Develop Reference

wso2 api manager 3.2.0 nginx load balancing this site can’t be reached error?

I want to use loadbalancing for wso2 api manager 3.2.0 using Nginx. when call https://localhsot:443 in nginx server,
it redirects to https://api.am.wso2.com/publisher, but can not reach this site error occurs.
could you please me guide, what is wrong?
Nginx config:
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
upstream sslapi.am.wso2.com {
server 172.24.64.114:9443;
server 172.24.64.114:9443;
}
upstream sslgw.am.wso2.com {
server 172.24.64.114:8243;
server 172.24.64.114:8243;
}
server {
listen 80;
server_name api.am.wso2.com;
rewrite ^/(.*) https://api.am.wso2.com/$1 permanent;
}
server {
listen 443 ssl;
server_name api.am.wso2.com;
proxy_set_header X-Forwarded-Port 443;
ssl_certificate /etc/nginx/ssl/apimanager.crt;
ssl_certificate_key /etc/nginx/ssl/apimanager.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://sslapi.am.wso2.com;
}
}
server {
listen 443 ssl;
server_name gw.am.wso2.com;
proxy_set_header X-Forwarded-Port 443;
ssl_certificate /etc/nginx/ssl/apimanager.crt;
ssl_certificate_key /etc/nginx/ssl/apimanager.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://sslgw.am.wso2.com;
}
}
}
and deployment.toml config in server(172.24.64.114):
[transport.https.properties]
proxyPort = 443
[server]
hostname = "api.am.wso2.com"
node_ip = "172.24.64.114"
#offset=0
mode = "single" #single or ha
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"
and hosts config in (172.16.11.239) server:
172.0.0.1 localhost
172.24.64.114 api.am.wso2.com
and hosts config in (172.24.64.114) server:
172.24.64.114 api.am.wso2.com
After invoke nginx url (172.24.64.116) it redirects to 172.24.64.114 that is site is not reachable!

When you configure the API Manager with Proxy Port configurations, it is required to specify a Hostname as well. The same Hostname needs to be configured in the Nginx under server configurations. Further, under upstream, you have to configure the IP address of the API Manager nodes to direct the requests.
Since you are having a dedicated Nginx server (.116) in the middle, configure the Nginx server's IP address (.116) and the Hostname of the API Manager (api.am.wso2.com) in the Client node's (.239) Hosts entry. This will make sure that when you type the Hostname: api.am.wso2.com in the Client's node, the request will be dispatched to the Nginx server and then the Nginx will make the communication with the Upstream servers that have been configured.
Try out configuring the Hosts entries correctly in the Client's node and verify the behavior. A sample entry in the Client's Hosts will be as following
172.24.64.116 api.am.wso2.com

How to configure nginx reverse proxy to use SECURE websockets upstream?

I want to use nginx as a reverse proxy for websocket connections.
Consider echo.websocket.org to be my backend websocket service. As a test client I use wscat from https://github.com/websockets/wscat.
What works:
client <-- ws --> backend:
wscat --connect ws://echo.websocket.org
client <-- wss -->: wscat --connect wss://echo.websocket.org
client <-- ws --> proxy <-- ws --> backend: wscat --connect ws://localhost with the following nginx configuration:
events {
}
http {
server {
listen 80;
location / {
proxy_pass http://echo.websocket.org;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
}
client <-- wss --> proxy <-- ws --> backend: wscat -n --connect wss://localhost with the following nginx configuration:
events {
}
http {
server {
listen 443 ssl;
ssl_certificate /pki/cert.pem;
ssl_certificate_key /pki/key.pem;
location / {
proxy_pass http://echo.websocket.org;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
}
What I want and what I need help with is configuring nginx to use secure websockets to connect to the backend. I want this configuration:
client <-- wss --> proxy <-- wss --> backend
I tried changing http://echo.websocket.org to https://echo.websocket.org without success. This leads to a 504 Gateway Timeout.

