<!DOCTYPE html> <html lang="en-US" itemscope itemtype="http://schema.org/Article"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!-- OneTrust Cookies Consent Notice start for konghq.com --> <script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" type="text/javascript" charset="UTF-8" data-domain-script="2c4de954-6bec-4e93-8086-64cb113f151a"> </script> <script type="text/javascript"> function OptanonWrapper() { } </script> <!-- OneTrust Cookies Consent Notice end for konghq.com --> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer', 'GTM-NL48VKT');</script> <!-- End Google Tag Manager --> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Configuring PostgreSQL TLS - Kong Gateway | Kong Docs</title> <meta name="description" content="Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices."> <meta name="author" content="KongHQ"> <meta property="og:title" content="Configuring PostgreSQL TLS - Kong Gateway | Kong Docs"> <meta property="og:site_name" content="Kong Docs"> <!-- use share link for facebook --> <meta property="og:url" content="https://docs.konghq.com"> <meta property="og:description" content="Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices."> <meta property="og:type" content="website"> <meta property="og:locale" content="en_US"> <meta property="og:image" content="https://docs.konghq.com/assets/images/share.png"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@thekonginc"> <meta name="twitter:creator" content="@thekonginc"> <meta name="twitter:url" content="https://docs.konghq.com"> <meta name="twitter:description" content="Documentation for Kong, the Cloud Connectivity Company for APIs and Microservices."> <meta name="twitter:image" content="https://docs.konghq.com/assets/images/share.png"> <meta property="fb:admins" content="227304446"> <meta property="fb:admins" content="576641408"> <meta name="google-site-verification" content="CrU3zp02dNKTe8NSAipL4NCPkrIjDXG8fViTZ-MIzP4"> <script type="application/ld+json"> { "@context": "http://schema.org", "@type": "Organization", "name": "KongHQ", "url": "https://docs.konghq.com", "logo": "https://docs.konghq.com/assets/images/logo.png", "sameAs": [ "https://www.facebook.com/konginc", "https://twitter.com/thekonginc", "https://plus.google.com/+mashape" ] } </script> <!-- Preload assets --> <link rel="dns-prefetch" href="https://cloud.typography.com"> <link rel="dns-prefetch" href="https://dev.visualwebsiteoptimizer.com"> <link rel="dns-prefetch" href="https://cdn.segment.com"> <link rel="icon" type="image/x-icon" href="/assets/images/favicon.ico"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@docsearch/css@3"> <link rel="canonical" href="https://docs.konghq.com/gateway/latest/production/networking/configure-postgres-tls/"> <link rel="alternate" hreflang="x-default" href="https://docs.konghq.com/gateway/latest/production/networking/configure-postgres-tls/"> <link rel="alternate" hreflang="ja" href="https://docs.jp.konghq.com/gateway/latest/production/networking/configure-postgres-tls/"> <meta name="robots" content="follow,index"> <!-- FontAwesome icon font --> <script src="https://kit.fontawesome.com/1332a92967.js" crossorigin="anonymous"> </script> <script src="/vite/assets/application-BwnN4xAL.js" crossorigin="anonymous" type="module"></script> <link href="/vite/assets/_commonjsHelpers-Cpj98o6Y.js" rel="modulepreload" as="script" crossorigin="anonymous"> <link rel="stylesheet" href="/vite/assets/application-9w6VHfwH.css" media="screen"> </head> <body id="" data-spy="scroll" data-target="#scroll-sidebar" data-offset="350"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NL48VKT" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <header class="navbar-v2 closed"> <a class="skip-main" href="#main">Skip to content</a> <!-- uncomment the promo-banner div when adding a new promo banner--> <!--also uncomment the promo banner sections in app/assets/stylesheets/header.less and application.js--> <!-- <div id="promo-banner"> <div class="container"> <div class="closebanner"></div> <strong>2024 API Summit Hackathon: Experiment with API Innovation & AI. Submit by Sept 11 &nbsp;&mdash;<a href="https://konghq.com/conferences/kong-summit/hackathon?utm_medium=website&utm_source=docs-konghq-com&utm_campaign=docs-banner">Enter Now &rarr;</a> </strong> </div> </div> --> <div class="navbar-content"> <a href="https://konghq.com" class="navbar-brand col col-xl-auto" target="_blank" rel="noopener noreferrer"> <img src="/assets/images/logos/konglogo-dark-theme.svg" alt="Kong Logo" id="kong-logo"> </a> <span class="logo-divider">|</span> <a href="/" class="navbar-brand col col-xl-auto"> <img src="/assets/images/logos/docslogo-dark-theme.svg" alt="Kong Docs Logo" id="kong-docs-logo"> </a> <div class="separator mobile"></div> <div class="search-input-wrapper" id="getkong-algolia-search-input"> </div> <div class="search-results-wrapper"></div> <div class="navbar-items" role="navigation" aria-label="Main menu"> <ul class="navbar-items" role="menubar"> <li id="top-module-list" aria-haspopup="true" role="menuitem" aria-expanded="false" class="navbar-item main-menu-item with-submenu active"> <span tabindex="0" id="docs-link" class="main-menu-item-title">Docs</span> <span class="caret"></span> <ul class="navbar-item-submenu" role="menu"> <div class="submenu-section"> <li role="menuitem" class="docs-dropdown-li"> <a href="/api/" class="docs-dropdown-li__link" tabindex="-1"> <div class="docs-dropdown-li__card"> <span class="heading">Explore the API Specs</span> <div class="docs-dropdown-li__card-link"> <img src="/assets/images/landing-page/view-all-api-specs.png" alt="View all API Specs"> <span class="docs-dropdown-li__card-image"> View all API Specs <img src="/assets/images/landing-page/arrow-right.svg" alt="View all API Specs arrow image"> </span> </div> </div> </a> </li> <li role="menuitem" class="docs-dropdown-li" tabindex="-1"> <div class="docs-dropdown-li__section"> <div class="docs-dropdown-li__section-title"> <span class="heading">Documentation</span> </div> <div class="docs-dropdown-li__section-items"> <a class="item item-all" href="/api/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">API Specs</div> </div> </a> <a class="item" href="/gateway/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Gateway</div> <div class="item__description-desc">Lightweight, fast, and flexible cloud-native API gateway</div> </div> </a> <a class="item" href="/konnect/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Konnect</div> <div class="item__description-desc">Single platform for SaaS end-to-end connectivity</div> </div> </a> <a class="item" href="/gateway/latest/ai-gateway/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong AI Gateway</div> <div class="item__description-desc">Multi-LLM AI Gateway for GenAI infrastructure</div> </div> </a> <a class="item" href="/mesh/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Mesh</div> <div class="item__description-desc">Enterprise service mesh based on Kuma and Envoy</div> </div> </a> <a class="item" href="/deck/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">decK</div> <div class="item__description-desc">Helps manage Kong’s configuration in a declarative fashion</div> </div> </a> <a class="item" href="/kubernetes-ingress-controller/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Ingress Controller</div> <div class="item__description-desc">Works inside a Kubernetes cluster and configures Kong to proxy traffic</div> </div> </a> <a class="item" href="/gateway-operator/latest/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">Kong Gateway Operator</div> <div class="item__description-desc">Manage your Kong deployments on Kubernetes using YAML Manifests</div> </div> </a> <a class="item" href="https://docs.insomnia.rest/" tabindex="-1" target="_blank" rel="noopener nofollow noreferrer "> <div class="item__description"> <div class="item__description-title">Insomnia</div> <div class="item__description-desc">Collaborative API development platform</div> </div> </a> </div> </div> </li> </div> </ul> </li> <li role="menuitem" aria-haspopup="true" aria-expanded="false" class="navbar-item main-menu-item with-submenu navbar-item-hub"> <span id="plugin-link" class="main-menu-item-title" tabindex="0">Plugin Hub</span> <span class="caret"></span> <ul class="navbar-item-submenu" role="menu"> <div class="submenu-section"> <li role="menuitem" class="docs-dropdown-li"> <a href="/hub/" class="docs-dropdown-li__link" tabindex="-1"> <div class="docs-dropdown-li__card"> <span class="heading">Explore the Plugin Hub</span> <div class="docs-dropdown-li__card-link"> <img src="/assets/images/landing-page/view-all-plugins.svg" alt="View all plugins"> <span class="docs-dropdown-li__card-image"> View all plugins <img src="/assets/images/landing-page/arrow-right.svg" alt="View all plugins arrow image"> </span> </div> </div> </a> </li> <li role="menuitem" class="docs-dropdown-li"> <div class="docs-dropdown-li__section"> <div class="docs-dropdown-li__section-title"> <span class="heading">Functionality</span> <a href="/hub/" class="view-all" tabindex="-1"> View all <img src="/assets/images/landing-page/arrow-right.svg" alt="View all arrow image"> </a> </div> <div class="docs-dropdown-li__section-items"> <a class="item item-all" href="/hub/" tabindex="-1"> <div class="item__description"> <div class="item__description-title">View all plugins</div> </div> </a> <a class="item" href="/hub/?category=ai" tabindex="-1"> <div> <img src="/assets/images/nav/hub/ai.svg" alt="AI's icon"> </div> <div class="item__description"> <div class="item__description-title">AI</div> <div class="item__description-desc">Govern, secure, and control AI traffic with multi-LLM AI Gateway plugins</div> </div> </a> <a class="item" href="/hub/?category=authentication" tabindex="-1"> <div> <img src="/assets/images/nav/hub/lock_person.svg" alt="Authentication's icon"> </div> <div class="item__description"> <div class="item__description-title">Authentication</div> <div class="item__description-desc">Protect your services with an authentication layer</div> </div> </a> <a class="item" href="/hub/?category=security" tabindex="-1"> <div> <img src="/assets/images/nav/hub/shield.svg" alt="Security's icon"> </div> <div class="item__description"> <div class="item__description-title">Security</div> <div class="item__description-desc">Protect your services with additional security layer</div> </div> </a> <a class="item" href="/hub/?category=traffic-control" tabindex="-1"> <div> <img src="/assets/images/nav/hub/route.svg" alt="Traffic Control's icon"> </div> <div class="item__description"> <div class="item__description-title">Traffic Control</div> <div class="item__description-desc">Manage, throttle and restrict inbound and outbound API traffic</div> </div> </a> <a class="item" href="/hub/?category=serverless" tabindex="-1"> <div> <img src="/assets/images/nav/hub/serverless.svg" alt="Serverless's icon"> </div> <div class="item__description"> <div class="item__description-title">Serverless</div> <div class="item__description-desc">Invoke serverless functions in combination with other plugins</div> </div> </a> <a class="item" href="/hub/?category=analytics-monitoring" tabindex="-1"> <div> <img src="/assets/images/nav/hub/bar_chart.svg" alt="Analytics &amp; Monitoring's icon"> </div> <div class="item__description"> <div class="item__description-title">Analytics &amp; Monitoring</div> <div class="item__description-desc">Visualize, inspect and monitor APIs and microservices traffic</div> </div> </a> <a class="item" href="/hub/?category=transformations" tabindex="-1"> <div> <img src="/assets/images/nav/hub/swap_horiz.svg" alt="Transformations's icon"> </div> <div class="item__description"> <div class="item__description-title">Transformations</div> <div class="item__description-desc">Transform request and responses on the fly on Kong</div> </div> </a> <a