Vhhosts in googlecloud apigee

Report Inappropriate Content · 08-18-2017 12:42 AM

I had installed apigee using gcp script in google cloud 5 node installation without Load balancer

I am tying to create and install self signed certificate and VHHosts for https , here are the steps i followed

I had created self-signed certificate as shown below

Step 1 : create self signed certificate

openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
create descriptor.propertis in /META-INF with contents certfile=myCert.pem keyfile=myKey.pem
jar -cf myKeystore.jar myCert.pem myKey.pem
jar -uf myKeystore.jar META-INF/descriptor.properties

Step 2 : upload into APIGEE

curl -H "Content-Type: text/xml" http://managementui:8080/v1/o/ASG/environments/test/keystores -d '<KeyStore name="myKeystore"/>' -u opdk@apigee.com:Secret123
curl -X POST -H "Content-Type: multipart/form-data" -F file="@myKeystore.jar" "http:// managementui:8080/v1/o/ASG/environments/test/keystores/{myKeystore}/keys?alias={asgtest}&password=Secure" -u username:password

step 3 : Create virtual hosts

curl -X POST -H "Content-Type:application/xml" \
http:// managementui:8080/v1/o/ASG/environments/test/virtualhosts \
-d '<VirtualHost name="Secure">
<HostAliases>
<HostAlias>? HostAlias> -- do we need to use load balancer port/router port here Please mention with port number
</HostAliases>
<BaseUrl> ? </BaseUrl> What is the URL needs to be used over here
<Interfaces/>
<Port>443</Port> -- what is the port number to be used over here
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>false</ClientAuthEnabled>
<KeyStore>ref://keystoreref</KeyStore>
<KeyAlias>asgtest</KeyAlias>
</SSLInfo>
</VirtualHost>' \
-u username:password

Please let me know answer for below configuration

<HostAlias>? HostAlias> -- do we need to use load balancer port/router port here Please mention with port number

</HostAliases>

<BaseUrl> ? </BaseUrl> What is the URL needs to be used over here

<Port>443</Port> -- what is the port number to be used over here

Report Inappropriate Content

Hi,

You don't need define the baseurl in the vhost definition. Although you can in 4.17.05 and going forward for a description please see: BaseURL in the 4.17.05 release notes.

Port 443 is the default HTTPS port so it's usually a good idea to stick with that.

Host alias is the virtual host name that the inbound requests are going to use. It is the DNS name you users will use to connect to your router. You can have multiple names.

So for example if you had a DNS pointing at your instance called "api.mycompany.com" that is what you'd have in your host alias value.

Also you need to make sure the cert you installed in your keystore covers your DNS name you want to use.

Report Inappropriate Content

We dont have a DNS

Do i need to use load balancer ip or router IP over here

and Do i need to enable 443 in Load balancer also

Feroz_Mahammad

@m.ramachandrashetty, If you configured Load balancer VIP ahead of Router(s) then you need to create virtual host using LB VIP and port. 443 is default port for https. If the Router is listening on a different port then you need to configure that port routing at LB. Hope it clarifies your query.