Kong manager not connecting to kong admin API

[andresmorago]

Hello everyone,

I'm currently deploying a Docker Compose setup on my server, and I'm facing issues with accessing Kong Manager. It seems like the port mapping in my docker-compose.yml file isn't working correctly.

The primary goal is to access Kong Manager from a remote machine. Kong is running on my server, and I've customized the mapped ports. However, Kong Manager still tries to access port 8001 using my server's external IP instead of routing through Docker.

Here is the error that i see on the web page

as well as in the console Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://172.30.19.123:8001/workspaces?size=1000. (Reason: CORS request did not succeed). Status code: (null).

Here is my current docker-compose.yml

services:
  kong-database:
    image: postgres:13
    container_name: kong-database
    restart: unless-stopped
    networks:
      - subred_fcv_04
    environment:
      POSTGRES_USER: kong
      POSTGRES_DB: kong
      POSTGRES_PASSWORD: kongpass
    volumes:
      - ./kong_db:/var/lib/postgresql/data

  kong-gateway:
    image: kong/kong-gateway:3.7.1.2
    container_name: kong-gateway
    restart: unless-stopped
    networks:
      - subred_fcv_01
      - subred_fcv_04
      - subred_fcv_03

    ports:
      - "28000:8000" #Takes incoming HTTP traffic from Consumers, and forwards it to upstream Services.
      - "28002:8002" #Kong Manager (GUI). Listens for HTTP traffic.

    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_USER: kong
      KONG_PG_PASSWORD: kongpass
      KONG_PROXY_ACCESS_LOG: /dev/stdout
      KONG_ADMIN_ACCESS_LOG: /dev/stdout
      KONG_PROXY_ERROR_LOG: /dev/stderr
      KONG_ADMIN_ERROR_LOG: /dev/stderr
      KONG_ADMIN_LISTEN: 0.0.0.0:8001
#      KONG_ADMIN_GUI_LISTEN: http://0.0.0.0:8002     
      KONG_ADMIN_GUI_URL: http://0.0.0.0:8002
#      KONG_ADMIN_GUI_URL: "*"
#      KONG_ADMIN_GUI_PATH: /

    command: kong migrations bootstrap
    depends_on:
      - kong-database
    volumes:
      - ./kong_data:/app/logs

  konga:
    image: pantsel/konga
    container_name: konga
    restart: unless-stopped
    networks:
      - subred_fcv_04  
    ports:
      - "1337:1337"
    depends_on:
      - kong-gateway
    volumes:
      - ./konga:/app/kongadata

volumes:
  kong_data:
  kong_db:
  konga:

networks:
  subred_fcv_01:
    external: true
  subred_fcv_04:
    external: true
  subred_fcv_03:
    external: true
    

[teneous]

I have the same issue, if I use this config, it works well .

kong:
    image: kong:latest
    ports:
      - "8000:8000"   # Proxy Port 
      - "8001:8001"  # Admin API
      - "8002:8002"   # Admin WEB
      - "8444:8444"   # SSL WEB
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_USER: kong
      KONG_PG_PASSWORD: kong
      KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ADMIN_GUI_PATH: '/'
      KONG_ADMIN_GUI_URL: http://localhost:8002/manager
      KONG_PROXY_ACCESS_LOG: /var/log/kong/access.log
      KONG_PROXY_ERROR_LOG: /var/log/kong/error.log
      KONG_ADMIN_ACCESS_LOG: /var/log/kong/admin_access.log
      KONG_ADMIN_ERROR_LOG: /var/log/kong/admin_error.log

if I change 8002 to 18002, the admin page won't show any data.

  kong:
    image: kong:latest
    ports:
      - "18000:8000"   # Proxy Port 
      - "18001:8001"  # Admin API
      - "18002:8002"   # Admin WEB
      - "18444:8444"   # SSL WEB
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_USER: kong
      KONG_PG_PASSWORD: kong
      KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ADMIN_GUI_PATH: '/'
      KONG_ADMIN_GUI_URL: http://localhost:8002/manager
      KONG_PROXY_ACCESS_LOG: /var/log/kong/access.log
      KONG_PROXY_ERROR_LOG: /var/log/kong/error.log
      KONG_ADMIN_ACCESS_LOG: /var/log/kong/admin_access.log
      KONG_ADMIN_ERROR_LOG: /var/log/kong/admin_error.log

[teneous]

I have the same issue, if I use this config, it works well .

