Default and Custom Networking Configuration for Kong Manager

Common configurations to enable are

• Serving Kong Manager from a dedicated Kong node

  When Kong Manager is on a dedicated Kong node, it must make external calls to the Admin API. Set to the location of your Admin API.

• Securing Kong Manager through a Kong Authentication Plugin

• Securing Kong Manager and serving it from a dedicated node

  When Kong Manager is secured and served from a dedicated node, set admin_api_uri to the location of the Admin API.

The table below summarizes which properties to set (or defaults to verify) when configuring Kong Manager connectivity to the Admin API.

To enable authentication, configure the following properties:

• (optional)
• admin_gui_session_conf set to the desired configuration
• set to

In order to serve Kong Manager over HTTPS, use a trusted certificate authority to issue TLS certificates, and have the resulting .crt and .key files ready for the next step.

1) Move .crt and .key files into the desired directory of the Kong node.

2) Point admin_gui_ssl_cert and at the absolute paths of the certificate and key.

3) Ensure that is prefixed with https to use TLS, e.g.,

External CAs cannot provide a certificate since no one uniquely owns localhost, nor is it rooted in a top-level domain (e.g., .com, .org). Likewise, self-signed certificates will not be trusted in modern browsers. Instead, it is necessary to use a private CA that allows you to issue your own certificates. Also ensure that the SSL state is cleared from the browser after testing to prevent stale certificates from interfering with future access to .