Kong responds 404 when accessed vi Postman - api

I have set up an API and Kong. I have successfully installed Kong. In fact, i can access my APIs via curl on cli. However, when I use Postman, which I use all of the time, I get the response
{
"request_path": "/api/v1/",
"message": "API not found with these values",
"request_host": [
"192.168.33.13"
]
}
Ps. Im new to kong so please bear with me.
$ kong start
[INFO] Kong 0.7.0
[INFO] Using configuration: /etc/kong/kong.yml
[INFO] Setting working directory to /usr/local/kong
[INFO] database...........cassandra keyspace=kong ssl=verify=false enabled=false replication_factor=1 contact_points=127.0.0.1:9042 replication_strategy=SimpleStrategy timeout=5000 data_centers=
[INFO] dnsmasq............address=127.0.0.1:8053 dnsmasq=true port=8053
[INFO] serf ..............-profile=wan -rpc-addr=127.0.0.1:7373 -event-handler=member-join,member-leave,member-failed,member-update,member-reap,user:kong=/usr/local/kong/serf_event.sh -bind=0.0.0.0:7946 -node=precise64_0.0.0.0:7946 -log-level=err
[INFO] Trying to auto-join Kong nodes, please wait..
[WARN] Cannot auto-join the cluster because no nodes were found
[WARN] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
[INFO] nginx .............admin_api_listen=0.0.0.0:8001 proxy_listen=0.0.0.0:8000 proxy_listen_ssl=0.0.0.0:8443
[OK] Started
$ curl -i -X POST --url http://localhost:8001/apis/ --data 'name=geospatial' --data 'upstream_url=http://192.168.33.10/' --data 'request_host=192.168.33.10'
HTTP/1.1 201 Created
Date: Fri, 08 Apr 2016 14:38:22 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.7.0
{"upstream_url":"http:\/\/192.168.33.10\/","id":"240e6cc6-626f-4629-9551-0d341a57adba","name":"geospatial","created_at":1460126302000,"request_host":"192.168.33.10"}
When I curl the api...
$ curl -i -X GET -H "Host: 192.168.33.10" "http://192.168.33.13:8000/api/v1/"
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2016 14:56:04 GMT
Content-Type: application/json
Content-Length: 70
Connection: keep-alive
Server: Werkzeug/0.11.4 Python/2.7.6
X-Kong-Upstream-Latency: 4
X-Kong-Proxy-Latency: 0
Via: kong/0.7.0
{"status": 200, "message": 200, "data": "Hello World!", "error": null}
How ever when I try to use Postman, I get a 404 status response.
with this body
{
"request_path": "/api/v1/",
"message": "API not found with these values",
"request_host": [
"192.168.33.13"
]
}
Am I missing something?
Disclaimer:
I am using Postman because I am lazy and because my clients will mostly be using Postman as well. So dont tell me to to use curl instead :)

Just encountered the same problem.
In order to send to Kong you need to add Host header, but Postman has some restricted headers that are blocked and Host is one of them.
You need to download Chrome Inspector to send the Host header.
For more details -
https://www.getpostman.com/docs/requests

You need to setup the header parameter named "Host" in order to Kong find your API.
You can see that your curl command have this parameter
-H "Host: 192.168.33.10"

Related

Keycloak invalid_token Didn't find publicKey for specified kid

I am using keycloak to secure my rest service and I am able to get the token , but when I am using this token for to get my rest service response, getting following error:
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store, must-revalidate, private
X-Powered-By: Undertow/1
X-XSS-Protection: 1; mode=block
Server: WildFly/11
X-Frame-Options: SAMEORIGIN
Date: Wed, 30 Jan 2019 07:42:45 GMT
Connection: keep-alive
WWW-Authenticate: Bearer realm="demorealm", error="invalid_token", error_description="Didn't find publicKey for specified kid"
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Content-Length: 71
<html><head><title>Error</title></head><body>Unauthorized</body></html>
I followed below links but didn't get any output to solve this problem.
keycloak bearer token error - Didn't find publicKey for specified kid
Didn't find publicKey for kid ,Keycloak?
Edit 1 -
As per the detail token is properly generating with following command
curl -X POST -k -H 'Content-Type: application/x-www-form-urlencoded' -i 'https://<IP-ADDRESS>/auth/realms/apirealm/protocol/openid-connect/token' --data 'username=cwlcadmin&password=password#123&client_id=api-client-id&grant_type=password&client_secret=a682049d-587c-4c38-a594-814f08b0ca76'a#123&client_id=api-client-id
But when using this token hitting to rest-api,above declare exception is coming
curl -X GET -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJpeVlweXZtQU9Sc2RtNXlibWNqWUVSRUxJTnVFR2RNOThDeFVMSmdUTHFvIn0.eyJqdGkiOiJkZWQ4YzAzNC02NDM2LTRmNDAtYjZlNC0zYTI3MzcyNDJkODYiLCJleHAiOjE1NDg4NDUzMTQsIm5iZiI6MCwiaWF0IjoxNTQ4ODQzNTE0LCJpc3MiOiJodHRwczovLzEwLjUzLjIwMS4yMDcvYXV0aC9yZWFsbXMvYXBpcmVhbG0iLCJhdWQiOiJhcGktY2xpZW50LWlkIiwic3ViIjoiZjo4OWYzMDE0MC1kNTBjLTQ4ZjMtODIyYi02YmM1YTFkYjM3Yzg6MSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFwaS1jbGllbnQtaWQiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI0MWY4ZDU0MS1iZWQxLTQ4MjktOTM4ZC0xNjUxYmZlNzFkZTYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHBzOi8vMTAuNTMuMjAxLjIwNyJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfSwiYXBpLWNsaWVudC1pZCI6eyJyb2xlcyI6WyJyZXN0Il19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoicHEvSmJRPT0gaEp6b1J5QT0iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJjd2xjYWRtaW4iLCJnaXZlbl9uYW1lIjoicHEvSmJRPT0iLCJmYW1pbHlfbmFtZSI6ImhKem9SeUE9IiwiZW1haWwiOiJ0NWZxV2c3TjF3aUVWaGIxVlEwPSJ9.mPVPVdoRpwXU5Im9E8tlLz3DMrM8NrJ-oRiRZL0hceaszU0H58ca2HKhrtncY2WzCxidcuPPxb1fIh3XNR7C-Q-ifOS4VaIbAbH3pAehmhuBqu0gq3LAfVw8vBWVClVP1iKtPOz4cGeKqGQpKRRO1f8epSihVnRe3NWk1WVaD63jexc0EqawZpY-DqH1VDf5xpz8BY4UUqAAfAq0X6kZ7kBoqoiHFofS5eZJHx1mbN-N6qiCwGSwXP-V6JucoBygmqVDkoNCS9Ebx9DyQlXHStSd_KGbCLeIgMlYVPB8vsUy55IcrZGNJWVFsWcvudqTXwW2Tg8BBq-tsFkVuABs5w' -H 'Content-Type: application/json' -i 'https://<IP-ADDRESS>/api/v2/0/zones'
FYI - Using Wildfly and Load-balancer also which is provided by Wildfly
At last after couple of days struggle we are able to resolve the issue and issue with the Subsystem added in Wildfly server ,it should be like this
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<secure-deployment name="sure-admin-web.war">
<realm>Realm_Name</realm>
<resource>CLIENT_APP</resource>
<use-resource-role-mappings>true</use-resource-role-mappings>
<auth-server-url>https://<KEYCLOAK-IP>:8666/auth/</auth-server-url>
<ssl-required>NONE</ssl-required>
<credential name="secret">7df18c0d-d4c7-47b1-b959-af972684dab0</credential>
</secure-deployment>
</subsystem>
in our case we missed <ssl-required>NONE</ssl-required> and in <auth-server-url> we added wrong load-balancer url while it should be Keycloak URL.
FYI - Load-Balancer in working on HTTPS while keycloak running on http
I had similar problem. My back end app was in spring boot.
Turns out application.properties needed keycloak.realm-key to be set.
Refer to
https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/java-adapter-config.adoc

