Open in app

Sign in

Write

Sign in

Flex Gateway Setup — Local Mode

Venkatesh Jujarao
Another Integration Blog
Published in
5 min readMay 18, 2023

This article is an extension of my previous article How to Setup Anypoint Flex Gateway | by Venkatesh Jujarao | Another Integration Blog | Medium, where I have explained about basics of flex gateway and how to setup a flex gateway in connected mode.

In this article we are going to discuss about how to setup flex gateway in local mode

Pre-requisite

  • Valid Anypoint Platform Account.
  • Linux or any other supported OS (for more details refer here) to install the flex gateway.

For this walkthrough we are going to use AWS Linux EC2 instance.

For details about how to setup AWS EC2 instance please refer —

Create an AWS EC2 Instance | by Venkatesh Jujarao | Feb, 2023 | Medium

When to use Connected and When to use Local Mode

  • Local Mode
- Local YAML configuration files
- Configuration can be updated via CI/CD pipelines
- Disconnected from control plane
- No runtime or management dependency on Anypoint platform services
Local Mode
  • Connected Mode
- Connected to the Anypoint control plane
- Centralized management of Flex Gateways, deployed APIs, and applied policies
- Centralized security and observability of your gateways
Connected Mode

Flex Gateway Setup in Local Mode

Install Flex Gateway

  • Run blow Command to Install Flex Gateway (this can be found in Runtime manager → Flex Gateway → Add Flex Gateway)
curl -XGET https://flex-packages.anypoint.mulesoft.com/ubuntu/pubkey.gpg | sudo apt-key add -
echo "deb https://flex-packages.anypoint.mulesoft.com/ubuntu $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/mulesoft.list
sudo apt update
sudo apt install -y flex-gateway
Install Command Output

Register Flex Gateway with Local Mode

  • Now register the gateway by running below command
flexctl register sample-localmode-gateway \
  --token=0ad9e07a-3b49-****-54bc4a8a022a \
  --organization=0fecd363-*****-86f3-c583b7d491e2 \
  --connected=false\
  --output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d

Note — we have done some modification to above command!

- added the name of gateway sample-localmode-gateway.

- changed the connected flag to false, as we will be connecting in the local mode.

- Update the token and organization values.

Sometime need to update the permission of the conf.d folder. use below command for same

sudo chmod 777 /usr/local/share/mulesoft/flex-gateway/conf.d
  • Once registration done, we could see the registration.yaml file in conf.d folder.

Start the gateway.

  • Run below command to start the gateway.
sudo systemctl start flex-gateway

Verify

  • Validate the status of the gateway.
systemctl list-units flex-gateway*

Note

Here we have just configured the single replica, check below article to understand how to configure the multiple replicas — Anypoint Flex Gateway — Configure Replicas | by Venkatesh Jujarao | May, 2023 | Medium

Deploy API

Add New API in Config File

When you install Flex Gateway in local mode, you can edit all the gateway configurations from a .yaml file. Such as your API instances and security policies. Once you have installed, registered, and started your gateway in local mode, you can now secure your APIs using a configuration file.

  • Create a new .yaml file in the same folder where you installed Flex Gateway (where the registration.yaml file was created i.e. under conf.d folder). The name can be whatever you choose. We’ll call it sampleConfig.yaml in this tutorial
  • Copy the following snippet and paste it in the new sampleConfig.yaml

sampleConfig.yaml

apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: config
spec:
  address: http://{host}:{port}
  services:
    httpbin:
      address: http://httpbin.org/
   routes:
        - rules:
            - path: /api(/.*)

Test the gateway.

  • As we can see in below screenshots, the API calls are routing from our flex gateway to backend (in this case httpbin.org)

Secure the API

  • Lets secure our API with basic authnetication policy.
  • Add below policy configuration in the .yaml file.
policies:
    - policyRef:
        name: http-basic-authentication-flex
      config:
        username: user
        password: pass
  • Final file would look like -
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: config
spec:
  address: http://ec2-3-89-125-128.compute-1.amazonaws.com:80
  services:
    httpbin:
      address: http://httpbin.org/
      routes:
        - rules:
            - path: /api(/.*)
  policies:
    - policyRef:
        name: http-basic-authentication-flex
      config:
        username: user
        password: pass

If you are facing any issue while connecting to flex gateway, then try stopping and starting the gateway once.

stop

sudo systemctl stop flex-gateway

start

sudo systemctl start flex-gateway
  • After some time, you could observe that without valid credentials API requests are not entertain by the gateway and rejected with 401 error.
  • When we pass the valid credentials, we could see that we are able to access the API.

Conclusion

In this article we understood,

  • When to use flex gateway local and connected mode
  • How to setup flex gateway in local mode
  • How to secure the API through .yaml file

Reference

How to Setup Anypoint Flex Gateway | by Venkatesh Jujarao | Another Integration Blog | Medium

How to install Anypoint Flex Gateway in local mode as a Linux service | MuleSoft Developers

What Is Universal API Management | MuleSoft

Declarative Configuration Reference Guide | MuleSoft Documentation

Mulesoft
Flex Gateway
Mule
Gateway
Security

--

--

Venkatesh Jujarao
Another Integration Blog

Written by Venkatesh Jujarao

88 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams