...
Create the Server Key.
Code Block sudo openssl genrsa -des3 -out <key_name>.key 1024
Submit the certificate signing request (CSR).
Code Block sudo openssl req -new -key <key_name>.key -out server.csr
Remove the password.
Code Block sudo cp <key_name>.key <key_name>.key.org sudo openssl rsa -in <key_name>.key.org -out <key_name>.key
Sign your SSL Certificate.
Code Block sudo openssl x509 -req -days 365 -in server.csr -signkey <key_name>.key -out <certificate_name>.crt
Copy the key and certificate files that you generated in the above step to the
/etc/nginx/ssl/
location.
Step 2 - Configure the load balancer/reverse proxy server
...
Install NGINX in a server configured in your cluster.
Note The NGINX version that you need to install varies based on the WSO2 API-M components that the load balancer is fronting.
Deployment API-M Nodes LB Reason Single all-in-one deployment N/A NGINX Community This deployment does not need Sticky Sessions (Session Affinity). Active-active deployment using single all-in-one nodes N/A NGINX Plus This deployment requires Sticky Sessions, but NGINX Community version does not support it. You can use ip_hash
as the sticky algorithm.Distributed deployment Gateway with a single Gateway Manager NGINX Community version The Gateway node in this deployment does not need Sticky Sessions. Gateway with multiple Gateway Managers NGINX Plus The Gateway Manager nodes require Sticky Sessions, but NGINX Community version does not support it. You can use ip_hash
as the sticky algorithm. Sticky Sessions are needed for port 9443 in the Gateway, and not needed for the pass through ports in the Gateway (8243, 8280).Store, Publisher, and Key Manager NGINX Plus Requires Sticky Sessions, but NGINX Community version does not support it. You can use ip_hash
as the sticky algorithm.For more information on installing NGINX, see NGINX community version and NGINX Plus.
Copy the key and certificate files that you generated in step 1 - (4.) to the
/etc/nginx/ssl/
location.Configure NGINX to direct the HTTP and HTTPs requests based on your deployment.
Run the following command to identify the exact location of the
<NGINX_HOME>
directory. Inspect the output and identify the--prefix
tag as it provides the location of the<NGINX_HOME>
directory.Code Block nginx -V
Update the
ngnix.conf
file with the required NGINX configuration given below. If not, you can create a file with the.conf
suffix and copy it to the<NGINX_HOME>/conf.d
directory.
...
Localtabgroup | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...