WSO2 API Manager 3.1.0 Apache reverse proxy

The WSO2 APIM documentation use almost exclusively nginx as reverse proxy. I haven’t found any example for this version of APIM behind an apache proxy, so here is a try:

ServerTokens Prod<virtualHost *:80>
ServerName api.mycompany.com.ar
UseCanonicalName On
<Proxy balancer://wso2http>
BalancerMember http://apim1.mycompany.corp:8280
BalancerMember http://apim2.mycompany.corp:8280
ProxySet lbmethod=bytraffic
</Proxy>
<Location /services>
ProxyPass balancer://wso2http
ProxyPassReverse balancer://wso2http
</Location>

</VirtualHost>
<VirtualHost *:443>ServerName api.mycompany.com.ar UseCanonicalName On
SSLProxyEngine On
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerExpire Off
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/conf/ssl_wildcard/WC_mycompany.com.ar.txt SSLCertificateKeyFile /etc/httpd/conf/ssl_wildcard/mycompany.com.ar.key SSLCertificateChainFile /etc/httpd/conf/ssl_wildcard/mediumcert.txt SSLCACertificateFile /etc/httpd/conf/ssl_wildcard/root.txt#----HEADERS CONTROL----#
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set Referrer-Policy "no-referrer"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header unset Server
Header unset X-Powered-By
RequestHeader set Front-End-Https "On"
#----------------------#
ProxyMaxForwards 100
ProxyPreserveHost On
RewriteEngine On
<Proxy balancer://wso2ui>
BalancerMember https://apim1.mycompany.corp:9443
BalancerMember https://apim2.mycompany.corp:9443
ProxySet stickysession=JSESSIONID
ProxySet lbmethod=bytraffic
</Proxy>
<Proxy balancer://wso2https>
BalancerMember https://apim1.mycompany.corp:8243
BalancerMember https://apim2.mycompany.corp:8243
</Proxy>
<Location /services>
ProxyPass balancer://wso2https
ProxyPassReverse balancer://wso2https
</Location>
<Location />
ProxyPass balancer://wso2ui/
ProxyPassReverse balancer://wso2ui/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://api.mycompany.com.ar/$1/ [L,R=301]</Location>
<Location /carbon>
Order deny,allow
Include /etc/httpd/conf/whitelist/wso2.conf
Include /etc/httpd/conf/blacklist/wso2.conf
</Location>
<Location /admin>
Order deny,allow
Include /etc/httpd/conf/whitelist/wso2.conf
Include /etc/httpd/conf/blacklist/wso2.conf
</Location>
<Location /publisher>
Order deny,allow
Include /etc/httpd/conf/whitelist/wso2.conf
Include /etc/httpd/conf/blacklist/wso2.conf
</Location>
</VirtualHost>

In this case we are using an active-active deployment of APIM, that’s why you see the Proxy balancer entries with two APIM servers.

Sysadmin and OSS enthusiast