We have two API servers running in HA mode i.e. same set of services are running on both VMs with same environment. We would like to use WSO2 APIM for API Security but the problem is that we have not been able to find how to use HA routing services in WSO2 APIM.
E.g.
API Server 1- http://192.168.0.2/getCustomerDetails
API Server 2- http://192.168.0.3/getCustomerDetails
API Gateway- 192.168.0.10
Once registered on API Gateway the service endpoints become-
URL1- https://192.168.0.10:8243/getCustInfo1
[edit]
URL2- https://192.168.0.10:8243/getCustInfo2
Now the question is how does WSO2 APIM decides where to route the request i.e. URL1 or URL2 for accessing the same business service? Or there is some concept like virtual ip usage in WSO2 APIM?
You don't have to create 2 APIs in API Manager for your 2 backend URLs. Create a single API and use Load Balancing or Failover Endpoints[1].
[1] https://apim.docs.wso2.com/en/latest/Learn/DesignAPI/Endpoints/high-availability-for-endpoints/
Related
I'm new to the GCP Services, and I'm trying to make an API Gateway to proxy two services, one is run on an App Engine and the other is actually a PaaS.
Can I configure Cloud Endpoints to redirect to that PaaS, and how? and if now what service in GCP suits this case?
Edit:
An example of what I'm trying to do is if my domain is test.com then i'd like app.test.com to be redirected to my App Engine and ip.test.com would be directed for example to https://httpbin.org/ip.
I wrote an article on this for securing the endpoint. Set the value that you want in the x-google-backend.
I also provide some tips about the URL rewriting if you want.
EDIT 1
If you want to perform this routing
app.test.com -> App Engine
ip.test.com -> External service
You need to use a HTTPS Load Balancer and not API Gateway.
Then,
create a serverless NEG and configure it with App Engine
create an Internet NEG and configure it to reach your internet accessible PaaS service
Create a URL MAP with the correct routing
That's all (wait 3 - 5 minutes, the delay to dispatch your configuration around the globe.)
Yes, you can run an Extensible Service Proxy in front of your non-GCP backend service so that Cloud Endpoints can proxy requests to it.
Docs: https://cloud.google.com/endpoints/docs/openapi/running-esp-localdev
having WSO2AM 2.1.0 in distributed setup (KM, GW, TM deployed and scaled separately) we'd like to enable SAML SSO for application users with an external SAML IdP.
Main question is - what is the SAML ACS url for the APIM as SP in this setup?
By default (it's working) the ACS URL is https://host:9443/commonauth , however as far I understood the client should have access only to the Gateway services (port 8243). On the port 8243 there are even all OAuth services exposed too.
So - do we need to expose a route / ports to 9443 (gateway to key manager)?
Thank you for any insight
question is bit unclear. We can setup SSO for publisher and store applications only. There is no connection with the gateway when configuring this. see https://docs.wso2.com/display/AM2xx/Configuring+Identity+Server+as+IDP+for+SSO . Since API Publisher or store acts as the SP, We set ACS url for publisher as https://localhost:9443/publisher/jagg/jaggery_acs.jag and for store as https://localhost:9443/store/jagg/jaggery_acs.jag
Gateway is there to accept the API requests. so only 8243 and 8280 are needed to exposed to public. but gateway needs to talk to keymanager (to validate tokens) so there needs to be a connection between gateway and keymanager.
When creating an API in WSO2, the wizard has a section to pick an endpoint - current selection choices include: HTTP Endpoint, Address Endpoint, failover endpoint, Load Balance. Can additional endpoints be added, such as FTP? Is there code / config that can be added for an FTP endpoint?
WSO2 API Manager don't support FTP protocol, you can WSO2 ESB to do the same. You refer these samples here and here
I installed and configured WSO2 IS 5.0 But I would like the users access through the proxy. So I would like to know WSO2 has WSO2 IS Proxy or not? Or WSO2 has any product to use for this purpose?
WSO2 has not any proxy related product. Also, there are well known proxy such as Apache HTTP / Nginx and so on. As i know, WSO2 also recommends to use Nginx. Please find details on how you can use proxy with WSO2IS from here
I have used WSO2 IS in production with Nginx and it has worked correctly for me.
You can also review the official documentation here
WSO2 does not provide in-built proxy. However, you you can use well known proxy products for this purpose. Ex: Nginx, HA proxy etc.
If you deploy WSO2 products in cloud environments, you can can use cloud native LBs such as AWS ALB, Azure application gateway etc.
You need 443 LB listener port to forward traffic to 9443 port in WSO2 IS server.
Is WSO2 Cloud Gateway supported in StratosLive? Is there self-service setup? I would like to expose an internal web service (behind corporate firewalls) to WSO2 ESB on StratosLive and Cloud Gateway may be one solution...
WSO2 CG is supported in StratosLive and we are in the process of deploying CG(and other services) in StratosLive. Please check back in couple days.