Add an API in Kong

New with REST and API Gateway.
I have installed Kong with Cassandra on a dev machine and I'm trying to add my API (spring-boot application) but reading the documentation I'm struggling to make it work.
My API:
http://ff-nginxdev-01:9003/fund-information-services/first-information/fund/{fundId}
when I run
http http://ff-nginxdev-01:9003/fund-information-services/first-information/fund/630
HTTP/1.1 200
Content-Type: application/json;charset=UTF-8
Date: Fri, 25 Nov 2016 14:47:30 GMT
Transfer-Encoding: chunked
X-Application-Context: application:9003
{
"assetSplit": {
"allocationHistories": [
{
"key": {
"asset": {
"description": "Other Far East",
"id": 18
},
"assetSplit": "09",
"effectiveDate": 1430348400000
},
......
......
Everything look fine and I'm able to retrieve the Json message.
Adding the API in Kong:
http POST http://ff-nginxdev-01:8001/apis/ name=fund-information upstream_url=http://ff-nginxdev-01:9003/ request_path=/fund-information-services
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Fri, 25 Nov 2016 14:39:45 GMT
Server: kong/0.9.4
Transfer-Encoding: chunked
{
"created_at": 1480084785000,
"id": "fdcc76d7-e2a2-4816-8f27-d506fdd32c0a",
"name": "fund-information",
"preserve_host": false,
"request_path": "/fund-information-services",
"strip_request_path": false,
"upstream_url": "http://ff-nginxdev-01:9003/"
}
Testing Kong API Gateway:
http http://ff-nginxdev-01:8000/fund-information-services/first-information/fund/630
HTTP/1.1 502 Bad Gateway
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Date: Fri, 25 Nov 2016 14:44:33 GMT
Server: kong/0.9.4
Transfer-Encoding: chunked
An invalid response was received from the upstream server
I know I'm missing something but it is not clear to me.
By default, Dynamic SSL plugin will binds a specific SSL certificate to the request_host in API.
You just define request_path in your API and that means SSL plugin does not apply when you use request_path.
You can read more to understand why it is like that in: this issue
To make your request works, I think you should read about how to proxy an API in: Proxy Reference
Here is my solution for your problem:
Method 1: Change "strip_request_path" to true
"strip_request_path": true
This method assume you didn't specify request_host first
Method 2: Using request_host instead
"request_host" : "your_api"
Then in your request header, you should add this request_host:
Example request:
curl -i -X POST --url http://ff-nginxdev-01:8000/fund-information-services/first-information/fund/630 --header 'Host: your_api'
and it will works
you missed the api name known by kong "fund-information", so if you do this
http POST http://ff-nginxdev-01:8001/apis/ name=fund-information upstream_url=http://ff-nginxdev-01:9003 request_path=/fund-information-services
your test url is
http http://ff-nginxdev-01:8000/fund-information/first-information/fund/630

Docker Hub API v2 token authentication issue

Currently, I'm working on a very light version of Docker containers orchestrator and I have to be able to get image digest from public Docker Hub registry. I want to use Docker Registry API v2 for this purposes.
I'm trying to get authorization token using following API call:
curl https://auth.docker.io/token?service=index.docker.io&scope=repository:alpine:pull
... and I get a response like following:
{"token":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE5qQTFNekV5TXpVNE5UZGFGdzB4TnpBMU16RXlNelU0TlRkYU1FWXhSREJDQmdOVkJBTVRPMUV6UzFRNlFqSkpNenBhUjFoT09qSlhXRTA2UTBWWFF6cFVNMHhPT2tvMlYxWTZNbGsyVHpwWlFWbEpPbGhQVTBRNlZFUlJTVG8wVWtwRE1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVo0NkVLV3VKSXhxOThuUC9GWEU3U3VyOXlkZ3c3K2FkcndxeGlxN004VHFUa0N0dzBQZm1SS2VLdExwaXNTRFU4LzZseWZ3QUFwZWh6SHdtWmxZR2dxT0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VVROTFZEcENNa2t6T2xwSFdFNDZNbGRZVFRwRFJWZERPbFF6VEU0NlNqWlhWam95V1RaUE9sbEJXVWs2V0U5VFJEcFVSRkZKT2pSU1NrTXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBTzYxSWloN1FUcHNTMFFIYUNwTDFZTWNMMnZXZlNydlhHbHpSRDEwN2NRUEFpRUFtZXduelNYRHplRGxqcDc4T1NsTFFzbnROYWM5eHRyYW0xU0kxY0ZXQ2tJPSJdfQ.eyJhY2Nlc3MiOltdLCJhdWQiOiJpbmRleC5kb2NrZXIuaW8iLCJleHAiOjE0NzQ1NDcyODMsImlhdCI6MTQ3NDU0Njk4MywiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiIzVTdCazF4dm9CLVA0MGJWVF9JSiIsIm5iZiI6MTQ3NDU0Njk4Mywic3ViIjoiIn0.516fS692WGHNi5Sc44iB8OFSLairrM6n1zNvVo5KXAxlsxsP4rE7VDmW5d0YqvTYeKfZAYIi9yEptx4xJlQ6DA"}
It seems that everything is okay and I'm trying to use obtained token for my next API call:
curl -i -H "Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE5qQTFNekV5TXpVNE5UZGFGdzB4TnpBMU16RXlNelU0TlRkYU1FWXhSREJDQmdOVkJBTVRPMUV6UzFRNlFqSkpNenBhUjFoT09qSlhXRTA2UTBWWFF6cFVNMHhPT2tvMlYxWTZNbGsyVHpwWlFWbEpPbGhQVTBRNlZFUlJTVG8wVWtwRE1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVo0NkVLV3VKSXhxOThuUC9GWEU3U3VyOXlkZ3c3K2FkcndxeGlxN004VHFUa0N0dzBQZm1SS2VLdExwaXNTRFU4LzZseWZ3QUFwZWh6SHdtWmxZR2dxT0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VVROTFZEcENNa2t6T2xwSFdFNDZNbGRZVFRwRFJWZERPbFF6VEU0NlNqWlhWam95V1RaUE9sbEJXVWs2V0U5VFJEcFVSRkZKT2pSU1NrTXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBTzYxSWloN1FUcHNTMFFIYUNwTDFZTWNMMnZXZlNydlhHbHpSRDEwN2NRUEFpRUFtZXduelNYRHplRGxqcDc4T1NsTFFzbnROYWM5eHRyYW0xU0kxY0ZXQ2tJPSJdfQ.eyJhY2Nlc3MiOltdLCJhdWQiOiJpbmRleC5kb2NrZXIuaW8iLCJleHAiOjE0NzQ1NDcyODMsImlhdCI6MTQ3NDU0Njk4MywiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiIzVTdCazF4dm9CLVA0MGJWVF9JSiIsIm5iZiI6MTQ3NDU0Njk4Mywic3ViIjoiIn0.516fS692WGHNi5Sc44iB8OFSLairrM6n1zNvVo5KXAxlsxsP4rE7VDmW5d0YqvTYeKfZAYIi9yEptx4xJlQ6DA" https://index.docker.io/v2/alpine/manifests/latest
... and here what I've got:
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:alpine:pull",error="invalid_token"
Date: Thu, 22 Sep 2016 12:27:54 GMT
Content-Length: 138
Strict-Transport-Security: max-age=31536000
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Name":"alpine","Action":"pull"}]}]}
Does anybody have ideas why token aouthentication fails for such simple flow?
The response in the Www-Authenticate header is trying to tell you what you need, although it could be more helpful.
First thing: the service you want is registry.docker.io.
Second thing: the repository name in the scope is incomplete. Official repositories only have a single-part name like alpine for the CLI, but in the registry it's properly called library/alpine.
So your token request should be:
curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/alpine:pull"
And then your image request is:
curl --header "Authorization: Bearer eyJh..." https://index.docker.io/v2/library/alpine/manifests/latest
And then you'll get the response.

