Nastavte WSO2 s NGINX Reverse Proxy pro vlastní adresy URL

Ve výchozím nastavení jsou rozhraní WSO2, jako je Publisher, Developer portál a Carbon, přístupná přes port :9443/publisher, :9443/devportal a :9443/carbon. Nedoporučuji však nabízet koncové body s čísly portů zákazníkovi z dobrých důvodů. Takže pokud jste jako já a chtěli jste nastavit vlastní proxy cesty, jako je https://hostname.com/publisher atd., musíte mít proxy server frontending WSO2 API Manager. V tomto tutoriálu nastavíme WSO2 s NGINX reverzním proxy tak, aby mapovalo proxy URL se skutečnou URL služeb WSO2, což klientům umožní přístup ke službám pomocí proxy URL.

Zvažte scénář, kdy byste chtěli hostovat služby WSO2, jako je vydavatel, portál pro vývojáře a uhlíková konzole, jako:

https://tg.com/apim/publisher
https://tg.com/apim/devportal
https://tg.com/apim/carbon
https://tg.com/apim/admin

Ve výše uvedených adresách URL „apim ‘ je kontextová cesta proxy rozhraní API Manager.

Jak nastavit WSO2 pomocí NGINX Reverse Proxy

Pokud nastavujete WSO2 poprvé, přejděte na tento článek, kde najdete kroky instalace.

Instalovat server NGINX

Krok 1: Nainstalujte server NGINX provedením následujícího příkazu

sudo apt-get install nginx

Krok 2: Nastavení certifikátu SSL. Můžete buď nastavit certifikát s vlastním podpisem pro vývojový server, nebo jej získat z LetsEncrypt pro produkční server.

Krok 3 :Vytvořte nový konfigurační soubor NGINX v /etc/nginx/conf.d/wso2.conf a zkopírujte a vložte níže uvedený text.

server {
listen 443 ssl default_server;
listen [::]:443 default_server ipv6only=on;
server_name tg.com www.tg.com;
root /var/www/html;
access_log /var/log/nginx/proxy.log;


ssl_certificate /etc/letsencrypt/live/tg.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tg.com/privkey.pem; #

ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

rewrite \w*(carbon|admin|devportal|publisher|oidc)$ $1/ permanent;

location /apim/ { 
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;

proxy_pass https://tg.com:9443/;
proxy_redirect https://tg.com/authenticationendpoint/ https://tg.com/apim/authenticationendpoint/;
proxy_redirect https://tg.com/oauth2/ https://tg.com/apim/oauth2/;
proxy_redirect https://tg.com/carbon/ https://tg.com/apim/carbon/;
#proxy_redirect https://tg.com/admin/ https://tg.com/apim/admin/;


proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";


}
location /api/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;

proxy_pass https://tg.com:8243/;
proxy_redirect https://tg.com:8243/(.*) https://tg.com/api/$1;

}

location /carbon/admin/js/csrfPrevention.js {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://tg.com/apim/carbon/admin/js/csrfPrevention.js;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /api/am/publisher/v2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/publisher/v2;
proxy_redirect https://tg.com:9443/api/am/publisher/v2 https://tg.com/apim/api/am/publisher/v2;
}
location /api/am/admin/v2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/admin/v2;
proxy_redirect https://tg.com:9443/api/am/admin/v2 https://tg.com/apim/api/am/admin/v2;
}
location /api/am/devportal/v2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/devportal/v2;
proxy_redirect https://tg.com:9443/api/am/devportal/v2 https://tg.com/apim/api/am/devportal/v2;
}

location /oidc {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/oidc;
proxy_redirect https://tg.com:9443/oidc https://tg.com/apim/oidc;
}
location /authenticationendpoint{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/authenticationendpoint;
proxy_redirect https://tg.com:9443/authenticationendpoint https://tg.com/apim/authenticationendpoint;
}