class="item" href="/hub/?category=logging" tabindex="-1"> <div> <img src="/assets/images/nav/hub/list_alt.svg" alt="Logging's icon"> </div> <div class="item__description"> <div class="item__description-title">Logging</div> <div class="item__description-desc">Log request and response data using the best transport for your infrastructure</div> </div> </a> </div> </div> </li> </div> </ul> </li> <li role="menuitem" class="main-menu-item"> <a href="https://support.konghq.com/" class="navbar-item" target="_blank" rel="noopener nofollow noreferrer ">Support</a> </li> <li role="menuitem" class="main-menu-item"> <a href="https://konghq.com/community/" class="navbar-item" target="_blank" rel="noopener noreferrer">Community</a> </li> <li role="menuitem" class="main-menu-item"> <a href="https://education.konghq.com" class="navbar-item" target="_blank" rel="noopener nofollow noreferrer ">Kong Academy</a> </li> </ul> <a id="top-cta" href="https://konghq.com/contact-sales?utm_source=docs.konghq.com" class="navbar-button" target="_blank" rel="noopener nofollow noreferrer "> Get a Demo </a> <a id="konnect-cta" href="https://konghq.com/products/kong-konnect/register?utm_medium=referral&amp;utm_source=docs&amp;utm_campaign=gateway-konnect&amp;utm_content=top-nav" class="navbar-button" target="_blank" rel="noopener nofollow noreferrer "> Start Free Trial </a> </div> <div id="navbar-menu-toggle-button" class="small-screen-button" aria-label="Toggle navigation"> <div></div> <div></div> <div></div> </div> </div> </header> <div class="page v2 " data-url="/gateway/latest/production/networking/configure-postgres-tls/"> <div class="page--header-background page--header-background-doc"></div> <div class="container"> <header class="page-header page-header-doc"> <div class="page-header-product-version"> <div class="edition"> Kong Gateway </div> <div class="version"> 3.8.x <span>(latest)</span> </div> </div> <div class="page-header--nav"> <i class="sidebar-toggle"></i> <ul class="breadcrumbs"> <li class="breadcrumb-item"> <a href="/"> <img src="/assets/images/icons/hub-layout/icn-breadcrumbs.svg" alt="Home icon"> </a> </li> <li class="breadcrumb-item"> <a href="/gateway/latest/">Kong Gateway</a> </li> <li class="breadcrumb-item"> Production Deployment </li> <li class="breadcrumb-item"> Networking </li> <li class="breadcrumb-item"> <a href="/gateway/latest/production/networking/configure-postgres-tls/">Configuring PostgreSQL TLS</a> </li> </ul> <div class="github-links"> <div class="github-links--edit"> <a href="https://github.com/Kong/docs.konghq.com/edit/main/app/_src/gateway/production/networking/configure-postgres-tls.md" target="_blank" rel="noopener nofollow noreferrer "> <img src="/assets/images/icons/third-party/logo-github-white.svg" alt="github-edit-page">Edit this page </a> </div> <div class="github-links--issues"> <a href="https://github.com/Kong/docs.konghq.com/issues/" target="_blank" rel="noopener nofollow noreferrer "> <img src="/assets/images/icons/documentation/icn-monitoring-white.svg" alt="report-issue">Report an issue</a> </div> </div> </div> </header> <aside class="docs-sidebar"> <i class="fa fa-times close-sidebar"></i> <div class="sidebar-title-container"> <div class="docsets-dropdown dropdown"> <button class="dropdown-button" id="module-dropdown" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="0"> <span> Kong Gateway </span> <span class="caret"></span> </button> <ul class="dropdown-menu dropdown-menu-right with-submenu" id="module-list" role="menu" aria-labelledby="module-dropdown" aria-hidden="true"> <li role="menuitem" tabindex="-1" class="active"> <a href="/gateway/latest/" class="active">Kong Gateway</a> </li> <li role="menuitem" tabindex="-1"> <a href="/konnect/">Kong Konnect</a> </li> <li role="menuitem" tabindex="-1"> <a href="/mesh/latest/">Kong Mesh</a> </li> <li role="menuitem" tabindex="-1"> <a href="/hub/?category=ai">Kong AI Gateway</a> </li> <li role="menuitem" tabindex="-1"> <a href="/hub/">Plugin Hub</a> </li> <li role="menuitem" tabindex="-1"> <a href="/deck/latest/">decK</a> </li> <li role="menuitem" tabindex="-1"> <a href="/kubernetes-ingress-controller/latest/">Kong Ingress Controller</a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway-operator/latest/">Kong Gateway Operator</a> </li> <li> <a href="https://docs.insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer ">Insomnia</a> </li> <li role="menuitem" tabindex="-1"> <a href="https://kuma.io/docs/" target="_blank" rel="noopener nofollow noreferrer ">Kuma</a> </li> <hr> <li role="menuitem" tabindex="-1"> <a href="/contributing/">Docs contribution guidelines</a> </li> </ul> </div> <div class="versions-dropdown dropdown"> <button class="dropdown-button" id="version-dropdown" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" tabindex="0"> <span> Version 3.8.x <span>(latest)</span> </span> <span class="caret"></span> </button> <ul class="dropdown-menu dropdown-menu-right" id="version-list" role="menu" aria-labelledby="version-dropdown" aria-hidden="true"> <li role="menuitem" tabindex="-1"> <a href="/gateway/unreleased/production/networking/configure-postgres-tls/" data-version-id="3.9.x"> <em>unreleased</em> </a> </li> <li class="active" role="menuitem" tabindex="-1"> <a href="/gateway/3.8.x/production/networking/configure-postgres-tls/" class="active" data-version-id="3.8.x"> 3.8.x <em>(latest)</em> </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.7.x/production/networking/configure-postgres-tls/" data-version-id="3.7.x"> 3.7.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.6.x/production/networking/configure-postgres-tls/" data-version-id="3.6.x"> 3.6.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.5.x/production/networking/configure-postgres-tls/" data-version-id="3.5.x"> 3.5.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.4.x/production/networking/configure-postgres-tls/" data-version-id="3.4.x"> 3.4.x (LTS) </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.3.x/production/networking/configure-postgres-tls/" data-version-id="3.3.x"> 3.3.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.2.x/production/networking/configure-postgres-tls/" data-version-id="3.2.x"> 3.2.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/3.1.x/" data-version-id="3.1.x"> 3.1.x </a> </li> <li role="menuitem" tabindex="-1"> <a href="/gateway/2.8.x/" data-version-id="2.8.x"> 2.8.x (LTS) </a> </li> <li role="menuitem" tabindex="-1"> <a href="https://legacy-gateway--kongdocs.netlify.app/" target="_blank" rel="noopener nofollow noreferrer "> Archive (3.0.x and pre-2.8.x) </a> </li> </ul> </div> </div> <ul class="sidebar-container" role="tree" aria-label="Documentation"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-1-introduction-subtree"> <img src="/assets/images/icons/documentation/icn-flag.svg" alt=""> Introduction <button class="sidebar-tree-toggle" aria-label="toggle Introduction subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-1-introduction-subtree" role="group" aria-label="Introduction"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/3.8.x/"> Overview of Kong Gateway </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-1-2-support-subtree"> Support <button class="sidebar-tree-toggle" aria-label="toggle Support subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-1-2-support-subtree" role="group" aria-label="Support"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/support-policy/"> Version Support Policy </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/support/third-party/"> Third Party Dependencies </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/support/browser/"> Browser Support </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/support/vulnerability-patching-process/"> Vulnerability Patching Process </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/support/sbom/"> Software Bill of Materials </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/stability/"> Stability </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/changelog/"> Release Notes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-1-5-breaking-changes-subtree"> Breaking Changes <button class="sidebar-tree-toggle" aria-label="toggle Breaking Changes subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-1-5-breaking-changes-subtree" role="group" aria-label="Breaking Changes"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/"> Kong Gateway 3.8.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/37x/"> Kong Gateway 3.7.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/36x/"> Kong Gateway 3.6.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/35x/"> Kong Gateway 3.5.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/34x/"> Kong Gateway 3.4.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/33x/"> Kong Gateway 3.3.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/32x/"> Kong Gateway 3.2.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/31x/"> Kong Gateway 3.1.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/30x/"> Kong Gateway 3.0.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/breaking-changes/28x/"> Kong Gateway 2.8.x or earlier </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-1-6-key-concepts-subtree"> Key Concepts <button class="sidebar-tree-toggle" aria-label="toggle Key Concepts subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-1-6-key-concepts-subtree" role="group" aria-label="Key Concepts"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/services/"> Services </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/routes/"> Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/consumers/"> Consumers </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/upstreams/"> Upstreams </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/plugins/"> Plugins </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/consumer-groups/"> Consumer Groups </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-1-7-how-kong-works-subtree"> How Kong Works <button class="sidebar-tree-toggle" aria-label="toggle How Kong Works subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-1-7-how-kong-works-subtree" role="group" aria-label="How Kong Works"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/how-kong-works/routing-traffic/"> Routing Traffic </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/how-kong-works/load-balancing/"> Load Balancing </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/how-kong-works/health-checks/"> Health Checks and Circuit Breakers </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/glossary/"> Glossary </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-2-get-started-with-kong-subtree"> <img src="/assets/images/icons/documentation/icn-learning.svg" alt=""> Get Started with Kong <button class="sidebar-tree-toggle" aria-label="toggle Get Started with Kong subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-2-get-started-with-kong-subtree" role="group" aria-label="Get Started with Kong"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/"> Get Kong </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/services-and-routes/"> Services and Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/rate-limiting/"> Rate Limiting </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/proxy-caching/"> Proxy Caching </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/key-authentication/"> Key Authentication </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/load-balancing/"> Load-Balancing </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-install-kong-subtree"> <img src="/assets/images/icons/documentation/icn-deployment-color.svg" alt=""> Install Kong <button class="sidebar-tree-toggle" aria-label="toggle Install Kong subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-install-kong-subtree" role="group" aria-label="Install