Kong GCP Stack Issue: Proxy Ports Setup

Keywords: Kong - Google Cloud Platform - Technical issue - Other
bnsupport ID: 47eafb63-4869-fc20-4dcc-52dbeb505dd7
Description:
Hello,

I’m using Kong GCP Stack (version 2.2) for managing my API: https://console.cloud.google.com/marketplace/product/bitnami-launchpad/kong

It’s working well for HTTP with port 8000 and HTTPS with port 8443 (default config). However, when I tried to change HTTP/HTTPS listen ports to 80/443 for production environment, following this link: https://docs.bitnami.com/google/apps/kong/configuration/kong-production/. There are several issues:
(1) In my Kong GCP stack, there is no file named “kong_nginx.tmpl”, so I cannot fully implement as the reference link
(2) I got these two issues when I just cahnge the <proxy_listen> in kong.conf:
- bind() to 0.0.0.0:80 failed (13: Permission denied)
- bind() to 0.0.0.0:443 failed (13: Permission denied)

Below is my current steps for configuration:
[a] sudo /opt/bitnami/ctlscript.sh stop kong
[b] change /opt/bitnami/kong/conf/kong.conf:
proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl => proxy_listen = 0.0.0.0:80, 0.0.0.0:443 ssl
[c] sudo /opt/bitnami/ctlscript.sh restart kong

Any comments or feedbacks will be really appreciated. Thanks so much!

Best regards,

Hi!

The reason for this error should be related to the user that is running the process in charge of kong. Checking at its modules we can find

/root/.nami/registry.json

   "service":     {
        "confFile": "{{$app.confDir}}/kong.conf",
        "pidFile": "{{$app.installdir}}/server/pids/nginx.pid",
        "logFile": "{{$app.installdir}}/server/logs/error.log",
        "ports":         [
            "{{$app.proxyHttpPort}}",
            "{{$app.proxyHttpsPort}}",
            "{{$app.adminHttpPort}}",
            "{{$app.adminHttpsPort}}"
        ],
        "start":         {
            "timeout": 180,
            "wait": 5,
            "username": "kong",
            "command": "{{$app.installdir}}/bin/kong start && tail -f {{$app.installdir}}/server/logs/error.log",
            "env": {"PATH": "{{$app.installdir}}/openresty/bin:{{$app.installdir}}/openresty/luajit/bin:{{$app.installdir}}/openresty/nginx/sbin:{{$global.env.PATH}}"}
        }
    },

Then we must change service.start.username to root.

In addition, we must change it in another file,

/root/.nami/components/com.bitnami.kong/nami.json

"com.bitnami.kong": {
            "id": "com.bitnami.kong",
            "name": "kong",
            "version": "2.2.1",
            "revision": "3",
            "installedAsRoot": false,
            "lifecycle": "installed",
            "installdir": "/opt/bitnami/kong",
            "installPrefix": "/opt/bitnami",
            "values": {
...
                "systemUser": "kong",
                "systemGroup": "kong",
...

Here we need to change 'com.bitnami.kong'.values.systemUser and 'com.bitnami.kong'.values.systemGroup to root as well.

After that, perform the steps that you executed.

Note that you have to be root to update those files.

Hopefully, this helps you!

Daniel.

Hello Daniel,

Thanks for your answer and detailed explanation, that’s really helpful!

Here I want to re-confirm with you about the the file name and corresponding contents as below. I guess you may list them in opposite order, is this correct?

  • I found these in /root/.nami/registry.json:
"com.bitnami.kong": {
            "id": "com.bitnami.kong",
            "name": "kong",
            "version": "2.2.1",
            "revision": "3",
            "installedAsRoot": false,
            "lifecycle": "installed",
            "installdir": "/opt/bitnami/kong",
            "installPrefix": "/opt/bitnami",
            "values": {
...
                "systemUser": "kong",
                "systemGroup": "kong",
...

And I found these in /root/.nami/components/com.bitnami.kong/nami.json:

   "service":     {
        "confFile": "{{$app.confDir}}/kong.conf",
        "pidFile": "{{$app.installdir}}/server/pids/nginx.pid",
        "logFile": "{{$app.installdir}}/server/logs/error.log",
        "ports":         [
            "{{$app.proxyHttpPort}}",
            "{{$app.proxyHttpsPort}}",
            "{{$app.adminHttpPort}}",
            "{{$app.adminHttpsPort}}"
        ],
        "start":         {
            "timeout": 180,
            "wait": 5,
            "username": "kong",
            "command": "{{$app.installdir}}/bin/kong start && tail -f {{$app.installdir}}/server/logs/error.log",
            "env": {"PATH": "{{$app.installdir}}/openresty/bin:{{$app.installdir}}/openresty/luajit/bin:{{$app.installdir}}/openresty/nginx/sbin:{{$global.env.PATH}}"}
        }
    },

Best regards,

Yes, that’s true. Happy to see that helped!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.