@hbagdi Thanks for your help. I reviewed the documentation, but I don’t think I was clear earlier with my exact problem. Here’s a full example of what I’m trying to achieve:
Create a service backed by Mockbin:
curl -X POST ${KONG_API_URL}/services -d name=mockbin-service -d url=https://mockbin.org/request
{
"host": "mockbin.org",
"created_at": 1538023618,
"connect_timeout": 60000,
"id": "4adfa53a-b988-4ae7-820c-ce714d3760b0",
"protocol": "https",
"name": "mockbin-service",
"read_timeout": 60000,
"port": 443,
"path": "/request",
"updated_at": 1538023618,
"retries": 5,
"write_timeout": 60000
}
Create the first route for that service:
curl ${KONG_API_URL}/routes -d service.id=4adfa53a-b988-4ae7-820c-ce714d3760b0 -d paths[]=/mock
{
"created_at": 1538023756,
"strip_path": true,
"preserve_host": false,
"regex_priority": 0,
"updated_at": 1538023756,
"paths": [
"/mock"
],
"service": {
"id": "4adfa53a-b988-4ae7-820c-ce714d3760b0"
},
"protocols": [
"http",
"https"
],
"id": "51449f7d-6654-4e8c-a7e7-ce69b786d907"
}
Now I add basic-auth
to the route, create a consumer, and credentials for the consumer:
curl -X POST ${KONG_API_URL}/plugins -d route_id=51449f7d-6654-4e8c-a7e7-ce69b786d907 -d name=basic-auth
{
"created_at": 1538023951000,
"config": {
"hide_credentials": false,
"anonymous": ""
},
"id": "156e4bc4-c6bb-4275-b632-f84433abd7c7",
"name": "basic-auth",
"enabled": true,
"route_id": "51449f7d-6654-4e8c-a7e7-ce69b786d907"
}
curl -X POST ${KONG_API_URL}/consumers -d username=foo | jq
{
"custom_id": null,
"created_at": 1538024023,
"username": "foo",
"id": "3a65a9be-030c-494a-803f-5cd2d2092025"
}
curl -X POST ${KONG_API_URL}/consumers/3a65a9be-030c-494a-803f-5cd2d2092025/basic-auth -d password=bar -d username=foo
{
"created_at": 1538024115000,
"id": "c19c8994-ebd7-44ad-b970-cdc883901f47",
"password": "f94b4787a8d6524811ebf32a7b755adaa4555531",
"username": "foo",
"consumer_id": "3a65a9be-030c-494a-803f-5cd2d2092025"
}
Now I can hit /mock
authenticated and it proxies to Mockbin as expected:
curl ${KONG_PROXY}/mock -u foo:bar
{
"startedDateTime": "2018-09-27T04:57:01.945Z",
"clientIPAddress": "172.22.0.1",
"method": "GET",
"url": "http://localhost/request",
"httpVersion": "HTTP/1.1",
"cookies": {},
"headers": {
"host": "mockbin.org",
"connection": "close",
"x-forwarded-for": "172.22.0.1, 10.1.193.34, 54.177.235.50",
"x-forwarded-proto": "http",
"x-forwarded-host": "localhost",
"x-forwarded-port": "80",
"x-real-ip": "104.166.249.156",
"kong-request-id": "6b1bd6b2fcb1ebaf4537ef2c6db2748d",
"kong-client-id": "mockbin",
"authorization": "Basic Zm9vOmJhcg==",
"user-agent": "curl/7.47.0",
"accept": "*/*",
"x-request-id": "1453cdcf-8b7e-4e29-b194-3ea126d7f80f",
"via": "1.1 vegur",
"connect-time": "1",
"x-request-start": "1538024221936",
"total-route-time": "0"
},
"queryString": {},
"postData": {
"mimeType": "application/octet-stream",
"text": "",
"params": []
},
"headersSize": 527,
"bodySize": 0
}
Now I’d like to expose an unauthenticated /version
endpoint of my API, with a public path of /mock/version
.
curl -X POST ${KONG_API_URL}/routes -d service.id=4adfa53a-b988-4ae7-820c-ce714d3760b0 -d paths[]=/mock/version
{
"created_at": 1538024714,
"strip_path": true,
"preserve_host": false,
"regex_priority": 0,
"updated_at": 1538024714,
"paths": [
"/mock/version"
],
"service": {
"id": "4adfa53a-b988-4ae7-820c-ce714d3760b0"
},
"protocols": [
"http",
"https"
],
"id": "5fe34ec3-9555-4838-b063-1a1e4c76f602"
}
This route has strip_path
set to true, so it will actually proxy to the same upstream path as /mock
:
curl -s ${KONG_PROXY}/mock/version | jq .url
"http://localhost/request"
curl -s ${KONG_PROXY}/mock -u foo:bar | jq .url
"http://localhost/request"
And if I set strip_path=false
for the route it will proxy the entire matched route:
curl -X PATCH ${KONG_API_URL}/routes/5fe34ec3-9555-4838-b063-1a1e4c76f602 -d strip_path=false
curl -s ${KONG_PROXY}/mock/version | jq .url
"http://localhost/request/mock/version"
So my question is how to configure Kong to proxy that second route (/mock/version
) as /version
to the upstream?