Page Comparison

This section involves setting up the Gateway node and enabling it to work with the other components in the distributed deployment.

1. Open the <API-M_HOME>/repository/conf/api-manager.xml file in the Gateway node.

2. Modify the api-manager.xml file as follows. This configures the connection to the Key Manager component.

   Localtabgroup

   Localtab active true id single-Key-Manager-GW title Single Key Manager Configure the Gateway with a single Key Manager as follows: Configure the API Key Validator. Code Block language none <APIKeyValidator> <ServerURL>https://[Key-Manager-host]:9443/services/</ServerURL> <Username>${admin.username}</Username> <Password>${admin.password}</Password> ... </APIKeyValidator> [Key-Manager-host] - If you have a single Key Manager node, this should be the host of the Key Manager (i.e., the host of the WSO2 Identity Server). Note To change the admin password, see Changing the super admin password. If your password has special characters, follow the guidelines mentioned as a note under step 2 in the latter mentioned section. Use WSClient as the  KeyValidatorClientType in the  <API-M_HOME>/repository/conf/api-manager.xml file. Code Block language none <KeyValidatorClientType>WSClient</KeyValidatorClientType> Disable the Thrift Server to optimize performance. You need to configure this in the Gateway <API-M_HOME>/repository/conf/api-manager.xml file Code Block <APIKeyValidator> ... <EnableThriftServer>false</EnableThriftServer> </APIKeyValidator> Localtab id HA-Key-Manager-GW title Key Managers with HA Configure the Gateway with multiple Key Managers, which are fronted by a load balancer as follows: Configure the APIKeyValidator as follows: Code Block language none <APIKeyValidator> <ServerURL>https://[Key-Manager-LB-host]:9443/services/</ServerURL> <Username>${admin.username}</Username> <Password>${admin.password}</Password> ... </APIKeyValidator> [Key-Manager-LB-host] - If there are multiple Key Managers (i.e., Multiple WSO2 Identity Servers as the Key Manager) fronted by a load balancer, this should be the host of the Key Manager's load balancer. For example, in the configuration we have defined key-manager as the load balancer host in the Key Manager section. Note To change the admin password, see Changing the super admin password. If your password has special characters, follow the guidelines mentioned as a note under step 2 in the latter mentioned section. Use  WSClient  as  KeyValidatorClientType  in the  <API-M_HOME>/repository/conf/api-manager.xml file. Note that you can only use the Web Service Client when the Key Manager cluster is fronted by a load balancer. Code Block language none <KeyValidatorClientType>WSClient</KeyValidatorClientType> Ensure that Thrift is disabled in the Gateway. This is enabled by default in all instances of the product, so you need to disable the Thrift server by setting EnableThriftServer  to false in the <API-M_HOME>/repository/conf/api-manager.xml file of each node. Code Block language none <EnableThriftServer>false</EnableThriftServer>

3. If you need to enable JSON Web Token (JWT),  you have to enable it in all Gateway and Key Manager components.
   For more information on configuring JWT, see Generating JSON Web Token.

4. Configure the Gateway to communicate with the Traffic Manager.
   You need to do this to enable Throttling for the Traffic Manager node(s).

   Warning
   These configurations vary based on whether you have a single Traffic Manager node or multiple Traffic Manager nodes.

