Any preferred server can be used as a proxy server between the device and the WSO2 IoT server. The steps documented below is only an example of configuring the proxy server by using the Apache2 HTTP Server. The Apache Server can be configured using the forward or reverse proxy (also known as gateway) mode. The reverse proxy mode is used to configure Apache2. You can download the Apache2 HTTP Server from here.
Follow the steps given below to configure the proxy Server:
Step 1: Configure reverse proxy
A reverse proxy (or gateway) appears to the client like an ordinary web server with no special configuration required for the client. Ordinary requests for content is made by the client through the name-space
. The reverse proxy redirects the requests, and returns the required output.
Panel |
---|
borderColor | #11375B |
---|
bgColor | #FFFFFF |
---|
borderWidth | 2 |
---|
|
The following modules are required to configure the reverse proxy: Navigate to the etc/apache2 directory and use the following command to enable the above modules: Code Block |
---|
cd /etc/apache2
a2enmod proxy_http |
Configure the proxy.conf file that is in the /etc/apache2/mods-available directory by including the configurations given below to the end of the file. Code Block |
---|
ServerName localhost
ProxyRequests off
ProxyPreserveHost off
<Proxy *>
Order deny,allow
#Deny from all
Allow from all
</Proxy>
ProxyPass /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/certificatepolicy/xcep
ProxyPassReverse /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/certificatepolicy/xcep
ProxyPass /ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/deviceenrolment/wstep
ProxyPassReverse /ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/deviceenrolment/wstep
ProxyPass /Syncml/initialquery http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/syncml/devicemanagement/request
ProxyPassReverse /Syncml/initialquery http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/syncml/devicemanagement/request
ProxyPass /ENROLLMENTSERVER/Win10DeviceEnrollmentWebservice.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/deviceenrolment/enrollment
ProxyPassReverse /ENROLLMENTSERVER/Win10DeviceEnrollmentWebservice.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/deviceenrolment/enrollment
ProxyPass /devicemgt http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/management/devicemgt/pending-operations
ProxyPassReverse /devicemgt http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/management/devicemgt/pending-operations
ProxyPass /windows-web-agent http://server-ip>:<server-port>/windows-web-agent
ProxyPassReverse /windows-web-agent http://server-ip>:<server-port>/windows-web-agent
|
Info |
---|
The default <server-ip>:<server-port> is localhost:9443. |
|
Step 2: Configure the Rewrite engine
Panel |
---|
borderColor | #11375B |
---|
bgColor | #FFFFFF |
---|
borderWidth | 2 |
---|
|
Info |
---|
The first GET and POST HTTP requests are received by the same MDM endpoint and the rewrite conditions filter the device requests. By default the Apache Rewrite engine is disabled. |
Follow the steps given below to enable the Rewrite engine when running on Ubuntu: - Invoke the rewrite rules:
- Create a
.htaccess file in the /var/www/ directory with the specific rewrite rules. Enable the mod_rewrite module. Code Block |
---|
sudo a2enmod rewrite |
Configure the 000-default file, which is in the /etc/apache2/sites-enabled directory. Info |
---|
This step is required to replicate the configuration changes required in the Apache versions on a few files.In the older Apache versions, all virtual host directory directives were managed in the apache2.conf file, which is in the /etc/apache2 directory. In the Apache 2.4.7 version this has changed and the alterations are handled within the /etc/apache2/sites-enabled directory. |
Configure the value assigned to AllowOveride from None to All under <Directory/> . Code Block |
---|
AllowOverride All |
Configure the content under <Directory /var/www/> . Info |
---|
If the 000-default file does not contain the Directory tag you need to add it to the file as shown below: |
Code Block |
---|
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory> |
Restart the Apache server. Code Block |
---|
server.sudo service apache2 restart |
Expand |
---|
title | Click here to see the Rewrite Engine Configuration file format |
---|
| Panel |
---|
title | Rewrite Engine Configuration file format |
---|
| Code Block |
---|
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(GET)$
RewriteRule /EnrollmentServer/Discovery.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/discovery/get [P,L]
RewriteCond %{REQUEST_METHOD} ^(POST)$
RewriteRule /EnrollmentServer/Discovery.svc http://<server-ip>:<server-port>/api/device-mgt/windows/v1.0/services/discovery/post [P,L] |
Info |
---|
The default <server-ip>:<server-port> is localhost:9443. |
|
|
|
Step 3: SSL configurations for Apache2
Panel |
---|
borderColor | #11375B |
---|
bgColor | #FFFFFF |
---|
borderWidth | 2 |
---|
|
Info |
---|
An SSL certificate is used to encrypt the information of a site and create a secure connection. |
Follow the steps given below to configure SSL for Apache2: Info |
---|
SSL support is available as a standard on the Ubuntu 14.04 Apache package. |
Enable the SSL Module. Code Block |
---|
sudo a2enmod ssl |
Create a subdirectory named ssl within the Apache server configuration hierarchy to place the certificate files. Code Block |
---|
sudo mkdir /etc/apache2/ssl |
Note |
---|
The WSO2 IoTS certificate must be generated from a trusted authority. |
Info |
---|
Once you have the WSO2 IoT certificate and key available, configure the Apache server to use these files in a virtual host file. For more information, see how to set up Apache virtual hosts. |
Configure the default-ssl.conf file, which is in the /etc/apache2/sites-enabled directory contains the default SSL configurations. Code Block |
---|
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/<COMAPNY_CERTIFICATE>
SSLCertificateKeyFile /etc/apache2/ssl/<COMPANY_PUBLIC_KEY>
SSLCACertificateFile /etc/apache2/ssl/<COMPANY_ROOT_CERTIFICATE> |
Example: Code Block |
---|
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/star_wso2_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/star_wso2_com.key
SSLCACertificateFile /etc/apache2/ssl/DigiCertCA.crt |
Enable the SSL-enabled virtual host that you configured in the above step. Code Block |
---|
sudo a2ensite default-ssl.conf |
Restart the Apache server to load the new virtual host file. Code Block |
---|
sudo service apache2 restart |
|