WSO2 API Manager 3.1.0 Apache reverse proxy

1 min readJul 24, 2020

The WSO2 APIM documentation use almost exclusively nginx as reverse proxy. I haven’t found any example for this version of APIM behind an apache proxy, so here is a try:

ServerTokens Prod<virtualHost *:80>
        ServerName api.mycompany.com.ar
        UseCanonicalName On        <Proxy balancer://wso2http>
             BalancerMember http://apim1.mycompany.corp:8280
             BalancerMember http://apim2.mycompany.corp:8280
             ProxySet lbmethod=bytraffic
        </Proxy>        <Location /services>
                ProxyPass balancer://wso2http 
                ProxyPassReverse balancer://wso2http
        </Location>
 
</VirtualHost><VirtualHost *:443>ServerName api.mycompany.com.ar        UseCanonicalName On
        SSLProxyEngine On
        SSLProxyCheckPeerCN Off
        SSLProxyCheckPeerExpire Off
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3        SSLCertificateFile /etc/httpd/conf/ssl_wildcard/WC_mycompany.com.ar.txt        SSLCertificateKeyFile /etc/httpd/conf/ssl_wildcard/mycompany.com.ar.key        SSLCertificateChainFile /etc/httpd/conf/ssl_wildcard/mediumcert.txt        SSLCACertificateFile /etc/httpd/conf/ssl_wildcard/root.txt#----HEADERS CONTROL----#
        Header always append X-Frame-Options SAMEORIGIN
        Header set X-XSS-Protection "1; mode=block"
        Header set X-Content-Type-Options nosniff
        Header set Referrer-Policy "no-referrer"
        Header set Strict-Transport-Security "max-age=31536000;           includeSubDomains; preload"
        Header unset Server
        Header unset X-Powered-By        RequestHeader set Front-End-Https "On"
        #----------------------#        ProxyMaxForwards 100
        ProxyPreserveHost On
        RewriteEngine On        <Proxy balancer://wso2ui>        
        BalancerMember https://apim1.mycompany.corp:9443
        BalancerMember https://apim2.mycompany.corp:9443
        ProxySet stickysession=JSESSIONID
        ProxySet lbmethod=bytraffic
        </Proxy>        <Proxy balancer://wso2https>
        BalancerMember https://apim1.mycompany.corp:8243
        BalancerMember https://apim2.mycompany.corp:8243
        </Proxy><Location /services>
    ProxyPass balancer://wso2https
    ProxyPassReverse balancer://wso2https
</Location><Location />
    ProxyPass balancer://wso2ui/
    ProxyPassReverse balancer://wso2ui/RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !(.*)/$
    RewriteRule ^(.*)$ http://api.mycompany.com.ar/$1/ [L,R=301]</Location><Location /carbon>
    Order deny,allow
    Include /etc/httpd/conf/whitelist/wso2.conf
    Include /etc/httpd/conf/blacklist/wso2.conf
</Location><Location /admin>
     Order deny,allow
     Include /etc/httpd/conf/whitelist/wso2.conf
     Include /etc/httpd/conf/blacklist/wso2.conf
</Location><Location /publisher>
      Order deny,allow
      Include /etc/httpd/conf/whitelist/wso2.conf
      Include /etc/httpd/conf/blacklist/wso2.conf
</Location></VirtualHost>

In this case we are using an active-active deployment of APIM, that’s why you see the Proxy balancer entries with two APIM servers.

Written by Gregorio Troncoso