A preferred server can be used as a proxy server between the device and the WSO2 IoT server. The steps documented below is only an example of configuring the proxy server using NGINX, which is a known reverse proxy server.
Follow the steps given below to configure the proxy Server:
Install NGINX on your production environment.
Example:
Get an SSL certificate. Make sure that the common name of the certificate you are getting matches the constructed URI.
- Navigate to the
/usr/local/etc/nginx
directory, create a folder named ssl
, and add the CA certificate and the private key to this folder. Configure the /usr/local/etc/nginx/nginx.conf
file with the details of the SSL certificate and the Windows endpoints as explained below.
Click here to view a configured nginx.conf file.
server {
listen 443;
server_name enterpriseenrollment.dilan.me;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/certificate.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/private.key;
location /EnrollmentServer/Discovery.svc {
if ($request_method = GET) {
return 200;
}
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:<GATEWAY_PORT>/api/device-mgt/windows/v1.0/discovery/post;
proxy_http_version 1.1;
}
location /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:<GATEWAY_PORT>/api/device-mgt/windows/v1.0/certificatepolicy/xcep/1.0.0;
proxy_http_version 1.1;
}
location /windows-web-agent {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:9763/windows-web-agent;
proxy_http_version 1.1;
}
location /ENROLLMENTSERVER/DeviceEnrollmentWebservice.svc {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:<GATEWAY_PORT>/api/device-mgt/windows/v1.0/deviceenrolment/wstep/;
proxy_http_version 1.1;
}
location /ENROLLMENTSERVER/Win10DeviceEnrollmentWebservice.svc {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:<GATEWAY_PORT>/api/device-mgt/windows/v1.0/deviceenrolment/enrollment;
proxy_http_version 1.1;
}
location /Syncml/initialquery {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:<GATEWAY_PORT>/api/device-mgt/windows/v1.0/syncml/devicemanagement/1.0.0/request/;
proxy_http_version 1.1;
}
location /devicemgt {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<IP>:<GATEWAY_PORT>/api/device-mgt/windows/v1.0/management/devicemgt/1.0.0/pending-operations/;
proxy_http_version 1.1;
}
}
include servers/*;
}
Configure the SSL certificate details.
server {
listen 443;
server_name enterpriseenrollment.wso2.com;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/star_wso2_com.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/enterpriseenrollment_wso2_com.key;
You need to configure the following properties:
Property | Description | Example |
---|
server_name
| Define the common name of the certificate. | enterpriseenrollment.wso2.com
|
ssl_certificate
| Define where you saved the SSL certificate. | /usr/local/etc/nginx/ssl/wso2_com_SSL.crt
|
ssl_certificate_key | Define where you saved the private key of the certificate. | /usr/local/etc/nginx/ssl/enterpriseenrollment_wso2_com.key
|
Configure the Windows endpoints.
Click here to know more on the required Windows endpoints.
Click here to see a sample Windows endpoint configuration.
Example:
location /ENROLLMENTSERVER/PolicyEnrollmentWebservice.svc {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.10.10.10:8280/api/device-mgt/windows/v1.0/certificatepolicy/xcep;
proxy_http_version 1.1;
}
Property | Description |
---|
location | This property specifies the "/" prefix that needs to be compared with the URI sent from the request. For more information, see the NGINX documentation. |
proxy_set_header
| Required to configure Windows for reverse proxy. |
proxy_pass | Define the respective Windows endpoint. |