I am having some challenges trying to get a reverse proxy working with the API gateway. I have configured all the UI components and things are working well with the reverse proxy. I have configured the API locally and it works...but I can't find any documentation on setting up a gateway proxy. I've tried creating several gateway environments using a number of configuration and the best I can get is
Message dispatched to the main sequence. Invalid URL.
Anybody successfully implemented this? I want the proxy endpoint to be on 443 to avoid any port modifications. Whenever I publish the API it wants to use 8280 on the backend...just not sure what to do and there are no examples or docs anywhere I can find.
Thanks for your help.
What are you using as a reverse proxy? is it NGINX?
If you are using NGINX, you have to configure Nginx.conf as follows to expose API gateway.
upstream sslgw.am.wso2.com {
server 127.0.0.1:8243;
server 127.0.0.1:8244;
#ip_hash;
}
server {
listen 443;
server_name gw.am.wso2.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /usr/local/Cellar/nginx/1.17.7/ssl/nginxLab.crt;
ssl_certificate_key /usr/local/Cellar/nginx/1.17.7/ssl/nginxLb.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://sslgw.am.wso2.com;
}
#access_log /usr/local/Cellar/nginx/1.17.7/log/gw/https/access.log;
#error_log /usr/local/Cellar/nginx/1.17.7/log/gw/https/error.log;
}
Related
Been struggling with an Nginx(1.18.0) configuration for a forward proxy. We use specific EC2 boxes as forward proxies and that allows us to send their EIP for whitelisting purpose. So Nginx has been used for several cases including mtls and that had always worked fine. But this time the partner is using AWS API Gateway and this seems not to work. When I used curl and openssl with the client cert and key it works fine but as long as I am using nginx it still throws an http error 400.
Below is the configuration I am currently using.
server {
listen 11013;
server_name localhost;
access_log /var/log/nginx/forward_partner_x_nginx_proxy_access.log;
error_log /var/log/nginx/forward_partner_x_nginx_proxy_error.log warn;
proxy_ssl_certificate /root/partner_x_ssl/uat_chain.crt;
proxy_ssl_certificate_key /root/partner_x_ssl/uat.key;
resolver 8.8.8.8;
set $partner_x_upstream https://api.partner_x.app;
location /test {
access_log off;
return 200;
}
location / {
proxy_set_header Host $proxy_host;
proxy_pass $partner_x_upstream;
#proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_server_name on;
proxy_buffering off;
proxy_ssl_name xx.xx.xx.xx;
#add_header Content-Type application/json;
}
}
I have tried several iteration of this config and it still didn't work. Because of the client certificate, i am not able to see anything significant over a captured tcpdump.
has anyone able to have a similar config working ? Grateful if you could share some lights on what I am doing wrong here. Thanks in advance.
Best Regards,
I have been trying to get my app to run on https. It is a single instance, single container docker app, that runs dart code and serves on 8080. So far, the app runs on http perfectly. I do not have, nor want, a load balancer.
I have followed the directions here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-docker.html and here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html. I also have it configured to connect to my site at "server.mysite.com". I am getting the refused to connect error. I am sort of a noob to this, so if you need more information let me know.
The issue is that the instance is not listening on 443. So it turns out that since I deployed on AWS Linux 2, there is a different way of configuring the location of the https.conf file that the docs make you make.
Here is a ref https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html. Essentially, I made a folder in the root (next to .ebextensions) and added a file with the following path .platform/nginx/conf.d/https.conf with the contents of the file the wanted in the docs, eg.
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I am trying to launch my web app with Django, Angular, and Nginx. During the development phase I made services within Angular that send requests to 127.0.0.1:8000 I was able to get my Angular project to display over my domain name. However, when I try to log into my app over another network it won't work. Is this because I am pointing at 127.0.0.1:8000? Do I need to configure a web server gateway or api gateway for Django? Do I need to point the services in Angular to a different address? Or did I configure something wrong within Nginx? if anyone can help me I would greatly appreciate it.
upstream django_server{
server 127.0.0.1:8000;
}
server{
listen 80;
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate C:/Certbot/live/example.com/fullchain.pem;
ssl_certificate_key C:/Certbot/live/example.com/privkey.pem;
root /nginx_test/www1/example.com;
index index.html;
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location /api-token/ {
proxy_pass http://django_server/api-token/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I think the reason is in your Angular service configuration. Instead of 127.0.0.1 try to change it to your REST API server IP address.
As I understand in your case when you open your app in the browser you load all static files into your pc/laptop browser. Because of that every time when you trigger frontend service you try to get response from your laptop/pc instead of your backed server.
I need to run multiple https urls on single domain
Here is my nginx file. I ran front-end with the below settings on https. Now my dashboard is running on https and my api are on http.
server {
listen 443;
ssl on;
ssl_certificate bundle_chained.crt;
ssl_certificate_key mykey.key;
server_name my_domin.com;
location / {
proxy_pass my_host:port;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
Now obviously it cannot hit on https to http. So I want to run api's on https by changing the above configuration.(I don't have wild-card ssl)
How can I do that. Thank you in advance
I have setup the reverse proxy for the aws elastic search endpoint on a server on port 9200. I am trying to access kibana on that particular server with /kibana URI. But I am getting below error.
Kibana did not load properly. Check the server output for more information.
Nginx Code:
For ElasticSearch:
server {
listen 9002;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://search.us-west-2.es.amazonaws.com;
}
}
For Kibana
location /kibana/ {
proxy_set_header Host https://search-es.us-west-2.es.amazonaws.com/_plugin/kibana/;
proxy_set_header X-Real-IP 34.214.177.249;
proxy_pass https://search-es.us-west-2.es.amazonaws.com/_plugin/kibana/;
proxy_redirect https://search-es.us-west-2.es.amazonaws.com/_plugin/kibana/ http://ab.cd.ef.g/kibana/;
}
For My App:
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:3054;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
I am also getting a lot of below console error.
Failed to load resource: the server responded with a status of 502 (Bad Gateway).
http://ab.cd.ef.g//_plugin/kibana/ui/favicons/favicon.ico
Any hint would be appreciated.
Nginx reverse proxy setup for Kibana:
I am using Kibana 7.5 version I have faced this issue with Nginx. I have added configuration for following entries in the Nginx configuration file. It is fixed.
/app|/translations|/node_modules|/built_assets/|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch|/spaces/enter
You need to set server.basePath to /kibana
Enables you to specify a path to mount Kibana at if you are running
behind a proxy. This only affects the URLs generated by Kibana, your
proxy is expected to remove the basePath value before forwarding
requests to Kibana. This setting cannot end in a slash (/).