You need to use proxy_ssl_certificate and proxy_ssl_certificate_key as specified in Nginx Docs

This is my config upstream, server_name, ssl_certificate, HTTP 301:
server {
listen 80; # nginx 80
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/acme-challenge/ {
# Set correct content type. According to this:
# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
# Current specification requires "text/plain" or no content header at all.
# It seems that "text/plain" is a safe option.
default_type "text/plain";
# This directory must be the same as in /etc/letsencrypt/cli.ini
# as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
# there to "webroot".
# Do NOT use alias, use root! Target directory is located here:
# /var/www/common/letsencrypt/.well-known/acme-challenge/
root /var/www/html;
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/***0***0.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/***0***0.ru/privkey.pem; # managed by Certbot
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name ***0***0.ru; # server name
location /sockjs-node/ {
proxy_pass http://node; # wep application
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location / {
proxy_pass http://node;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /smpp {
rewrite /smpp(.*) /$1 break;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_pass http://smpp;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
upstream smpp {
server localhost:5001;
}
upstream node {
server localhost:5000;
}

How to redirect NGINX to a websocket

NGINX - sitting on 10.10.10.1
LAMP - sitting on 172.168.1.1 , has phpwebsockets.This listens on http://172.168.1.1:8080 and having ws folder at http://172.168.1.1:8080/ws
Nginx supposed to forward request in this fashion.
NGINX ---> LAMP Websocket
http://10.10.10.1/randomstring/ --> https://10.10.10.1/randomstring/ --> http://172.168.1.1:8080
Currect /conf.d/internal.conf nginx config file is
server {
listen 80;
server_name 172.168.1.1;
return 301 https://$host$request_uri; #redirect to self with https
}
server {
listen 443 ssl;
server_name 172.168.1.1;
root /var/www/nginx/;
index index.html;
proxy_cache one;
location /ws {
proxy_pass http://172.168.1.1:8080;
# this magic is needed for WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location / {
proxy_pass http://172.168.1.1:8080;
}
}
I am unable to forward to /randomstring , it works for without 'randomstring'.

Please add "/" at the end of proxy_pass
proxy_pass http://172.168.1.1:8080/;

NGinx forward websocket from 80 to websocket port

I am using Nginx as a web host and proxy for a websocket running on the same device listening on port 8888. Trying to find a way to have nginx listen on 80 and forward the websocket requests to the internal port. Without exposing a new port to the outside. Is this even possible?
UPDATE:
This is my current configuration:
error_log /var/log/nginx/error_log.log warn;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server localhost:8888;
}
server {
listen 80;
#listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/EncoderAdmin;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /ws {
proxy_pass http://localhost:8888;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
When I try to connect to it with ws://[address]/ws I get:
WebSocket connection to 'ws://[address]/ws' failed: Error during WebSocket handshake: Unexpected response code: 400

Yes, it's possible assuming you can distinguish the normal HTTP requests and the socket ones.
The simplest solution is to match the socket uri with location, for example all the requests to /ws will be redirected to localhost:8888, any other url to localhost:8889. Here it is an example of configuration
server {
server_name _;
location /ws {
proxy_pass http://localhost:8888;
# this magic is needed for WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location / {
proxy_pass http://localhost:8889;
}
}
You should also remember to bind the websocket server to localhost:8888 and not to 0.0.0.0:8888. This step is not needed but with it the original port is not exposed!

How to run Nginx on multiple ports

I am trying to configure nginx on two ports with the same instance, for example on port 80 and port 81, but no luck so far. Here is an example of what I am trying to do:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name chat.local.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_buffering off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 81;
server_name console.local.com;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_buffering off;
}
}
}
When I try to run console.local.com, it shows the content from chat.local.com. Is there a way to make nginx run on two ports? Thanks in advance!

your config looks ok
I think the problem is this (correct me if I'm wrong):
you have console.local.com listening on port 81,
that means you need to access it as http://console.local.com:81/
when you access it as http://console.local.com/ (no explicit port so defaults to port 80)
nginx will check, notice that noting is listening on port 80 for that server_name, and consequently will pass the request to the default server-block. Since the defaut server-block is the first one (in the absence of configuration to change it) you end up in the chat.local.com handling.
In all likelyhood you want to change your console.local.com to listen on port 80 also since:
the server_name directive in both serverblocks is enough to differentiate the requests
that avoids you having to add the :81 to the domainname in the requests all the time

You can add listen statement 2 times simple; like below
listen 80;
listen 81;
This should work with nginx