Use the following steps to configure NGINX Plus as version 1.7.11 as the load balancer for WSO2 products.
- Install NGINX Plus in a server configured in your cluster.
Configure NGINX Plus to direct the HTTP requests to the two worker nodes via the HTTP 80 port using the
http://as.wso2.com/<service>
. To do this, create a VHost file (as.http.conf
) in the/etc/nginx/conf.d
directory and add the following configurations into it.Code Block upstream wso2.as.com { sticky cookie JSESSIONID; server xxx.xxx.xxx.xx3:9763; server xxx.xxx.xxx.xx4:9763; } server { listen 80; server_name as.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://wso2.as.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
Configure NGINX Plus to direct the HTTPS requests to the two worker nodes via the HTTPS 443 port using
https://as.wso2.com/<service>
. To do this, create a VHost file (as.https.conf
) in the/etc/nginx/conf.d
directory and add the following configurations into it.Code Block upstream ssl.wso2.as.com { sticky cookie JSESSIONID; server xxx.xxx.xxx.xx3:9443; server xxx.xxx.xxx.xx4:9443; sticky learn create=$upstream_cookie_jsessionid lookup=$cookie_jsessionid zone=client_sessions:1m; } server { listen 443; server_name as.wso2.com; ssl on; ssl_certificate /etc/nginx/ssl/wrk.crt; ssl_certificate_key /etc/nginx/ssl/wrk.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.wso2.as.com; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
Configure NGINX Plus to access the Management Console as
https://mgt.as.wso2.com/carbon
via HTTPS 443 port. This is to direct requests to the manager node. To do this, create a VHost file (mgt.as.https.conf
) in the/etc/nginx/conf.d
directory and add the following configurations into it.Code Block server { listen 443; server_name mgt.as.wso2.com; ssl on; ssl_certificate /etc/nginx/ssl/mgt.crt; ssl_certificate_key /etc/nginx/ssl/mgt.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://xxx.xxx.xxx.xx2:9443/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } error_log /var/log/nginx/mgt-error.log ; access_log /var/log/nginx/mgt-access.log; }
Restart the NGINX Plus server.
$sudo service nginx restart
Tip Tip: You do not need to restart the server if you are simply making a modification to the VHost file. The following command should be sufficient in such cases.
$sudo service nginx reload
Create SSL certificates
Create SSL certificates for both the manager and worker nodes using the instructions that follow.
...