WARNING: This repository is under active development. Expect frequent updates and breaking changes as we improve functionality and refine APIs. We recommend pinning to specific versions for production use. Star the repository to track our progress!
Model Context Protocol (MCP) is an open standard protocol that allows AI Models to connect with external systems, tools, and data sources. While MCP simplifies tool access for Agents and solves data access and internal/external API connectivity challenges, several critical obstacles remain before enterprises can fully realize MCP's promise.
Discovery & Access Challenges:
The MCP Gateway & Registry solves these challenges by providing a unified platform that combines centralized access control with intelligent tool discovery. The Registry offers both visual and programmatic interfaces for exploring available MCP servers and tools, while the Gateway ensures secure, governed access to all services. This enables developers to programmatically build smarter agents and allows agents to autonomously discover and execute tools beyond their initial capabilities.
Resource | Link |
---|---|
Demo Video | An open-source MCP Gateway and Registry, Dynamic tool discovery & invocation |
Medium Post | Taming the Chaos: How the MCP Gateway Centralizes Your AI Model's Tools |
You can deploy the gateway and registry on Amazon EC2 or Amazon EKS for production environments. Jump to installation on EC2 or installation on EKS for deployment instructions.
The Gateway works by using an Nginx server as a reverse proxy, where each MCP server is handled as a different path and the Nginx reverse proxy sitting between the MCP clients (contained in AI Agents for example) and backend server forwards client requests to appropriate backend servers and returns the responses back to clients. The requested resources are then returned to the client.
The MCP Gateway provides a single endpoint to access multiple MCP servers and the Registry provides discoverability and management functionality for the MCP servers that an enterprise wants to use. An AI Agent written in any framework can connect to multiple MCP servers via this gateway, for example to access two MCP servers one called weather
, and another one called currenttime
and agent would create an MCP client pointing https://my-mcp-gateway.enterprise.net/weather/
and another one pointing to https://my-mcp-gateway.enterprise.net/currenttime/
. This technique is able to support both SSE and Streamable HTTP transports.
flowchart TB
subgraph AI_Agents["AI Agents"]
Agent1["AI Agent 1"]
Agent2["AI Agent 2"]
Agent3["AI Agent 3"]
AgentN["AI Agent N"]
end
subgraph EC2_Gateway["<b>MCP Gateway & Registry</b> (Amazon EC2 Instance)"]
subgraph NGINX["NGINX Reverse Proxy"]
RP["Reverse Proxy Router"]
end
subgraph LocalMCPServers["Local MCP Servers"]
MCP_Local1["MCP Server 1"]
MCP_Local2["MCP Server 2"]
end
end
subgraph EKS_Cluster["Amazon EKS/EC2 Cluster"]
MCP_EKS1["MCP Server 3"]
MCP_EKS2["MCP Server 4"]
end
subgraph APIGW_Lambda["Amazon API Gateway + AWS Lambda"]
API_GW["Amazon API Gateway"]
Lambda1["AWS Lambda Function 1"]
Lambda2["AWS Lambda Function 2"]
end
subgraph External_Systems["External Data Sources & APIs"]
DB1[(Database 1)]
DB2[(Database 2)]
API1["External API 1"]
API2["External API 2"]
API3["External API 3"]
end
%% Connections from Agents to Gateway
Agent1 -->|MCP Protocol<br>SSE| RP
Agent2 -->|MCP Protocol<br>SSE| RP
Agent3 -->|MCP Protocol<br>Streamable HTTP| RP
AgentN -->|MCP Protocol<br>Streamable HTTP| RP
%% Connections from Gateway to MCP Servers
RP -->|SSE| MCP_Local1
RP -->|SSE| MCP_Local2
RP -->|SSE| MCP_EKS1
RP -->|SSE| MCP_EKS2
RP -->|Streamable HTTP| API_GW
%% Connections within API GW + Lambda
API_GW --> Lambda1
API_GW --> Lambda2
%% Connections to External Systems
MCP_Local1 -->|Tool Connection| DB1
MCP_Local2 -->|Tool Connection| DB2
MCP_EKS1 -->|Tool Connection| API1
MCP_EKS2 -->|Tool Connection| API2
Lambda1 -->|Tool Connection| API3
%% Style definitions
classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px
classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px
classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px
classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px
classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px
classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px
classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px
classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px
%% Apply styles
class Agent1,Agent2,Agent3,AgentN agent
class EC2_Gateway,NGINX gateway
class RP nginx
class MCP_Local1,MCP_Local2 mcpServer
class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks
class API_GW apiGw
class Lambda1,Lambda2 lambda
class DB1,DB2,API1,API2,API3 dataSource
/sse
endpoint).registry/nginx_mcp_revproxy.conf
) based on registered services and their enabled/disabled state.registry/server_state.json
(and ignored by Git).ml.t3.2xlarge
) with a standard Ubuntu AMI for running this solution.Polygon
API for stock ticker data. Get an API key from here. The server will still start without the API key but you will get a 401 Unauthorized error when using the tools provided by this server.The Gateway and the Registry are available as a Docker container. The package includes a couple of test MCP servers as well.
