Technical Articles

April 15, 2021 2 minute read

Reverse Proxy Configuration for SAP Business One API Gateway Service

When API Gateway service is used in the frontend web application there is a CORS issue to access the API Gateway Service as there is no option to enable CORS This blog post will guide you through the steps to configure Nginx reverse proxy for API Gateway Service to overcome the CORS issue

Install Nginx

Operating System: SUSE Linux

Open a terminal window and enter the following to install Nginx:

zypper install nginx

Once the installation is finished use the below command to enable the Nginx:

sudo systemctl enable nginx

Below mentioned are the commands to start, stop and check the Nginx status:

sudo systemctl start nginx

Once the above command is used Nginx engine is started you can use http://<HOSTNAME / IP ADDRESS>:80 URL to check. You should see the below info on the web page sometimes you might also see 403 forbidden no need to worry!

sudo systemctl stop nginx

sudo systemctl status nginx

Configuration

Navigate to /etc/nginx/conf.d and create a file with .conf extension

Maintain the reverse proxy rules in the created .conf file. Below mentioned are the proxy rules which I have used you can even modify them according to your scenario.


server {
   
    listen              443 ssl; 
    server_name        <HOSTNAME>;
    ssl_certificate     <filename>.crt; 
    ssl_certificate_key <filename>.key; # The private key file
    
    location / {
	
	if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' 'https://<HOSTNAME>:<PORT>' always;
	add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'application/json; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' 'https://<HOSTNAME>:<PORT>' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' 'https://<HOSTNAME>:<PORT>' always;
	add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
       proxy_pass https://https://<HOSTNAME>:<PORT>/; #API Gateway Service URL
       }


}

Restart the Nginx and check you should be able to access the API Gateway service on the Nginx HTTPS port

sudo systemctl restart nginx

Conclusion

In this blog post, I have covered Nginx installation in SUSE 15 Linux for configuring the reverse proxy to overcome the CORS issue for API Gateway Service.

I hope this blog post is helpful.

Thanks and Regards,

Srikanth

4 Comments

You must be Logged on to comment or reply to a post.

Taseeb Saeed

July 4, 2021 at 5:24 am

Thanks for sharing.

Regards,

Taseeb Saeed

Rahul Jain

July 4, 2022 at 3:21 pm

Thanks Srikanth Madhunantuni for sharing the post. I don't have the ssl certificate so what should i do ? i tried commenting the below code but its giving the following error -

#ssl_certificate     <filename>.crt; 
#ssl_certificate_key <filename>.key; # The private key file

Nginx error log -

Complete code in proxy.conf file

Please let me know where I am going wrong ?

Srikanth Madhunantuni

Blog Post Author

July 5, 2022 at 4:21 am

Hi Rahul,

If you don't have SSL certificate you can create a self signed certificate or else you can use http instead of https.

Just remove the SSL beside the port 443 and you can access using http

server {

listen 443;
server_name <HOSTNAME>;
#ssl_certificate <filename>.crt;
#ssl_certificate_key <filename>.key; # The private key file

}

Rahul Jain

July 6, 2022 at 8:20 am

Thanks Srikanth Madhunantuni it worked with non-ssl based but now I encountered with one more issue which is related to same site attribute cookie issue.

Screenshot 1 using Reverse Proxy [Default Port is 60000 but now its even working for other port, In my case the port is 8765

Screenshot 2- When I try to call LoadAuthorizedCRList but its stumble upon the following error - 401 Unauthorized.

After analysis I found the session id is not being passed authomatically so I belive its due to Same site attribute cookie issue which has been documentated in the following link - https://answers.sap.com/questions/13195075/api-gateway-cors-configuration.html

add_header 'Access-Control-Allow-Origin' $http_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
proxy_pass https://127.0.0.1:60000/;
proxy_cookie_flags SESSION "SameSite=None";

but once i added the following line proxy_cookie_flags SESSION "SameSite=None"; in the proxy.conf file I came across the following error -

Complete Configuration -

Error log -

Encountered with following error - unknown directive "proxy_cookie_flag", so need your inputs here.