Hi Lakshani, User login process should be handle by single IDP node. When you configure 2 IDP nodes nginx will route the http/s request which relevant to single login process, to both IDPs. I guess that is the issue in here.
One solution is, you can enable nginx session persistence using *sticky.* Then nginx identifies user sessions and routes the requests to the same upstream server. Did you check the nginx [/var/log/nginx/]access.log? You can verify by checking the access log whether the nginx route the request to both IDPs or not. *Sajith Abeywardhana* | Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka. Mobile: +94772260485 Email: [email protected] | Web: www.wso2.com On Fri, Aug 7, 2015 at 12:08 AM, Lakshani Gamage <[email protected]> wrote: > > Hi all, > > I am setting up an APPM internal deployment with following components. > > VM 1 : Store, Publisher, Gateway, IDP, svn > > VM2 : Store, Publisher, Gateway, IDP, nginx, mysql server > > For above setup I used PoxyPort (443 and 80) for all components. APPM > internal deployment setup is working fine with one IDP. > > Nginx Config file of IDP for working setup as follows. > > > upstream idphttps { > server 192.168.57.178:9444; > } > > upstream idphttp { > server 192.168.57.178:9764; > } > > #via HTTP > server { > listen 80; > server_name idp.appm.wso2.com; > > location / { > index index.html; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > proxy_read_timeout 5m; > proxy_send_timeout 5m; > > proxy_pass http://idphttp/; > proxy_redirect http://idphttp/ http://idp.appm.wso2.com/; > } > > } > > #via HTTPS > server { > > listen 443; > server_name idp.appm.wso2.com; > > ssl on; > ssl_certificate /etc/nginx/ssl/nginx.crt; > ssl_certificate_key /etc/nginx/ssl/nginx.key; > > location / { > index index.html; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > proxy_read_timeout 5m; > proxy_send_timeout 5m; > > proxy_pass https://idphttps/; > proxy_redirect https://idphttps/ https://idp.appm.wso2.com/; > } > } > > > > But If I use 2 IDPs, I can't login to IS server. There is no error logs > also. > > Nginx config file of IDP as follows. > > > upstream idphttps { > server 192.168.57.178:9444; > server 192.168.57.179:9444; > } > > upstream idphttp { > server 192.168.57.178:9764; > server 192.168.57.179:9764; > } > > #via HTTP > server { > listen 80; > server_name idp.appm.wso2.com; > > location / { > index index.html; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > proxy_read_timeout 5m; > proxy_send_timeout 5m; > > proxy_pass http://idphttp/; > proxy_redirect http://idphttp/ http://idp.appm.wso2.com/; > } > > } > > #via HTTPS > server { > > listen 443; > server_name idp.appm.wso2.com; > > ssl on; > ssl_certificate /etc/nginx/ssl/nginx.crt; > ssl_certificate_key /etc/nginx/ssl/nginx.key; > > location / { > index index.html; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > proxy_read_timeout 5m; > proxy_send_timeout 5m; > > proxy_pass https://idphttps/; > proxy_redirect https://idphttps/ https://idp.appm.wso2.com/; > } > } > > > Both IDPs(192.168.57.178:9444, 192.168.57.179:9444) are working > individually. I need both of IDPs for internal deployment setup. Is there > any issue in Nginx config file for both IDP server? > > Thanks, > Lakshani > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
