Skip to content

Instantly share code, notes, and snippets.

@tmkasun
Last active May 1, 2023 10:32
Show Gist options
  • Save tmkasun/75563eb4031e6f6fa8dbdf5822a9fcd9 to your computer and use it in GitHub Desktop.
Save tmkasun/75563eb4031e6f6fa8dbdf5822a9fcd9 to your computer and use it in GitHub Desktop.
How to configure nginx as a revers proxy for WSO2 API Manager SPA apps

For APIM 3.0.0

Update deployment.toml

[transport.https.properties]
proxyPort = 443

[server]
hostname = "knnect.lk"

Update callback URL regex

  • sample callback URL regex
regexp=(https://(knnect.lk|office.knnect.com)/testapp/services/auth/callback/login|https://(knnect.lk|office.knnect.com)/testapp/services/auth/callback/logout)

carbon_console

How to create self sign certificate and get public/private key pair in MACOS

  • Get public cert of a website
echo | openssl s_client -servername NAME -connect HOST:PORT |\
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt

Nginx setup & run

  • Install
brew install nginx
  • run
nginx
  • test configs
nginx -t
  • configs location
/usr/local/etc/nginx/nginx.conf
/usr/local/etc/nginx/servers/wso2.conf
  • reload nginx server
 sudo nginx -s reload

Nginx configs

server {
    listen 443 ssl default_server;
    listen [::]:443 default_server ipv6only=on;
    server_name  knnect.lk office.knnect.com;
    access_log  /var/log/nginx/proxy.log;

    ssl_certificate      /path/to/pub.crt;
    ssl_certificate_key  /path/to/pvt.crt;
    ssl_session_timeout  5m;
    # ssl_protocols  SSLv2 SSLv3 TLSv1; # Old protocols
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location /testapp/ {
        proxy_pass https://localhost:9443/publisher/;
        proxy_redirect    default;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $host;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location / {
        proxy_pass https://localhost:9443/;
        proxy_redirect    default;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

If you generate a certificate from let's encrypt bot use generated pem files as below

    ssl_certificate      /path/to/fullchain.pem;
    ssl_certificate_key  /path/to/privkey.pem;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment