How to install Stand-alone API Gateway using Docker?

About this task

Why Docker?

Applications often fail to run correctly when moved from one environment to another due to differences in configurations, underlying library requirements, and other dependencies. To enable developers and IT professionals to deploy applications seamlessly across environments, software development technologies increasingly use a technique called containerization.

Containers solve this problem by providing lightweight, immutable deployment and packaging infrastructure. Docker is one such containerization framework that can be used to create and run webMethods API Gateway as containers. webMethods API Gateway container bundles together the code of the application along with the configuration files, libraries, and dependencies required for webMethods API Gateway to run. Containerized applications can be tested individually and deployed as container image instances to the host operating system. By this means, developers and IT professionals can deploy webMethods API Gateway across environments with little or no modification.

You can run webMethods API Gateway in Containers or on Virtual machines. Running webMethods API Gateway in containers is favourable as the containers can be orchestrated with container orchestration platforms like Kubernetes. To facilitate running webMethods API Gateway in a Docker container webMethods API Gateway images are provided in Container registry, https://containers.webmethods.io/.

webMethods API Gateway has two different Docker images:

IBM webMethods API Gateway. This image includes the webMethods API Gateway server, UI, Elasticsearch, and Kibana.
IBM webMethods API Gateway Minimal. This image contains only the webMethods API Gateway and UI. Containers using this image must be composed with separate Elasticsearch and Kibana instances, both version 8.2.

This article explains how to run an webMethods API Gateway Container, apigw and start using webMethods API Gateway.

Before you begin

Ensure that you have installed the latest version of Docker.
Ensure that the docker host provides at least 4 GB of main memory. To accommodate the space for Elasticsearch, set the kernel setting to 262144 by running the following command on your Docker host:
```
sysctl -w vm.max_map_count=262144
```
Pull webMethods API Gateway image from the Container registry.
- Open Container registry, https://containers.webmethods.io/
- Copy the Docker Pull command from the list of webMethods API Gateway images that are available or use the following command to pull the webMethods API Gateway 10.15 image:
```
docker pull sagcr.azurecr.io/apigateway:10.15
```
  Paste it in your command prompt.

To install Stand-alone webMethods API Gateway using Docker:

Procedure

Run the webMethods API Gateway Container.
Start the webMethods API Gateway image using the following docker run command:
```
docker run -d -p 5555:5555 -p 9072:9072 \ 
	
	--hostname apigw-host \

	--name apigw sagcr.azurecr.io/apigateway:10.15
	
```
where:

5555 and 9072 is the HTTP port of Integration Server and webMethods API Gateway UI respectively, which is configured during installation.

apigw-host is the host information of the docker container that is set, and apigw is the name of the container that is set.

sagcr.azurecr.io/apigateway:10.15 is the name of the pulled Docker image.

The docker run is parameterized with the Integration Server and the webApp port exposed by the Docker container. If you have configured different ports for Integration Server and UI, use the corresponding ports in the command.
You can check the status of the webMethods API Gateway Docker container, apigw by running the following command:
```
docker ps
```
Wait until the status of the container turns healthy to start using webMethods API Gateway.
Start using webMethods API Gateway.
Open http://defaulthost:defaultport of Integration Server and webMethods API Gateway.
Integration Server:
```
http://localhost:5555
```
Port is the HTTP port of Integration Server configured during installation; by default, 5555.
webMethods API Gateway:
```
http://localhost:9072
```
Port is the HTTP port of webMethods API Gateway configured during installation; by default, 9072.
The home page of webMethods API Gateway appears after you log in using the default Username and Password (Administrator and manage).
The webMethods API Gateway container can be stopped using the docker stop command:
```
docker stop -t90 apigw
```
Note: The docker stop is parameterized with the number of seconds required for a graceful shutdown of the webMethods API Gateway and the webMethods API Gateway container name.

What to do next

Troubleshooting Tips

If the status of the container does not turn healthy, you can check the docker logs using the following command:

docker logs --follow [container_id]

For example,

docker logs --follow [a7101d3e49d5]

The container_id is generated when you run the webMethods API Gateway container.

Next Steps

Now that you started using webMethods API Gateway, you can create and manage APIs using webMethods API Gateway. For quick reference, See :

Additional Resources

For details about optional arguments and additional Docker commands, see Docker Configuration section, https://documentation.softwareag.com/webmethods/api_gateway/yai10-15/webhelp/yai-webhelp/index.html#page/yai-webhelp%2Fco-overview_docker_configuration.html%23
For details about how to set up webMethods API Gateway Docker Container with Externalized Elastic Search and Kibana, see webMethods API Gateway Docker Container with Externalized Elasticsearch and Kibana section, https://documentation.softwareag.com/webmethods/api_gateway/yai10-15/webhelp/yai-webhelp/index.html#page/yai-webhelp%2Fco-docker_container_external_es_kibana.html%23
For details about Docker and container technology, see Docker documentation, https://docs.docker.com/
For details about the important system settings to be considered before you start webMethods API Gateway, see Elasticsearch documentation, https://www.elastic.co/guide/index.html

Containers and Master Password

After changing the master password on an webMethods API Gateway container like Docker, the passwords are encrypted with the new master password and saved to the internal database. However, the master password is not permanently stored in the webMethods API Gateway container. As a result, when you start a new webMethods API Gateway container, it resets the master password to the default value.

To resolve this, define the master password in the environment variable SAG_IS_MASTER_PASSWORD_KEY. Set this variable to the value of the master password key before starting the webMethods API Gateway container.

Docker Security related best practices

For detailed guidelines about security best practices, see Docker Security documentation, https://docs.docker.com/engine/security/
For details about the script that can test containers and their hosts' security configurations against a set of best practices provided by the Center for Internet Security, see Docker bench, https://github.com/docker/docker-bench-security
For details about how to establish a secure configuration baseline for the Docker Engine, see https://www.cisecurity.org/benchmark/docker for Information Security (CIS) Docker Benchmark (Docker CE 17.06).
For details about potential security concerns associated with the use of containers and recommendations for addressing these concerns, see SP 800 publication (Application Container Security Guide), https://csrc.nist.gov/publications/sp800