I put WSO2 API Manager behind a nginx reverse proxy with SSL configured and I'm trying to login on carbon application, but aftering the page is redirect I'm receiving an error:
Error 403 - Forbidden
nginx.conf
location /api/ {
proxy_pass https://csm-wso2-apim:9443/;
proxy_http_version 1.1;
# don't cache it
proxy_no_cache 1;
# even if cached, don't try to use it
proxy_cache_bypass 1;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy headers
# Proxy timeouts
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
}
Carbon url:
https://dev-web-mtz.close-upinternational.com/api/carbon/admin/login.jsp
Aftering login is redirect to:
https://dev-web-mtz.close-upinternational.com/api/carbon/admin/login_action.jsp
PS: Browser is showing that the connection is secure
Java Version: 11.0.14
WSO2-API: 4.1.0
Make sure the configs align with the following.
deployment.toml
[server]
hostname = "dev-web-mtz.close-upinternational.com"
server_role = "default"
proxy_context_path = "/api"
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}/api"
In repository/resources/conf/templates/repository/conf/tomcat/carbon/WEB-INF/web.xml.j2
# Add within <web-app> at the top
<context-param>
<param-name>contextPath</param-name>
<param-value>api</param-value>
</context-param>
NginX Conf
location /api/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://localhost:9443/;
proxy_redirect https://dev-web-mtz.close-upinternational.com/carbon/ https://dev-web-mtz.close-upinternational.com/api/carbon/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}