Kong"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-2-kubernetes-subtree"> Kubernetes <button class="sidebar-tree-toggle" aria-label="toggle Kubernetes subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-2-kubernetes-subtree" role="group" aria-label="Kubernetes"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/kubernetes/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/kubernetes/proxy/"> Install Kong Gateway </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/kubernetes/admin/"> Configure the Admin API </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/kubernetes/manager/"> Install Kong Manager </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-3-docker-subtree"> Docker <button class="sidebar-tree-toggle" aria-label="toggle Docker subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-3-docker-subtree" role="group" aria-label="Docker"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/docker/"> Using docker run </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/docker/build-custom-images/"> Build your own Docker images </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-4-linux-subtree"> Linux <button class="sidebar-tree-toggle" aria-label="toggle Linux subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-4-linux-subtree" role="group" aria-label="Linux"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/linux/amazon-linux/"> Amazon Linux </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/linux/debian/"> Debian </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/linux/rhel/"> Red Hat </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/linux/ubuntu/"> Ubuntu </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-3-5-post-installation-subtree"> Post-installation <button class="sidebar-tree-toggle" aria-label="toggle Post-installation subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-3-5-post-installation-subtree" role="group" aria-label="Post-installation"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/post-install/set-up-data-store/"> Set up a data store </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/post-install/enterprise-license/"> Apply Enterprise license </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/install/post-install/kong-manager/"> Enable Kong Manager </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-kong-in-production-subtree"> <img src="/assets/images/icons/documentation/icn-deployment-color.svg" alt=""> Kong in Production <button class="sidebar-tree-toggle" aria-label="toggle Kong in Production subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-kong-in-production-subtree" role="group" aria-label="Kong in Production"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-1-deployment-topologies-subtree"> Deployment Topologies <button class="sidebar-tree-toggle" aria-label="toggle Deployment Topologies subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-1-deployment-topologies-subtree" role="group" aria-label="Deployment Topologies"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/deployment-topologies/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-1-2-hybrid-mode-subtree"> Hybrid Mode <button class="sidebar-tree-toggle" aria-label="toggle Hybrid Mode subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-1-2-hybrid-mode-subtree" role="group" aria-label="Hybrid Mode"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/deployment-topologies/hybrid-mode/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/deployment-topologies/hybrid-mode/setup/"> Deploy Kong Gateway in Hybrid mode </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/deployment-topologies/db-less-and-declarative-config/"> DB-less Deployment </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/deployment-topologies/traditional/"> Traditional </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-2-running-kong-subtree"> Running Kong <button class="sidebar-tree-toggle" aria-label="toggle Running Kong subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-2-running-kong-subtree" role="group" aria-label="Running Kong"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/running-kong/kong-user/"> Running Kong as a non-root user </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/running-kong/secure-admin-api/"> Securing the Admin API </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/running-kong/systemd/"> Using systemd </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-3-access-control-subtree"> Access Control <button class="sidebar-tree-toggle" aria-label="toggle Access Control subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-3-access-control-subtree" role="group" aria-label="Access Control"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/access-control/start-securely/"> Start Kong Gateway Securely </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/access-control/register-admin-api/"> Programatically Creating Admins </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/access-control/enable-rbac/"> Enabling RBAC </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-4-licenses-subtree"> Licenses <button class="sidebar-tree-toggle" aria-label="toggle Licenses subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-4-licenses-subtree" role="group" aria-label="Licenses"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/licenses/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/licenses/download/"> Download your License </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/licenses/deploy/"> Deploy Enterprise License </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/licenses/examples/"> Using the License API </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/licenses/report/"> Monitor Licenses Usage </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-5-networking-subtree"> Networking <button class="sidebar-tree-toggle" aria-label="toggle Networking subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-5-networking-subtree" role="group" aria-label="Networking"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/networking/default-ports/"> Default Ports </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/networking/dns-considerations/"> DNS Considerations </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/networking/firewall/"> Network and Firewall </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/networking/cp-dp-proxy/"> CP/DP Communication through a Forward Proxy </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-5-5-postgresql-tls-subtree"> PostgreSQL TLS <button class="sidebar-tree-toggle" aria-label="toggle PostgreSQL TLS subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-5-5-postgresql-tls-subtree" role="group" aria-label="PostgreSQL TLS"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/networking/configure-postgres-tls/"> Configure PostgreSQL TLS </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/networking/troubleshoot-postgres-tls/"> Troubleshooting PostgreSQL TLS </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/kong-conf/"> Kong Configuration File </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/environment-variables/"> Environment Variables </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/website-api-serving/"> Serving a Website and APIs from Kong </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-9-monitoring-subtree"> Monitoring <button class="sidebar-tree-toggle" aria-label="toggle Monitoring subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-9-monitoring-subtree" role="group" aria-label="Monitoring"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/monitoring/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/monitoring/prometheus/"> Prometheus </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/monitoring/statsd/"> StatsD </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/monitoring/datadog/"> Datadog </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/monitoring/healthcheck-probes/"> Health Check Probes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/monitoring/ai-metrics/"> Expose and graph AI Metrics </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-10-tracing-subtree"> Tracing <button class="sidebar-tree-toggle" aria-label="toggle Tracing subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-10-tracing-subtree" role="group" aria-label="Tracing"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/tracing/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/tracing/write-custom-trace-exporter/"> Writing a Custom Trace Exporter </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/tracing/api/"> Tracing API Reference </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/sizing-guidelines/"> Resource Sizing Guidelines </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/security-update-process/"> Security Update Process </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/blue-green/"> Blue-Green Deployments </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/canary/"> Canary Deployments </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/clustering/"> Clustering Reference </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-16-performance-subtree"> Performance <button class="sidebar-tree-toggle" aria-label="toggle Performance subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-16-performance-subtree" role="group" aria-label="Performance"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/performance/performance-testing/"> Performance Testing Benchmarks </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/performance/benchmark/"> Establish a Performance Benchmark </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/performance/brotli/"> Improve performance with Brotli compression </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-17-logging-and-debugging-subtree"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/logging/"> Logging and Debugging </a> <button class="sidebar-tree-toggle" aria-label="toggle Logging and Debugging subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-17-logging-and-debugging-subtree" role="group" aria-label="Logging and Debugging"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/logging/log-reference/"> Log Reference </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/logging/update-log-level-dynamically/"> Dynamic log level updates </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/logging/customize-gateway-logs/"> Customize Gateway Logs </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/debug-request/"> Debug Requests </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/logging/ai-analytics/"> AI Gateway Analytics </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/configuring-a-grpc-service/"> Configure a gRPC service </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/key-concepts/routes/expressions/"> Use the Expressions Router </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-20-upgrade-and-migration-subtree"> Upgrade and Migration <button class="sidebar-tree-toggle" aria-label="toggle Upgrade and Migration subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-20-upgrade-and-migration-subtree" role="group" aria-label="Upgrade and Migration"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/"> Upgrading Kong Gateway 3.x.x </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/backup-and-restore/"> Backup and Restore </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-4-20-3-upgrade-strategies-subtree"> Upgrade Strategies <button class="sidebar-tree-toggle" aria-label="toggle Upgrade Strategies subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-4-20-3-upgrade-strategies-subtree" role="group" aria-label="Upgrade Strategies"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/dual-cluster/"> Dual-Cluster Upgrade </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/in-place/"> In-Place Upgrade </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/blue-green/"> Blue-Green Upgrade </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/rolling-upgrade/"> Rolling Upgrade </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/upgrade/lts-upgrade/"> Upgrade from 2.8 LTS to 3.4 LTS </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/migrate-ce-to-ke/"> Migrate from OSS to Enterprise </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/migrate-cassandra-to-postgres/"> Migration Guidelines Cassandra to PostgreSQL </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/migrate-to-new-dns-client/"> Migrate to the new DNS client </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/production/breaking-changes/"> Breaking Changes </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-kong-gateway-enterprise-subtree"> <img src="/assets/images/icons/documentation/icn-enterprise-blue.svg" alt=""> Kong Gateway Enterprise <button class="sidebar-tree-toggle" aria-label="toggle Kong Gateway Enterprise subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-kong-gateway-enterprise-subtree" role="group" aria-label="Kong Gateway Enterprise"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-2-secrets-management-subtree"> Secrets Management <button class="sidebar-tree-toggle" aria-label="toggle Secrets Management subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-2-secrets-management-subtree" role="group" aria-label="Secrets Management"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/getting-started/"> Getting Started </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/secrets-rotation/"> Secrets Rotation </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/advanced-usage/"> Advanced Usage </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-2-5-backends-subtree"> Backends <button class="sidebar-tree-toggle" aria-label="toggle Backends subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-2-5-backends-subtree" role="group" aria-label="Backends"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/backends/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/backends/env/"> Environment Variables </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/backends/aws-sm/"> AWS Secrets Manager </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/backends/azure-key-vaults/"> Azure Key Vaults </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/backends/gcp-sm/"> Google Cloud Secret Manager </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/backends/hashicorp-vault/"> HashiCorp Vault </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-2-6-how-to-subtree"> How-To <button class="sidebar-tree-toggle" aria-label="toggle How-To subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-2-6-how-to-subtree" role="group" aria-label="How-To"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/how-to/aws-secrets-manager/"> Securing the Database with AWS Secrets Manager </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/secrets-management/reference-format/"> Reference Format </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-3-dynamic-plugin-ordering-subtree"> Dynamic Plugin Ordering <button class="sidebar-tree-toggle" aria-label="toggle Dynamic Plugin Ordering subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-3-dynamic-plugin-ordering-subtree" role="group" aria-label="Dynamic Plugin Ordering"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/plugin-ordering/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/plugin-ordering/get-started/"> Get Started with Dynamic Plugin Ordering </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/audit-log/"> Audit Logging </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/db-encryption/"> Keyring and Data Encryption </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/workspaces/"> Workspaces </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/consumer-groups/"> Consumer Groups </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/event-hooks/"> Event Hooks </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/cp-outage-handling/"> Configure Data Plane Resilience </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/cp-outage-handling-faq/"> About Control Plane Outage Management </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-5-11-fips-140-2-subtree"> FIPS 140-2 <button class="sidebar-tree-toggle" aria-label="toggle FIPS 140-2 subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-5-11-fips-140-2-subtree" role="group" aria-label="FIPS 140-2"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/fips-support/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/fips-support/install/"> Install the FIPS Compliant Package </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/fips-support/plugins/"> FIPS 140-2 Compliant Plugins </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/aws-iam-auth-to-rds-database/"> Authenticate your Kong Gateway Amazon RDS database with AWS IAM </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/signed-images/"> Verify Signatures for Signed Kong Images </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-enterprise/provenance-verification/"> Verify Build Provenance for Signed Kong Images </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-6-kong-ai-gateway-subtree"> <img src="/assets/images/icons/documentation/icn-ai.svg" alt=""> Kong AI Gateway <button class="sidebar-tree-toggle" aria-label="toggle Kong AI Gateway subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-6-kong-ai-gateway-subtree" role="group" aria-label="Kong AI Gateway"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/ai-gateway/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/get-started/ai-gateway/"> Get started with AI Gateway </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-6-3-llm-provider-integration-guides-subtree"> LLM Provider Integration Guides <button class="sidebar-tree-toggle" aria-label="toggle LLM Provider Integration Guides subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-6-3-llm-provider-integration-guides-subtree" role="group" aria-label="LLM Provider Integration Guides"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/openai/"> OpenAI </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/cohere/"> Cohere </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/azure/"> Azure </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/anthropic/"> Anthropic </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/mistral/"> Mistral </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/llama2/"> Llama2 </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/gemini/"> Vertex/Gemini </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy/how-to/llm-provider-integration-guides/bedrock/"> Amazon Bedrock </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/ai-gateway/ai-analytics/"> AI Gateway Analytics </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/ai-gateway/metrics/"> Expose and graph AI Metrics </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/kong-inc/ai-proxy-advanced/#load-balancing/"> AI Gateway Load Balancing </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/hub/?category=ai/"> AI Gateway plugins </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-kong-manager-subtree"> <img src="/assets/images/icons/documentation/icn-manager-color.svg" alt=""> Kong Manager <button class="sidebar-tree-toggle" aria-label="toggle Kong Manager subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-kong-manager-subtree" role="group" aria-label="Kong Manager"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/enable/"> Enable Kong Manager </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-3-get-started-with-kong-manager-subtree"> Get Started with Kong Manager <button class="sidebar-tree-toggle" aria-label="toggle Get Started with Kong Manager subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-3-get-started-with-kong-manager-subtree" role="group" aria-label="Get Started with Kong Manager"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/get-started/services-and-routes/"> Services and Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/get-started/rate-limiting/"> Rate Limiting </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/get-started/proxy-caching/"> Proxy Caching </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/get-started/consumers/"> Authentication with Consumers </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/get-started/load-balancing/"> Load Balancing </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-4-authentication-and-authorization-subtree"> Authentication and Authorization <button class="sidebar-tree-toggle" aria-label="toggle Authentication and Authorization subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-4-authentication-and-authorization-subtree" role="group" aria-label="Authentication and Authorization"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/super-admin/"> Create a Super Admin </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/workspaces-and-teams/"> Workspaces and Teams </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/reset-password/"> Reset Passwords and RBAC Tokens </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/basic/"> Basic Auth </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-4-6-ldap-subtree"> LDAP <button class="sidebar-tree-toggle" aria-label="toggle LDAP subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-4-6-ldap-subtree" role="group" aria-label="LDAP"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/ldap/configure/"> Configure LDAP </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/ldap/service-directory-mapping/"> LDAP Service Directory Mapping </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-4-7-oidc-subtree"> OIDC <button class="sidebar-tree-toggle" aria-label="toggle OIDC subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-4-7-oidc-subtree" role="group" aria-label="OIDC"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/oidc/configure/"> Configure OIDC </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/oidc/mapping/"> OIDC Authenticated Group Mapping </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/oidc/migrate/"> Migrate from previous configurations </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/sessions/"> Sessions </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-7-4-9-rbac-subtree"> RBAC <button class="sidebar-tree-toggle" aria-label="toggle RBAC subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-7-4-9-rbac-subtree" role="group" aria-label="RBAC"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/rbac/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/rbac/enable/"> Enable RBAC </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/rbac/add-role/"> Add a Role and Permissions </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/rbac/add-user/"> Create a User </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/auth/rbac/add-admin/"> Create an Admin </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/networking/"> Networking Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/workspaces/"> Workspaces </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/consumer-groups/"> Create Consumer Groups </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/configuring-to-send-email/"> Sending Email </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-manager/troubleshoot/"> Troubleshoot </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-8-develop-custom-plugins-subtree"> <img src="/assets/images/icons/documentation/icn-dev-portal-color.svg" alt=""> Develop Custom Plugins <button class="sidebar-tree-toggle" aria-label="toggle Develop Custom Plugins subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-8-develop-custom-plugins-subtree" role="group" aria-label="Develop Custom