Versions Compared

Old Version 18

changes.mady.by.user Former user

Saved on

compared with

New Version 19

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The topics in this section walk you through the steps to quickly configure and test a single node On-Prem Gateway deployment as well as a high availability deployment scenario where you have two On-Prem Gateway instances fronted by a load balancer. 

...

  • Ensure that you have the Java SE Development Kit (JDK) installed. You can install either OpenJDK 8 or Oracle JDK 1.8.*.

    Note
    titleImportant!

    WSO2 recommends installing JDK 8u161 or later.

  • Be sure that you meet the following system requirements:

    Physical
    • 3 GHz Dual-core Xeon/Opteron (or latest)
    • 4 GB RAM (2 GB for JVM and 2 GB for the operating system)
    • 10 GB free disk space
    • ~ Recommended minimum - 2 Cores.
    Tip

    For high concurrencies and better performance you can use 4 Cores.

    Disk space is based on the expected storage requirement calculated by considering file uploads and backup policies.

    Virtual Machine (VM)
    • 2 compute units minimum (each unit having 1.0-1.2 GHz Opteron/Xeon processor)
    • 4 GB RAM
    • 10 GB free disk space
    • One CPU unit for the operating system and one for JVM.

    ~ 512 MB heap size. This is generally sufficient to process typical SOAP messages but the requirements vary with larger message sizes and the number of messages processed concurrently.

    EC2
    • One c5.large instance to run one On-Prem Gateway instance.

...

Expand
titleClick here for instructions on how to configure a production level high availability deployment scenario:
Tip
Tip
title

In this high availability deployment you will have two On-Prem Gateway instances running on two nodes fronted by a load balancer as depicted in the following diagram:

Here, we will use NGINX is used as the load balancer.

  1. Be sure to download and run two On-Prem Gateway instances on two different nodes. Let’s refer to each On-Prem Gateway download location as <ON-PREM_GATEWAY_HOME> throughout this section.

    Expand
    titleClick here for detailed instructions on how to run the two On-Prem Gateway instances:

    Follow the steps below for each On-Prem Gateway instance that you downloaded.

    Note
    titleNote

    We do not recommend running the two On-Prem Gateway instances on a single node for production level high availability deployments.

    1. Navigate to <ON-PREM_GATEWAY_HOME>/bin, and execute the following command to configure the On-Prem Gateway:
      On Windows: cloud-init.bat --run
      On Linux/Mac OS: sh cloud-init.sh
      This configures the downloaded Gateway with the required settings to integrate with API Cloud.
    2. Provide your email address, organization key, and password.
      Your organization key will be displayed as shown below.
      The status of the On-Prem Gateway will be displayed after completion.
    3. Navigate to <ON-PREM_GATEWAY_HOME>/bin, and execute the following command to run the start up script:
      On Windows: wso2server.bat --run
      On Linux/Mac OS: sh wso2server.sh
      The status of the On-Prem Gateway will be updated when you start the gateway.
  2. Install NGINX in a server configured in your cluster. For instructions on installing NGINX, see installing NGINX community version.
  3. Follow the steps below to create a SSL certificate for NGINX.

    1. Create the server key.

      Code Block
      sudo openssl genrsa -des3 -out <key_name>.key 1024

    2. Submit the certificate signing request (CSR).

      Code Block
      sudo openssl req -new -key <key_name>.key -out server.csr

    3. Remove the password.

      Code Block
      sudo cp <key_name>.key <key_name>.key.org 
sudo openssl rsa -in <key_name>.key.org -out <key_name>.key

    4. Sign your SSL certificate.

      Code Block
      sudo openssl x509 -req -days 365 -in server.csr -signkey <key_name>.key -out <certificate_name>.crt

    5. Copy the key and certificate files that you generated above to the /etc/nginx/ssl/ location.

  4. Configure NGINX to direct HTTP and HTTPS requests based on your deployment.

    1. Run the following command to identify the exact location of the <NGINX_HOME> directory. 

      Code Block
       nginx -V

      Inspect the output to identify the --prefix tag that provides the location of the <NGINX_HOME> directory.

    2. Update the ngnix.conf file with the required NGINX configuration given below. Alternatively, you can create a file with the .conf suffix and copy it to the <NGINX_HOME>/conf.d directory.

      Note
      titleNote the following with regard to the sample configuration below:
      • /etc/nginx/conf.d/hybrid_gateway_upstream.conf is the NGINX configuration file name.
      • Placeholders <IP1> and <IP2> represent the IP addresses of On-Prem Gateway node 1 and node 2 respectively.
      • gateway.foo.com is the domain of the certificate you created in step 2 above. Note that the DNS should be mapped to the NGINX public IP. If you do not do the mapping, the client will have to add an entry in /etc/hosts to resolve the domain name.
      • The key and the certificate for SSL is assumed to be in the <NGINX_HOME>/ssl/ location. The placeholders <cert.pem> and <key.pem> represent the generated certificate file and key file.
      • /etc/nginx/log/wso2_hybrid_gateway/https/ is the directory used for access logs. You need create the directory if it does not exist.
      Code Block
      /etc/nginx/conf.d/hybrid_gateway_upstream.conf 
upstream gateway_https {
    server <IP1>:8243;
    server <IP2>:8243;
} 


server {
    listen 80;
    server_name gateway.foo.com;
    rewrite ^/(.*) https://gateway_https/$1 permanent;
}
 
server {
    listen 443;
    server_name gateway.foo.com;
    proxy_set_header X-Forwarded-Port 443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/<cert.pem>;
    ssl_certificate_key /etc/nginx/ssl/<key.pem>;
    location / {
               proxy_set_header X-Forwarded-Host $host;
               proxy_set_header X-Forwarded-Server $host;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_set_header Host $http_host;
               proxy_read_timeout 5m;
               proxy_send_timeout 5m;
               proxy_pass https://gateway_https;
        }
 
        access_log /etc/nginx/log/wso2_hybrid_gateway/https/access.log;
        error_log /etc/nginx/log/wso2_hybrid_gateway/https/error.log;
}

    3. Execute the following command to restart the NGINX server:

      Tip

      You do not need to restart the server if you are simply making a modification to the VHost file. The following command is sufficient in such cases.

      Code Block
      sudo service nginx reload
      Code Block
      sudo service nginx restart

Now you have configured the high availability deployment. Next let's test the deployment.

...