Solved: Apigee X and custom domain name

Arnaduga · 06-06-2022 07:23 AM

Hello

I'm trying to setup a custom domain name for my API proxies (not the developer portal).

I created a certificate and key via Let's Encrypt and Gandi (my DNS provider), using LEGO and the DNS challenge (it created by its own a TXT record via Gandi API) and generated 4 files: .crt, .issuer.crt, .json and .key.

I added the CRT and the KEY files in an Apigee X (eval) TLS Keystore and eveyrhing looks fine: I can browse the keys chains (3 in my case), expiration date is in 3 months, common subject is the custom domain name I'd like to have.

Then, I created a new Environment Group (no more Virtual Host on Apigee X) and set it with the expected hostname (only one in my case), with my environment.

I never had to mention the TLS Keystore (unlike a virtual host on Edge) and, unfortunately, it does not work ascertificate validation fails: the nip.io certificate seems to be used and then, is obviously misaligned with my custom domain.

What do I miss?

Thanks.

Arnaud

dknezic

This is different on Apigee X compared to Apigee Edge.

You need to configure a Google Cloud Load Balancer. This load balancer is where SSL will be terminated and will be where you configure your certificates.

Additionally between the Load Balancer and Apigee you will need virtual machines or PSC to route the traffic.

The wizard may have created some of the above already for you and you may just need to update the Load Balancer configuration for example. If in doubt, you can review your Load Balancer and Virtual Machines in your google cloud project and you can follow the steps under Configure Routing (Either of the external options ) here https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli#configure-routing

Note that PSC, the virtual machines and load balancers come with additional cost.

Edit: Since you mention you already have a nip.io host, I'm assuming this means there's already a Google Cloud Load Balancer - it should be sufficient for your to update your existing load balancer with your new host and certs

View solution in original post

dknezic

This is different on Apigee X compared to Apigee Edge.

You need to configure a Google Cloud Load Balancer. This load balancer is where SSL will be terminated and will be where you configure your certificates.

Additionally between the Load Balancer and Apigee you will need virtual machines or PSC to route the traffic.

The wizard may have created some of the above already for you and you may just need to update the Load Balancer configuration for example. If in doubt, you can review your Load Balancer and Virtual Machines in your google cloud project and you can follow the steps under Configure Routing (Either of the external options ) here https://cloud.google.com/apigee/docs/api-platform/get-started/install-cli#configure-routing

Note that PSC, the virtual machines and load balancers come with additional cost.

Edit: Since you mention you already have a nip.io host, I'm assuming this means there's already a Google Cloud Load Balancer - it should be sufficient for your to update your existing load balancer with your new host and certs

Arnaduga

Thank you for you feedback and the time spent to answer

I'll definitely look on LB side (and forget about Edge).

For the PSC, I read it is still in preview, so, not to be used in production, at least for the next few months 🙂