WSO2 API Manager(wso2am-4.1.0) - Cannot Login to Publisher and Devportal After Changing the Default Hostname
Question
I'm using wso2am-4.1.0 and I changed the default hostname and defined a proxy port. Further, I fronted the APIM using an Nginx. However, once I try to login to the publisher or access the devportal, it fails due to authenticationendpoint being not found (probably the redirection to a certain endpoint fails).
deployment.toml
hostname = "<mydomain>"
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
server_role = "default"
[transport.https.properties]
proxyPort = 443
Error in the browser network console
Any viable solution for this is highly appreciated. Thanks in advance.
Update:
Nginx Configuration
server {
listen 80;
server_name <MY_DOMAIN>;
return 301 https://<MY_DOMAIN>$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/<MY_CER>.cer;
ssl_certificate_key /etc/nginx/ssl/<MY_KEY>.key;
access_log /var/log/nginx/<CONF>.access.log;
error_log /var/log/nginx/<CONF>.error.log debug;
server_name <MY_DOMAIN>;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header X-XSS-Protection "1; mode=block";
add_header 'Referrer-Policy' 'origin';
#add_header Content-Security-Policy "default-src 'self';" always;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
return 301 https://<MY_DOMAIN>/authenticationendpoint/;
}
location /authenticationendpoint {
limit_except GET HEAD POST { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location /logincontext {
limit_except GET HEAD POST { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location /oidc {
limit_except GET HEAD POST { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location /oauth2 {
limit_except GET HEAD POST { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location /commonauth {
limit_except GET HEAD POST { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location /publisher {
limit_except GET HEAD POST PUT { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location /devportal {
limit_except GET HEAD POST PUT { deny all; }
proxy_pass https://xx.x.x.x:9443;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}
1 answers
solution1
1 2022-06-23 16:13:39
From your config, I can't exactly tell what's going on. But your 404 is being generated from the authenticationendpoint it seems. For example, if you try to call the authenticationendpoint with an invalid path you will see a 404.
curl https://localhost:9443/authenticationendpoint => 302
curl https://localhost:9443/authenticationendpoint/xxx => 404
So I suspect given you have a default localtion block( location / ) in your NginX to redirect to authenticationendpoint in your request flow something is redirected to the default block. Hence you are getting the 404. I would suggest checking this in the Network traces in the browser console.
Also, another important thing you have missed is, you have to add a location block to capture requests to /api as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.