Tag: ssl certificates

Configure WSO2 ESB with reverse proxy (with proxy context path)

Update /etc/hosts with following and update IP address according to your environment.

127.0.0.1       esb.example.com
127.0.0.1       nginx.example.com

update carbon.xml

<HostName>esb.example.com</HostName>
<MgtHostName>esb.example.com</MgtHostName>

Install Nginx
sudo apt-get install nginx

Create ssl certificates and copy then to ssl folder(crealte ssl folder if not exist in /etc/nginx).
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Edit nginx configurations
sudo vi /etc/nginx/sites-enabled/default

Sample Configuration:

server {

listen 443;
server_name nginx.example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location  /ca-esb-console/  {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://esb.example.com:9443/;
proxy_redirect https://esb.example.com:9443/ https://nginx.example.com/ca-esb-console/;

}
}

server_name : nginx address (https://nginx.example.com/)

proxy_pass :

Sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “http” or “https” can be specified. The address can be specified as a domain name or IP address, and an optional port[1]

in our case proxies server is ESB -https://esb.example.com:9443/ (host name is changed in carbon.xml as esb.example.com)

proxy_redirect :

Sets the text that should be changed in the “Location” and “Refresh” header fields of a proxied server response. Suppose a proxied server returned the header field “Location: http://localhost:8000/two/some/uri/”. The directive

proxy_redirect http://localhost:8000/two/ http://frontend/one/;

will rewrite this string to “Location: http://frontend/one/some/uri/”.[1]

here /ca-esb-console/ is proxy context : https://nginx.example.com/ /ca-esb-console/carbon will return the login page

One main feature of Nginx, is known as directives, in Nginx configuration, directives specified in a higher block will will filter down to lower blocks within the configurations  as a default value. Nginx comes with 3 blocks, the http block, the server-block and the location block.[2]

A location block enables to match a query and process the request that match the specific location block. For an example, location  /ca-esb-console/ { } matches any query that begins with /ca-esb-console

nginx commands

start -sudo /etc/init.d/nginx start
stop -sudo /etc/init.d/nginx stop
restart -sudo /etc/init.d/nginx restart
reload -sudo /etc/init.d/nginx reload  : any changes to default conf can be applied without shutting down the server

To check whether server is up and running -sudo /etc/init.d/nginx status

1 .http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
2 .http://shavanthaw.blogspot.com/2014/06/configuring-nginx-for-wso2-carbon.html3.http://sanjeewamalalgoda.blogspot.com/2014/12/configure-wso2-api-manager-with-reverse.html
4.http://udarakr.blogspot.com/2014/05/fronting-wso2-management-console-ui.html