Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Page Comparison - Adding a Reverse Proxy Server (v.9 vs v.10) - API Manager 2.1.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: removed point 3&4 and combined with 1(c) https://wso2.org/jira/browse/DOCUMENTATION-1853

...

  1. Install and configure NGINX.
    1. Remove the current installation of NGINX.

      Code Block
      sudo apt-get purge nginx nginx-common nginx-full
    2. Install NGINX.

      Code Block
      sudo apt-get install nginx
    3. Edit the NGINX configurations.

      Code Blocksudo vi

      NGINX server configurations in the /etc/nginx/sites-enabled/default

    Secure NGINX.

    1. Create a SSL certificate and copy it to the ssl folder.

      Code Blocksudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout

      /

      etc/

      nginx

      /ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
    2. Copy the SSL certificate  (.crt file) to the <APIM_HOME>/repository/resources/security directory.

      Code Block
      cp /etc/nginx/ssl/nginx.crt ./nginx.crt
    3. Add the SSL certificate to your client trust store.
      You do this to enable external API publishing and web service calls.

      Code Block
      keytool -import -file nginx.crt -keystore client-truststore.jks -storepass wso2carbon -alias wso2carbon2

    Open the NGINX server configuration file (nginx.conf), which is in the /etc/nginx/sites-enabled/default directory.

    1. .conf file.

      Tip

      Tip: The location of the NGINX configuration file varies based on the OS that you are using and the installation location of NGINX.

    Add the required configurations in the nginx.conf file.
    1. Code Block
      sudo vi /etc/nginx/sites-enabled/default/nginx.conf
      Code Block
      titleExample
      server {
      
             listen 443;
             ssl on;
             ssl_certificate /etc/nginx/ssl/nginx.crt;
             ssl_certificate_key /etc/nginx/ssl/nginx.key;
             location /apimanager/carbon {
                 index index.html;
                 proxy_set_header X-Forwarded-Host $host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_pass https://localhost:9443/carbon/;
                 proxy_redirect  https://localhost:9443/carbon/  https://localhost/apimanager/carbon/;
                 proxy_cookie_path / /apimanager/carbon/;
             }
      
             location ~ ^/apimanager/store/(.*)registry/resource/_system/governance/apimgt/applicationdata/icons/(.*)$ {
                 index index.html;
                 proxy_set_header X-Forwarded-Host $host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_pass https://127.0.0.1:9443/$1registry/resource/_system/governance/apimgt/applicationdata/icons/$2;
             }
      
      
             location ~ ^/apimanager/publisher/(.*)registry/resource/_system/governance/apimgt/applicationdata/icons/(.*)$ {
                 index index.html;
                 proxy_set_header X-Forwarded-Host $host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_pass https://127.0.0.1:9443/$1registry/resource/_system/governance/apimgt/applicationdata/icons/$2;
             }
      
        	   location /apimanager/publisher {
                index index.html;
                 proxy_set_header X-Forwarded-Host $host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_pass https://localhost:9443/publisher;
                 proxy_redirect  https://localhost:9443/publisher  https://localhost/apimanager/publisher;
                 proxy_cookie_path /publisher /apimanager/publisher;
      
            }
      
            location /apimanager/store {
                 index index.html;
                 proxy_set_header X-Forwarded-Host $host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_pass https://localhost:9443/store;
                 proxy_redirect https://localhost:9443/store https://localhost/apimanager/store;
                 proxy_cookie_path /store /apimanager/store;
             } 
            }
  2. Secure NGINX.

    1. Create a SSL certificate and copy it to the ssl folder.

      Code Block
      sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
    2. Copy the SSL certificate  (.crt file) to the <APIM_HOME>/repository/resources/security directory.

      Code Block
      cp /etc/nginx/ssl/nginx.crt ./nginx.crt
    3. Add the SSL certificate to your client trust store.
      You do this to enable external API publishing and web service calls.

      Code Block
      keytool -import -file nginx.crt -keystore client-truststore.jks -storepass wso2carbon -alias wso2carbon2
  3. Start NGINX.

    Code Block
    sudo /etc/init.d/nginx start
    Tip

    If you need to stop NGINX, run the following command:

    Code Block
    sudo /etc/init.d/nginx stop
  4. Configure WSO2 API Manager. 

    1. Edit the <APIM_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json file with the context and request URL as shown below.
      This is done to configure the reverse proxy server for WSO2 API Store, so that you can route the requests that come to the store through a proxy server.

      Code Block
      languagexml
      "reverseProxy" : {
              "enabled" : true,  
              "host" : "localhost", // If the reverse proxy does not have a domain name use the IP
              "context":"/apimanager/store",
              "regContext":"" // Use this only if a different path is used for the registry
          }
    2. Edit the <APIM_HOME>/repository/deployment/server/jaggeryapps/publisher/site/conf/site.json file with the context and request URL as shown below.
      This is done to configure the reverse proxy server for WSO2 API Publisher, so that you can route the requests that come to the publisher through a proxy server.

      Code Block
      languagexml
      "reverseProxy" : {
              "enabled" : true,  
              "host" : "localhost", // If the reverse proxy does not have a domain name use the IP
              "context":"/apimanager/publisher",
              "regContext":"" // Use this only if a different path is used for the registry
          }
    3. Update the <APIM_HOME>/repository/conf/carbon.xml file by uncommenting and updating the values of the following properties.
      The value that you give for these two properties should match the value that you gave for the host property in the previous two steps.

      Code Block
      <HostName>localhost</HostName>
      <MgtHostName>localhost</MgtHostName>
    4. Change the value of KeyValidatorClientType to WSClient in the  <APIM_HOME>/repository/conf/api-manager.xml file.
      You need to make this change when you change the value of the host, because requests that are made to the Key Manager will also start getting routed through the reverse proxy; therefore, this needs to be over HTTP instead of TCP, which is Thrifts underlying protocol.

      Code Block
      <KeyValidatorClientType>WSClient</KeyValidatorClientType>
  5. Start WSO2 API Manager.

    Localtab Group
    Localtab
    activetrue
    titleLinux/Mac OS
    Code Block
    cd <APIM_HOME>/bin
    ./wso2server.sh
    Localtab
    titleWindows
    Code Block
    cd <APIM_HOME>\bin
    ./wso2server.bat

    If you set up the reverse proxy server correctly, when you access the following URLs the following redirections will take place:

    Link AccessedRedirected To
    https://localhost/apimanager/storeWSO2 API Store
    https://localhost/apimanager/publisherWSO2 API Publisher

...