In our previous post we’ve learnt how to install Flex Gateway on an Ubuntu Server in Connected Mode. Today, we will learn how to install Flex Gateway on an Ubuntu server in local mode. We will see how we can manage the Flex Gateway locally, using configuration files. We’ll install it step-by-step, then test it using a small Node.js REST API with a /hello endpoint. Let’s dive in.
Prerequisites
To follow this tutorial we’ll need:
- An Ubuntu Server - In this tutorial we’ll use Ubuntu Server version 24.04 LTS running on an AWS EC2 instance.
- A non-mule API running to test the Flex GW - If you don’t have an API for testing check out these posts to quickly get one:
How to Create a REST API with Spring Boot
How to Create a REST API with NodeJS
How to Create a REST API with Python
In this example, we’ll use this NodeJS REST API deployed in the same server as the Flex Gateway, in port 3000. This way, when we run the following command from the Ubuntu server:
curl http://localhost:3000/helloWe get the response
{"message":"Hello World from NodeJS!"}Install Flex Gateway
Add the Mulesoft Repository
Run the following commands to add MuleSoft’s repository and install required dependencies:
curl -XGET -L https://flex-packages.anypoint.mulesoft.com/ubuntu/pubkey.gpg | sudo apt-key add -
echo "deb https://flex-packages.anypoint.mulesoft.com/ubuntu $(lsb_release -cs) main" \ | sudo tee /etc/apt/sources.list.d/mulesoft.list
Install Flex Gateway
Run the installation command:
sudo apt-get update
sudo apt-get install -y flex-gatewayVerify the installation
Check the version of Flex GW
flexctl version
(Don’t worry about the error messages - those are normal, as we still haven’t start the Flex GW)
Register and Configure Flex Gateway
There are three options for registering Flex Gateway in Local Mode:
- Using a username and password
- Using a Connected App
- Using a Token: We can also use a registration token generated by the Runtime Manager UI. The token is valid for four hours.
In this tutorial, we’ll use the Token generated by the Runtime Manager UI. For that, go to Runtime Manager → Flex Gateway and click Add Gateway. In the options for deployment choose Linux and then Ubuntu/Debian as the OS. We will get a set of instructions.
From the Register Gateway step, copy the token generated. We’ll use it for the local registration.
Run Local Registration
Back to our Ubuntu server run the command:
sudo flexctl registration create \
--token=b74cd23f-613e-485c-9ee6-9dc618e54951 \
--organization=bba812be-8714-450b-ae1c-b2a418836c06 \
--connected=false \
--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \
<gateway-name>Where:
--tokenis the token we’ve copied in the previous step<gateway-name>is the descriptive name for our Flex GW--organization=[YOUR_BUSINESS_GROUP_ID]is the ID of the Business Group where we’ll be deploying our API instances--connected=falsetells Flex GW that the installation will be done in Local mode--output-directory- Specifies the path with our Ubuntu server where Flex GW will place the output of the command
Start the Flex Gateway Service
Once the installation is ready, we’ll enable the flex gateway as a Linux service and start it:
sudo systemctl enable flex-gateway
sudo systemctl start flex-gatewayVerify the installation
To verify that everything went we’ll check the status of the service and the logs
Check the Status
Run the systemctl command:
sudo systemctl status flex-gatewayYou should see the service active and green
View Logs
It’s also a good idea to check the logs of the service with the command:
journalctl -u flex-gateway --no-pager --lines=50
Publish an API
Now it’s time to deploy an API instance in front of our NodeJS REST API.
In local mode, to publish an API in front of our NodeJS API we need to create a yaml file. For that, first, go to the folder in the system /etc/mulesoft/flex-gateway/conf.d/custom. It might be possible that, the first time you publish an API, the custom directory does not exist. If that’s the case create it.
From that path, create a yaml file, we’ll call it config-nodejs-api.yaml
vi config-nodejs-api.yamlAnd paste the following content:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: hello-nodejs-api
spec:
address: http://0.0.0.0:80
services:
nodejs-api:
address: http://localhost:3000/
routes:
- rules:
- path: /nodejs(/.*)With this configuration:
- Our Flex Gateway will be listening on any IP address and port 80 for this API
- The path rule will create an endpoint /nodejs and forward all traffic to this path and any other path relative to /nodejs (that is /nodejs/YOUR_PATH) to our own server on port 3000 with the relative path added. In other words
http://[YOUR_FGW_HOST]:80/nodejs/[YOUR_PATH] --> http://localhost:3000/[YOUR_PATH]Save the file and automatically Flex Gateway will create the API instance. Give it a few seconds and test it from the same server with:
curl http://localhost/nodejs/hello
And test it, as well, from outside the server using the public DNS of our server:
Secure the API with Basic Authentication and Rate Limiting
So far so good. Our flex gateway is working and routing requests. Now, let’s see how to apply policies to this API in local mode. For that we’ll add the policies section to the yaml config file we created in the previous section (config-nodejs-api.yaml)
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: hello-nodejs-api
spec:
address: http://0.0.0.0:80
services:
nodejs-api:
address: http://localhost:3000/
routes:
- rules:
- path: /nodejs(/.*)
policies:
- policyRef:
name: http-basic-authentication-flex
config:
username: [YOUR_USERNAME]
password: [YOUR_PASSWORD]
- policyRef:
name: rate-limiting-flex
config:
exposeHeaders: true
rateLimits:
- maximumRequests: 3
timePeriodInMilliseconds: 60000
keySelector: "#[attributes.queryParams['identifier']]"With that we’ll we adding two policies:
- Basic Authentication - requests will have to include the username and password specified in the config file
- Rate Limiting - Maximum of 3 requests per minute will be allowed to be forwarded to our back end API.
Save the file and the policies will be applied automatically. Now, if you repeat the previous test you’ll get an error - not authorized. Try again providing username and password.
Internally:
curl http://localhost/nodejs/hello -u [YOUR_USERNAME]You’ll be prompted to provide the password. It should work now.
Externally - Repeat the same request providing username and password from outside the Server.
Repeat the same request another 3 times (in less than a minute) and then you’ll get the 429 error - Too many requests. That means the rate limiting is working
