I am currently using WSO2-IS and WSO2-APIM and have created a working api similar to https://<wso2_host>:8244/api/v1/apipath I was wondering if it was possible to expose this API through port 443 rather than 8244 ?
Related
I don't want to expose ports to users.
therefore I want to use "https://hostname/devportal", "https://hostname/publisher" rather than "https://hostname:9443/devportal", "https://hostname:9443/publisher". what should I do?
Please help me on this.
thanks. (API manager version: 4.0)
You need to add the following two properties to the deployment.toml if you want to start WSO2 server on port 443. (Tip: Start everything on a fresh pack, if you are trying following on a pack you already started you may have to change already registered callback URLs)
[transport.https.properties]
proxyPort = 443
port = 443
Also, for an application to bind to a port <1000(In this case 443) it needs root permissions. Hence you will have to start the server with a user who has root access.
Having said that, this is not a good deployment pattern as to expose your servers directly to external access. You should probably deploy an LB fronting the WSO2 servers and expose LB to the external users.
I have an app which uses a backend (REST webservice) on a public server. Currently I am using 8080 as the incoming port and asked myself if this is correct. In theory I could choose almost any port. Theoretically... But it is advisable to use a non-reserved port.
I once heard that calling a web service with an "exotic" port could be blocked in a public WLAN. Due to firewall/proxy rules. Could that really happen?
Would it make sense to use port 443 for the web service? (I use a SSL certificate on my backend)
This concept is pretty difficult to tackle, there are a lot of options when considering networked services. I'd advise against using a well known port for your web service in general, although in the case of REST there is a case to be made.
As you mentioned, obscure port numbers can be blocked inside certain networks by strict sys admins. Operating your service over TLS on port 443 is a secure and reliable way to access your api from within a network.
Being that REST is an http(s) api, and being that port 443 is designated for https traffic, using 443 for https-REST api seems appropriate.
TLDR; It's okay to use the well known http(s) ports, 80 and 443, for your REST api
We have a number of services behind an API gateway which is itself behind ingress-nginx. We're trying to use HTTP/2 to speed up data transfer to the front-end but all of our connections are still being done with HTTP/1.1.
The connection from client to nginx is over HTTPS, but nginx communicates with our API gateway using HTTP, and the gateway also uses HTTP to communicate with the backend services.
Do we need to use HTTPS from end-to-end to get HTTP/2 to work? If so, what's the best way to set this up re: using certificates? If not, what could be causing the connection to drop to HTTP/1.1?
We are using ingress-nginx version 0.21.0, which has nginx 1.15.6 and OpenSSL 1.1.1, which should be sufficient to support TLS 1.3/ALPN/HTTP2. Our nginx-configuration configmap has use-http2 set to true and I can see that the pod's /etc/nginx.conf has a listen ... http2; line.
Edit 10/05/2019:
Further to the comments of #Barry Pollard and #Rico, I've found out that AWS Elastic Load Balancer, which sits in front of our ingress-nginx controller, doesn't support HTTP/2. I've cut nginx out of the stack and our API Gateway is being provisioned its own Network Load Balancer. However, we're still on HTTP/1.1. It looks like ASP.Net Core 2.2's HTTP server Kestrel uses HTTP/2 by default, so I'm not sure why the connection is still dropping to 1.1.
Like #BarryPollard said you shouldn't need HTTP/2 end to end to establish HTTP/2 connections on your browser.
It sounds like whatever you are using for a client is dropping to HTTP/1.1, make sure you try with one of the following:
Chrome 51
Firefox 53
Edge 12
Internet Explorer 11
Opera 38
You didn't specify what architecture is fronting your nginx. Is it connected directly to the internet? or it's going through cloud load balancer? CDN? You can also test with Wireshark as described here.
Do we have a feature in WSO2 ESB REST API where we can deploy REST API services on Carbon server with different ports.
In the sense, REST-API-1 with port 1000
REST-API-2 with port 2000 and so on.
I don't want to use server port which is by default 8280 for all REST services.
I need unique ports for each REST API Service as mentioned above.
Thanks,
Abhishek
This is not supported. What you ca do is change the port. But you can't use different ports for each service.
I have to expose an API with the port other than 8280. i modified that in axis2.xml to port :8286 for HTTP Transportreceiver . Even after restarting the apigateway service , it is Refusing the connection on the particualar port.
Whats the process for modifying the ports.
You just have to change the Port offset of the API Manager Server. For that change offset configuration in <PRODUCT_HOME>/repository/conf/carbon.xml
<Offset>1</Offset>
This will change the NIO port which is 8280 by default to 8281 (8280 + 1).
After that make sure to edit all the hardcoded endpoints of default APIs available by following[1]
[1]http://docs.wso2.org/wiki/display/AM140/Configuring+Port+Offset