Plugins"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-8-2-getting-started-subtree"> Getting Started <button class="sidebar-tree-toggle" aria-label="toggle Getting Started subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-8-2-getting-started-subtree" role="group" aria-label="Getting Started"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/get-started/"> Introduction </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/get-started/setup/"> Set up the Plugin Project </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/get-started/testing/"> Add Plugin Testing </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/get-started/config/"> Add Plugin Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/get-started/http/"> Consume External Services </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/get-started/deploy/"> Deploy Plugins </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/file-structure/"> File Structure </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/custom-logic/"> Implementing Custom Logic </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/configuration/"> Plugin Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/access-the-datastore/"> Accessing the Data Store </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/custom-entities/"> Storing Custom Entities </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/entities-cache/"> Caching Custom Entities </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/admin-api/"> Extending the Admin API </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/tests/"> Writing Tests </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/distribution/"> Installation and Distribution </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-8-12-proxy-wasm-filters-subtree"> Proxy-Wasm Filters <button class="sidebar-tree-toggle" aria-label="toggle Proxy-Wasm Filters subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-8-12-proxy-wasm-filters-subtree" role="group" aria-label="Proxy-Wasm Filters"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/wasm/filter-development-guide/"> Create a Proxy-Wasm Filter </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/wasm/filter-configuration/"> Proxy-Wasm Filter Configuration </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-8-13-plugin-development-kit-subtree"> Plugin Development Kit <button class="sidebar-tree-toggle" aria-label="toggle Plugin Development Kit subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-8-13-plugin-development-kit-subtree" role="group" aria-label="Plugin Development Kit"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.client/"> kong.client </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.client.tls/"> kong.client.tls </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.cluster/"> kong.cluster </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.ctx/"> kong.ctx </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.ip/"> kong.ip </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.jwe/"> kong.jwe </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.log/"> kong.log </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.nginx/"> kong.nginx </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.node/"> kong.node </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.plugin/"> kong.plugin </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.request/"> kong.request </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.response/"> kong.response </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.router/"> kong.router </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.service/"> kong.service </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.service.request/"> kong.service.request </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.service.response/"> kong.service.response </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.table/"> kong.table </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.telemetry.log/"> kong.telemetry.log </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.tracing/"> kong.tracing </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.vault/"> kong.vault </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.websocket.client/"> kong.websocket.client </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pdk/kong.websocket.upstream/"> kong.websocket.upstream </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-8-14-plugins-in-other-languages-subtree"> Plugins in Other Languages <button class="sidebar-tree-toggle" aria-label="toggle Plugins in Other Languages subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-8-14-plugins-in-other-languages-subtree" role="group" aria-label="Plugins in Other Languages"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pluginserver/go/"> Go </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pluginserver/javascript/"> Javascript </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pluginserver/python/"> Python </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pluginserver/plugins-kubernetes/"> Running Plugins in Containers </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/plugin-development/pluginserver/performance/"> External Plugin Performance </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-9-kong-plugins-subtree"> <img src="/assets/images/icons/documentation/icn-api-plugins-color.svg" alt=""> Kong Plugins <button class="sidebar-tree-toggle" aria-label="toggle Kong Plugins subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-9-kong-plugins-subtree" role="group" aria-label="Kong Plugins"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-plugins/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-plugins/authentication/reference/"> Authentication Reference </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-plugins/authentication/allowing-multiple-authentication-methods/"> Allow Multiple Authentication Plugins </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-9-4-plugin-queuing-subtree"> Plugin Queuing <button class="sidebar-tree-toggle" aria-label="toggle Plugin Queuing subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-9-4-plugin-queuing-subtree" role="group" aria-label="Plugin Queuing"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-plugins/queue/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/kong-plugins/queue/reference/"> Plugin Queuing Reference </a> </span> </li> </ul> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-10-admin-api-subtree"> <img src="/assets/images/icons/documentation/icn-admin-api-color.svg" alt=""> Admin API <button class="sidebar-tree-toggle" aria-label="toggle Admin API subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-10-admin-api-subtree" role="group" aria-label="Admin API"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/admin-api/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/admin-api/declarative-configuration/"> Declarative Configuration </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-10-3-enterprise-api-subtree"> Enterprise API <button class="sidebar-tree-toggle" aria-label="toggle Enterprise API subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-10-3-enterprise-api-subtree" role="group" aria-label="Enterprise API"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Information/get-endpoints/" target="_blank"> Information Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Information/get-status/" target="_blank"> Health Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/tags/get-tags/" target="_blank"> Tags </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/debug/put-debug-cluster-control-planes-nodes-log-level-log_level/" target="_blank"> Debug Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Services/list-service/" target="_blank"> Services </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Routes/list-route/" target="_blank"> Routes </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Consumers/list-consumer/" target="_blank"> Consumers </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Plugins/list-plugins-with-consumer/" target="_blank"> Plugins </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Certificates/list-certificate/" target="_blank"> Certificates </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/CA%20Certificates/list-ca_certificate/" target="_blank"> CA Certificates </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/SNIs/list-sni-with-certificate/" target="_blank"> SNIs </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Upstreams/list-upstream/" target="_blank"> Upstreams </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Targets/list-target-with-upstream/" target="_blank"> Targets </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Vaults/list-vault/" target="_blank"> Vaults </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Keys/list-key/" target="_blank"> Keys </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/filter-chains/get-filter-chains/" target="_blank"> Filter Chains </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/licenses/get-licenses/" target="_blank"> Licenses </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Workspaces/list-workspace/" target="_blank"> Workspaces </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/rbac/get-rbac-users/" target="_blank"> RBAC </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/admins/get-admins/" target="_blank"> Admins </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/consumer_groups/" target="_blank"> Consumer Groups </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Event-hooks/get-event-hooks/" target="_blank"> Event Hooks </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/Keyring/get-keyring/" target="_blank"> Keyring and Data Encryption </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-ee/latest/#/audit-logs/get-audit-requests/" target="_blank"> Audit Logs </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/status/v1/" target="_blank"> Status API </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/api/admin-oss/latest/" target="_blank"> Open Source API </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-11-reference-subtree"> <img src="/assets/images/icons/documentation/icn-references-color.svg" alt=""> Reference <button class="sidebar-tree-toggle" aria-label="toggle Reference subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-11-reference-subtree" role="group" aria-label="Reference"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/configuration/"> kong.conf </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/nginx-directives/"> Injecting Nginx Directives </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/cli/"> CLI </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/key-management/"> Key Management </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label" aria-expanded="false" aria-owns="id-11-5-the-expressions-language-subtree"> The Expressions Language <button class="sidebar-tree-toggle" aria-label="toggle The Expressions Language subtree" tabindex="-1"> <i class="fa fa-chevron-down"></i> </button> </span> <ul class="items" id="id-11-5-the-expressions-language-subtree" role="group" aria-label="The Expressions Language"> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/expressions-language/"> Overview </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/expressions-language/language-references/"> Language References </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/expressions-language/performance/"> Performance Optimizations </a> </span> </li> </ul> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/rate-limiting/"> Rate Limiting Library </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/wasm/"> WebAssembly </a> </span> </li> <li class="sidebar-item" role="none"> <span role="treeitem" class="sidebar-label"> <a class="sidebar-link" tabindex="-1" href="/gateway/latest/reference/faq/"> FAQ </a> </span> </li> </ul> </li> </ul> </aside> <aside class="docs-toc"> <i class="fa fa-times close-sidebar"></i> <i class="fa fa-chevron-right collapse-toc"></i> <i class="far fa-list-alt expand-toc"></i> <div id="oss-ee-toggle" data-current="Enterprise" style="display: none"> <span class="oss-ee-toggle-inner"> <img src="/assets/images/icons/icn-enterprise-black.svg" alt="enterprise-switcher-icon"> <span>Switch to <span id="switch-to-version">OSS</span></span> </span> </div> <div class="docs-toc-title"> <img src="/assets/images/icons/hub-layout/icn-on-this-page.svg" alt="On this page"><a href="#">On this page</a> </div> <ul> <li><a href="#prerequisites" class="active scroll-to">Prerequisites</a></li> <li> <a href="#postgresql-setup" class="scroll-to">PostgreSQL setup</a> <ul> <li><a href="#mtls" class="scroll-to">mTLS</a></li> </ul> </li> <li> <a href="#kong-gateway-tls-configuration" class="scroll-to">Kong Gateway TLS configuration</a> <ul> <li><a href="#kong-gateway-mtls-configuration" class="scroll-to">Kong Gateway mTLS configuration</a></li> </ul> </li> <li> <a href="#creating-certificates" class="scroll-to">Creating certificates</a> <ul> <li><a href="#intermediate-ca-chain" class="scroll-to">Intermediate CA chain</a></li> <li><a href="#chain-without-intermediate-ca" class="scroll-to">Chain without intermediate CA</a></li> <li><a href="#self-signed-certificates-for-testing" class="scroll-to">Self-signed certificates for testing</a></li> </ul> </li> </ul> </aside> <div class="page-content-container page-content-container-doc v2 " id="documentation"> <div class="toggles "> <i class="far fa-list-alt toc-sidebar-toggle"></i> </div> <div class="page-content"> <div class="content show-anchor-links"> <h1 tabindex="-1" id="main" class="page-content-title">Configuring PostgreSQL TLS </h1> <p>Configuring TLS adds a layer of security to Kong Gateway by ensuring that all data transmitted between Kong Gateway and the PostgreSQL server is encrypted. There are some advantages and disadvantages to this approach:</p> <ul> <li> <strong>Advantages</strong>: <ul> <li>Authentication: TLS can authenticate traffic between Kong Gateway and the PostgreSQL server. This helps prevent man-in-the-middle attacks. With TLS, Kong Gateway can verify that it is communicating with the correct PostgreSQL server, and the PostgreSQL server can verify that Kong Gateway or any other client is authorized to connect.</li> <li>Encryption: The data that is transmitted between Kong Gateway and the PostgreSQL server is encrypted. This method protects your data from unauthorized access.</li> <li>Data integrity: With TLS, your data is protected during transport.</li> </ul> </li> <li> <strong>Disadvantages</strong>: <ul> <li>Complexity: Configuring and maintaining secure TLS connections requires managing certificates and may add additional complexity to your Kong Gateway instance.</li> <li>Performance: Encrypting and decrypting data consumes additional computing resources which can impact the performance of Kong Gateway.</li> </ul> </li> </ul> <p>This guide shows you how to configure TLS on PostgreSQL and Kong Gateway to secure your data in transport.</p> <h2 id="prerequisites">Prerequisites</h2> <ul> <li><a href="https://www.openssl.org/" target="_blank" rel="noopener nofollow noreferrer ">OpenSSL</a></li> <li>TLS support enabled in PostgreSQL. <ul> <li>If you are installing a pre-packaged distribution, or using the official Docker image, TLS support is already included.</li> <li>If you are compiling PostgreSQL from source, TLS support must be enabled at build time using the <code class="language-plaintext highlighter-rouge">--with-ssl=openssl </code> flag. In this case, the OpenSSL development package needs to be installed as well.</li> </ul> </li> </ul> <h2 id="postgresql-setup">PostgreSQL setup</h2> <p>To set up the PostgreSQL server with TLS enabled, configure the following parameters in the <code class="language-plaintext highlighter-rouge">postgresql.conf</code> file:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssl <span class="o">=</span> on <span class="c">#This parameter tells PostgreSQL to start with `ssl`. </span> ssl_cert_file <span class="o">=</span> <span class="s1">'/path/to/server.crt'</span> <span class="c"># If this parameter isn't specified, the cert file must be named `server.crt` in the server's data directory. </span> ssl_key_file <span class="o">=</span> <span class="s1">'/path/to/server.key'</span> <span class="c"># This is the default directory, other locations and parameters can be specified. </span> </code></pre></div></div> <p>With these settings, the server can establish a secure communication channel with a client using TLS. If the client supports TLS, the server proceeds with the TLS handshake and establishes a secure connection. In the case where a client does not support SSL or TLS, the system will fall back on an unsecured connection.</p> <p>The key files that are referenced in the PostgreSQL configuration must have the right permissions. If the file is owned by the database user, it must be set to <code class="language-plaintext highlighter-rouge">u=rw (0600)</code>. Set this using the following command:</p> <p><code class="language-plaintext highlighter-rouge">chmod 0600 /path/to/server.key</code></p> <p>If the file is owned by the root user, the permissions for the file must be <code class="language-plaintext highlighter-rouge">u=rw,g=r (0640)</code>. Set this using the following command:</p> <p><code class="language-plaintext highlighter-rouge">chmod 0640 /path/to/server.key</code>.</p> <p>Certificates issued by intermediate certificate authorities can also be used, but the first certificate in <code class="language-plaintext highlighter-rouge">server.crt</code> must be the server’s certificate, and it must match the server’s private key.</p> <h3 id="mtls">mTLS</h3> <p>Mutual Transport Layer Security (mTLS) is a protocol that provides an additional layer of security on top of the standard TLS protocol. mTLS requires that both the client and the server authenticate each other during the TLS handshake. If you require PostgreSQL to use mTLS authentication, there are mTLS specific parameters that must be set.</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssl_ca_file <span class="o">=</span> <span class="s1">'/path/to/ca/chain.crt'</span> </code></pre></div></div> <p>This parameter must be set to the file that contains the trusted certificate authority. By default, this only verifies against the configured certificate authority if a certificate is present. There are two approaches to enforcing client certificates during login: <code class="language-plaintext highlighter-rouge">cert</code> authentication and <code class="language-plaintext highlighter-rouge">clientcert</code> authentication.</p> <h4 id="cert-authentication-method"> <code class="language-plaintext highlighter-rouge">cert</code> authentication method</h4> <p>The <code class="language-plaintext highlighter-rouge">cert</code> authentication method uses SSL client certificates to perform authentication. For this method, edit the <code class="language-plaintext highlighter-rouge">hostssl</code> line in the <a href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html" target="_blank" rel="noopener nofollow noreferrer "><code class="language-plaintext highlighter-rouge">pg_hba.conf</code></a>:</p> <p><code class="language-plaintext highlighter-rouge">hostssl all all all cert</code></p> <p>The <code class="language-plaintext highlighter-rouge">cert</code> authentication method enforces that a certificate is valid, and also ensures that the Common Name (<code class="language-plaintext highlighter-rouge">cn</code>) in the certificates matches the username or an applicable mapping of the requested database.</p> <p>Username mapping can be used to allow the <code class="language-plaintext highlighter-rouge">cn</code> to be different from the username in the database. You can learn more about username mapping in the PostgreSQL official <a href="https://www.postgresql.org/docs/current/auth-username-maps.html" target="_blank" rel="noopener nofollow noreferrer ">Username mapping docs</a>.</p> <h4 id="clientcert-authentication-option"> <code class="language-plaintext highlighter-rouge">clientcert</code> authentication option</h4> <p>The <code class="language-plaintext highlighter-rouge">clientcert</code> authentication option can combine any authentication method for <code class="language-plaintext highlighter-rouge">hostssl</code> entries with the verification of a client certificate. This allows the server to enforce that the certificate is valid and ensure that the <code class="language-plaintext highlighter-rouge">cn</code> in the certificate matches the username or the appropriate mapping.</p> <p>To use <code class="language-plaintext highlighter-rouge">clientcert</code> authentication, set the <code class="language-plaintext highlighter-rouge">hostssl</code> line in the <code class="language-plaintext highlighter-rouge">pg_hba.conf</code> file to the following:</p> <p><code class="language-plaintext highlighter-rouge">hostssl all all all trust clientcert=verify-full</code></p> <p>With this setting, PostgreSQL allows any client to connect to the server over SSL/TLS, and the server can trust the client without asking for a password or other form of authentication. The server verifies the client certificate to ensure that the certificate is valid and the <code class="language-plaintext highlighter-rouge">cn</code> on the certificate matches the correct mapping in the database.</p> <blockquote class="note"> <p>In both methods, the Certificate Revocation List (CRL) is also checked when a client connects to the server if the parameter <code class="language-plaintext highlighter-rouge">ssl_crl_file</code> is set. The CRL is used to revoke invalid certificates.</p> </blockquote> <h2 id="kong-gateway-tls-configuration">Kong Gateway TLS configuration</h2> <p>To configure TLS on Kong Gateway, add the following settings to the <code class="language-plaintext highlighter-rouge">kong.conf</code> configuration file:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pg_ssl <span class="o">=</span> on pg_ssl_required <span class="o">=</span> on pg_ssl_verify <span class="o">=</span> on pg_ssl_version <span class="o">=</span> tlsv1_2 lua_ssl_trusted_certificate <span class="o">=</span> system,/path/to/ca/chain.crt lua_ssl_verify_depth <span class="o">=</span> 1 </code></pre></div></div> <p>For more information about these parameters, see the Kong Gateway <a href="/gateway/3.8.x/reference/configuration/#postgres-settings">PostgreSQL settings documentation</a>, as well as the specific documentation for <a href="/gateway/3.8.x/reference/configuration/#lua_ssl_trusted_certificate"><code class="language-plaintext highlighter-rouge">lua_ssl_trusted_certificate</code></a> and <a href="/gateway/3.8.x/reference/configuration/#lua_ssl_verify_depth"><code class="language-plaintext highlighter-rouge">lua_ssl_verify_depth</code></a>.</p> <h3 id="kong-gateway-mtls-configuration">Kong Gateway mTLS configuration</h3> <p>If mTLS is required, Kong Gateway needs to be provide a certificate to the PostgreSQL server during the handshake process. This can be accomplished by adding the following settings to <code class="language-plaintext highlighter-rouge">kong.conf</code>:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pg_ssl_cert <span class="o">=</span> <span class="s1">'/path/to/client.crt'</span> pg_ssl_cert_key <span class="o">=</span> <span class="s1">'/path/to/client.key'</span> </code></pre></div></div> <ul> <li> <p><strong><code class="language-plaintext highlighter-rouge">pg_ssl_cert</code></strong> The absolute path to the PEM-encoded client TLS certificate for the PostgreSQL connection. Mutual TLS authentication against PostgreSQL is only enabled if this value is set.