This documentation is for WSO2 Enterprise Integrator version 6.2.0 . View documentation for the latest release in the 6.x.x family and the latest release in the 7.x.x family.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Install NGINX Plus or Nginx community version configured in a server within your cluster network.

  2. Create a VHost file (ei.http.conf) in the /etc/nginx/conf.d directory and add the following configurations into it.This configures NGINX Plus to direct the HTTP requests to the two WSO2 EI nodes (xxx.xxx.xxx.xx1 and xxx.xxx.xxx.xx2) via the HTTP 80 port using the http://ei.wso2.com/ URL. 

    Code Block
    titleNginx Community Version and NGINX Plus
    upstream wso2.ei.com {
            server xxx.xxx.xxx.xx1:82809765;
            server xxx.xxx.xxx.xx2:82809765;
    }
    
    server {
            listen 80;
            server_name ei.wso2.com;
            location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass http://wso2.ei.com;
    
    			   proxy_http_version 1.1;
            	   proxy_set_header Upgrade $http_upgrade;
            	   proxy_set_header Connection "upgrade";
            }
    }
  3. Create a VHost file (ei.https.conf) in the /etc/nginx/conf.d directory and add the following configurations into it. This configures NGINX Plus to direct the HTTPS requests to the two WSO2 EI nodes (xxx.xxx.xxx.xx1 and xxx.xxx.xxx.xx2) via the HTTPS 443 port using the https://ei.wso2.com/ URL. 

    Localtab Group
    Localtab
    activetrue
    titleNginx Community Version
    Code Block
    upstream ssl.wso2.ei.com {
        server xxx.xxx.xxx.xx1:82439445;
        server xxx.xxx.xxx.xx2:82439445;
        ip_hash;
    }
     
    server {
    listen 443;
        server_name ei.wso2.com;
        ssl on;
        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;
        location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass https://ssl.wso2.ei.com;
     
                   proxy_http_version 1.1;
                   proxy_set_header Upgrade $http_upgrade;
                   proxy_set_header Connection "upgrade";
            }
    }
    
    
    Localtab
    titleNGINX Plus
    Code Block
    upstream ssl.wso2.ei.com {
    	server xxx.xxx.xxx.xx1:82439445;
    	server xxx.xxx.xxx.xx2:82439445;
     
    			sticky learn create=$upstream_cookie_jsessionid
    			lookup=$cookie_jsessionid
    			zone=client_sessions:1m;
    }
    
    server {
    listen 443;
    	server_name ei.wso2.com;
    	ssl on;
    	ssl_certificate /etc/nginx/ssl/server.crt;
    	ssl_certificate_key /etc/nginx/ssl/server.key;
    	location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
    			   proxy_pass https://ssl.wso2.ei.com;
     
    			   proxy_http_version 1.1;
    			   proxy_set_header Upgrade $http_upgrade;
    			   proxy_set_header Connection "upgrade";
        	}
    }
  4. Configure Nginx to access the Management Console as https://mgt.as.wso2.com/carbon via HTTPS 443 port. To do this, create a VHost file (ui.as.https.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    Code Block
    titleNginx Community Version and NGINX Plus
    server {
    	listen 443;
    	server_name ui.ei.wso2.com;
    	ssl on;
    	ssl_certificate /etc/nginx/ssl/server.crt;
    	ssl_certificate_key /etc/nginx/ssl/server.key;
    
    	location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
    			   proxy_pass https://xxx.xxx.xxx.xx1:9443/;
     
    			   proxy_http_version 1.1;
    			   proxy_set_header Upgrade $http_upgrade;
    			   proxy_set_header Connection "upgrade";
        	}
    	error_log  /var/log/nginx/ui-error.log ;
               access_log  /var/log/nginx/ui-access.log;
    }
  5. Follow the instructions below to create SSL certificates for both WSO2 EI nodes.

    Tip

    Enter the host name (ei.wso2.com ) as the common name when creating keys.

    1. Execute the following command to create the Server Key: $sudo opensslgenrsa -des3 -out server.key 1024
    2. Execute the following command to request to sign the certificate: $sudo openssl req -new -key server.key -out server.csr
    3. Execute the following commands to remove the passwords:
      $sudo cp server.key server.key.org 
      $sudo openssl rsa -in server.key.org -out server.key
    4. Execute the following commands to sign your SSL Certificate: $sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

    5. Execute the following command to add the certificate to the <EI_HOME>/repository/resources/security/client-truststore.jks file: keytool -import -trustcacerts -alias server -file server.crt -keystore client-truststore.jks

  6. Execute the following command to restart the NGINX Plus server: $sudo service nginx  restart 

    Tip

    Execute the following command if you do not need to restart the server when you are simply making a modification to the VHost file: $sudo service nginx reload 

...