Friday, May 20, 2016

Tyk with Apache Directory Studio

So I was getting all sort of weird errors due to mismatch in the dn. Then we decided to switch to Apache Directory Studio from OpenLDAP, as it is more user-friendly. Finally, I got Tyk configured with LDAP, thanks to Apache Directory Studio.


First, I had to configure the profiles.json of Tyk.
[{
    "ActionType": "GenerateOrLoginUserProfile",
    "ID": "4",
    "OrgID": "573cb5c7a57xxxdeb1f78000001",
    "ProviderConfig": {
        "FailureRedirect": "http://dashboard.tyk-local.com:3000/?fail=true",
        "LDAPAttributes": [],
        "LDAPPort": "10389",
        "LDAPServer": "localhost",
        "LDAPUserDN": "cn=*USERNAME*,ou=people,dc=sharmalab,dc=bmi,dc=emory,dc=edu"
    },
    "ProviderName": "ADProvider",
    "ReturnURL": "http://dashboard.tyk-local.com:3000/tap",
    "Type": "passthrough"
}
]

and also tib.conf, reflecting the ports and all.
{
    "Secret": "934893845123491xxx238192381486djfhr87234827348",
    "HttpServerOptions": {
        "UseSSL": false,     
        "CertFile": "./certs/server.pem",
        "KeyFile": "./certs/server.key"
    },
    "BackEnd": {
        "Name": "in_memory",
        "ProfileBackendSettings": {},
        "IdentityBackendSettings": {
            "Hosts" : {
                "localhost": "6379"
            },
            "Password": "",
            "Database": 0,
            "EnableCluster": false,
            "MaxIdle": 1000,
            "MaxActive": 2000
        }
    },
    "TykAPISettings": {
        "GatewayConfig": {
            "Endpoint": "http://dashboard.tyk-local.com",
            "Port": "8080",
            "AdminSecret": "54321"
        },
        "DashboardConfig": {
            "Endpoint": "http://dashboard.tyk-local.com",
            "Port": "3000",
            "AdminSecret": "12345"
        }
    }
}

Finally, I was able to send a POST request to http://localhost:3010/auth/4/ldap?username=pradeeban&password=34%$%$4w33

INFO[0008] [AD AUTH] User bind successful: pradeeban   
INFO[0008] [TYK ID HANDLER] Creating identity for: {map[] ADProvider pradeeban@ADProvider    pradeeban    }

Thursday, May 19, 2016

Configuring Tyk with the Identity Broker in Ubuntu 14.04 LTS

Tyk Dashboard
For the past couple of days, I have been evaluating Tyk with the Identity Broker in Ubuntu. Thanks Martin for helping me in a series of on-going discussion threads, I have managed to make most of it working. This post is a live document. ;)


Add to /etc/hosts file:127.0.0.1 dashboard.tyk-local.com
127.0.0.1 portal.tyk-local.com

Configure Tyk Gateway
sudo /opt/tyk-gateway/install/setup.sh --dashboard=http://dashboard.tyk-local.com:3000 --listenport=8080 --redishost=localhost --redisport=6379 --domain=""


Configure Tyk Dashboard
sudo /opt/tyk-dashboard/install/setup.sh --listenport=3000 --redishost=localhost --redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics --tyk_api_hostname=127.0.0.1 --tyk_node_hostname=http://127.0.0.1 --tyk_node_port=8080 --portal_root=/portal --domain="dashboard.tyk-local.com"


Configure Tyk Pump
sudo /opt/tyk-pump/install/setup.sh --redishost=localhost --redisport=6379 --mongo=mongodb://127.0.0.1/tyk_analytics


sudo service tyk-pump start
sudo service tyk-dashboard start

http://dashboard.tyk-local.com:3000/

Add the license in the prompt.

sudo service tyk-dashboard restart
sudo service tyk-gateway start

sudo /opt/tyk-dashboard/install/bootstrap.sh dashboard.tyk-local.com

Now you are good to start Tyk.

However, to enable TIB, you need to do some more steps.

