Use the following steps to configure NGINX Plus as the load balancer for WSO2 products.
- Install NGINX Plus in a server configured in your cluster.
Configure NGINX Plus to direct the HTTP requests to the two worker nodes via the HTTP 80 port using the
http://as.wso2.com/<service>. To do this, create a VHost file (as.http.conf) in the/etc/nginx/conf.ddirectory and add the following configurations into it.upstream wso2.as.com { sticky cookie JSESSIONID; server xxx.xxx.xxx.xx3:9763; server xxx.xxx.xxx.xx4:9763; } server { listen 80; server_name as.wso2.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass http://wso2.as.com; } }Configure NGINX Plus to direct the HTTPS requests to the two worker nodes via the HTTPS 443 port using
https://as.wso2.com/<service>. To do this, create a VHost file (as.https.conf) in the/etc/nginx/conf.ddirectory and add the following configurations into it.upstream ssl.wso2.as.com { sticky cookie JSESSIONID; server xxx.xxx.xxx.xx3:9443; server xxx.xxx.xxx.xx4:9443; } server { listen 443; server_name as.wso2.com; ssl on; ssl_certificate /etc/nginx/ssl/wrk.crt; ssl_certificate_key /etc/nginx/ssl/wrk.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://ssl.wso2.as.com; } }Configure NGINX Plus to access the Management Console as
https://mgt.as.wso2.com/carbonvia HTTPS 443 port. This is to direct requests to the manager node. To do this, create a VHost file (mgt.as.https.conf) in the/etc/nginx/conf.ddirectory and add the following configurations into it.server { listen 443; server_name mgt.as.wso2.com; ssl on; ssl_certificate /etc/nginx/ssl/mgt.crt; ssl_certificate_key /etc/nginx/ssl/mgt.key; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; proxy_pass https://xxx.xxx.xxx.xx2:9443/; } error_log /var/log/nginx/mgt-error.log ; access_log /var/log/nginx/mgt-access.log; }Restart the NGINX Plus server.
$sudo service nginx restartTip: You do not need to restart the server if you are simply making a modification to the VHost file. The following command should be sufficient in such cases.
$sudo service nginx reload
Create SSL certificates
Create SSL certificates for both the manager and worker nodes using the instructions that follow.
- Create the Server Key.
$sudo openssl genrsa -des3 -out server.key 1024 - Certificate Signing Request.
$sudo openssl req -new -key server.key -out server.csr - Remove the password.
$sudo cp server.key server.key.org$sudo openssl rsa -in server.key.org -out server.key - Sign your SSL Certificate.
$sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
While creating keys, enter the host name (as.wso2.com or mgt.as.wso2.com) as the common name.