Flex Gateway Setup — Local Mode
This article is an extension of my previous article How to Setup Anypoint Flex Gateway | by Venkatesh Jujarao | Another Integration Blog | Medium, where I have explained about basics of flex gateway and how to setup a flex gateway in connected mode.
In this article we are going to discuss about how to setup flex gateway in local mode
Pre-requisite
- Valid Anypoint Platform Account.
- Linux or any other supported OS (for more details refer here) to install the flex gateway.
For this walkthrough we are going to use AWS Linux EC2 instance.
For details about how to setup AWS EC2 instance please refer —
Create an AWS EC2 Instance | by Venkatesh Jujarao | Feb, 2023 | Medium
When to use Connected and When to use Local Mode
- Local Mode
- Local YAML configuration files
- Configuration can be updated via CI/CD pipelines
- Disconnected from control plane
- No runtime or management dependency on Anypoint platform services
- Connected Mode
- Connected to the Anypoint control plane
- Centralized management of Flex Gateways, deployed APIs, and applied policies
- Centralized security and observability of your gateways
Flex Gateway Setup in Local Mode
Install Flex Gateway
- Run blow Command to Install Flex Gateway (this can be found in Runtime manager → Flex Gateway → Add Flex Gateway)
curl -XGET https://flex-packages.anypoint.mulesoft.com/ubuntu/pubkey.gpg | sudo apt-key add -
echo "deb https://flex-packages.anypoint.mulesoft.com/ubuntu $(lsb_release -cs) main" \
| sudo tee /etc/apt/sources.list.d/mulesoft.list
sudo apt update
sudo apt install -y flex-gateway
Register Flex Gateway with Local Mode
- Now register the gateway by running below command
flexctl register sample-localmode-gateway \
--token=0ad9e07a-3b49-****-54bc4a8a022a \
--organization=0fecd363-*****-86f3-c583b7d491e2 \
--connected=false\
--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d
Note — we have done some modification to above command!
- added the name of gateway sample-localmode-gateway.
- changed the connected flag to false, as we will be connecting in the local mode.
- Update the token and organization values.
Sometime need to update the permission of the conf.d folder. use below command for same
sudo chmod 777 /usr/local/share/mulesoft/flex-gateway/conf.d
- Once registration done, we could see the registration.yaml file in conf.d folder.
Start the gateway.
- Run below command to start the gateway.
sudo systemctl start flex-gateway
Verify
- Validate the status of the gateway.
systemctl list-units flex-gateway*
Note —
Here we have just configured the single replica, check below article to understand how to configure the multiple replicas — Anypoint Flex Gateway — Configure Replicas | by Venkatesh Jujarao | May, 2023 | Medium
Deploy API
Add New API in Config File
When you install Flex Gateway in local mode, you can edit all the gateway configurations from a .yaml file. Such as your API instances and security policies. Once you have installed, registered, and started your gateway in local mode, you can now secure your APIs using a configuration file.
- Create a new .yaml file in the same folder where you installed Flex Gateway (where the registration.yaml file was created i.e. under conf.d folder). The name can be whatever you choose. We’ll call it sampleConfig.yaml in this tutorial
- Copy the following snippet and paste it in the new sampleConfig.yaml
sampleConfig.yaml
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: config
spec:
address: http://{host}:{port}
services:
httpbin:
address: http://httpbin.org/
routes:
- rules:
- path: /api(/.*)
Test the gateway.
- As we can see in below screenshots, the API calls are routing from our flex gateway to backend (in this case httpbin.org)
Secure the API
- Lets secure our API with basic authnetication policy.
- Add below policy configuration in the .yaml file.
policies:
- policyRef:
name: http-basic-authentication-flex
config:
username: user
password: pass
- Final file would look like -
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: config
spec:
address: http://ec2-3-89-125-128.compute-1.amazonaws.com:80
services:
httpbin:
address: http://httpbin.org/
routes:
- rules:
- path: /api(/.*)
policies:
- policyRef:
name: http-basic-authentication-flex
config:
username: user
password: pass
If you are facing any issue while connecting to flex gateway, then try stopping and starting the gateway once.
stop
sudo systemctl stop flex-gateway
start
sudo systemctl start flex-gateway
- After some time, you could observe that without valid credentials API requests are not entertain by the gateway and rejected with 401 error.
- When we pass the valid credentials, we could see that we are able to access the API.
Conclusion
In this article we understood,
- When to use flex gateway local and connected mode
- How to setup flex gateway in local mode
- How to secure the API through .yaml file
Reference
How to Setup Anypoint Flex Gateway | by Venkatesh Jujarao | Another Integration Blog | Medium
How to install Anypoint Flex Gateway in local mode as a Linux service | MuleSoft Developers
What Is Universal API Management | MuleSoft
Declarative Configuration Reference Guide | MuleSoft Documentation