Hi All
In this post i'll share the LB configs which worked for me on LB'ing two WSO2-API Manager Store nodes. In-case if anyone needs :)
In LB'ing I had 3 main tasks in mind
1. Forward 443 traffic to 9443
This is needed as I want the users to easily access the store without port number in the address, eg https://apistore.wso2.test.com/store
2. Redirect the /carbon (management console) traffic to /store
As this is the store (portal) part of the API-Manager we donot want to expose the /carbon (management console) to outside, further we will redirect ant traffic comes to /carbon to /store
3. Redirect http traffic to https
This is to avoid http access, but at the same time redirect http aces request to https
For above tasks, I have used two files, one is for tasks 1. and 2. and other is for the task 3. I think these is nothing much to explain here, just notice the listen, location and rewrite keywords, which does the job.
apistore_443_to_9443.conf file
upstream apistore9443 {
ip_hash;
server 10.0.0.11:9443;
server 10.0.0.12:9443;
}
server {
listen 443;
server_name apistore.wso2.test.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://apistore9443;
}
location /carbon {
rewrite ^/carbon(.*) https://apistore.wso2.test.com/store permanent;
}
ssl on;
##SSL cert location
ssl_certificate /etc/nginx/certs/apistore.crt;
ssl_certificate_key /etc/nginx/certs/apistore.pem;
ssl_session_timeout 5m;
client_max_body_size 100m;
#Removed SSLv3 as a fix for the POODLE
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
apistore_80_to_443.conf file
server {
listen 80;
server_name apistore.wso2.test.com;
rewrite ^/(.*) https://apistore.wso2.test.com/$1 permanent;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
Thank should go to Manula(at wso2) for helping me.