Clone the repository:
git clone https://github.com/aarora79/mcp-gateway.git
cd mcp-gateway
Create local directories for saving MCP server logs and run-time data:
sudo mkdir -p /opt/mcp-gateway/servers
sudo cp -r registry/servers /opt/mcp-gateway/
sudo mkdir /var/log/mcp-gateway
Build the Docker container to run the Gateway and Registry:
docker build -t mcp-gateway .
Run the container:
# environment variables
export ADMIN_USER=admin
export ADMIN_PASSWORD=your-admin-password
export POLYGON_API_KEY=your-polygon-api-key
# stop any previous instance
docker stop mcp-gateway-container && docker rm mcp-gateway-container
docker run -p 80:80 -p 443:443 -p 7860:7860 \
-e ADMIN_USER=$ADMIN_USER \
-e ADMIN_PASSWORD=$ADMIN_PASSWORD \
-e POLYGON_API_KEY=$POLYGON_API_KEY \
-e SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_hex(32))') \
-v /var/log/mcp-gateway:/app/logs \
-v /opt/mcp-gateway/servers:/app/registry/servers \
--name mcp-gateway-container mcp-gateway
You should see some of the following traces show up on the screen (the following is an excerpt, some traces have been omitted for clarity).
Nginx config regeneration successful.
Starting background health check task...
Running periodic health checks (Interval: 300s)...
Performing periodic check for enabled service: /fininfo
Setting status to 'checking' for /fininfo (http://localhost:8002/)...
INFO: Application startup complete.
INFO: Uvicorn running on http://0.0.0.0:7860 (Press CTRL+C to quit)
INFO: 127.0.0.1:40132 - "HEAD /sse HTTP/1.1" 200 OK
Health check successful for /fininfo (http://localhost:8002/).
Final health status for /fininfo: healthy
Performing periodic check for enabled service: /currenttime
Setting status to 'checking' for /currenttime (http://0.0.0.0:8001/)...
INFO: 127.0.0.1:54256 - "HEAD /sse HTTP/1.1" 200 OK
Health check successful for /currenttime (http://0.0.0.0:8001/).
Final health status for /currenttime: healthy
Finished periodic health checks. Current status map: {'/fininfo': 'healthy', '/currenttime': 'healthy'}
No status changes detected in periodic check, skipping broadcast.
Starting Nginx in the background...
Nginx started. Keeping container alive...
Navigate to http://localhost:7860
access the Registry
View logs from the Registry and the built-in MCP servers:
Logs are available on the local machine in the /var/log/mcp-gateway
directory.
tail -f /var/log/mcp-gateway/*
View MCP server metadata:
Metadata about all MCP servers connected to the Registry is available in /opt/mcp-gateway/servers
directory. The metadata includes information gathered from ListTools
as well as information provided while registering the server.
Enable access to TCP port 443 from the IP address of your MCP client (your laptop, or anywhere) in the inbound rules in the security group associated with your EC2 instance.
You would need to have an HTTPS certificate and private key to proceed. Let's say you use your-mcp-gateway.com
as the domain for your MCP server then you will need an SSL cert for your-mcp-gateway.com
and MCP servers behind the Gateway will be accessible to MCP clients as https://your-mcp-gateway.com/mcp-server-name/sse
.
Rebuild the container using the same command line as before.