location /oauth2 {
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/oauth2;
proxy_redirect https://tg.com:9443/oauth2 https://tg.com/apim/oauth2;
proxy_redirect https://tg.com:9443/authenticationendpoint https://tg.com/apim/authenticationendpoint;
proxy_redirect https://tg.com:9443/devportal https://tg.com/apim/devportal;
proxy_redirect https://tg.com:9443/publisher https://tg.com/apim/publisher;
}
location /logincontext{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/logincontext;
proxy_redirect https://tg.com:9443/logincontext https://tg.com/apim/logincontext;
}
location /commonauth{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/commonauth;
proxy_redirect https://tg.com:9443/commonauth https://tg.com/apim/commonauth;
}

location /api/am/service-catalog/v0{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:9443/api/am/service-catalog/v0;
proxy_redirect https://tg.com:9443/api/am/service-catalog/v0 https://tg.com/apim/api/am/service-catalog/v0;
}
location /uansandbox{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:8443/uansandbox;
proxy_redirect https://tg.com:8443/uansandbox https://tg.com/uansandbox;
}
location /uansandbox/uploadtoken{
index index.html;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://tg.com:8443/uansandbox/uploadtoken;
proxy_redirect https://tg.com:8443/uansandbox/uploadtoken https://tg.com/uansandbox/uploadtoken;
}

}

Krok 4: Uložte soubor a spusťte níže uvedený příkaz, abyste se ujistili, že konfigurace je bez chyb.

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Krok 5: Restartujte server NGINX

# systemctl restart nginx

Aktualizace konfigurací správce API

Krok 6: Přidejte následující položky hostitele

127.0.0.1 tg.com

Krok 7: Aktualizujte konfigurační soubor nasazení, jak je uvedeno níže, a přidejte nebo aktualizujte následující konfigurace.

# vim <API_M>/repository/conf/deployment.toml

[server]
hostname = "tg.com"
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}/apim"
server_role = "default"
node_ip = "127.0.0.1"
mode = "single" #single or ha
proxy_context_path = "/apim"

[apim.devportal]
url = "https://tg.com/apim/devportal"

[transport.https.properties]
proxyPort = 443

Poznámka: Nezapomeňte změnit název hostitele, základní_cestu, s příponou „/apim “ a proxy_context_path, což je „/apim ‘.

Krok 7: Aktualizujte web.xml.j2 soubor umístěný na adrese „//repository/resources/conf/templates/repository/conf/tomcat/carbon/WEB-INF/web.xml.j2 ‘

A přidejte níže uvedenou konfiguraci na stejné úrovni <context-param> uzly.

<context-param>
<param-name>contextPath</param-name>
<param-value>apim</param-value>
</context-param>

Krok 8: Aktualizujte webové konfigurační soubory pod aplikací:{ }

#vim /repository/deployment/server/jaggeryapps/publisher/site/public/conf/settings.js

context: '/apim/publisher', // Note the leading `/` and no trailing `/`
proxy_context_path: '/apim',
customUrl: { // Dynamically set the redirect origin according to the forwardedHeader host|proxyPort combination
enabled: true,
forwardedHeader: 'X-Forwarded-Host',
},

#vim /repository/deployment/server/jaggeryapps/devportal/site/public/theme/settings.js

context: '/apim/devportal',
proxy_context_path: '/apim',
customUrl: {
enabled: true,
forwardedHeader: 'X-Forwarded-Host',
},

#vim /repository/deployment/server/jaggeryapps/admin/site/public/conf/settings.js

context: '/apim/admin', // Note the leading `/` and no trailing `/`
proxy_context_path: '/apim',
customUrl: { // Dynamically set the redirect origin according to the forwardedHeader host|proxyPort combination
enabled: true,
forwardedHeader: 'X-Forwarded-Host',
},

Krok 9: Restartujte WSO2 API Manager

#<API_M/bin/api-manager -restart

A je to! Nyní pokračujte a přistupujte ke všem službám WSO2 prostřednictvím vlastních proxy URL.

Odkazy:

• Nastavte WSO2 pomocí NGINX Reverse Proxy
• Důvod pro přidání nastavení X-Forwarded-For-header.
• Problémy s reverzní proxy pro DevPortal a Publisher.