Consul API gateway running on VM issue

Hi,

I am trying to setup the API gateway on virtual machines.

The API Gateway service appears in the Consul UI, but the port for the listener is not opened on the gateway machines.

These are my configurations

Kind = "api-gateway"
Name = "consul-api-gw-fra1"

// Each listener configures a port which can be used to access the Consul cluster
Listeners = [
    {
        Port = 8443
        Name = "api-gw-listener"
        Protocol = "http"
        TLS = {
            Certificates = [
                {
                    Kind = "inline-certificate"
                    Name = "my-certificate"
                }
            ]
        }
    }
]
Kind = "http-route"
Name = "my-http-route"

// Rules define how requests will be routed
Rules = [
  // Send all requests to UI services with 10% going to the "experimental" UI
  {
    Matches = [
      {
        Path = {
          Match = "prefix"
          Value = "/"
        }
      }
    ]
    Services = [
      {
        Name = "ui"
        Weight = 90
      },
      {
        Name = "experimental-ui"
        Weight = 10
      }
    ]
  },
  // Send all requests that start with the path `/api` to the API service
  {
    Matches = [
      {
        Path = {
          Match = "prefix"
          Value = "/api"
        }
      }
    ]
    Services = [
      {
        Name = "example"
      }
    ]
  }
]

Parents = [
  {
    Kind = "api-gateway"
    Name = "consul-api-gw-fra1"
  }
]

I write the config for the certificate first, then the config for the listener and then the routes

But I don’t see the port 8443 open on my gateway

This is the output of the config for the http route

    "Kind": "http-route",
    "Name": "my-http-route",
    "Parents": [
        {
            "Kind": "api-gateway",
            "Name": "consul-api-gw-fra1",
            "SectionName": ""
        }
    ],
    "Rules": [
        {
            "Filters": {
                "Headers": null,
                "URLRewrite": null,
                "RetryFilter": null,
                "TimeoutFilter": null,
                "JWT": null
            },
            "ResponseFilters": {
                "Headers": null
            },
            "Matches": [
                {
                    "Headers": null,
                    "Method": "",
                    "Path": {
                        "Match": "prefix",
                        "Value": "/api"
                    },
                    "Query": null
                }
            ],
            "Services": [
                {
                    "Name": "example",
                    "Weight": 1,
                    "Filters": {
                        "Headers": null,
                        "URLRewrite": null,
                        "RetryFilter": null,
                        "TimeoutFilter": null,
                        "JWT": null
                    },
                    "ResponseFilters": {
                        "Headers": null
                    }
                }
            ]
        }
    ],
    "Hostnames": null,
    "CreateIndex": 454,
    "ModifyIndex": 1578,
    "Status": {
        "Conditions": [
            {
                "Type": "Accepted",
                "Status": "False",
                "Reason": "InvalidDiscoveryChain",
                "Message": "route protocol does not match targeted service protocol",
                "Resource": {
                    "Kind": "",
                    "Name": "",
                    "SectionName": ""
                },
                "LastTransitionTime": "2024-04-28T07:16:46.600163222Z"
            },
            {
                "Type": "Bound",
                "Status": "False",
                "Reason": "FailedToBind",
                "Message": "failed to bind route to gateway consul-api-gw-fra1: route has not been accepted",
                "Resource": {
                    "Kind": "api-gateway",
                    "Name": "consul-api-gw-fra1",
                    "SectionName": ""
                },
                "LastTransitionTime": "2024-04-28T07:16:46.600237032Z"
            }
        ]
    }
}

Any help is really appreciated,
Thanks

Hi @fmp88 :wave:

The gateway won’t actually open listener ports until a route successfully binds to that listener.

Looking at the status on the http-route, it seems like the protocol on the example service is not http; however, it must be in order for it to be targeted by a http-route.

You can set the protocol of the example service using a proxy-defaults (link) or a service-defaults (link) configuration entry, and then your http-route should successfully bind.

Alternatively, you could use a tcp-route if your example service is using the tcp protocol and you’d like to keep it that way.

Let me know if this gets you up and running. I think our docs could use an addition explicitly pointing this requirement out.

Hi @nathancoleman
that was exactly the advice one of your colleagues also gave me and it worked all smoothly.
Thank you all very much, i didn’t expect to get it running this quickly

Yes it might be a good addition to the documentation.
The docs in this part feel generally lighter

Best

1 Like