Re: [Dev] APPM Internal Deployment is not working with two IDPs

Fri, 07 Aug 2015 01:13:49 -0700 

Yes this issue will be resolved if you use sticky session.

e.g

​upstream idphttps {
      sticky;
      server 192.168.57.178:9444;
        server 192.168.57.179:9444;

Nginx does not support sticky sessions by default. We can use
https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng module to enable
stickiness in nginx. It needs to re-compile the source including this
module and need to create a re-distributable package.

Regards,
Pavithra

On Fri, Aug 7, 2015 at 1:16 PM, Sajith Abeywardhana <saji...@wso2.com>
wrote:

> Hi Lakshani,
>
> User login process should be handle by single IDP node. When you configure
> 2 IDP nodes nginx will route the http/s request which relevant to single
> login process, to both IDPs. I guess that is the issue in here.
>
> One solution is, you can enable nginx session persistence using *sticky.* Then
> nginx identifies user sessions and routes the requests to the same upstream
> server.
>
> Did you check the nginx [/var/log/nginx/]access.log? You can verify by
> checking the access log whether the nginx route the request to both IDPs or
> not.
>
>
> *Sajith Abeywardhana* | Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka.
> Mobile: +94772260485
> Email: saji...@wso2.com | Web: www.wso2.com
>
> On Fri, Aug 7, 2015 at 12:08 AM, Lakshani Gamage <laksh...@wso2.com>
> wrote:
>
>>
>> Hi all,
>>
>> I am setting up an APPM internal deployment with following components.
>>
>> VM 1 : Store, Publisher, Gateway, IDP, svn
>>
>> VM2 :  Store, Publisher, Gateway, IDP, nginx, mysql server
>>
>> For above setup I used PoxyPort (443 and 80) for all components.  APPM
>> internal deployment setup is working fine with one IDP.
>>
>> Nginx Config file of IDP for working setup as follows.
>>
>>
>> upstream idphttps {
>>       server 192.168.57.178:9444;
>> }
>>
>> upstream idphttp {
>>         server 192.168.57.178:9764;
>> }
>>
>> #via HTTP
>> server {
>>         listen   80;
>>         server_name idp.appm.wso2.com;
>>
>>          location / {
>>            index index.html;
>>            proxy_set_header X-Forwarded-Host $host;
>>            proxy_set_header X-Forwarded-Server $host;
>>            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>>             proxy_set_header Host $http_host;
>>             proxy_read_timeout 5m;
>>             proxy_send_timeout 5m;
>>
>>            proxy_pass http://idphttp/;
>>            proxy_redirect http://idphttp/ http://idp.appm.wso2.com/;
>>        }
>>
>> }
>>
>>  #via HTTPS
>> server {
>>
>>        listen 443;
>>        server_name idp.appm.wso2.com;
>>
>>        ssl on;
>>        ssl_certificate /etc/nginx/ssl/nginx.crt;
>>        ssl_certificate_key /etc/nginx/ssl/nginx.key;
>>
>>       location / {
>>            index index.html;
>>            proxy_set_header X-Forwarded-Host $host;
>>            proxy_set_header X-Forwarded-Server $host;
>>            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>>             proxy_set_header Host $http_host;
>>             proxy_read_timeout 5m;
>>             proxy_send_timeout 5m;
>>
>>            proxy_pass https://idphttps/;
>>            proxy_redirect https://idphttps/ https://idp.appm.wso2.com/;
>>        }
>> }
>>
>>
>>
>> But If I use 2 IDPs, I can't login to IS server. There is no error logs
>> also.
>>
>> Nginx config file of IDP as follows.
>>
>>
>> ​​
>> upstream idphttps {
>>       server 192.168.57.178:9444;
>>         server 192.168.57.179:9444;
>> }
>>
>> upstream idphttp {
>>         server 192.168.57.178:9764;
>>         server 192.168.57.179:9764;
>> }
>>
>> #via HTTP
>> server {
>>         listen   80;
>>         server_name idp.appm.wso2.com;
>>
>>          location / {
>>            index index.html;
>>            proxy_set_header X-Forwarded-Host $host;
>>            proxy_set_header X-Forwarded-Server $host;
>>            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>>             proxy_set_header Host $http_host;
>>             proxy_read_timeout 5m;
>>             proxy_send_timeout 5m;
>>
>>            proxy_pass http://idphttp/;
>>            proxy_redirect http://idphttp/ http://idp.appm.wso2.com/;
>>        }
>>
>> }
>>
>>  #via HTTPS
>> server {
>>
>>        listen 443;
>>        server_name idp.appm.wso2.com;
>>
>>        ssl on;
>>        ssl_certificate /etc/nginx/ssl/nginx.crt;
>>        ssl_certificate_key /etc/nginx/ssl/nginx.key;
>>
>>       location / {
>>            index index.html;
>>            proxy_set_header X-Forwarded-Host $host;
>>            proxy_set_header X-Forwarded-Server $host;
>>            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>>             proxy_set_header Host $http_host;
>>             proxy_read_timeout 5m;
>>             proxy_send_timeout 5m;
>>
>>            proxy_pass https://idphttps/;
>>            proxy_redirect https://idphttps/ https://idp.appm.wso2.com/;
>>        }
>> }
>>
>>
>> Both IDPs(192.168.57.178:9444, 192.168.57.179:9444) are working
>> individually.  I need both of IDPs for internal deployment setup. Is there
>> any issue in Nginx config file for both IDP server?
>>
>> Thanks,
>> Lakshani
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Pavithra Madurangi*
Associate Technical Lead - QA.
WSO2 Inc.: http://wso2.com/
Mobile: 0777207357 / 0112747089

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to