Closed lathlk closed 3 years ago
Similar issue is there in the APIM-4.0.0 as well. It will be better to fix this on APIM-4.0.0 as well.
The fix is explained in the following hypothetical scenario.
This scenario is explained with the context of an all-in-one deployment of the API manager.
The domain is knnect.lk and the carbon console, admin, publisher, and devportal apps should be accessible via the following URLs respectively.
In order to achieve the above, it's required to do the following configuration changes.
server {
listen 443 ssl default_server;
listen [::]:443 default_server ipv6only=on;
server_name knnect.lk office.knnect.com;
access_log /var/log/nginx/proxy.log;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/apim.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
rewrite \w*(admin|devportal|publisher)$ $1/ permanent;
location /apim/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://localhost:9443/;
proxy_redirect https://knnect.lk/authenticationendpoint/ https://knnect.lk/apim/authenticationendpoint/;
proxy_redirect https://knnect.lk/oauth2/ https://knnect.lk/apim/oauth2/;
proxy_redirect https://knnect.lk/carbon/ https://knnect.lk/apim/carbon/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Add the following host entries
127.0.0.1 knnect.lk
Open repository/conf/deployment.toml
and add or update the following configurations.
[server]
hostname = "knnect.lk"
node_ip = "127.0.0.1"
mode = "single" #single or ha
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}/apim"
server_role = "default"
proxy_context_path = "/apim"
[apim.devportal]
url = "https://knnect.lk/apim/devportal"
[transport.https.properties]
proxyPort = 443
Open the following file.
repository/resources/conf/templates/repository/conf/tomcat/carbon/WEB-INF/web.xml.j2
Add the following configuration
<context-param>
<param-name>contextPath</param-name>
<param-value>apim</param-value>
</context-param>
Add the following configuration to each web application.
context: '/apim/devportal',
proxy_context_path: '/apim',
context: '/apim/publisher',
proxy_context_path: '/apim',
context: '/apim/admin',
proxy_context_path: '/apim',
Now start/restart the API Manager server and Nginx
You will be able to access the web applications with the URLs mentioned above.
This issue is fixed in the latest update level for 3.2.0 and 4.0.0 and master.
This issue is fixed in the latest update level for 3.2.0 and 4.0.0 and master.
Hi @chanaka3d As mention in above comment, I've confirmed the modified files in the the wso2am-3.2.0 image and "product-apim-3.2.0" binary but fix is not applied on the same. And I've confirmed that the patch is applied on wso2am-4.1.0 image
If my findings are correct can you please commit the updated wso2am-3.2.0 image on docker hub? or Please let me know how I can get updated "wso2am-3.2.0"?
Description:
The configuration "proxy_context_path" which is toml equivalent for "ProxyContextPath" in XML based configs; is not working as expected. The carbon management console does not work due to a hardcoded CSRF guard javascript path. All the react web apps are not working because they have not taken this config into account.
Steps to reproduce:
[transport.https.properties] proxyPort = 443
server { listen 443 ssl; server_name apim-320.wso2.com; client_max_body_size 100M;
}