</p> </li> <li> <p><strong><code class="language-plaintext highlighter-rouge">pg_ssl_cert_key</code></strong> If <code class="language-plaintext highlighter-rouge">pg_ssl_cert</code> is set, the absolute path to the PEM-encoded client TLS private key for the PostgreSQL connection.</p> </li> </ul> <p>The client certificate <strong>must</strong> be trusted by one of the specified certificate authorities. The certificate authorities are set in the <code class="language-plaintext highlighter-rouge">ssl_ca_file</code> parameter in the PostgreSQL configuration file <code class="language-plaintext highlighter-rouge">postgres.conf</code>.</p> <h2 id="creating-certificates">Creating certificates</h2> <p>Certificates can be created with OpenSSL using the default settings.</p> <h3 id="intermediate-ca-chain">Intermediate CA chain</h3> <p>An intermediate CA chain means the server or the client certificates are issued by an intermediate CA, not issued directly by the root CA.</p> <p>From the terminal, generate a root CA private key and self-sign a root CA certificate using these steps:</p> <ol> <li> <p>Generate a root CA cert-key pair:</p> <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl req <span class="nt">-new</span> <span class="nt">-x509</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=root.yourdomain.com"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-extensions</span> v3_ca <span class="nt">-days</span> 3650 <span class="nt">-keyout</span> root.key <span class="nt">-out</span> root.crt </code></pre></div> </div> </li> <li>Generate an intermediate private key and certificate: <ol> <li>Generate the CA private key and certificate signing request (CSR): <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl req <span class="nt">-new</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=intermediate.yourdomain.com"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-keyout</span> intermediate.key <span class="nt">-out</span> intermediate.csr </code></pre></div> </div> </li> <li>Change the private key permissions: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">chmod </span>og-rwx intermediate.key </code></pre></div> </div> </li> <li>Create an intermediate CA certificate signed by the root CA: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl x509 <span class="nt">-req</span> <span class="nt">-extfile</span> /etc/ssl/openssl.cnf <span class="nt">-extensions</span> v3_ca <span class="nt">-in</span> intermediate.csr <span class="nt">-days</span> 1825 <span class="nt">-CA</span> root.crt <span class="nt">-CAkey</span> root.key <span class="nt">-CAcreateserial</span> <span class="nt">-out</span> intermediate.crt </code></pre></div> </div> </li> </ol> </li> <li>Generate the server private key and certificate: <ol> <li>Generate a server private key and certificate signing request (CSR): <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl req <span class="nt">-new</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=dbhost.yourdomain.com"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-keyout</span> server.key <span class="nt">-out</span> server.csr </code></pre></div> </div> </li> <li>Change the permissions of the private key: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">chmod </span>og-rwx server.key </code></pre></div> </div> </li> <li>Create a server certificate signed by the intermediate CA: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> server.csr <span class="nt">-days</span> 365 <span class="nt">-CA</span> intermediate.crt <span class="nt">-CAkey</span> intermediate.key <span class="nt">-CAcreateserial</span> <span class="nt">-out</span> server.crt </code></pre></div> </div> </li> </ol> </li> <li>Generate a private key and certificate for the client: <ol> <li>Generate a client private key and certificate signing request (CSR): <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-new</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=kong"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-keyout</span> client.key <span class="nt">-out</span> client.csr </code></pre></div> </div> </li> <li>Change the permissions of the private key: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code><span class="nb">chmod </span>og-rwx client.key </code></pre></div> </div> </li> <li>Create a client certificate signed by an intermediate CA: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> client.csr <span class="nt">-days</span> 365 <span class="nt">-CA</span> intermediate.crt <span class="nt">-CAkey</span> intermediate.key <span class="nt">-CAcreateserial</span> <span class="nt">-out</span> client.crt </code></pre></div> </div> </li> </ol> </li> <li>Append the certificates: <ol> <li>Complete the CA chain: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">cat </span>intermediate.crt <span class="o">&gt;</span> chain.crt <span class="nb">cat </span>root.crt <span class="o">&gt;&gt;</span> chain.crt </code></pre></div> </div> </li> <li> <strong>Optional</strong>: append <code class="language-plaintext highlighter-rouge">intermediate.crt</code> to <code class="language-plaintext highlighter-rouge">server.crt</code>: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">cat </span>intermediate.crt <span class="o">&gt;&gt;</span> server.crt </code></pre></div> </div> <p>This step is typically done when the server is configured to use a certificate chain that includes the intermediate CA. If the server is not configured to use a certificate chain, or if the intermediate CA is already included in the <code class="language-plaintext highlighter-rouge">server.crt</code> file, this step is not necessary.</p> </li> <li> <strong>Optional</strong>: append <code class="language-plaintext highlighter-rouge">intermediate.crt</code> to <code class="language-plaintext highlighter-rouge">client.crt</code>: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">cat </span>intermediate.crt <span class="o">&gt;&gt;</span> client.crt </code></pre></div> </div> <p>This step is typically done when the client is configured to use a certificate chain that includes the intermediate CA. If the client is not configured to use a certificate chain, or if the intermediate CA is already included in the <code class="language-plaintext highlighter-rouge">client.crt</code> file, this step is not necessary.</p> </li> </ol> </li> </ol> <h3 id="chain-without-intermediate-ca">Chain without intermediate CA</h3> <p>In some cases, the certificate chain can be signed directly by the root certificate authority instead of an intermediate CA. This type of chain may be used in situations where the certificate is issued by a well-known and trusted root CA, and the level of security and trust provided by an intermediate CA is not necessary.</p> <blockquote class="important"> <p><strong>Important:</strong> Not using an intermediate CA can be less secure than using an intermediate CA, because the chain is shorter, and there are no additional layers of security that would normally be provided by the intermediate CA.</p> </blockquote> <ol> <li> <p>Generate a root CA cert key pair:</p> <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl req <span class="nt">-new</span> <span class="nt">-x509</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=root.yourdomain.com"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-extensions</span> v3_ca <span class="nt">-days</span> 3650 <span class="nt">-keyout</span> root.key <span class="nt">-out</span> root.crt </code></pre></div> </div> </li> <li>Generate server private key and certificate: <ol> <li>Generate a server private key and certificate signing request (CSR): <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl req <span class="nt">-new</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=dbhost.yourdomain.com"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-keyout</span> server.key <span class="nt">-out</span> server.csr </code></pre></div> </div> </li> <li>Change the permissions of the private key: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">chmod </span>og-rwx server.key </code></pre></div> </div> </li> <li>Create a server certificate signed by the intermediate CA: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> server.csr <span class="nt">-days</span> 365 <span class="nt">-CA</span> root.crt <span class="nt">-CAkey</span> root.key <span class="nt">-CAcreateserial</span> <span class="nt">-out</span> server.crt </code></pre></div> </div> </li> </ol> </li> <li>Generate a private key and certificate for the client: <ol> <li>Generate a client private key and certificate signing request (CSR): <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-new</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=kong"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-keyout</span> client.key <span class="nt">-out</span> client.csr </code></pre></div> </div> </li> <li>Change the permissions of the private key: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code><span class="nb">chmod </span>og-rwx client.key </code></pre></div> </div> </li> <li>Create a client certificate signed by an intermediate CA: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> client.csr <span class="nt">-days</span> 365 <span class="nt">-CA</span> root.crt <span class="nt">-CAkey</span> root.key <span class="nt">-CAcreateserial</span> <span class="nt">-out</span> client.crt </code></pre></div> </div> <h3 id="self-signed-certificates-for-testing">Self-signed certificates for testing</h3> </li> </ol> </li> </ol> <p>Self-signed certificates should <strong>only</strong> be used for testing.</p> <ol> <li> <p>Generate server key and self-signed cert:</p> <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-new</span> <span class="nt">-x509</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=dbhost.yourdomain.com"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-days</span> 365 <span class="nt">-keyout</span> server.key <span class="nt">-out</span> server.crt </code></pre></div> </div> </li> <li>Change private key permissions: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">chmod </span>og-rwx server.key </code></pre></div> </div> </li> <li>Generate the client key and self-signed certificate: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> openssl req <span class="nt">-new</span> <span class="nt">-x509</span> <span class="nt">-utf8</span> <span class="nt">-nodes</span> <span class="nt">-subj</span> <span class="s2">"/CN=kong"</span> <span class="nt">-config</span> /etc/ssl/openssl.cnf <span class="nt">-days</span> 365 <span class="nt">-keyout</span> client.key <span class="nt">-out</span> client.crt </code></pre></div> </div> </li> <li>Change the permissions of the private key: <div class="language-sh highlighter-rouge"> <div class="highlight"><pre class="highlight"><code> <span class="nb">chmod </span>og-rwx client.key </code></pre></div> </div> </li> </ol> <p>When you use a self-signed certificate, the <code class="language-plaintext highlighter-rouge">client.crt</code> should be specified in the <code class="language-plaintext highlighter-rouge">ssl_ca_file</code> parameter, and the <code class="language-plaintext highlighter-rouge">server.crt</code> should be specified in the <code class="language-plaintext highlighter-rouge">lua_ssl_trusted_certificate</code> parameter.</p> </div> </div> </div> <div id="scroll-to-top-button"> <i class="fas fa-chevron-up"></i> </div> <div class="feedback-widget-container"> <input id="feedback-widget-checkbox" type="checkbox"> <label for="feedback-widget-checkbox"> <img src="/assets/images/icons/feedback-widget.svg" alt="Feedback widget"> </label> <div class="feedback-container"> <div class="feedback-thankyou"> Thank you for your feedback. </div> <div class="feedback-comment"> <textarea id="feedback-comment-text" rows="3" placeholder="Please let us know what we can improve on this page..."