Re: Hostname of Environment groups in APIGEEX

amitkhosla · 07-19-2023 10:12 PM

Hi Team,

I am trying to understand more about the environment groups' hostname.

Can you please guide me, if I make any hostname like "www.apigateway.com", what all pre-requisite for selecting this host name.

Will this be publicly available hostname? If so, is there any way to restrict the same?

Also, do I need to have this hostname unique across multiple orgs? Or can I have same hostname used against environment groups in different Orgs?

Thanks & Regards

Amit

dchiesa1

You can specify any hostname. It will work if and only if you have control over the domain for the hostname you specify, and can map it (via a CNAME record) to the ingress endpoint of your Apigee environment. You cannot specify "www.google.com" as the hostname, because you don't control that domain. that hostname is already mapped to a set of IP addresses, and you cannot change that.

So it should be something you control. Something your company controls. If you don't have a DNS service, then you can use nip.io or similar. This is a service that gives you automagic hostnames for a particular IP address.

Which IP address will you map your hostname to? The address of the load balancer you configured for your Apigee environment + organization. Find this in Google Cloud Console, under Network Services:

After you configure the hostname to map to that IP address, when you query the hostname, you should get that IP address back.

$ dig www.example.com

; <<>> DiG 9.10.6 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11340
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	19666	IN	A	93.184.216.34

;; Query time: 46 msec
;; SERVER: 192.168.86.1#53(192.168.86.1)
;; WHEN: Fri Jul 21 15:42:00 PDT 2023
;; MSG SIZE  rcvd: 60

In the above, I used www.example.com and the result was 93.184.216.34. For you it should be YOUR hostname, and the answer should be the IP of your external load balancer.

amitkhosla

Thanks @dchiesa1 ! And apologies for delayed reply.

Please correct me, but from your reply it seems we can only set the environment host name as the one for which we have DNS entry.

I am not really clear about the IP address you are mentioning.

Can I call any API using IP address of APIGEEX instance without environment group's host name?

And, can I use same environment group' hostname in multiple orgs?

Thanks & Regards

Amit

dchiesa1

it seems we can only set the environment host name as the one for which we have DNS entry.

Hmm this is a funny question. The environment (actually environment GROUP) host name is the hostname via which external apps will connect to YOUR apis. So .... yes, that is a hostname that you must control. You must have the ability to manage the DNS entry for that hostname. That makes sense right? People should connect to your APIs by a hostname you control. You would not want it any other way. I feel I may be misunderstanding your question, though.

I am not really clear about the IP address you are mentioning.

Hmm, well I'm sorry about that. It is the IP address of the load balancer that you configure for Apigee X. Read about that in the documentation. The path for requests is: client -> LB -> Apigee X instance -> upstream system. The client connects to THAT ip address in order to reach Apigee.

Can I call any API using IP address of APIGEEX instance without environment group's host name?

yes. Sort of. You can use the IP address to connect into the load balancer that you use for apigee X. So you do not need the hostname to reach the load balancer. But Apigee itself uses the hostname to determine which environment will service the request. So you need the hostname for the request to actually be serviced by an Apigee-managed API proxy.

If you somehow do not have a DNS domain that you want to use for this hostname, you can use the convenience DNS services like nip.io . Basically this service provides dynamic resolution of a name like "xyz.127.0.0.1.nip.io" to the IP Address of "127.0.0.1", and it works for any other address too. nip.ip maps <anything>.<IP Address>.nip.io to the corresponding <IP Address>. So if you know your LB IP address is 34.45.56.78, then you can use amitapis.34.45.56.78.nip.io as your DNS name, in the environment group. Then reach your API proxies via that hostname, and it just works.

can I use same environment group' hostname in multiple orgs?

No, that probably would not work. The environment group hostname must map to the IP address of the load balancer for your Apigee X project. That IP address will be unique to the Apigee organization. A second organization will have a second load balancer with a different IP Address.

If you want to do this, if you want to have multiple "organizations" publishing APIs , and have them be accessible at the same public DNS name, then I think you'd need to use a URL rewrite configuration in your load balancer.

@drebes1 or @strebel , one of you may have a comment here.

strebel

Great input as always @dchiesa1 !

The only thing I could think of is that whist you're obtaining a public DNS record for your env groups you could still go ahead and try your apis with curl and the --resolve flag.

With the parameters that dino mentioned you could have a hostname of envgroup1.example.com (Which is a DNS record you do not control, that's fine for now).

And then call the API with:

curl https://envgroup1.example.com/v1/my-proxy --resolve envgroup1.example.com:443:34.45.56.78

This is obviously only useful during development and troubleshooting. For production I'd strongly recommend you obtain DNS records for each of your env groups as Dino mentioned.