Adding a custom proxy path is useful when you have a proxy server fronting your Carbon server. In this scenario, the "custom proxy path" is used for mapping a proxy url with the actual url of your Carbon server, which allows clients to access the Carbon server with the proxy url.
This feature is particularly useful when multiple WSO2 products are hosted under the same domain name. For example, consider that you have three WSO2 products; Application Server, API Manager and ESB, deployed in your production environment and you want all of them to be hosted with the "wso2test.com" domain. By using a reverse proxy and by configuring your servers with 'custom proxy paths' , you can host all products under a single domain and assign proxy paths for each product separately as shown below:
Proxy URLs mapped to Carbon server URLs:
- https://10.100.1.1:<ListeningPort-apimanager>/carbon mapped to https://wso2test.com/apimanager.
- https://10.100.1.1:<ListeningPort-esb>/carbon mapped to https://wso2test.com/esb.
- https://10.100.1.1:<ListeningPort-appserver>/carbon mapped to https://wso2test.com/appserver.
Note the following:
- This functionality is only available for WSO2 products that are based on Carbon 4.3.0 or a later Carbon version. See the WSO2 product release matrix for more information about WSO2 Carbon platform releases.
- Once you have configured your products with a proxy server, it will no longer be possible to access the product behind the proxy. See the section given below on configuring products to use the proxy server for more information.
In the above example, "apimanager", "esb" and "appserver" are the "proxy context paths" of the respective products, which are configured in the
carbon.xml file (stored in
<PRODUCT_HOME>/repository/conf/ directory) for each product. When a client sends a request to the proxy entry url path, e.g. https://wso2test.com/apimanager , the request is directed to the back-end service url ( https://10.100.1.1:<PortNumber>/carbon ) where the original service lies. Eventually, the client has to be served via the requested proxy entry url path. The mapping between the proxy url path and the back-end service url path is resolved by the reverse proxy server fronting the back-end service.
Access WSO2 products through a custom proxy path
This functionality will be demonstrated in this documentation using two WSO2 product servers as examples; WSO2 Application Server and WSO2 ESB as the back-end servers, and nginx as the reverse proxy.
Follow the steps given below.
Step 1: Install and configure a reverse proxy
- Download nginx server.
Install the nginx server in your deployment server by executing the following command:
Create a folder called "ssl" inside /etc/nginx, and create the ssl certificates inside this folder by executing the following commands:
The next step is to create the server key and certificates. First create the private key as shown below. Note that a pass phrase is prompted when creating the private key.
Next, create the certificate signing request as shown below.
Fill in the required details. Most important entry is the Common Name. Enter the domain name or the ip address if there is no domain name.
Next step is to sign the SSL certificate using the following command:
The certificate is now created.
The last step is to set up the virtual host displaying the new certificate. Create a copy of the default, " sites-enabled" configuration using the following command:
Now, create a symbolic between the " sites-enabled" directory and the "sites-available" directory using the following command:
The host is now activated.
/etc/nginx/sites-enabled/wso2file and enter the following configurations.
According to the nginx configuration, https requests with the /appserver/* pattern are directed to the /* pattern and then when the service is served to the client, it resolves the url pattern to /appserver/*. This works the same for http requests.
Save the file and restart the nginx server using the following command to complete the nginx configuration:
In the above configuration, the https and http requests are listening on 8243 and 8280 ports respectively. Server name is set to wso2test.com. To test this in a local machine, you need to add
/etc/hostsfile as shown below.
Step 2: Configure products with proxy context path
- Download WSO2 Application Server and WSO2 ESB.
carbon.xmlfile stored in the
<PRODUCT_HOME>/repository/conf/directory and set the HostName to what you defined in the nginx configuration as shown below (for both products):
Now, set the MgtHostName as shown below.
For Application Server:
Set the "ProxyContextPath" as shown below. This is the proxy path string, which will appear in the management console, web apps and services urls.
For Application Server:
Since you need to run both products (AS and ESB) simultaneously, set port offsets as shown below.
For Application Server:
According to the nginx configuration, the https, http requests are listening on 8243 and 8280 ports. However, by default WSO2 products are listening on 9443 (WSO2 Application Server) and 9453 (WSO2 ESB). Therefore, the listening ports of the reverse proxy should be configured as proxy ports in Application Server and ESB respectively. To enable proxy ports, open the
<PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xmlfile and add the "proxyPort" entries.
Note that after you define proxy ports (8243 and 8280) in the
catalina-server.xmlfile, it will no longer be possible to access the products using the normal ports (9443 and 9453).
For example, the "proxyPort" entries for Application Server are as follows:
Step 3: Start the Product
- Start the server and enter the following url in a browser:
- For Application Server: https://wso2test.com:8243/appserver/carbon/
- For ESB: https://wso2test.com:8243/esb/carbon/
- Give the admin credentials and log in to the server. You'll find the proxy path for admin console, services, webapps changed for each product as shown below.
- For “/appserver” proxy path: https://wso2test.com:8243/appserver/carbon/admin/index.jsp.
- For "/esb" proxy path: https://wso2test.com:8243/esb/carbon/admin/index.jsp.