RabbitMQ HTTP API call to aliveness-test returns 404 but other calls work

When using the HTTP API I am trying to make a call to the aliveness-test for monitoring purposes. At the moment I am testing using curl and the following command:
curl -i http://guest:guest#localhost:55672/api/aliveness-test/
And I get the following response:
HTTP/1.1 404 Object Not Found
Server: MochiWeb/1.1 WebMachine/1.9.0 (someone had painted it blue)
Date: Mon, 05 Nov 2012 17:18:58 GMT
Content-Type: text/html
Content-Length: 193
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><ADDRESS>mochiweb+webmachine web server</ADDRESS></BODY></HTML>
When making a request just to list the users or vhosts, the requests returns successfully:
$ curl -I http://guest:guest#localhost:55672/api/users
HTTP/1.1 200 OK
Server: MochiWeb/1.1 WebMachine/1.9.0 (someone had painted it blue)
Date: Mon, 05 Nov 2012 17:51:44 GMT
Content-Type: application/json
Content-Length: 11210
Cache-Control: no-cache
I'm using the latest stable version (2.8.7) of RabbitMQ and obviously have the management plugin installed for the API to work with the users call (the response is left out due to it containing company data but is just regular JSON as expected).
There isn't much on the internet about this call failing so I am wondering if anyone has seen this before?
Thanks,
Kristian
Turns out that the '/' at the beginning of the vhosts names is not implicit, even when as part of a URL. To get this to work I simply changed my request from:
curl -i http://guest:guest#localhost:55672/api/aliveness-test/
To
curl -i http://guest:guest#localhost:55672/api/aliveness-test/%2F
As %2F is '/' HTTP encoded, my request now queries the vhost named '/' and returns a 200 response which looks like:
{"status":"ok"}

How to post JSON data using curl over basic http auth?

I want to post data using curl unix command what I got by googling is doing like below:
curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"description": "This will prbbly be my lst post.", "transaction_id": "2011-05-22T00:46:38", "account": "another-post"}' http://127.0.0.1:8000/api/transaction/
But its is returning following response header like below:
curl: (6) Could not resolve host: POST; nodename nor servname provided, or not known
HTTP/1.0 401 UNAUTHORIZED
Date: Sat, 09 Jun 2012 18:50:37 GMT
Server: WSGIServer/0.1 Python/2.7.1
Content-Type: text/html; charset=utf-8
What I am doing wrong
You don't need to write "POST" to make curl(1) post - it will do that automatically if you give it a --data argument.
Instead, it is mistaking "POST" for the URL you want to send to, and failing as you might imagine. Drop that word and you should be good.