WSO2 API Manager - login_action.jsp - Error 403 - Forbidden

Question

I put WSO2 API Manager behind a nginx reverse proxy with SSL configured and I'm trying to login on carbon application, but aftering the page is redirect I'm receiving an error:

Error 403 - Forbidden

nginx.conf

location /api/ {
     proxy_pass  https://csm-wso2-apim:9443/;
     proxy_http_version                 1.1;
     # don't cache it
     proxy_no_cache                     1;
     # even if cached, don't try to use it
     proxy_cache_bypass                 1;

     # Proxy headers
     proxy_set_header Upgrade           $http_upgrade;
     proxy_set_header Connection        "upgrade";
     proxy_set_header Host              $host;
     proxy_set_header X-Real-IP         $remote_addr;
     proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Host  $host;
     proxy_set_header X-Forwarded-Port  $server_port;
     # Proxy headers

     # Proxy timeouts
     proxy_connect_timeout              3600s;
     proxy_send_timeout                 3600s;
     proxy_read_timeout                 3600s;
}

Carbon url:
https://dev-web-mtz.close-upinternational.com/api/carbon/admin/login.jsp

Aftering login is redirect to:
https://dev-web-mtz.close-upinternational.com/api/carbon/admin/login_action.jsp

PS: Browser is showing that the connection is secure

Java Version: 11.0.14
WSO2-API: 4.1.0

Answer 1

Make sure the configs align with the following.

deployment.toml

[server]
hostname = "dev-web-mtz.close-upinternational.com"
server_role = "default"
proxy_context_path = "/api"
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}/api"

In repository/resources/conf/templates/repository/conf/tomcat/carbon/WEB-INF/web.xml.j2

# Add within <web-app> at the top
<context-param>
      <param-name>contextPath</param-name>
      <param-value>api</param-value>
</context-param>

NginX Conf

location /api/ {
          proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_read_timeout 5m;
            proxy_send_timeout 5m;

            proxy_pass https://localhost:9443/;
            proxy_redirect https://dev-web-mtz.close-upinternational.com/carbon/ https://dev-web-mtz.close-upinternational.com/api/carbon/;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
}