This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: DOCUMENTATION-8410

...

  1. Create the Server Key.

    Code Block
    sudo openssl genrsa -des3 -out <key_name>.key 1024
  2. Submit the certificate signing request (CSR).

    Code Block
    sudo openssl req -new -key <key_name>.key -out server.csr
  3. Remove the password.

    Code Block
    sudo cp <key_name>.key <key_name>.key.org 
    sudo openssl rsa -in <key_name>.key.org -out <key_name>.key
  4. Sign your SSL Certificate.

    Code Block
    sudo openssl x509 -req -days 365 -in server.csr -signkey <key_name>.key -out <certificate_name>.crt
  5. Copy the key and certificate files that you generated in the above step to the /etc/nginx/ssl/ location.

Step 2 - Configure the load balancer/reverse proxy server

...

  1. Install NGINX in a server configured in your cluster.

    Note

    The NGINX version that you need to install varies based on the WSO2 API-M components that the load balancer is fronting.

    DeploymentAPI-M NodesLBReason
    Single all-in-one deploymentN/A NGINX Community This deployment does not need Sticky Sessions (Session Affinity).
    Active-active deployment using single all-in-one nodesN/ANGINX PlusThis deployment requires Sticky Sessions, but NGINX Community version does not support it. You can use ip_hash as the sticky algorithm.
    Distributed deploymentGateway with a single Gateway ManagerNGINX Community versionThe Gateway node in this deployment does not need Sticky Sessions.
    Gateway with multiple Gateway ManagersNGINX PlusThe Gateway Manager nodes require Sticky Sessions, but NGINX Community version does not support it. You can use ip_hash as the sticky algorithm. Sticky Sessions are needed for port 9443 in the Gateway, and not needed for the pass through ports in the Gateway (8243, 8280).
    Store, Publisher, and Key ManagerNGINX PlusRequires Sticky Sessions, but NGINX Community version does not support it. You can use ip_hash as the sticky algorithm.

    For more information on installing NGINX, see NGINX community version and NGINX Plus.

  2. Copy the key and certificate files that you generated in step 1 - (4.)  to the /etc/nginx/ssl/ location.

  3. Configure NGINX to direct the HTTP and HTTPs requests based on your deployment.

    1. Run the following command to identify the exact location of the <NGINX_HOME> directory. Inspect the output and identify the --prefix tag as it provides the location of the <NGINX_HOME> directory.

      Code Block
       nginx -V
    2. Update the ngnix.conf file with the required NGINX configuration given below. If not, you can create a file with the .conf suffix and copy it to the <NGINX_HOME>/conf.d directory.

...