   Localtabgroup

   Localtab active true id single-TM-GW title Single Traffic Manager Configure the Gateway with a single Traffic Manager as follows: Info 9611 and 9711 are the Traffic Manager receiver ports for the binary type. Update the Throttling configurations as follows: Code Block language xml <ThrottlingConfigurations> <EnableAdvanceThrottling>true</EnableAdvanceThrottling> <TrafficManager> <Type>Binary</Type> <ReceiverUrlGroup>tcp://[Traffic-Manager-host]:9611</ReceiverUrlGroup> <AuthUrlGroup>ssl://[Traffic-Manager-host]:9711</AuthUrlGroup> <Username>${admin.username}</Username> <Password>${admin.password}</Password> </TrafficManager> <DataPublisher> <Enabled>true</Enabled> ... </DataPublisher> <PolicyDeployer> <Enabled>false</Enabled> <ServiceURL>https://[Traffic-Manager-host]:9443/services/</ServiceURL> ... </PolicyDeployer> ... <JMSConnectionDetails> <Enabled>true</Enabled> <ServiceURL>tcp://[Traffic-Manager-host]:5672</ServiceURL> ... </JMSConnectionDetails> </ThrottlingConfigurations> Warning In the Gateway profile of WSO2 API Manager, disable the <PolicyDeployer> configuration to prevent blocking the API Publisher. Configure JMSConnectionParameters to connect to the broker running within the Traffic Manager. Code Block title Example <JMSConnectionParameters> <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName> <transport.jms.DestinationType>topic</transport.jms.DestinationType> <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial> <connectionfactory.TopicConnectionFactory>amqp://${admin.username}:${admin.password}@clientid/carbon?brokerlist='tcp://[traffic-manager-hostname]:${jms.port}?retries='5'%26connectdelay='50''</connectionfactory.TopicConnectionFactory> </JMSConnectionParameters> Localtab id TM-HA-GW title HA of Traffic Manager Configure the Gateway with multiple Traffic Managers, which are fronted by a load balancer as follows: The Gateway publishes all Throttling events to the two Traffic Manager instances, and it fetches the throttle decisions from the Traffic Manager instances. Follow the instructions below to configure the API Gateway worker to communicate with the Traffic Managers and to push throttle events to both Traffic Manager instances. Configure the receiver URL group <ReceiverUrlGroup> and Authentication URL Group <AuthUrlGroup> values, which are under the <DataPublisher><TrafficManager> element in the <API-M_HOME>/repository/conf/api-manager.xml file, in order to contain all the Traffic Manager receiver URLs. This is required when you have more than one Traffic Manager instance, and you are publishing to both as per the deployment pattern selected. As an example, if you are using two Traffic Manager instances and data should be published to both of them, the ReceiverUrlGroup and AuthUrlGroup should be configured as follows: Code Block title Example <ThrottlingConfigurations> <EnableAdvanceThrottling>true</EnableAdvanceThrottling> <TrafficManager> <Type>Binary</Type> <ReceiverUrlGroup>{tcp://[Traffic-Manager-1-host]:9611}, {tcp://[Traffic-Manager-2-host]:9611}</ReceiverUrlGroup> <!--ReceiverUrlGroup>tcp://${carbon.local.ip}:9612</ReceiverUrlGroup--> <AuthUrlGroup>{ssl://[Traffic-Manager-1-host]:9711}, {ssl://[Traffic-Manager-2-host]:9711}</AuthUrlGroup> <!--AuthUrlGroup>ssl://${carbon.local.ip}:9712</AuthUrlGroup--> <Username>${admin.username}</Username> <Password>${admin.password}</Password> </TrafficManager> <DataPublisher> <Enabled>true</Enabled> ... </DataPublisher> <PolicyDeployer> <Enabled>false</Enabled> ... </PolicyDeployer> ... </ThrottlingConfigurations> [Traffic-Manager-1-host] and [Traffic-Manager-2-host] are the IPs/hostnames of two Traffic Manager nodes. Based on the above configuration, the API Gateway publishes events to both the Traffic Managers. Warning In the Gateway profile of WSO2 API Manager, disable the <PolicyDeployer> configuration to prevent blocking the API Publisher. Configure JMSConnectionParameters to connect to multiple brokers running within each Traffic Manager using fail over mechanism. Code Block title Example <JMSConnectionParameters> <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName> <transport.jms.DestinationType>topic</transport.jms.DestinationType> <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial> <connectionfactory.TopicConnectionFactory>amqp://${admin.username}:${admin.password}@clientid/carbon?failover='roundrobin'%26cyclecount='2'%26brokerlist='tcp://[Traffic-Manager-1-host]:${jms.port}?retries='5'%26connectdelay='50';tcp://[Traffic-Manager-2-host]:${jms.port}?retries='5'%26connectdelay='50''</connectionfactory.TopicConnectionFactory> </JMSConnectionParameters>

   Info
   By default, WSO2 API Manager is shipped with a keystore (wso2carbon.jks) and a trust store (client-truststore.jks). For more information on how to create a new key store and a trust store with a private key and a self-signed certificate, see Configuring Keystore and Truststore and also see the Administration guide for recommendations on setting up keystores in WSO2 products.

5. Start the WSO2 API-M Gateway node(s).
   Make sure to run the product optimizer either before starting the server or while starting the server, so that the resource utilization can be optimized on each of the nodes. For more information on product profile optimization, see Product Profiles.