WSO2 - disable HTTPS

☆樱花仙子☆ 提交于 2020-01-13 06:09:10

问题


How can I disable HTTPS for WSO2 Api Manager (admin/gw/other components)? We want to SSL-terminate on our front load-balancers - and not on the end WSO2-products. If I visit port 9763 I'll get redirected to 9443. We're running 2.1.0 deployed with the docker-images.


回答1:


You have to do the following,

  1. Go to the $WSO2_HOME/repository/conf and open carbon.xml, and uncomment

    <EnableHTTPAdminConsole>true</EnableHTTPAdminConsole> 
    
  2. Disable secure cookie parameter in $WSO2_HOME/repository/conf/tomcat/carbon/WEB-INF/web.xml file as well.

    <session-config> 
     <cookie-config> 
      <secure>false</secure> 
     </cookie-config> 
    </session-config>
    



回答2:


Assuming the system configuration of David doesn't introduce security issues following should work. (If the load balancers and WSO2 products are in the same private network or VPC there should be no additional security problems)

Note: Following approaches were tested with single tenant (super tenant) scenario only.

  1. For the carbon console, the approach Abimaran has suggested should work.
  2. For the store component couple of changes are required.

Replace the content in repository/deployment/server/jaggeryapps/store/site/themes/wso2/templates/user/login/redirector.jag with following.

<%
include("/jagg/jagg.jag");
var site = require("/site/conf/site.json");

var tenant = jagg.getTenantDomain();
var queryString = "";

session.put("showLogin", "true");
session.put("redirectToHTTPS", jagg.getHttpsUrl("/site/pages/login.jag")+queryString);
response.sendRedirect(jagg.getHttpsUrl("/site/pages/login.jag") + queryString);
%>

Replace the getHttpsUrl function definition in repository/deployment/server/jaggeryapps/store/jagg/jagg.jag

var getHttpsUrl = function(path, parameters){
    var hostname = "";
    var requestSegments = getRequestSegments();
    var protocol = "https://";
    mod = jagg.module("manager");
    var requestUrl = request.getRequestURL();

    if(requestUrl.indexOf("https://") != -1 ){
        hostname = mod.getHTTPsURL();
        hostname = hostname.replace("https://","");
    } else if (requestUrl.indexOf("http://") != -1 ) {
        hostname = mod.getHTTPURL();
        hostname = hostname.replace("http://","");
        protocol = "http://";
    }

    // if the site is fronted by a proxy server
    if(isReverseProxyEnabled()){
         hostname = site.reverseProxy.host ;
         //if a custom https port is used
         if(site.reverseProxy.hosts_port){
            hostname = hostname + ":" + site.reverseProxy.hosts_port;
         }
    }        

    return protocol + hostname + url(path, parameters);
}
  1. For the publisher component, the following change should be done.

repository/deployment/server/jaggeryapps/publisher/site/themes/wso2/templates/user/login/template.jag

replace the part

<%      if(request.isSecure()){

        if(jagg.getUser() != null){
            response.sendRedirect('index.jag');
        }
%>

with

<%      if(true){

        if(jagg.getUser() != null){
            response.sendRedirect('index.jag');
        }
%>

Note: The security totally depends on the system architecture. Additionally, the above configurations are independent. If you need to let https access to all components then do all. For particular one, the respective configuration alone should work.

Hope it helps.



来源:https://stackoverflow.com/questions/42881109/wso2-disable-https

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!