Run the container with the -v
switch to map the local folder containing the cert and the private key to the container. Replace /path/to/certs/
and /path/private
as appropriate in the command provided below.
docker run -p 80:80 -p 443:443 -p 7860:7860 \
-e ADMIN_USER=$ADMIN_USER \
-e ADMIN_PASSWORD=$ADMIN_PASSWORD \
-e POLYGON_API_KEY=$POLYGON_API_KEY \
-e SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_hex(32))') \
-v /path/to/certs:/etc/ssl/certs \
-v /path/to/private:/etc/ssl/private \
-v /var/log/mcp-gateway:/app/logs \
-v /opt/mcp-gateway/servers:/app/registry/servers \
--name mcp-gateway-container mcp-gateway
For production deployments you might want to run this solution on EKS, the Distributed Training and Inference on EKS repo contains the helm chart for running the gateway and registry on an EKS cluster. Refer to Serve MCP Gateway Registry README for step by step instructions.
ADMIN_USER
and ADMIN_PASSWORD
specified while starting the Gateway container.location
block.The MCP Registry provides an API, this API is also exposed as an MCP server so we have an MCP Server to manage the MCP Registry itself. You can use any MCP Host such as Cursor
or others that support remote MCP Servers over SSE. To add the MCP Registry's MCP server to Cursor, simply add the following JSON to Cursor's mcp.json
file.
Using the MCP Gateway in Agents and hosts such as Cursor does require that you run the Gateway over HTTPS, see instructions here.
{
"mcpServers": {
"mcpgw": {
"url": "https://mymcpgateway.mycorp.com//mcpgw/sse"
}
}
}
Cursor should now be able to talk to the MCP Gateway and you should be able to use the tools it provides.
Option 1 (recommended): Use Cursor
or your favorite MCP host of choice that supports SSE to add the MCP Gateway as a server as an MCP server and then simple ask it in natural language to register a new MCP server and follow the prompts.
Option 2: Use /register
API (first call the /login
API and get the secure cookie value), see steps in the API endpoints section. Note the value for the mcp_gateway_session
cookie from the /login
API and then use it in /register
API.
# Login to get the session cookie
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin&password=$ADMIN_PASSWORD" \
-c cookies.txt \
http://localhost:7860/login
Use the value of the mcp_gateway_session
in cookies.txt
in the following command.
# Set the session cookie value in a variable
SESSION_COOKIE="session-cookie-from-login"
# Use the variable in the curl command
curl -X POST http://localhost:7860/register \
-H "Content-Type: application/x-www-form-urlencoded" \
-b cookies.txt \
--data-urlencode "name=My New Service" \
--data-urlencode "description=A fantastic new service" \
--data-urlencode "path=/new-service" \
--data-urlencode "proxy_pass_url=http://localhost:8004" \
--data-urlencode "tags=new,experimental" \
--data-urlencode "num_tools=2" \
--data-urlencode "num_stars=0" \
--data-urlencode "is_python=true" \
--data-urlencode "license=MIT"
See the full API spec here.
POST /register
: Register a new service (form data).POST /toggle/{service_path}
: Enable/disable a service (form data).POST /edit/{service_path}
: Update service details (form data).GET /api/server_details/{service_path}
: Get full details for a service (JSON).GET /api/tools/{service_path}
: Get the discovered tool list for a service (JSON).POST /api/refresh/{service_path}
: Manually trigger a health check/tool update.GET /login
, POST /login
, POST /logout
: Authentication routes.WebSocket /ws/health_status
: Real-time connection for receiving server health status updates.(Authentication via session cookie is required for most non-login routes)
This library is licensed under the MIT License. See the LICENSE file.
{ "mcpServers": { "mcp-gateway": { "command": "docker", "args": [ "run", "-p", "80:80", "-p", "443:443", "-p", "7860:7860", "-e", "ADMIN_USER=$ADMIN_USER", "-e", "ADMIN_PASSWORD=$ADMIN_PASSWORD", "-e", "POLYGON_API_KEY=$POLYGON_API_KEY", "-e", "SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_hex(32))')", "-v", "/var/log/mcp-gateway:/app/logs", "-v", "/opt/mcp-gateway/servers:/app/registry/servers", "--name", "mcp-gateway-container", "mcp-gateway" ] } } }
Related projects feature coming soon
Will recommend related projects based on sub-categories