Kong Manager fails to work due to Admin API CORS protection

[xiaopanggege]

Is there an existing issue for this?

• [X] I have searched the existing issues

Kong version ($ kong version)

3.7

Current Behavior

我按照官方的docker方法安装：

docker run -d --name kong-gateway \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kongpass" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
-e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
-e KONG_LICENSE_DATA \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
-p 8002:8002 \
-p 8445:8445 \
-p 8003:8003 \
-p 8004:8004 \
kong/kong-gateway:3.7.1.1

没有报错，成功启动，但是kong manager有问题， 导致我无法做任何操作。 我是通过另一台PC访问http://10.97.2.100:8002/workspaces出现上面的情况

Expected Behavior

No response

Steps To Reproduce

No response

Anything else?

No response

[hanshuebner]

Hello @xiaopanggege,

you are running the Enterprise version of Kong Gateway. Please head to the Kong Enterprise Support page to get support for the commercial offering.

Kind regards, Hans

[xiaopanggege]

@hanshuebner 我安装了oss版本也有问题 开启kong manager： docker exec -i kong-gateway /bin/sh -c "export KONG_ADMIN_GUI_PATH='/'; export KONG_ADMIN_GUI_URL='http://0.0.0.0:8002/manager'; kong reload; exit"

开源版的我安装命令是这个：

docker run --rm --network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kongpass" \
kong:3.7.0 kong migrations bootstrap

docker run -d --name kong-gateway \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kongpass" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-e "KONG_ADMIN_GUI_URL=http://0.0.0.08002" \
-p 8000:8000 \
-p 8443:8443 \
-p 0.0.0.0:8001:8001 \
-p 0.0.0.0:8002:8002 \
-p 0.0.0.0:8444:8444 \
kong:3.7.0

[hanshuebner]

Your problem is that you've got KONG_ADMIN_GUI_URL incorrectly set, causing Kong Manager's Admin API requests to be rejected due to CORS protection. In your setup, you want to set KONG_ADMIN_GUI_URL=http://10.97.2.100.

[hanshuebner]

@sumimakito This really is - I'd say - a bug in Kong Manager, which fails to produce a useful error message if it cannot communicate with the backend due to CORS misconfiguration. I would suggest trapping CORS errors and displaying helpful message, which probably should also mention ADMIN_GUI_URL and/or a pointer to the relevant documentation.

[xiaopanggege]

@hanshuebner Thank you very much, that's why I mistakenly thought 0.0.0.0 could be used externally

[sumimakito]

Thanks @xiaopanggege for reporting this issue.

@hanshuebner Thanks for your help. It's true that it would be better if we could show messages/warnings to users to allow them to find out which configuration is causing the issue. Moreover, we should improve the documentation for setting up Kong Manager.

I've created two tickets KM-293 and KM-294 to track this.

[ramuyk]

I've installed kong (not the enterprise) on Ubuntu 24.04 without docker and I'm facing a similar issue...

After modifying the /etc/kong/kong.conf file and restarting kong I'm still facing the CORS issue

Is the kong manager only available for the enterprise version?

[hanshuebner]

@ramuyk Kong Manager is available for the open source and enterprise versions of Kong Gateway, although the two versions have different feature sets. The source code for the open source version is hosted on GitHub as well.

I have just verified that the open source version works in a locally deployed version of Kong Gateway. Are you sure that you have restarted the Gateway and that the configuration file is correctly picked up?

[ramuyk]

I've installed kong from the package manager following the documentation page (https://docs.konghq.com/gateway/latest/install/linux/ubuntu/). It says we can install kong with this script https://get.konghq.com/install on Ubuntu.

Actually, the script provided in the documentation fails on Ubuntu 24.04 due to its outdated GPG key handling approach.

However, I've fixed this issue by substituting the lines

echo "deb [trusted=yes] https://download.konghq.com/gateway-3.x-ubuntu-$(lsb_release -sc)/ \
default all" | sudo tee /etc/apt/sources.list.d/kong.list > /dev/null

to

curl -1sLf "https://packages.konghq.com/public/gateway-37/gpg.C05D9BEAEB9E8E18.key" | gpg --dearmor | sudo tee /usr/share/keyrings/kong-gateway-37-archive-keyring.gpg > /dev/null
curl -1sLf "https://packages.konghq.com/public/gateway-37/config.deb.txt?distro=ubuntu&codename=jammy" | sudo tee /etc/apt/sources.list.d/kong-gateway-37.list > /dev/null

And changed the variable KONG_PACKAGE_NAME to kong instead of enterprise... Kong gets up and running if I do it, even though other changes in my kong.conf seem to be working fine, this admin_gui_url doesn't seem to control the CORS. Am I missing any other configuration?

[zailaib]

@hanshuebner Thank you very much, that's why I mistakenly thought 0.0.0.0 could be used externally

请问最终是咋解决的？

[xiaopanggege]

@zailaib 改成服务器的真是ip：10.97.2.100，然后浏览器访问http://10.97.2.100:8002，就是你浏览器想要访问什么就配置什么，想要用域名应该也可以

[zailaib]

@zailaib 改成服务器的真是ip：10.97.2.100，然后浏览器访问http://10.97.2.100:8002，就是你浏览器想要访问什么就配置什么，想要用域名应该也可以

嗯，用了你的方法，可以了， 🙏 docker run -d --name kong-gateway \

--network="host" \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=127.0.0.1" \ -e "KONG_PG_USER=kong" \ -e "KONG_PG_PASSWORD=kongpass" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ -e "KONG_ADMIN_GUI_URL=http://**10.10.60.47**:8002" \ -p 8000:8000 \ -p 8443:8443 \ -p 0.0.0.0:8001:8001 \ -p 0.0.0.0:8002:8002 \ -p 0.0.0.0:8444:8444 \ kong:3.7.1