></textarea> <div class="feedback-comment-buttons"> <button id="feedback-comment-button-back">Back</button> <button id="feedback-comment-button-submit" class="button-primary">Submit</button> </div> </div> <div class="feedback-options"> <div class="feedback-options-title">Was this page useful?</div> <div class="feedback-options-buttons"> <i data-feedback-result="yes" class="feedback-options-button far fa-thumbs-up"></i> <i data-feedback-result="no" class="feedback-options-button far fa-thumbs-down"></i> </div> </div> </div> </div> </div> <div id="image-modal" data-image-expand-disabled=""> <div class="image-modal-backdrop"></div> <div class="image-container"> <img src="" alt=""> <i class="fa fa-times"></i> </div> </div> <div class="modal closed" id="modal" role="dialog" aria-hidden="true" aria-labelledby="title" aria-describedby="description"> <div class="konnect-cta-card"> <div class="title"> Too much on your plate? <a href="#" class="cta-card-close modal-close" id="modal-close"> <img src="/assets/images/icons/documentation/close.svg" alt="close cta icon"> </a> </div> <div class="description"> More features, less infrastructure with Kong Konnect. 1M requests per month for free. </div> <a href="https://konghq.com/products/kong-konnect/register?utm_medium=referral&amp;utm_source=docs&amp;utm_campaign=gateway-konnect&amp;utm_campaign=right-nav-card&amp;utm_content=gateway" class="button" target="_blank" rel="noopener nofollow noreferrer "> Try it for Free </a> </div> </div> <div id="modal-open" class="modal-open"></div> <div class="modal-overlay closed" id="modal-overlay"></div> <footer class="marketing-footer--light-gray"> <section> <ul class="newsletter"> <li class="logo-wrapper"> <div class="logo"> <img src="/assets/images/logos/konglogo-light-theme-primary.svg" alt="Kong"> </div> <div class="footer-title">Powering the API world</div> <p> Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller. </p> <div class="footer-form-container"> <form id="subscribe-form" method="POST" action="/assets/javascripts/subscribe.js"> <input required id="subscribe-input" type="email" name="email" placeholder="Email" aria-required="true" aria-invalid="false"> <input id="footer-form-button" type="submit" form="subscribe-form" value="Subscribe"> </form> <div id="form-response"></div> </div> </li> <li class="footer-columns"> <ul class="footer-columns-product-list"> <li> <nav> <div class="footer-category">Products</div> <ul> <li> <a href="https://konghq.com/products/kong-konnect" target="_blank" rel="noopener nofollow noreferrer ">Kong Konnect</a> </li> <li> <a href="https://konghq.com/products/kong-enterprise" target="_blank" rel="noopener nofollow noreferrer ">Kong Gateway Enterprise</a> </li> <li> <a href="https://konghq.com/products/kong-gateway" target="_blank" rel="noopener nofollow noreferrer ">Kong Gateway</a> </li> <li> <a href="https://konghq.com/products/kong-mesh" target="_blank" rel="noopener nofollow noreferrer ">Kong Mesh</a> </li> <li> <a href="https://konghq.com/products/kong-ingress-controller" target="_blank" rel="noopener nofollow noreferrer ">Kong Ingress Controller</a> </li> <li> <a href="https://insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Kong Insomnia</a> </li> <li> <a href="https://konghq.com/product-updates" target="_blank" rel="noopener nofollow noreferrer ">Product Updates</a> </li> <li> <a href="https://konghq.com/contact-sales" target="_blank" rel="noopener nofollow noreferrer ">Get Started</a> </li> </ul> </nav> </li> <li> <nav> <div class="footer-category">Documentation</div> <ul> <li> <a href="/konnect/">Kong Konnect Docs</a> </li> <li> <a href="/gateway/latest/">Kong Gateway Docs</a> </li> <li> <a href="/gateway/latest/kong-enterprise/">Kong Gateway Enterprise Docs</a> </li> <li> <a href="/mesh/latest/">Kong Mesh Docs</a> </li> <li> <a href="https://docs.insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Kong Insomnia Docs</a> </li> <li> <a href="/hub/">Kong Konnect Plugin Hub</a> </li> </ul> </nav> </li> <li> <nav> <div class="footer-category">Open Source</div> <ul> <li> <a href="https://konghq.com/install/#kong-community" target="_blank" rel="noopener nofollow noreferrer ">Kong Gateway</a> </li> <li> <a href="https://kuma.io/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Kuma</a> </li> <li> <a href="https://insomnia.rest/" target="_blank" rel="noopener nofollow noreferrer noopener nofollow noreferrer">Insomnia</a> </li> <li> <a href="https://konghq.com/community" target="_blank" rel="noopener nofollow noreferrer ">Kong Community</a> </li> </ul> </nav> </li> <li> <nav> <div class="footer-category">Company</div> <ul> <li> <a href="https://konghq.com/company/about-us" target="_blank" rel="noopener nofollow noreferrer ">About Kong</a> </li> <li> <a href="https://konghq.com/customers" target="_blank" rel="noopener nofollow noreferrer ">Customers</a> </li> <li> <a href="https://konghq.com/company/careers" target="_blank" rel="noopener nofollow noreferrer ">Careers</a> </li> <li> <a href="https://konghq.com/press-room" target="_blank" rel="noopener nofollow noreferrer ">Press</a> </li> <li> <a href="https://konghq.com/events" target="_blank" rel="noopener nofollow noreferrer ">Events</a> </li> <li> <a href="https://konghq.com/company/contact-us" target="_blank" rel="noopener nofollow noreferrer ">Contact</a> </li> </ul> </nav> </li> </ul> </li> </ul> </section> <section class="legal"> <div class="container d-flex"> <div class="social"> <div class="social-link"> <a href="https://www.facebook.com/konghq/" title="Facebook" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="Facebook" class="fa fa-facebook-official" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://twitter.com/thekonginc" title="Twitter" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="Twitter" class="fa fa-twitter" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://www.meetup.com/topics/kong/all/" title="Meetup" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="Meetup" class="fa fa-meetup" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://linkedin.com/company/278819" title="LinkedIn" target="_blank" rel="noopener nofollow noreferrer "><i aria-label="GitHub" class="fa fa-linkedin" aria-hidden="true"></i></a> </div> <div class="social-link"> <a href="https://github.com/kong/kong" target="_blank" class="btn-gh" title="GitHub" rel="noopener nofollow noreferrer "> <i class="fa fa-github" aria-hidden="true" aria-label="GitHub"></i> </a> </div> </div> <ul> <li> <span class="mashape-footer-content"> <a href="https://konghq.com/legal/terms-of-use" target="_blank" rel="noopener nofollow noreferrer ">Terms</a><b>•</b> <a href="https://konghq.com/legal/privacy-policy" target="_blank" rel="noopener nofollow noreferrer ">Privacy</a><b>•</b> <a href="https://konghq.com/compliance" target="_blank" rel="noopener nofollow noreferrer ">Trust and Compliance</a> </span> </li> </ul> <div> <span>© Kong Inc. 2024  </span> </div> </div> </section> </footer> <script> var anchorForId = function (id) { var anchor = document.createElement("a"); anchor.className = "header-link"; anchor.href = "#" + id; anchor.innerHTML = "<i class=\"fa fa-link\"></i>"; anchor.title = `${id} Permalink`; return anchor; }; document.onreadystatechange = function () { if (this.readyState === "complete") { var className = ".show-anchor-links h1, .show-anchor-links h2, .show-anchor-links h3, " + ".show-anchor-links h4, .show-anchor-links h5, .show-anchor-links h6"; var headers = document.querySelectorAll(className); for (var i = 0; i < headers.length; i++) { var header = headers[i]; if (typeof header.id !== "undefined" && header.id !== "") { header.prepend(anchorForId(header.id)); } } } }; </script> <script> !function(){var i="analytics",analytics=window[i]=window[i]||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","screen","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware","register"];analytics.factory=function(e){return function(){if(window[i].initialized)return window[i][e].apply(window[i],arguments);var n=Array.prototype.slice.call(arguments);if(["track","screen","alias","group","page","identify"].indexOf(e)>-1){var c=document.querySelector("link[rel='canonical']");n.push({__t:"bpc",c:c&&c.getAttribute("href")||void 0,p:location.pathname,u:location.href,s:location.search,t:document.title,r:document.referrer})}n.unshift(e);analytics.push(n);return analytics}};for(var n=0;n<analytics.methods.length;n++){var key=analytics.methods[n];analytics[key]=analytics.factory(key)}analytics.load=function(key,n){var t=document.createElement("script");t.type="text/javascript";t.async=!0;t.setAttribute("data-global-segment-analytics-key",i);t.src="https://cdn.segment.com/analytics.js/v1/" + key + "/analytics.min.js";var r=document.getElementsByTagName("script")[0];r.parentNode.insertBefore(t,r);analytics._loadOptions=n};analytics._writeKey="X7EZTdbdUKQ8M6x42SHHPWiEhjsfs1EQ";;analytics.SNIPPET_VERSION="5.2.0"; analytics.load("X7EZTdbdUKQ8M6x42SHHPWiEhjsfs1EQ"); analytics.page(); }}(); </script> <div id="fb-root"></div> <script id="github-bjs" src="https://buttons.github.io/buttons.js" async defer></script> <script type="text/javascript"> var _vwo_code = (function() { var account_id = 125292, settings_tolerance = 2000, library_tolerance = 2500, use_existing_jquery = true, // DO NOT EDIT BELOW THIS LINE f = false, d = document; return { use_existing_jquery: function() { return use_existing_jquery; }, library_tolerance: function() { return library_tolerance; }, finish: function() { if (!f) { f = true; var a = d.getElementById('_vis_opt_path_hides'); if (a) a.parentNode.removeChild(a); } }, finished: function() { return f; }, load: function(a) { var b = d.createElement('script'); b.src = a; b.type = 'text/javascript'; b.innerText; b.onerror = function() { _vwo_code.finish(); }; d.getElementsByTagName('head')[0].appendChild(b); }, init: function() { settings_timer = setTimeout( '_vwo_code.finish()', settings_tolerance ); this.load( '//dev.visualwebsiteoptimizer.com/j.php?a=' + account_id + '&u=' + encodeURIComponent(d.URL) + '&r=' + Math.random() ); var a = d.createElement('style'), b = '', h = d.getElementsByTagName('head')[0]; a.setAttribute('id', '_vis_opt_path_hides'); a.setAttribute('type', 'text/css'); if (a.styleSheet) a.styleSheet.cssText = b; else a.appendChild(d.createTextNode(b)); h.appendChild(a); return settings_timer; } }; })(); _vwo_settings_timer = _vwo_code.init(); </script> <script src="https://cdn.jsdelivr.net/npm/@docsearch/js@3"></script> <script type="text/javascript"> docsearch({ appId: '05Y6TLHNFZ', apiKey: '80483bfe28d9fd036a11a6f6a06454f8', indexName: 'konghq', container: '#getkong-algolia-search-input', disableUserPersonalization: true, placeholder: 'Search the docs...', // Override selected event to allow for local environment navigation transformItems(items) { return items.map((item) => { var modifiedUrl = window.location.protocol + '//' + window.location.host + item.url.split('docs.konghq.com')[1]; return { ...item, url: modifiedUrl }; }); }, translations: { button: { buttonText: 'Search the docs..', buttonAriaLabel: 'Search the docs...' } }, resultsFooterComponent({ state }) { var facetParameters = {}; facetParameters = {"version[0]":"latest","product[0]":"Kong Gateway"}; var queryParams = new URLSearchParams(facetParameters); queryParams.set('query', state.query); return { // The HTML `tag` type: 'a', ref: undefined, constructor: undefined, key: state.query, // Its props props: { href: `/search/?${queryParams.toString()}`, target: '_blank', // Raw text rendered in the HTML element children: 'See more >' }, __v: null, }; }, searchParameters: { optionalFilters: ['product:deck<score=1>', 'product:Plugin Hub<score=2>', 'product:Kong Gateway<score=3>'], facetFilters: [ 'version:latest'] } }); </script> </div> </body> </html>