kong:
    image: kong:latest
    ports:
      - "8000:8000"   # Proxy Port 
      - "8001:8001"  # Admin API
      - "8002:8002"   # Admin WEB
      - "8444:8444"   # SSL WEB
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_USER: kong
      KONG_PG_PASSWORD: kong
      KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ADMIN_GUI_PATH: '/'
      KONG_ADMIN_GUI_URL: http://localhost:8002/manager
      KONG_PROXY_ACCESS_LOG: /var/log/kong/access.log
      KONG_PROXY_ERROR_LOG: /var/log/kong/error.log
      KONG_ADMIN_ACCESS_LOG: /var/log/kong/admin_access.log
      KONG_ADMIN_ERROR_LOG: /var/log/kong/admin_error.log

if I change 8002 to 18002, the admin page won't show any data.

  kong:
    image: kong:latest
    ports:
      - "18000:8000"   # Proxy Port 
      - "18001:8001"  # Admin API
      - "18002:8002"   # Admin WEB
      - "18444:8444"   # SSL WEB
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_USER: kong
      KONG_PG_PASSWORD: kong
      KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ADMIN_GUI_PATH: '/'
      KONG_ADMIN_GUI_URL: http://localhost:8002/manager
      KONG_PROXY_ACCESS_LOG: /var/log/kong/access.log
      KONG_PROXY_ERROR_LOG: /var/log/kong/error.log
      KONG_ADMIN_ACCESS_LOG: /var/log/kong/admin_access.log
      KONG_ADMIN_ERROR_LOG: /var/log/kong/admin_error.log

At final, I found the reason. when you wanna use another port instead of 8002 and 8001. You have to add this line

  kong:
    image: kong:latest
    ports:
      - "18000:8000"   # Proxy Port 
      - "18001:8001"  # Admin API
      - "18002:8002"   # Admin WEB
      - "18444:8444"   # SSL WEB
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-database
      KONG_PG_USER: kong
      KONG_PG_PASSWORD: kong
      KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_ADMIN_GUI_PATH: '/'
      KONG_ADMIN_GUI_API_URL: http://localhost:18001  # this is very important , it helps manger to fetch data 
      KONG_ADMIN_GUI_URL: http://localhost:18002/manager  # this is to specify the access url
      KONG_PROXY_ACCESS_LOG: /var/log/kong/access.log
      KONG_PROXY_ERROR_LOG: /var/log/kong/error.log
      KONG_ADMIN_ACCESS_LOG: /var/log/kong/admin_access.log
      KONG_ADMIN_ERROR_LOG: /var/log/kong/admin_error.log
    volumes:
      - ./logs:/var/log/kong

check official reference at here : https://github.com/Kong/kong/blob/master/kong.conf.default

[chobits]

hi @andresmorago , do you think @teneous 's solution could work for you?

[a-super-admin]

I am facing a similar CORS problem when using docker compose and a reverse proxy that issues a cert for a single TDL over 443. I can override the ports by using KONG_ADMIN_GUI_API_URL (else the GUI wants to connect to 8444) but the GUI won't connect to the API with 405 method not allowed. My nginx reverse proxy is pointing to the GUI on 8002.

KONG_PROXY_LISTEN: "${KONG_PROXY_LISTEN:-0.0.0.0:8076}"
KONG_ADMIN_LISTEN: "${KONG_ADMIN_LISTEN:-0.0.0.0:8001}"
KONG_ADMIN_GUI_LISTEN: "${KONG_ADMIN_GUI_LISTEN:-0.0.0.0:8002}"
KONG_ADMIN_GUI_API_URL: https://kong.test.com
# KONG_ADMIN_GUI_URL: http://localhost:8002/manager  

Has anybody this constellation working?

[timkrest]

If you’re enabling SSL, make sure to add certificates to the following environment variables:

KONG_SSL_CERT: "/path/to/kong.crt"
KONG_SSL_CERT_KEY: "/path/to/kong.key"
KONG_ADMIN_SSL_CERT: "/path/to/kong.crt"
KONG_ADMIN_SSL_CERT_KEY: "/path/to/kong.key"
KONG_ADMIN_GUI_SSL_CERT: "/path/to/kong.crt"
KONG_ADMIN_GUI_SSL_CERT_KEY: "/path/to/kong.key"

[malvinpratama]

can we not expose admin api port and KONG_ADMIN_GUI_API_URL use internal network docker like http://service_name:admin_api_port ?

[frosk1]

any updates on this

[Ricardo2001ZG]

same issue

[Pandede]

Use internal Docker network instead of exposed network is the best practice. I wish this can be fixed.