A reverse proxy server retrieves information from a server and sends it to a client as though the information originated from the reverse proxy sever rather than the actual server. You can use a reverse proxy server to block access to selected applications in a server. For example, this is useful when you want to expose the token API in such a way that the clients can authenticate it against OAuth2 using the same port that their APIs are on.
Follow the instructions below to configure WSO2 API Manager (WSO2 API-M) with reverse proxy (with a proxy context path):
The following instructions focuses on exposing WSO2 API-M user interfaces, namely the API Store, API Publisher and the API-M Management Console, over NGINX.
- Install and configure NGINX.
Remove the current installation of NGINX.
Edit the NGINX server configurations in the
Tip: The location of the NGINX configuration file varies based on the OS that you are using and the installation location of NGINX.
Create a SSL certificate and copy it to the
Copy the SSL certificate (
.crtfile) to the
Add the SSL certificate to your client trust store.
You do this to enable external API publishing and web service calls.
If you need to stop NGINX, run the following command:
Configure WSO2 API Manager.
<APIM_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.jsonfile with the context and request URL as shown below.
This is done to configure the reverse proxy server for WSO2 API Store, so that you can route the requests that come to the store through a proxy server.
<APIM_HOME>/repository/deployment/server/jaggeryapps/publisher/site/conf/site.jsonfile with the context and request URL as shown below.
This is done to configure the reverse proxy server for WSO2 API Publisher, so that you can route the requests that come to the publisher through a proxy server.
<APIM_HOME>/repository/conf/carbon.xmlfile by uncommenting and updating the values of the following properties.
The value that you give for these two properties should match the value that you gave for the
hostproperty in the previous two steps.
Change the value of
You need to make this change when you change the value of the host, because requests that are made to the Key Manager will also start getting routed through the reverse proxy; therefore, this needs to be over HTTP instead of TCP, which is Thrifts underlying protocol.
Start WSO2 API Manager.
If you set up the reverse proxy server correctly, when you access the following URLs the following redirections will take place:
If you want to change all the default WSO2 API Manager ports, you can do so by editing the