loopback interface and only accessible from the local machine. Either put in the IP of the interface to listen on or simply use 0.0.0.0 to bind to all interfaces. For example, change the admin_listen line to:

admin_listen = 0.0.0.0:8001 reuseport backlog=16384, 0.0.0.0:8444 http2 ssl reuseport backlog=16384
5

Thanks @ross for your response. It helped me fix the problem. Much appreciated!