Configuring a Single Node

This page walks you through how to manually configure and deploy WSO2 API Manager in a standalone single instance, without using a distributed or HA deployment patterns.

Single node deployment

Follow the instructions below to configure and deploy API-M using a single node:

Step 1 - Create a SSL certificate

Note

This step is optional based on the setup that you configure. All WSO2 products are by default shipped with a keystore file and truststore file (stored in the <PRODUCT_HOME>/repository/resources/security/ directory). The default keystore that is shipped with a WSO2 product ( wso2carbon.jks) is by default configured for all of the following purposes.

  • Authenticating the communication over Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols.
  • Encrypting sensitive data such as plain-text passwords found in both product-level and product feature-level configurations/configuration files using secure vault .

  • Encrypting and signing SOAP messages using WS-Security.

However, in a production environment, it is advised to set up several different keystores with separate trust chains for the above use cases. For more information, see Recommendations for setting up keystores in WSO2 products in the Administration Guide.

Create a SSL certificate on the WSO2 API Manager node. For more information, see Creating SSL Certificates in the Administration Guide.

Step 2 - Configure the load balancer

For information on configuring the load balancer see _Configuring the Proxy Server and the Load Balancer .

Step 3 - Configure the databases

For information on configuring the databases, see _Installing and Configuring the Databases .

Step 4 - Configure hostnames that are used to expose APIs

Note

This step is only required if you are using a hostname to expose APIs.

Click here for more information.

Add this hostname when you configure environments in the <API-M_HOME>/repository/conf/deployment.toml file. Update the endpoints with your chosen hostname as shown below. In this case we are using localhost as the hostname:

    [[apim.gateway.environment]]
    name = "Production and Sandbox"
    type = "hybrid"
    display_in_api_console = true
    description = "This is a hybrid gateway that handles both production and sandbox token traffic."
    show_as_token_endpoint_url = true
    service_url = "https://localhost:${mgt.transport.https.port}/services/"
    username= "${admin.username}"
    password= "${admin.password}"
    ws_endpoint = "ws://localhost:9099"
    wss_endpoint = "wss://localhost:8099"
    http_endpoint = "http://localhost:${http.nio.port}"
    https_endpoint = "https://localhost:${https.nio.port}"

Step 5 - Configure your deployment with production hardening

Ensure that you have taken into account the respective security hardening factors (e.g., changing and encrypting the default passwords, configuring JVM security etc.) before deploying WSO2 API-M. For more information, see the Production Deployment Guidelines in the Administration Guide.

Step 6 - Configure API-M Analytics

If you wish to view reports, statistics, and graphs related to the APIs deployed in the Store, you need to configure API-M Analytics. Follow the standard setup to configure API-M Analytics in a production setup, and follow the quick setup to configure API-M Analytics in a development setup.

Step 7 - Start the WSO2 API-M server

Note

Before you start the server

If you want to deploy WSO2 API-M using a hybrid single node deployment, where WSO2 Identity Server is used as the Key Manager while the rest of the WSO2 API-M components are all in one node, configure and start the Key Manager (e.g., configure and start WSO2 Identity Server as the Key Manager ) before starting the API-M server.

Start the server using the following standard start-up script. For more information, see Starting the server .

    cd <API-M_HOME>/bin/
    sh wso2server.sh
    cd <API-M_HOME>\bin\
    wso2server.bat --run
Top