This documentation is for older versions of WSO2 products and may not be relevant now. Please see your respective product documentation for clustering details and configurations.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the nginx.conf file and do the following configurations for the worker node.

    Note

    Note: The URL used by the worker nodes is work.emm.wso2.com. (make sure this is properly set up in DNS pointing to the load balancer)

       

    Code Block
    languagexml
    upstream work.emm.wso2.com {
            ip_hash;
            server xxx.xxx.xxx.xxx:9763;
            server xxx.xxx.xxx.xxx:9763;
    }
    
    server {
            listen 80;
            server_name work.emm.wso2.com;
            location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass http://work.emm.wso2.com;
    
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }
    
    
    
    upstream ssl.work.emm.wso2.com {
        ip_hash;
        server xxx.xxx.xxx.xxx:9443;
        server xxx.xxx.xxx.xxx:9443;
    
    }
    
    server {
    listen 443;
        server_name work.emm.wso2.com;
        ssl on;
        ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt;
        ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key;
        location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass https://ssl.work.emm.wso2.com;
    
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }

    For Mutual SSL enabled setup, please note the following changes

    Code Block
    languagexml
    titleChanges for Mutual SSL enabled deployeement
     server {
              listen 443;
                   server_name ssl.work.emm.wso2.com;
                   ssl                         on;
                   ssl_certificate      /etc/nginx/certs/server.crt;
                   ssl_certificate_key  /etc/nginx/certs/server.key;
                   ssl_client_certificate /etc/nginx/certs/ca.crt;
                   ssl_verify_client optional;
    
    
              location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass https://ssl.work.emm.wso2.com;
    
     
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
              }
           }
    
    
    
    
    ssl_certificate             - This is used to define the SSL certificate of nginx
    ssl_certificate_key         - This is used to define the private key of the SSL certificate of nginx
    ssl_client_certificate      - CA certificate used to sign the client certificates.
    ssl_verify_client           - on | off | optional | optional_no_ca Please refer the nginx documentation for more details
    http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client;
    proxy_set_header PROXY-MUTUAL-AUTH-HEADER $ssl_client_s_dn; This header is set so that the EMM server can validate the client details.

    With latest nginx versions, the behaviour has changed and $ssl_client_s_dn_legacy must be used instead of ssl_client_s_dn


  2. Open the nginx.conf file and do the following configurations for the manager node.

    Note

    Note: The URL used by the manager nodes is mgt.emm.wso2.com. (make sure this is properly set up in DNS pointing to the load balancer)

    Code Block
    languagexml
    upstream mgt.emm.wso2.com {
            ip_hash;
            server xxx.xxx.xxx.xxx:9763;
            server xxx.xxx.xxx.xxx:9763;
    }
    
    server {
            listen 80;
            server_name mgt.emm.wso2.com;
            location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass http://mgt.emm.wso2.com;
    
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }
    
    
    
    upstream ssl.mgt.emm.wso2.com {
        ip_hash;
        server xxx.xxx.xxx.xxx:9443;
        server xxx.xxx.xxx.xxx:9443;
    
    }
    
    server {
    listen 443;
        server_name mgt.emm.wso2.com;
        ssl on;
        ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt;
        ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key;
        location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass https://ssl.mgt.emm.wso2.com;
    
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }
  3. Open the nginx.conf file and do the following configurations for the key manager or identity provider node.

    Note

    Note: The key manager’s URL is keymgt.emm.wso2.com. (make sure this is properly set up in DNS pointing to the load balancer)

    Code Block
    languagexml
    upstream keymgt.emm.wso2.com {
            ip_hash;
            server xxx.xxx.xxx.xxx:9763;
            server xxx.xxx.xxx.xxx:9763;
    }
     
    server {
            listen 80;
            server_name keymgt.emm.wso2.com;
            location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass http://keymgt.emm.wso2.com;
     
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }
    
    
    
    upstream ssl.keymgt.emm.wso2.com {
        ip_hash;
        server xxx.xxx.xxx.xxx:9443;
        server xxx.xxx.xxx.xxx:9443;
     
    }
     
    server {
    listen 443;
        server_name keymgt.emm.wso2.com;
     
    
        ssl on;
        ssl_certificate /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.crt;
        ssl_certificate_key /Users/geeth/Documents/Product-Testing/clustering/emm/conf/keys/server.key;
    
    
        location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass https://ssl.keymgt.emm.wso2.com;
     
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }

...