SSL with Compose / Docker 18 / Kong 0.14


#1

I am trying to run Kong proxy and admin via SSL. I am on ubuntu 18.04 with Docker version 18.09.0, build 4d60db4 and the latest build of Kong (0.14.x).

I have read through the docs and questions about configuring SSL and have tried with my own self-signed certificates as well as leaving them blank and nginx is simply not starting up on 8443.

From within the kong container, it is only listening on 40497, 8000, and 8001 as per below:

/ # netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:40497 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 1/kong -c nginx.con
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 1/kong -c nginx.con

So this appears to be a kong configuration issue, but I am stumped. I am using docker-compose and my docker-compose.yml file is below. I have commented out SSL environment vars that were previously tried and failed. BTW, everything works fine on 8000 with http.

docker-compose.yml:

version: “3”

networks:
kong-net:
driver: bridge

services:

#######################################

Postgres: The database used by Kong

#######################################
kong-database:
image: postgres:9.6
restart: always
networks:
- kong-net
environment:
POSTGRES_USER: kong
POSTGRES_DB: kong
ports:
- “5432:5432”
healthcheck:
test: [“CMD”, “pg_isready”, “-U”, “kong”]
interval: 5s
timeout: 5s
retries: 5

#######################################

Kong database migration

#######################################
kong-migration:
image: kong:latest
command: “kong migrations up”
networks:
- kong-net
restart: on-failure
environment:
KONG_PG_HOST: kong-database
links:
- kong-database
depends_on:
- kong-database

#######################################

Kong: The API Gateway

#######################################
kong:
image: kong:latest
restart: always
networks:
- kong-net
environment:
KONG_PG_HOST: kong-database
KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
#Added by Rich
#KONG_SSL: “on”
#KONG_SSL_CERT: /etc/ssl/certs/nginx-selfsigned.crt
#KONG_SSL_CERT_KEY: /etc/ssl/private/nginx-selfsigned.key
#KONG_ADMIN_SSL_CERT: /etc/ssl/certs/nginx-selfsigned.crt
#KONG_ADMIN_SSL_CERT_KEY: /etc/ssl/private/nginx-selfsigned.key
depends_on:
- kong-migration
- kong-database
healthcheck:
test: [“CMD”, “curl”, “-f”, “http://kong:8001”]
interval: 5s
timeout: 2s
retries: 15
ports:
- “8001:8001”
- “8000:8000”
- “8443:8443”
- “8444:8444”

Any help greatly appreciated.