Install Stand-alone API Gateway using Docker

About this task

Why Docker?

Applications often fail to run correctly when moved from one environment to another due to differences in configurations, underlying library requirements, and other dependencies. To enable developers and IT professionals to deploy applications seamlessly across environments, software development technologies increasingly use a technique called containerization.

Containers solve this problem by providing lightweight, immutable deployment and packaging infrastructure. Docker is one such containerization framework that can be used to create and run API Gateway as containers. API Gateway container bundles together the code of the application along with the configuration files, libraries, and dependencies required for API Gateway to run. Containerized applications can be tested individually and deployed as container image instances to the host operating system. This helps developers and IT professionals to deploy API Gateway across environments with little or no modification.

You can run API Gateway in Containers or on Virtual machines. Running API Gateway in containers is favourable as the containers can be orchestrated with container orchestration platforms like Kubernetes. To facilitate running API Gateway in a Docker container the API Gateway images are provided in Container registry, https://containers.webmethods.io/.

This article explains how to run an API Gateway Container, apigw and start using API Gateway.

Before you begin

Ensure that you have installed the latest version of Docker.
Ensure that the docker host provides at least 4 GB of main memory. To accommodate the space for Elasticsearch, set the kernel setting to 262144 by running the following command on your Docker host:
```
sysctl -w vm.max_map_count=262144
```
Pull API Gateway image from Container registry.
- Open AG Container registry, https://containers.webmethods.io/
- Copy the Docker Pull command from the list of API Gateway images that are available or use the following command to pull the API Gateway 10.15 image:
```
docker pull sagcr.azurecr.io/apigateway:10.15
```
  Paste it in your command prompt.

To install stand-alone API Gateway using Docker:

Procedure

Run the API Gateway container.
Start the API Gateway image using the following docker run command:
```
docker run -d -p 5555:5555 -p 9072:9072 \ 
	
	--hostname apigw-host \

	--name apigw sagcr.azurecr.io/apigateway:10.15
	
```
where:

5555 and 9072 are the HTTP port of Integration Server and API Gateway UI respectively that are configured during installation.

apigw-host is the host information of the Docker container that is set, and apigw is the name of the container that is set.

sagcr.azurecr.io/apigateway:10.15 is the name of the pulled Docker image.

The docker run is parameterized with the Integration Server and the webApp port exposed by the Docker container. If you have configured different ports for Integration Server and UI, use the corresponding ports in the command.
You can check the status of the API Gateway Docker container, apigw by running the following command:
```
docker ps
```
Wait until the status of the container turns healthy to start using API Gateway.
Start using API Gateway.
Open http://defaulthost:defaultport of Integration Server and API Gateway.
Integration Server:
```
http://localhost:5555
```
Port is the HTTP port of Integration Server configured during installation; by default, 5555.
API Gateway:
```
http://localhost:9072
```
Port is the HTTP port of API Gateway configured during installation; by default, 9072.
The home page of API Gateway appears after you log in using the default Username and Password (Administrator and manage).
The API Gateway container can be stopped using the docker stop command:
```
docker stop -t90 apigw
```
Note: The docker stop is parameterized with the number of seconds required for a graceful shutdown of the API Gateway and the API Gateway container name.

What to do next

Troubleshooting Tips

If the status of the container does not turn healthy, you can check the docker logs using the following command:

docker logs --follow [container_id]

For example,

docker logs --follow [a7101d3e49d5]

The container_id is generated when you run the API Gateway container.

Next Steps

Now that you started using API Gateway, you can create and manage APIs using API Gateway. For quick reference, See :

Additional Resources

For details about optional arguments and additional Docker commands, see Docker Configuration section, https://documentation.softwareag.com/webmethods/api_gateway/yai10-15/webhelp/yai-webhelp/index.html#page/yai-webhelp%2Fco-overview_docker_configuration.html%23
For details about how to set up API Gateway Docker Container with Externalized Elastic Search and Kibana, see API Gateway Docker Container with Externalized Elasticsearch and Kibana section, https://documentation.softwareag.com/webmethods/api_gateway/yai10-15/webhelp/yai-webhelp/index.html#page/yai-webhelp%2Fco-docker_container_external_es_kibana.html%23
For details about Docker and container technology, see Docker documentation, https://docs.docker.com/
For details about the important system settings to be considered before you start API Gateway, see Elasticsearch documentation, https://www.elastic.co/guide/index.html

Containers and Master Password

After changing the master password on an API Gateway container like Docker, the passwords are encrypted with the new master password and saved to the internal database. However, the master password is not permanently stored in the API Gateway container. As a result, when you start a new API Gateway container, it resets the master password to the default value.

To resolve this, define the master password in the environment variable SAG_IS_MASTER_PASSWORD_KEY. Set this variable to the value of the master password key before starting the API Gateway container.

Docker Security related best practices

For detailed guidelines about security best practices, see Docker Security documentation, https://docs.docker.com/engine/security/
For details about the script that can test containers and their hosts' security configurations against a set of best practices provided by the Center for Internet Security, see Docker bench, https://github.com/docker/docker-bench-security
For details about how to establish a secure configuration baseline for the Docker Engine, see https://www.cisecurity.org/benchmark/docker for Information Security (CIS) Docker Benchmark (Docker CE 17.06).
For details about potential security concerns associated with the use of containers and recommendations for addressing these concerns, see SP 800 publication (Application Container Security Guide), https://csrc.nist.gov/publications/sp800