Tuesday, July 12, 2016

LoadBalancing 'WSO2 API Manger Store' with Nginx

Hi All

In this post i'll share the LB configs which worked for me on LB'ing  two WSO2-API Manager Store nodes. In-case if anyone needs :)

In LB'ing I had 3 main tasks in mind
1. Forward 443 traffic to 9443
This is needed as I want the users to easily access the store without port  number in the address, eg https://apistore.wso2.test.com/store
2. Redirect the /carbon (management console) traffic to /store
As this is the store (portal) part of the API-Manager we donot want to expose the /carbon (management console) to outside, further we will redirect ant traffic comes to /carbon to /store
3. Redirect http traffic to https
This is to avoid http access, but at the same time redirect http aces request to https

For above tasks, I have used two files, one is for tasks 1. and 2. and other is for the task 3. I think these is nothing much to explain here, just notice the listen, location and rewrite keywords, which does the job.


apistore_443_to_9443.conf file

upstream apistore9443 {
  ip_hash;
  server 10.0.0.11:9443;
  server 10.0.0.12:9443;
}

server {
  listen   443;
  server_name apistore.wso2.test.com;

location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_read_timeout 5m;
    proxy_send_timeout 5m;
    proxy_pass https://apistore9443;
}

location /carbon {
     rewrite ^/carbon(.*) https://apistore.wso2.test.com/store permanent;
}

  ssl on;

  ##SSL cert location
  ssl_certificate /etc/nginx/certs/apistore.crt;
  ssl_certificate_key  /etc/nginx/certs/apistore.pem;

  ssl_session_timeout 5m;
  client_max_body_size 100m;

  #Removed SSLv3 as a fix for the POODLE
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
  ssl_prefer_server_ciphers on;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;
}


apistore_80_to_443.conf file
server {
  listen 80;
  server_name apistore.wso2.test.com;
  rewrite ^/(.*) https://apistore.wso2.test.com/$1 permanent;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;
}


Thank should go to Manula(at wso2) for helping me.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)