...
The sender class can either be org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLSenderHttpCoreNIOSSLSender or org.apache.synapse.transport.passthru.PassThroughHttpMultiSSLSenderPassThroughHttpSSLSender.
You can enable the Multi-HTTPS transport sender by adding the following configuration in the <ESB_HOME>/repository/conf/Axis2/axis2.xml file under the Transport Outs (Senders) section:
| Code Block | ||
|---|---|---|
| ||
<transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="customSSLProfiles">
<profile>
<servers>localhost:8244</servers>
<KeyStore>
<Location>repository/resources/security/esb.jks</Location>
<Type>JKS</Type>
<Password>123456</Password>
<KeyPassword>123456</KeyPassword>
</KeyStore>
<TrustStore>
<Location>repository/resources/security/esbtruststore.jks</Location>
<Type>JKS</Type>
<Password>123456</Password>
</TrustStore>
</profile>
</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<parameter name="HostnameVerifier">AllowAll</parameter>
</transportSender> |
Synchronizing the profiles in a cluster
If you are running in a clustered environment and want your SSL profiles to be synchronised across the cluster nodes, you can move the SSLProfiles parameter from axis2.xml to <ESB_HOME>/repository/deployment/server/multi_ssl_profiles.xml. Then you can add the SSLProfilesConfigPath parameter to the Multi-HTTPS transport receiver configuration in the axis2.xml file and point to the new destination of the configuration.
For example, the Multi-HTTPS transport configuration in the axis2.xml file will now look as follows:
| Code Block | ||
|---|---|---|
| ||
<transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener">
<parameter name="port">8343</parameter>
<parameter name="non-blocking">true</parameter>
<parameter name="SSLProfilesConfigPath">
<filePath>/repository/deployment/server/multi_ssl_profiles.xml</filePath>
</parameter>
</transportReceiver> |
To synchronise this configuration between two ESB nodes, you must enable ESB clustering and the SVN-Based Deployment Synchronizer. For more information, see Introduction to Deployment Synchronizer .
...
The <ESB_HOME>/repository/deployments/server directory will then be synchronized on the ESB nodes when the nodes are run in a clustered environment. If you change the multi_ssl_profiles.xml file, you must manually reload it into each ESB node by invoking the reloadSSLProfileConfig in the org.apache.synapse.MultiSSLProfileReload MBean in JConsole. For more information, see Monitoring the ESB.
Dynamic SSL profiles
In addition to updating axis2.xml with the SSL profile configurations, you can dynamically load the SSL profiles at runtime using a periodic schedule or JMX invocation. Now instead of reloading the entire axis2.xml at runtime, you can reload the new configuration files that contain only the custom profile information for the sender and receiver.
...
Edit the
<ESB_HOME>/repository/conf/Axis2/axis2.xmlfile and add thedynamicSSLProfilesConfigparameter as follows to the multi-https transport listener:Code Block language xml <transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener"> <parameter name="port">8343</parameter> <parameter name="non-blocking">true</parameter> .......... <parameter name="dynamicSSLProfilesConfig"> <filePath>repository/conf/sslprofiles/listenerprofiles.xml</filePath> <fileReadInterval>3600000</fileReadInterval> </parameter> ......... </transportReceiver>
Create the
listenerprofiles.xmlfile with the following configuration in the<ESB_HOME>/repository/conf/sslprofilesdirectory:Info title Note: You can configure the file path for the
listenerprofiles.xmlfile as required.Code Block language xml title Configuration for listenerprofiles.xml <parameter name="SSLProfiles"> <profile> <bindAddress>192.168.0.123</bindAddress> <KeyStore> <Location>repository/resources/security/esb.jks</Location> <Type>JKS</Type> <Password>123456</Password> <KeyPassword>123456</KeyPassword> </KeyStore> <TrustStore> <Location>repository/resources/security/esbtruststore.jks</Location> <Type>JKS</Type> <Password>123456</Password> </TrustStore> <SSLVerifyClient>require</SSLVerifyClient> </profile> </parameter>The SSL profile will be applied to each request that is received at the IP specified within the
<bindAddress>element.
...
Edit the
<ESB_HOME>/repository/conf/Axis2/axis2.xmlfile and add thedynamicSSLProfilesConfigparameter as follows:Code Block language xml <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender"> ....... <parameter name="dynamicSSLProfilesConfig"> <filePath>repository/conf/sslprofiles/senderprofiles.xml</filePath> <fileReadInterval>3600000</fileReadInterval> </parameter> ....... </transportSender>Create the
senderprofiles.xmlfile with the following configuration in the<ESB_HOME>/repository/conf/sslprofilesdirectory:Info title Note: You can configure the file path for the
senderprofiles.xmlfile as required.Code Block language xml title Configuration for senderprofiles.xml <parameter name="customSSLProfiles"> <profile> <servers>localhost:8244,192.168.1.234:8245</servers> <KeyStore> <Location>repository/resources/security/esb.jks</Location> <Type>JKS</Type> <Password>123456</Password> <KeyPassword>123456</KeyPassword> </KeyStore> <TrustStore> <Location>repository/resources/security/esbtruststore.jks</Location> <Type>JKS</Type> <Password>123456</Password> </TrustStore> </profile> </parameter>The SSL profile will be applied to each request that is sent to the destination server specified within the
<servers>element as IP:Port combination.
...
| Parameter Name | Description | Default Value |
|---|---|---|
filePath | The relative/absolute file path of the custom SSL profile configuration XML file. | - |
fileReadInterval | The time interval (in milliseconds) in which configuration updates will be loaded and applied at runtime. This value should be greater than 1 hour. | 3600000 |
Synchronizing the profiles in a cluster
If you are running in a clustered environment and want your SSL profiles to be synchronised across the cluster nodes, you can move the SSLProfiles parameter from axis2.xml to <ESB_HOME>/repository/deployment/server/multi_ssl_profiles.xml. Then you can add the SSLProfilesConfigPath parameter to the Multi-HTTPS transport receiver configuration in the axis2.xml file and point to the new destination of the configuration.
For example, the Multi-HTTPS transport configuration in the axis2.xml file will now look as follows:
| Code Block | ||
|---|---|---|
| ||
<transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener">
<parameter name="port">8343</parameter>
<parameter name="non-blocking">true</parameter>
<parameter name="SSLProfilesConfigPath">
<filePath>/repository/deployment/server/multi_ssl_profiles.xml</filePath>
</parameter>
</transportReceiver> |
To synchronise this configuration between two ESB nodes, you must enable ESB clustering and the SVN-Based Deployment Synchronizer. For more information, see Introduction to Deployment Synchronizer .
...
| minute. | 3600000 |
| Excerpt | ||
|---|---|---|
| ||
Configuring the Multi-HTTPS transport in WSO2 ESB |