Apache Reverse Proxy Configuration for WSO2 API Manager

I recently have to dealt with WSO2 API Manager and the installation and configuration with a reverse proxy. In fact, I wanted to be able to use the store, publisher, dashboard with one public URL and the gateway with another public URL. Of course, I wanted to ensure that I only allowed https access on the apps and I didn’t want expose the carbon admin console, only available behind firewall.

I have found some documentation on the Internet but not exactly what I wanted to do :

Since I have encountered some problems and tested many configurations to figure out corrects settings, I have decided to publish a post about this story.


My need in picture

API Manager Architectural schema


Apache Configuration

This configuration has been tested with WSO2 API Manager 1.9 on RHEL 6.6 and Apache 2.2.15 and on Debian Jessie and Apache 2.4.10.

Apache modules pre-requisites

We need modules proxy, proxy_http, ssl and rewrite.

Virtuals hosts configuration

Below, configuration for the gateway virtual host.

And below configuration for apps virtual host.

Note 2 specials rules for store and publisher that needs to send some requests to registry (for example, to download pictures or resources linked to APIs).

Of course, we only expose apps ; we don’t expose carbon admin console or some others apps.

For now, that’s all I need. But I suppose that later I will have to expose other URI like/services or /oauth2. I will then edit this post in this case to update configuration.

WSO2 API Manager Configuration

In the API Manger, I needed to edit some configuration files :

In $APIM_HOME/repository/conf/tomcat/catalina-server.xml, add proxyPort and hostname in the SSL Connector :

In $APIM_HOME/repository/conf/axi2/axis2.xml, add proxyPort and hostname in the HTTP and HTTPS receiver :

In $APIM_HOME/repository/conf/api-manager.xml, modify Gateway URLs :

Following WSO2 Documentation, I also needed need to edit store and publisher configuration files :

In $APIM_HOME/repository/deployement/server/jaggeryapps/store/site/conf/site.json :

In $APIM_HOME/repository/deployement/server/jaggeryapps/publisher/site/conf/site.json :

Following Sanjeewa Malalgoda Blog, I also imported public SSL certificate into WSO2 keystore (but I didn’t see problems without doing this step).

Finally, Restart everything!


Curious software engineer. Love OSS and sharing.

2 Responses

  1. Muhamad Fahmi says:

    hi, could u pls help me. im now configuring API Manager to be publish by apache httpd

    1. what is the file to edit this? ; configuration for the gateway virtual host.
    2. what is the file to edit this? ; configuration for the apps virtual host.

Leave a Reply

Your email address will not be published. Required fields are marked *