Skip to content
Apache OpenWhisk API Gateway service for exposing actions as REST interfaces.
Lua Shell Dockerfile Makefile Other
Branch: master
Clone or download
mhamann OAuth fixes and improvements (#353)
* Fix App ID caching issue (and add tests to match)
* Improve error messages for all OAuth providers
Latest commit b80ce4d Aug 13, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf.d Update client_max_body_size for managed APIs (#327) Dec 3, 2018
doc Change hash header to latest version in .conf files. (#298) May 9, 2018
html Fix minor scancode EOL error in index.html. (#303) May 23, 2018
scripts/lua OAuth fixes and improvements (#353) Aug 12, 2019
tests OAuth fixes and improvements (#353) Aug 12, 2019
.dockerignore Include license in container image (#328) Dec 1, 2018
.gitignore Flatten project structure (#117) Feb 21, 2017
.profiling.after Fix builds post Alpine 3.9 (#337) Mar 7, 2019
.profiling.before Fix builds post Alpine 3.9 (#337) Mar 7, 2019
.travis.yml Run test framework in a Docker container (#351) Aug 2, 2019 Remove Incubat(ing, ion, or) from docs (#349) Jul 30, 2019
Dockerfile Run test framework in a Docker container (#351) Aug 2, 2019
LICENSE.txt Improve LICENSE/NOTICE treatment of bundled non-ASF files. (#341) May 29, 2019
NOTICE.txt Improve LICENSE/NOTICE treatment of bundled non-ASF files. (#341) May 29, 2019 Remove 'incubat(ing, ion, or)' designation and disclaimer (#352) Aug 7, 2019
api-gateway.conf Enable overriding the backend url to enable standalone mode (#347) Jul 29, 2019 Support ASF Header in .md and .sh files for scancode (#292) May 1, 2018 Fix builds post Alpine 3.9 (#337) Mar 7, 2019 Fix awk command in generating resolvers.conf file (#313) Jun 20, 2018
naxsi_core.rules Fix license header in rules config. file. (#305) May 29, 2018

OpenWhisk API Gateway

Build Status License

A performant API Gateway based on Openresty and NGINX.

Project status

This project is currently considered beta stage, Large swaths of code or APIs may change.

Table of Contents

Quick Start

docker run -p 80:80 -p <managedurl_port>:8080 -p 9000:9000 \
            -e PUBLIC_MANAGEDURL_HOST=<managedurl_host> \
            -e PUBLIC_MANAGEDURL_PORT=<managedurl_port> \
            -e REDIS_HOST=<redis_host> \
            -e REDIS_PORT=<redis_port> \
            -e REDIS_PASS=<redis_pass> \

(Optional) The redis password can be passed in encrypted using the aes-256-cbc encryption algorithm. To do so, pass in the following environment variables, in addition to the encrypted password:

  • ENCRYPTION_KEY=<32 Byte hex string that was used for encryption>
  • ENCRYPTION_IV=<16 Byte hex string that was used for encryption>


Syncing configuration from a remote source

The Gateway can sync its configuration with a remote folder in the cloud such as Amazon S3, Google Cloud Storage, IBM Cloud Object Storage, Dropbox, and many others. The configuration is monitored for changes, and when a file is changed, the Gateway is reloaded automatically. This is very useful to gracefully update the Gateway on the fly, without impacting the active traffic; if the new configuration is invalid, the Gateway doesn't break, running with the last known valid configuration.

This feature is enabled by configuring a few environment variables:

  • REMOTE_CONFIG - the location where the configuration should be synced from. I.e. s3://api-gateway-config . The remote location is synced into is /etc/api-gateway. The default configuration is found in this project's root folder.
  • (optional) REMOTE_CONFIG_SYNC_INTERVAL - how often to check for changes in the remote location. The default value is 10s
  • (optional) REMOTE_CONFIG_RELOAD_CMD - which command to execute in order to reload the Gateway. The default value is: api-gateway -s reload

Syncing is done through rclone sync. rclone has a rich set of options such as what to exclude when syncing, or what to include. An important configuration is --config, pointing to the config file in /root/.config/rclone/rclone.conf. The Gateway should be started with /root/.config/rclone folder mounted so that rclone.conf is present. To generate a new rclone configuration simply execute:

docker run -ti --rm --entrypoint=rclone -v `pwd`/rclone/:/root/.config/rclone/ openwhisk/apigateway config

This runs an interactive rclone config command and stores the resulted configuration in ./rclone/rclone.conf file.

To test this locally, simulate a remote folder using a local location, by mounting it in /tmp folder as follows:

docker run -ti --rm -p 80:80 \
    -v `pwd`:/tmp/api-gateway-local -e REMOTE_CONFIG="/tmp/api-gateway-local" \
    -e REDIS_HOST=redis_host -e REDIS_PORT=redis_port openwhisk/apigateway

Then make changes to any configuration file ( i.e. api-gateway.conf ), save it, then watch as the Gateway reloads the updated configuration automatically.

Developer Guide

Running locally

To build the docker image locally use:

 make docker

To Run the Docker image

 make docker-run PUBLIC_MANAGEDURL_HOST=<mangedurl_host> PUBLIC_MANAGEDURL_PORT=<managedurl_port> \
   REDIS_HOST=<redis_host> REDIS_PORT=<redis_port> REDIS_PASS=<redis_pass>


First install the necessary dependencies:

 make test-build

Then, run the unit tests:

 make test-run
You can’t perform that action at this time.