This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Use the following steps to configure Nginx Plus as the load balancer for WSO2 products.

  1. Install Nginx Plus in a server configured in your cluster.
  2. Configure Nginx Plus to direct the HTTP requests to the two worker nodes via the HTTP 80 port using the http://as.wso2.com/<service>To do this, create a VHost file (as.http.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    upstream wso2.as.com {
            sticky cookie JSESSIONID;
            server xxx.xxx.xxx.xx3:9763;
            server xxx.xxx.xxx.xx4:9763;
    }
    
    server {
            listen 80;
            server_name as.wso2.com;
            location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
                   proxy_pass http://wso2.as.com;
            }
    }
  3. Configure Nginx Plus to direct the HTTPS requests to the two worker nodes via the HTTPS 443 port using https://as.wso2.com/<service>To do this, create a VHost file (as.https.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    upstream ssl.wso2.as.com {
    	sticky cookie JSESSIONID;
    	server xxx.xxx.xxx.xx3:9443;
    	server xxx.xxx.xxx.xx4:9443;
    }
    
    server {
    listen 443;
    	server_name as.wso2.com;
    	ssl on;
    	ssl_certificate /etc/nginx/ssl/wrk.crt;
    	ssl_certificate_key /etc/nginx/ssl/wrk.key;
    	location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
    	    proxy_pass https://ssl.wso2.as.com;
        	}
    }
  4. Configure Nginx Plus to access the Management Console as https://mgt.as.wso2.com/carbon via HTTPS 443 port. This is to direct requests to the manager node. To do this, create a VHost file (mgt.as.https.conf) in the /etc/nginx/conf.d/ directory and add the following configurations into it.

    server {
    	listen 443;
    	server_name mgt.as.wso2.com;
    	ssl on;
    	ssl_certificate /etc/nginx/ssl/mgt.crt;
    	ssl_certificate_key /etc/nginx/ssl/mgt.key;
    
    	location / {
                   proxy_set_header X-Forwarded-Host $host;
                   proxy_set_header X-Forwarded-Server $host;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header Host $http_host;
                   proxy_read_timeout 5m;
                   proxy_send_timeout 5m;
    	    proxy_pass https://xxx.xxx.xxx.xx2:9443/;
        	}
    	error_log  /var/log/nginx/mgt-error.log ;
               access_log  /var/log/nginx/mgt-access.log;
    }
  5. Restart the Nginx Plus server.
    $sudo service nginx restart

    Tip: You do not need to restart the server if you are simply making a modification to the VHost file. The following command should be sufficient in such cases.

    $sudo service nginx reload 

     

     

Create SSL certificates

Create SSL certificates for both the manager and worker nodes using the instructions that follow.

  1. Create the Server Key.
    $sudo openssl genrsa -des3 -out server.key 1024
  2. Certificate Signing Request.
    $sudo openssl req -new -key server.key -out server.csr
  3. Remove the password.
    $sudo cp server.key server.key.org
    $sudo openssl rsa -in server.key.org -out server.key
  4. Sign your SSL Certificate.
    $sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

While creating keys, enter the host name (as.wso2.com or mgt.as.wso2.com) as the common name.

  • No labels