1
votes

We have deployed an all-in-one instance of WSO2 API Manager. We have got ssl working and you can log in and see published APIs.

We have set up the carbon.xml to have the external-facing address (apidev.example.com) and both /store/ and /publisher/ can be accessed from that address.

However, the problem is the APIs published in the store are using the local hostname of dev.company.interal.

This means that a user will sign to

https://apidev.example.com/store

click on an API and get redirected to

https://dev.company.interal:9443/store/apis/...

which is no good as that address isn't accessible to people outside our network. so I want the store to use the external-facing address.

I've included the config files, shorten to the edits which have been made.

carbon.xml

 <HostName>apidev.example.com</HostName>
 <!-- Host name to be used for the Carbon management console-->
 <MgtHostName>apidev.example.com</MgtHostName>

api-manager.xml

<APIManager>   
    <DataSourceName>jdbc/WSO2AM_DB</DataSourceName>

    <GatewayType>Synapse</GatewayType>

    <EnableSecureVault>false</EnableSecureVault>   
    <AuthManager>
        <!-- Server URL of the Authentication service -->
            <ServerURL>https://dev.company.interal:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
        <!-- Admin username for the Authentication manager. -->
        <Username>${admin.username}</Username>
        <!-- Admin password for the Authentication manager. -->
        <Password>${admin.password}</Password>
        <!-- Indicates whether the permissions checking of the user (on the Publisher and Store) should be done
           via a remote service. The check will be done on the local server when false. -->
        <CheckPermissionsRemotely>false</CheckPermissionsRemotely>
    </AuthManager>
     ...
    <APIGateway>
        <!-- The environments to which an API will be published -->
        <Environments>           
            <Environment type="hybrid" api-console="true">
                <Name>Production and Sandbox</Name>
                <Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
                <!-- Server URL of the API gateway -->

                <ServerURL>https://apidev.example.com${carbon.context}services/</ServerURL>
                <!-- Admin username for the API gateway. -->
                <Username>${admin.username}</Username>
                <!-- Admin password for the API gateway.-->
                <Password>${admin.password}</Password>
                <!-- Endpoint URLs for the APIs hosted in this API gateway.-->
                <!--GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://apidev.linkedsystems.uk:${https.nio.port}</GatewayEndpoint-->
        <GatewayEndpoint>http://apidev.example.com,https://apidev.example.com</GatewayEndpoint>
            </Environment>
        </Environments>
    </APIGateway>
    ...
    <APIKeyValidator>
        <!-- Server URL of the API key manager -->
        <ServerURL>https://dev.company.interal:${mgt.transport.https.port}${carbon.context}services/</ServerURL>

        <!-- Admin username for API key manager. -->
        <Username>${admin.username}</Username>
        <!-- Admin password for API key manager. -->
        <Password>${admin.password}</Password>


        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
        <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
        <!--ThriftClientPort>10397</ThriftClientPort-->

        <EnableThriftServer>true</EnableThriftServer>
        <ThriftServerHost>localhost</ThriftServerHost>
        <!--ThriftServerPort>10397</ThriftServerPort-->

        <!--ConnectionPool>
            <MaxIdle>100</MaxIdle>
            <InitIdleCapacity>50</InitIdleCapacity>
        </ConnectionPool-->
        <!-- Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token can be controlled by plugging in a 
             custom KeyValidation Handler -->
        <KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
    </APIKeyValidator>
    ... 
    <!-- API Store Related Configurations -->
    <APIStore>
        <!--GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</GroupingExtractor-->
        <!--This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER-2225-->
        <CompareCaseInsensitively>true</CompareCaseInsensitively>
        <DisplayURL>true</DisplayURL>
        <!--URL>https://localhost:${mgt.transport.https.port}/store</URL-->
    <URL>https://apidev.example.com/store</URL>


        <!-- Server URL of the API Store. -->
        <ServerURL>https://apidev.example.com:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
        <!-- Admin username for API Store. -->
        <Username>${admin.username}</Username>

        <!-- Admin password for API Store. -->
        <Password>${admin.password}</Password>
        <!-- This parameter specifies whether to display multiple versions of same
             API or only showing the latest version of an API. -->
        <DisplayMultipleVersions>false</DisplayMultipleVersions>
        <!-- This parameter specifies whether to display all the APIs
             [which are having DEPRECATED/PUBLISHED status] or only display the APIs
             with having their status is as 'PUBLISHED' -->
        <DisplayAllAPIs>false</DisplayAllAPIs>
        <!-- Uncomment this to limit the number of APIs in api the API Store -->
        <!--APIsPerPage>5</APIsPerPage-->

        <!-- This parameter specifies whether to display the comment editing facility or not.
             Default is "true". If user wants to disable, he must set this param as "false" -->
        <DisplayComments>true</DisplayComments>

        <!-- This parameter specifies whether to display the ratings  or not.
             Default is "true". If user wants to disable, he must set this param as "false" -->
        <DisplayRatings>true</DisplayRatings>

        <!--set isStoreForumEnabled to false for disable forum in store-->
        <!--isStoreForumEnabled>false</isStoreForumEnabled-->
    </APIStore>
    ...
    <ThrottlingConfigurations>
        <EnableAdvanceThrottling>true</EnableAdvanceThrottling>
        <DataPublisher>
            <Enabled>false</Enabled>
            <Type>Binary</Type>
            <ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
            <AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>
            <DataPublisherPool>
                <MaxIdle>1000</MaxIdle>
                <InitIdleCapacity>200</InitIdleCapacity>
            </DataPublisherPool>
            <DataPublisherThreadPool>
                <CorePoolSize>200</CorePoolSize>
                <MaxmimumPoolSize>1000</MaxmimumPoolSize>
                <KeepAliveTime>200</KeepAliveTime>
            </DataPublisherThreadPool>
        </DataPublisher>
        <PolicyDeployer>
            <ServiceURL>https://dev.company.interal:${mgt.transport.https.port}${carbon.context}services/</ServiceURL>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>
        </PolicyDeployer>
        <BlockCondition>
            <Enabled>true</Enabled>
            <!--InitDelay>300000</InitDelay>
            <Period>3600000</Period-->
        </BlockCondition>
        <JMSConnectionDetails>
            <Enabled>true</Enabled>
            <ServiceURL>tcp://${carbon.local.ip}:${jms.port}</ServiceURL>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>
            <Destination>throttleData</Destination>
            <!--InitDelay>300000</InitDelay-->
            <JMSConnectionParameters>
                ...
</APIManager>

any help/pointers would be appreciated

1

1 Answers

1
votes

So the answer is;

the file at {AM_HOME}/repository/deployment/server/jaggeryapps/store/site/conf/site.json

needs changing to reflect the reverse proxy settings. Following the example laid out in the question, the new setting would be;

"reverseProxy" : {
    "enabled" : true,    // values true , false , "auto" - will look for  X-Forwarded-* headers
    "host" : "apidev.example.com", // If reverse proxy do not have a domain name use IP
    "context":"/store",
  //"regContext":"" // Use only if different path is used for registry
},

Thats all folks