I read a lot of information about this topic but I have no answer.
I have 3 servers with following components
server1 - WSO2 IS + OpenLDAP
server2 - WSO2 Gateway
server3 - Publisher + Store
All of theese servers working with LDAP and I have no problems to login to IS, Gateway, publisher and store with my Ldap login.
In Publisher config file I wrote Gateway server2 but when I publish new test API I have access to this API (server3:8243/ddd/v1/aaa), but via gateway I have no access https://server2:8243/ddd/v1/aaa and I got an Error 404.
How I need to configure my WSO2 Publisher or Gateway.
P.S. At this moment I have no genereated ssl keys in a keystore. Can you tell me how to resolve this problem for testing my TEST API?
When you publish an API from the publisher, it pushes the Synapse artifact of the API to the gateway node. But in your case, as you haven't changed any configuration in Publisher/Store node, it points to the server itself.
You can edit the server 3 and point server 2 which is your gateway node. Edit the api-manager.xml file in APIM/repository/conf location.
<APIGateway>
<Environments>
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<ServerURL>https://[API-Gateway-Host-or-IP]:9443/services/</ServerURL>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
<GatewayEndpoint>http://[API-Gateway-Host]:8280,https://[API-Gateway-Host]:8243</GatewayEndpoint>
</Environment>
</Environments>
</APIGateway>
Related
having WSO2AM 2.1.0 in distributed setup (KM, GW, TM deployed and scaled separately) we'd like to enable SAML SSO for application users with an external SAML IdP.
Main question is - what is the SAML ACS url for the APIM as SP in this setup?
By default (it's working) the ACS URL is https://host:9443/commonauth , however as far I understood the client should have access only to the Gateway services (port 8243). On the port 8243 there are even all OAuth services exposed too.
So - do we need to expose a route / ports to 9443 (gateway to key manager)?
Thank you for any insight
question is bit unclear. We can setup SSO for publisher and store applications only. There is no connection with the gateway when configuring this. see https://docs.wso2.com/display/AM2xx/Configuring+Identity+Server+as+IDP+for+SSO . Since API Publisher or store acts as the SP, We set ACS url for publisher as https://localhost:9443/publisher/jagg/jaggery_acs.jag and for store as https://localhost:9443/store/jagg/jaggery_acs.jag
Gateway is there to accept the API requests. so only 8243 and 8280 are needed to exposed to public. but gateway needs to talk to keymanager (to validate tokens) so there needs to be a connection between gateway and keymanager.
I have hosted WSO2 API Manager into my virtual machine with static ip address.
I can open my Carbon, Publisher and Store page by entering these addresses:
https://my.ip.address:9443/publisher
https://my.ip.address:9443/store
https://my.ip.address:9443/carbon
When I add my API in my publisher page, it creates endpoint in 172.x.x.x.x address which is only for internal use.
So in order to have access to my endpoints outside I have written these lines in my \wso2\wso2am-2.1.0\repository\conf\api-manager.xml into APIGateway:
<APIGateway>
<Environments>
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port},http//my.ip.address:${http.nio.port},https://my.ip.address:${https.nio.port}</GatewayEndpoint>
</Environment>
</Environments>
</APIGateway>
Now when I publish my APIs Production and Sandbox URLs are:
http://my.ip.address:8280/path/to/my/api
https://my.ip.address:8243/path/to/my/api
However, when I try to make requests to my API urls, I get timeout errors.
Why this is happening?
The main problem was that my system administrator didn't open 8280 and 8243 ports for users that outside of local network.
Environment
So I have a Clustered environment with an API Manager and two gateway workers (the gateways are on a load balancer) and two Identity Servers as Key Managers (Load Balancer).
I get confused when it comes to configuring the below code.
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://gatemgrdev.byui.edu/services/</ServerURL>
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint>
</Environment>
</Environments>
</APIGateway>
In my Identity Servers I usually point the Server URL to my API Manager. Like so
<ServerURL>https://apimgr.org/services/</ServerURL>
In my API Manager I usually change the configs to this
<GatewayEndpoint>http://gateworker.org,https://gateworker.org</GatewayEndpoint>
So how should I configure the gateway workers? Do I have to do anything to them? Also, I'm I configuring the two above correctly?
You can find the gateway configurations from [1]
[1] https://docs.wso2.com/display/AM210/Clustering+the+API+Manager#ClusteringtheAPIManager-ConfiguringtheGateway
Thanks
Isura.
If i have multiple gateway worker nodes, how can i config the GatewayEndpoint?
I read the post of setup gateway endpoint, it that case just has one gateway worker node. I also had nginx node before WSO2 clustering, so we also need to display final endpoint URL in store to end users. for ServerURL, i can config it as url: "https://mgt.gw.devzone.com/services/" .
<APIGateway>
<Environments>
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<ServerURL>https://<API-Gateway-Host>:9443/services/</ServerURL>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
<GatewayEndpoint>http://<API-Gateway-Host>:8280,https://<API-Gateway-Host>:8243</GatewayEndpoint>
</Environment>
</Environments>
</APIGateway>
Yes for the ServerURL you should point to the GW Manager node. When specifying the GW worker URLs you need to point to NginX. The GatewayEndpoint you are including here should resolve to NginX and NginX will loadbalance the request between the worker nodes. The URL you add here will be shown in the API Store.
In WSO2 API Manager, I want to use an WSO2 ESB instance in local to publish API. I mean, I configure in /repository/conf/api-manager.xml an ESB instance like Gateway, like this:
<APIGateway>
<Environments>
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description> Description of environment</Description>
<!--ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/</ServerURL-->
<ServerURL>https://localhost:8243/services/</ServerURL>
<!--Username>${admin.username}</Username-->
<Username>admin</Username>
<!--Password>${admin.password}</Password-->
<Password>admin</Password>
<!--GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint-->
<GatewayEndpoint>http://localhost:8280,https://localhost:8243</GatewayEndpoint>
</Environment>
</Environments>
<EnableGatewayKeyCache>true</EnableGatewayKeyCache>
<EnableGatewayResourceCache>true</EnableGatewayResourceCache>
<ClientDomainHeader>referer</ClientDomainHeader>
</APIGateway>
I followed this article https://docs.wso2.com/display/AM190/Publish+through+Multiple+API+Gateways and I just changed the configuration according to my ESB instance.
The problem is in API publisher, when I want to publish a new API I get follow error:
Failed to change the life cycle status : Invoking lifecycle action "Publish" failed
NOTE: I changed port of serviceURL from 9443 to 8243 because I couldn't show service list of ESB in my browser, and with 8243 I can see it.
Have you done a feature installation on ESB ?
By default WSO2 ESB does not contain certain features that are required for it to serve as the gateway in this scenario. It is not possible to use ESB here, without a feature installation.
Therefore we recommend you to use an instance of WSO2 API Manager itself as the gateway.
The HTTPS servlet transport port of the Gateway needs to be given as the gateway's <serverURL>.