Per impostazione predefinita, le interfacce WSO2 come Publisher, Developer Portal e Carbon sono accessibili rispettivamente tramite le porte :9443/publisher, :9443/devportal e :9443/carbon. Ma non suggerisco di offrire endpoint con numeri di porta al cliente per buoni motivi. Quindi, se sei come me e desideri impostare percorsi proxy personalizzati come https://hostname.com/publisher ecc., allora devi disporre di un server proxy front-end per WSO2 API Manager. In questo tutorial, imposteremo WSO2 con proxy inverso NGINX per mappare un URL proxy con l'URL effettivo dei servizi WSO2 consentendo ai client di accedere ai servizi con l'URL proxy.
Considera uno scenario in cui volevi ospitare servizi WSO2 come editore, portale per sviluppatori e console carbon come:
https://tg.com/apim/publisher https://tg.com/apim/devportal https://tg.com/apim/carbon https://tg.com/apim/admin
Negli URL precedenti, "apim ' è il percorso del contesto proxy di API Manager.
Come configurare WSO2 con NGINX Reverse Proxy
Se stai configurando WSO2 per la prima volta, passa a questo articolo per i passaggi di installazione.
Installa il server NGINX
Passaggio 1: Installa il server NGINX eseguendo il seguente comando
sudo apt-get install nginx
Passaggio 2: Imposta certificato SSL. Puoi impostare un certificato autofirmato per il server di sviluppo o ottenerne uno da LetsEncrypt per il server di produzione.
Passaggio 3 :Crea un nuovo file di configurazione NGINX all'interno di /etc/nginx/conf.d/wso2.conf e copia e incolla il testo sottostante.
server {
listen 443 ssl default_server;
listen [::]:443 default_server ipv6only=on;
server_name tg.com www.tg.com;
root /var/www/html;
access_log /var/log/nginx/proxy.log;
ssl_certificate /etc/letsencrypt/live/tg.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tg.com/privkey.pem; #
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
rewrite \w*(carbon|admin|devportal|publisher|oidc)$ $1/ permanent;
location /apim/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://tg.com:9443/;
proxy_redirect https://tg.com/authenticationendpoint/ https://tg.com/apim/authenticationendpoint/;
proxy_redirect https://tg.com/oauth2/ https://tg.com/apim/oauth2/;
proxy_redirect https://tg.com/carbon/ https://tg.com/apim/carbon/;
#proxy_redirect https://tg.com/admin/ https://tg.com/apim/admin/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://tg.com:8243/;
proxy_redirect https://tg.com:8243/(.*) https://tg.com/api/$1;
}
location /carbon/admin/js/csrfPrevention.js {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://tg.com/apim/carbon/admin/js/csrfPrevention.js;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/am/publisher/v2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/publisher/v2;
proxy_redirect https://tg.com:9443/api/am/publisher/v2 https://tg.com/apim/api/am/publisher/v2;
}
location /api/am/admin/v2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/admin/v2;
proxy_redirect https://tg.com:9443/api/am/admin/v2 https://tg.com/apim/api/am/admin/v2;
}
location /api/am/devportal/v2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/devportal/v2;
proxy_redirect https://tg.com:9443/api/am/devportal/v2 https://tg.com/apim/api/am/devportal/v2;
}
location /oidc {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/oidc;
proxy_redirect https://tg.com:9443/oidc https://tg.com/apim/oidc;
}
location /authenticationendpoint{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/authenticationendpoint;
proxy_redirect https://tg.com:9443/authenticationendpoint https://tg.com/apim/authenticationendpoint;
}
location /oauth2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/oauth2;
proxy_redirect https://tg.com:9443/oauth2 https://tg.com/apim/oauth2;
proxy_redirect https://tg.com:9443/authenticationendpoint https://tg.com/apim/authenticationendpoint;
proxy_redirect https://tg.com:9443/devportal https://tg.com/apim/devportal;
proxy_redirect https://tg.com:9443/publisher https://tg.com/apim/publisher;
}
location /logincontext{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/logincontext;
proxy_redirect https://tg.com:9443/logincontext https://tg.com/apim/logincontext;
}
location /commonauth{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/commonauth;
proxy_redirect https://tg.com:9443/commonauth https://tg.com/apim/commonauth;
}
location /api/am/service-catalog/v0{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/service-catalog/v0;
proxy_redirect https://tg.com:9443/api/am/service-catalog/v0 https://tg.com/apim/api/am/service-catalog/v0;
}
location /uansandbox{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:8443/uansandbox;
proxy_redirect https://tg.com:8443/uansandbox https://tg.com/uansandbox;
}
location /uansandbox/uploadtoken{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:8443/uansandbox/uploadtoken;
proxy_redirect https://tg.com:8443/uansandbox/uploadtoken https://tg.com/uansandbox/uploadtoken;
} }
Passaggio 4: Salva il file ed esegui il comando seguente per assicurarti che la configurazione sia priva di errori.
# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Passaggio 5: Riavvia il server NGINX
# systemctl restart nginx
Aggiorna le configurazioni del gestore API
Passaggio 6: Aggiungi le seguenti voci host
127.0.0.1 tg.com
Passaggio 7: Aggiorna il file di configurazione della distribuzione come di seguito e aggiungi o aggiorna con le seguenti configurazioni.
# vim <API_M>/repository/conf/deployment.toml
[server]
hostname = "tg.com"
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}/apim"
server_role = "default"
node_ip = "127.0.0.1"
mode = "single" #single or ha
proxy_context_path = "/apim" [apim.devportal] url = "https://tg.com/apim/devportal"
[transport.https.properties] proxyPort = 443
Nota: Ricordarsi di cambiare il nome host, base_path con il suffisso “/apim ' e proxy_context_path che è '/apim '.
Passaggio 7: Aggiorna web.xml.j2 file situato in '
E aggiungi la configurazione seguente allo stesso livello di <context-param> nodi.
<context-param> <param-name>contextPath</param-name> <param-value>apim</param-value> </context-param>
Passaggio 8: Aggiorna i file di configurazione web in app:{ }
#vim
context: '/apim/publisher', // Note the leading `/` and no trailing `/`
proxy_context_path: '/apim',
customUrl: { // Dynamically set the redirect origin according to the forwardedHeader host|proxyPort combination
enabled: true,
forwardedHeader: 'X-Forwarded-Host',
},
#vim
context: '/apim/devportal',
proxy_context_path: '/apim',
customUrl: {
enabled: true,
forwardedHeader: 'X-Forwarded-Host',
},
#vim
context: '/apim/admin', // Note the leading `/` and no trailing `/`
proxy_context_path: '/apim',
customUrl: { // Dynamically set the redirect origin according to the forwardedHeader host|proxyPort combination
enabled: true,
forwardedHeader: 'X-Forwarded-Host',
}, Passaggio 9: Riavvia il Gestore API WSO2
#<API_M/bin/api-manager -restart
Questo è tutto! Ora vai avanti e accedi a tutti i servizi WSO2 tramite gli URL proxy personalizzati.
Riferimenti:
- Imposta WSO2 con NGINX Reverse Proxy
- Motivo dell'aggiunta dell'impostazione X-Forwarded-For-header.
- Problemi con il proxy inverso per DevPortal e Publisher.