I had installed apigee using gcp script in google cloud 5 node installation without Load balancer
I am tying to create and install self signed certificate and VHHosts for https , here are the steps i followed
I had created self-signed certificate as shown below
Step 1 : create self signed certificate
Step 2 : upload into APIGEE
step 3 : Create virtual hosts
curl -X POST -H "Content-Type:application/xml" \
http:// managementui:8080/v1/o/ASG/environments/test/virtualhosts \
-d '<VirtualHost name="Secure">
<HostAliases>
<HostAlias>? HostAlias> -- do we need to use load balancer port/router port here Please mention with port number
</HostAliases>
<BaseUrl> ? </BaseUrl> What is the URL needs to be used over here
<Interfaces/>
<Port>443</Port> -- what is the port number to be used over here
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>false</ClientAuthEnabled>
<KeyStore>ref://keystoreref</KeyStore>
<KeyAlias>asgtest</KeyAlias>
</SSLInfo>
</VirtualHost>' \
Please let me know answer for below configuration
<HostAlias>? HostAlias> -- do we need to use load balancer port/router port here Please mention with port number
</HostAliases>
<BaseUrl> ? </BaseUrl> What is the URL needs to be used over here
<Interfaces/>
<Port>443</Port> -- what is the port number to be used over here
Hi,
You don't need define the baseurl in the vhost definition. Although you can in 4.17.05 and going forward for a description please see: BaseURL in the 4.17.05 release notes.
Port 443 is the default HTTPS port so it's usually a good idea to stick with that.
Host alias is the virtual host name that the inbound requests are going to use. It is the DNS name you users will use to connect to your router. You can have multiple names.
So for example if you had a DNS pointing at your instance called "api.mycompany.com" that is what you'd have in your host alias value.
Also you need to make sure the cert you installed in your keystore covers your DNS name you want to use.
We dont have a DNS
Do i need to use load balancer ip or router IP over here
and Do i need to enable 443 in Load balancer also
@m.ramachandrashetty, If you configured Load balancer VIP ahead of Router(s) then you need to create virtual host using LB VIP and port. 443 is default port for https. If the Router is listening on a different port then you need to configure that port routing at LB. Hope it clarifies your query.