Master Kong API Gateway with OpenResty: Installation, Features, and Plugin Guide

API Gateway Overview

An API gateway aggregates all microservice APIs, exposing a single entry point that handles security, logging, rate‑limiting, and other cross‑cutting concerns. Kong consistently ranks first among open‑source API gateways on GitHub and is widely adopted for custom extensions.

OpenResty as the Foundation

OpenResty® combines Nginx with Lua, providing a high‑performance web platform that integrates many Lua libraries and third‑party modules. It enables developers to run dynamic, high‑concurrency web applications and gateways directly inside Nginx workers, leveraging non‑blocking I/O for HTTP, MySQL, PostgreSQL, Redis, and more.

Installing OpenResty

# Install yum‑utils
sudo yum install -y yum-utils
# Add OpenResty repository
sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
# Install OpenResty and CLI tools
sudo yum install -y openresty openresty-resty
# Start the service
sudo systemctl start openresty
sudo systemctl enable openresty

Installing Kong

Kong is built on top of OpenResty and uses PostgreSQL or Cassandra for storage. The following steps install Kong 2.2 on CentOS 7.

# Add Kong yum repository
wget https://bintray.com/kong/kong-rpm/rpm -O bintray-kong-kong-rpm.repo
export major_version=$(grep -oE '[0-9]+\.[0-9]+' /etc/redhat-release | cut -d '.' -f1)
sed -i -e 's/baseurl.*/&\/centos\/'$major_version'' bintray-kong-kong-rpm.repo
mv bintray-kong-kong-rpm.repo /etc/yum.repos.d/
yum clean all && yum makecache
yum install -y kong
# Copy default config and edit database settings
cp /etc/kong/kong.conf.default /etc/kong/kong.conf
# (Edit /etc/kong/kong.conf to set pg_host, pg_port, pg_user, pg_password, pg_database)
# Initialize the database
kong migrations bootstrap -c /etc/kong/kong.conf
# Start Kong
kong start -c /etc/kong/kong.conf
# Verify
curl -i http://localhost:8001/

Kong Core Components

Kong Server – Nginx‑based server that receives API requests.

PostgreSQL/Cassandra – Persistent storage for configuration and plugins.

Kong Dashboard – Official UI (or the community‑maintained Konga) for managing Kong.

Key Features of Kong

Cloud‑native: runs on bare metal, VMs, containers, and Kubernetes.

Kubernetes Ingress Controller with CRD support.

Dynamic load balancing, hash‑based sticky sessions.

Circuit breaking, health checks, service discovery.

Horizontal scalability via clustering.

Extensible plugin architecture (Lua‑based).

Plugin Ecosystem

Kong ships with 28 open‑source plugins grouped into Authentication, Security, Traffic Control, Analytics & Monitoring, and Logging. Plugins can be enabled per service, route, or consumer and are dynamically insertable.

Authentication & Security Plugins

basic‑auth – HTTP Basic authentication.

key‑auth – API key validation.

jwt – JSON Web Token verification.

oauth2 – OAuth 2.0 flows (authorization code, implicit, password, client credentials).

hmac‑auth – HMAC signature validation.

acl – Access control lists for IP/consumer whitelisting.

Traffic Control Plugins

rate‑limiting – Limits request count per time window.

request‑size‑limiting – Caps request payload size to prevent memory exhaustion.

request‑termination – Returns a custom response, useful for manual circuit breaking.

Logging Plugins

file‑log – Writes request/response logs to a local file.

http‑log – Sends logs to a remote HTTP endpoint.

syslog – Sends logs to the system logger.

tcp‑log / udp‑log – Streams logs over TCP/UDP.

Custom log plugins can be written to store logs in distributed databases or time‑series stores.

Comparison with Other Gateways

In side‑by‑side benchmarks, Kong outperforms many alternatives in feature richness, performance, and plugin extensibility, making it a strong choice for enterprise‑grade API management. The article also notes that Kong’s open‑source version is free, while the community edition adds extra plugins for a fee.

Installing Kong Dashboard (UI)

The Dashboard is a Node.js application. After installing Node.js, clone the repository and install globally.

# Install Node.js (example version 8.1.0)
wget http://nodejs.org/dist/v8.1.0/node-v8.1.0.tar.gz
tar zxvf node-v8.1.0.tar.gz
cd node-v8.1.0
./configure --prefix=/usr/local/node
make && make install
ln -s /usr/local/node/bin/* /usr/sbin/
# Configure npm
npm set prefix /usr/local
export PATH=/usr/local/lib/node_modules:$PATH
# Clone and install Kong Dashboard
git clone https://github.com/PGBI/kong-dashboard
npm install -g kong-dashboard@v2
# Start the dashboard on port 9001
kong-dashboard start -p 9001

After the dashboard is running, bind it to a Kong server via the UI configuration page.