Create multiple domains for an API

sarthak
Participant V

I want to create multiple domains for my API. for example internal.mydomain1.com and external.externaldomain.com both should call the same api proxy. How to do that for an on-prem scenario.

I think we will do it via VHOSTS. But anyone any tips on whether to create multiple vhosts or any other best practices ?

Solved Solved
0 7 1,906
2 ACCEPTED SOLUTIONS

@sarthak if I understand correctly, what you need to do is add more than one hostname alias to the same virtual host definition.

How you do this depends whether you want to create a new virtual host or update an existing one.

Create New:

curl -X POST -H "Content-Type:application/json" \
http://{ms-ip}:8080/v1/o/{org}/environments/{env}/virtualhosts \
-d '{
  "name": "{vhostname}",
  "hostAliases": ["{alias1:port}", "{alias2:port}"],
  "port": "{portnumber}"
}' \
-u {sysadmin email}:{sysadmin password}

If you want to configure interfaces and /or SSL parameters then those can be added as well. See: Create a Virtual Host for more details.

Update Existing:

The main thing here is you need to confirm current virtual host configuration because you need to include whatever existing configs you want to retain along with the extra config in the put.

GET existing virtual host configuration:

curl -v "http://{ms-ip}:8080/v1/organizations/{org}/environments/{env}/virtualhosts/{vhostname}" -u {sysadmin email}:{sysadmin password}

PUT updated virtual host configuration:

curl -X PUT -H "Content-Type:application/json" \
http://{ms-ip}:8080/v1/o/{org}/environments/{env}/virtualhosts/{vhostname} \
-d '{
  "name": "{vhostname}",
  "hostAliases": [{alias1:port}", "{alias2:port}", {alias3:port}"],
  "port": "9008"
}' \
-u {sysadmin email}:{sysadmin password}

As above, there are additional parameters, refer to Update a Virtual Host for more details.

And one last reference, there's some extra details along with other reference links on the other configuration you might need if you're using SSL, for example the trust store and key store updates along with XML versions of above available in the following: Creating a virtual host for a Private Cloud installation

View solution in original post

adas
Participant V

@sarthak It actually depends on why you need 2 domains. If you want both the domains to work exactly the same way and not perform specific checks or nuances, then what @mschreuder suggested would work. You can create or update the virtualhost definition with multiple hostAliases so that myapi.external.com as well as myapi.internal.com both would work and route traffic to your proxies.

If you want to have some specific logic based on the domains, then the solution might vary. For example, let's say in the above example for requests coming from internal domain you do not want to perform any ssl handshake and simply allow http (maybe because the myapi.internal.com is a trusted network that resolves only within that network and you don't need any additional security), whereas for traffic coming in as myapi.external.com, you want to enforce northbound ssl so that your apis are secure. In such a case you would have to use different virtualhosts which means different ports - like we have default (80) and secure (443) on our cloud.

I have a feeling that your requirement is the latter, so this might work for you. Also remember you could do all sorts of magic with a load balancer in front (ELB, HAProxy, nginx etc) which can totally off-load all this complexity to the LB or routing layer than having to absorb this in the Apigee. It depends on the use-case and the operational challenges specific to the implementation that you choose.

However, I wouldn't recommend having separate proxy for serving each domain, that would be the ultimate nightmare because then you are essentially maintaining 2 copies of the same thing and deploying them individually which adds to maintenance overhead, cost, probability of failures and manual errors. You should either stick to one of the above - multiple host aliases or different virtualhosts. You can change the virtual host definitions, without modifying your proxies so the operational and implementation challenges are completely separated out.

View solution in original post

7 REPLIES 7

Not applicable

so....

i believe my answer to this other question will help you: https://community.apigee.com/questions/11464/healt...

instead of adding ip addresses and ports, just add new hostnames.

I take no responsibility for how to configure DNS.

Thanks for the pointer @Benjamin Goldman .. I was more curious to understand if there should be multiple aliases against a single VH or we should create different VH, or we should separate them out by proxies i.e. have a dedicated proxy for my internal traffic and a separate one for external etc. What would be the best practices ?

thats a very different question from how i interpreted it. I suspect there are going to be different cases that demand different solutions 😞

Yaah I should probably clarify my question. Thanks for the quick response @Benjamin Goldman

@sarthak if I understand correctly, what you need to do is add more than one hostname alias to the same virtual host definition.

How you do this depends whether you want to create a new virtual host or update an existing one.

Create New:

curl -X POST -H "Content-Type:application/json" \
http://{ms-ip}:8080/v1/o/{org}/environments/{env}/virtualhosts \
-d '{
  "name": "{vhostname}",
  "hostAliases": ["{alias1:port}", "{alias2:port}"],
  "port": "{portnumber}"
}' \
-u {sysadmin email}:{sysadmin password}

If you want to configure interfaces and /or SSL parameters then those can be added as well. See: Create a Virtual Host for more details.

Update Existing:

The main thing here is you need to confirm current virtual host configuration because you need to include whatever existing configs you want to retain along with the extra config in the put.

GET existing virtual host configuration:

curl -v "http://{ms-ip}:8080/v1/organizations/{org}/environments/{env}/virtualhosts/{vhostname}" -u {sysadmin email}:{sysadmin password}

PUT updated virtual host configuration:

curl -X PUT -H "Content-Type:application/json" \
http://{ms-ip}:8080/v1/o/{org}/environments/{env}/virtualhosts/{vhostname} \
-d '{
  "name": "{vhostname}",
  "hostAliases": [{alias1:port}", "{alias2:port}", {alias3:port}"],
  "port": "9008"
}' \
-u {sysadmin email}:{sysadmin password}

As above, there are additional parameters, refer to Update a Virtual Host for more details.

And one last reference, there's some extra details along with other reference links on the other configuration you might need if you're using SSL, for example the trust store and key store updates along with XML versions of above available in the following: Creating a virtual host for a Private Cloud installation

Thank you so much this solve our issue ! 😍

adas
Participant V

@sarthak It actually depends on why you need 2 domains. If you want both the domains to work exactly the same way and not perform specific checks or nuances, then what @mschreuder suggested would work. You can create or update the virtualhost definition with multiple hostAliases so that myapi.external.com as well as myapi.internal.com both would work and route traffic to your proxies.

If you want to have some specific logic based on the domains, then the solution might vary. For example, let's say in the above example for requests coming from internal domain you do not want to perform any ssl handshake and simply allow http (maybe because the myapi.internal.com is a trusted network that resolves only within that network and you don't need any additional security), whereas for traffic coming in as myapi.external.com, you want to enforce northbound ssl so that your apis are secure. In such a case you would have to use different virtualhosts which means different ports - like we have default (80) and secure (443) on our cloud.

I have a feeling that your requirement is the latter, so this might work for you. Also remember you could do all sorts of magic with a load balancer in front (ELB, HAProxy, nginx etc) which can totally off-load all this complexity to the LB or routing layer than having to absorb this in the Apigee. It depends on the use-case and the operational challenges specific to the implementation that you choose.

However, I wouldn't recommend having separate proxy for serving each domain, that would be the ultimate nightmare because then you are essentially maintaining 2 copies of the same thing and deploying them individually which adds to maintenance overhead, cost, probability of failures and manual errors. You should either stick to one of the above - multiple host aliases or different virtualhosts. You can change the virtual host definitions, without modifying your proxies so the operational and implementation challenges are completely separated out.