In /opt/tyk-dashboard/tyk-analytics.conf

    "identity_broker": {
        "enabled": true,
        "host": {
            "connection_string": "http://localhost:3010",
            "secret": "934893845123491238192381486djfhr87234827348"
        }
    },

Make sure the shared secrets match in tyk-analytics.conf and tib.conf of tib.
https://tyk.io/docs/tyk-dashboard-v1-0/configuration/

Now restart everything.
sudo service tyk-pump stop
sudo service tyk-dashboard stop
sudo service tyk-gateway stop

sudo service tyk-pump start
sudo service tyk-dashboard start
sudo service tyk-gateway start

Start TIB
cd /home/pradeeban/programs/tib-v0.1
./tib


Find the logs.
sudo tail -f /var/log/upstart/tyk-dashboard.log
sudo tail -f /var/log/upstart/tyk-gateway.log
sudo tail -f /var/log/upstart/tyk-pump.log

Thursday, May 12, 2016

Configuring Kong with Cassandra

Install Kong

Install Cassandra

You may need to install Cassandra Driver

pip install --pre cassandra-driver

pip install --pre --upgrade cassandra-driver


Kong does not work with apache-cassandra-3.x as of now.

root@llovizna:/usr/bin# kong start
[INFO] kong 0.8.1
[INFO] Using configuration: /etc/kong/kong.yml
[INFO] Setting working directory to /usr/local/kong
[INFO] database...........cassandra contact_points=127.0.0.1:9042 data_centers= ssl=verify=false enabled=false port=9042 timeout=5000 replication_strategy=SimpleStrategy keyspace=kong replication_factor=1 consistency=ONE
[INFO] Leaving cluster..
[ERR] [Invalid] unconfigured table schema_keyspaces
[ERR] Could not start Kong


It does work well with
apache-cassandra-2.2.6

Install and start the kong-dashboard for an interactive GUI.
npm start

Installing Kong from Source on Ubuntu

root@llovizna:/home/pradeeban/programs/kong# make install
/bin/sh: 4: luarocks: not found
make: *** [install] Error 127

root@llovizna:/home/pradeeban/programs/kong# apt-get install luarocks


make install again.

Error: Failed installing dependency: http://luarocks.org/repositories/rocks/lrexlib-pcre-2.7.2-1.src.rock - Could not find expected file pcre.h for PCRE -- you may have to install PCRE in your system and/or pass PCRE_DIR or PCRE_INCDIR to the luarocks command. Example: luarocks install lrexlib-pcre PCRE_DIR=/usr/local
make: *** [install] Error 1

apt-get install libpcre3 libpcre3-dev

Missing dependencies for kong:
lua_uuid ~> 0.2.0-2
..
gcc -O2 -fPIC -I/usr/include/lua5.1 -c lua_uuid.c -o lua_uuid.o
lua_uuid.c:9:23: fatal error: uuid/uuid.h: No such file or directory
 #include
                       ^
compilation terminated.

Error: Failed installing dependency: http://luarocks.org/repositories/rocks/lua_uuid-0.2.0-2.rockspec - Build error: Failed compiling object lua_uuid.o
make: *** [install] Error 1


apt-get install uuid-dev

Now
make install
again, which is successful.

When running make dev.
/usr/bin/env: luajit: No such file or directory
make: *** [dev] Error 127

apt-get install luajit

Modify the
kong/kong.yml
accordingly to configure the Kong execution.

Friday, April 22, 2016

The war against the Ad Blockers

Many web sites these days are identifying which browsers have Ad Blcokers configured, and ask the ad blockers to be disabled. I am not entirely sure whether it is the decision of the ad blocker developers to make these ad blockers easy to detect, or is it technically difficult to implement an ad blocker that can go unnoticed by these web sites.

To be honest, I did not do any research on what is really the case. There is of course some point in these web sites. Their major revenue is from the advertisements, and if we block it through the ad blockers, they lose their major revenue. So I am not going to blame them either. Just wondering who is responsible for the current weak situation with the ad blockers - or is it just Adblock Plus?