Getting API (deployed on IBM APIC 5.0) to invoke Loopback application (deployed on Collective Members)

Question

I am using IBM APIC 5.0

I have setup the following. 1. IBM HTTP Server, WAS Plugin routing to MicroGateway 2. MicroGateway, running on Collectives 3. IBM HTTP Server, WAS Plugin routing to Provider Application 4. Provider Application, running on Collectives

Scenario 1 - Invoke Provider App URL directly

1. HTTPS request to IHS1/Plugin
2. Configure API to invoke the URL directly (e.g. http://:9081), without SSL
3. IHS1/Plugin (svr1:443) > MicroGateway (svr1:9081) > Loopback App (svr2:9081)
4. This works.

Scenario 2 - Invoke Provider App, indirectly via HTTP Server

1. HTTPS request to IHS1/Plugin
2. Set host header accordingly (as described in KnowledgeCenter)
3. Configure API to invoke the IHS URL (e.g. https://svr1:443), with SSL
4. IHS1/Plugin (svr1:443) > MicroGateway (svr1:9081) > IHS2/Plugin (svr2:443) > Loopback App (svr2:9081).
5. 503 error encountered.

The ihs2/plugin trace reveals the following:

[29/Sep/2016:12:55:59.40468] 00007ea3 fdd0b700 - ODR:DEBUG: matchVHost: enter - host=apidemo-57d22263e4b0171525a5042d-1474392568657.xxx, port=443 [29/Sep/2016:12:55:59.40470] 00007ea3 fdd0b700 - ODR:DEBUG: matchLongestURI: virtual host /cell/defaultCollective/vHostGroup/-vHost-apidemo-57d22263e4b0171525a5042d-1474392568657.xxx:-1 matched host apidemo-57d22263e4b0171525a5042d-1474392568657.xxx

This shows that the configured host header matches, and it is able to find the provider application server. Means that the dynamic routing works to certain extent.

[29/Sep/2016:12:55:59.40565] 00007ea3 fdd0b700 - ODR:DEBUG: checkIfTransportIsValid: endpoint name='/cell/defaultCollective/node/,%2Fhome%2Fusers%2Fadmin%2Fwlpn/server/apidemo-57d22263e4b0171525a5042d-1474392568657-1/transport/Https', port=9081 is valid

This shows that 9081 is a valid part and Https is selected.

[29/Sep/2016:12:55:59.40971] 00007ea3 fdd0b700 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_SOCKET_CLOSED(gsk rc = 420) PARTNER CERTIFICATE DN=No Information Available, Serial=No Information Available [29/Sep/2016:12:55:59.40982] 00007ea3 fdd0b700 - ERROR: GSK_INVALID_HANDLE [29/Sep/2016:12:55:59.40998] 00007ea3 fdd0b700 - ERROR: ws_common: websphereGetStream: Could not open stream

Then come the error. It's can SSL error. I suspect that currently the Provider application is not enabled with SSL.

Question on how to resolve this

1) How do I enable the loopback app with SSL. I follow this instruction, but it does not work for me because my loopback app is deployed on Collectives. https://github.com/strongloop/loopback-example-ssl

2) How do I configure the dynamic routing to use non-SSL http traffic instead?