Multiple HTTPS virtual hosts on the same port in a...

Report Inappropriate Content · 08-18-2016 07:15 PM

Is it allowed to have 2 HTTPS virtual hosts (one with the apigee.net DNS alias and the other with the customer’s DNS alias) on the same port 443 and have the former virtual host point to a keystore with the default Apigee GoDaddy cert and the latter point to a keystore with the customer’s cert?

The docs says: "Note: A router can listen to only one HTTPS connection per virtual host, on a specific port, with the specified cert. Therefore, multiple virtual hosts cannot use the same port number if TLS termination occurs on the router at the specified port." This is in http://docs.apigee.com/api-services/content/creating-virtual-host.

So I wanted to confirm if we can have only 1 HTTPS virtual host on a particular port per environment

Report Inappropriate Content

Hi @Sathish Balasubramaniyan

We can have multiple virtualHosts on same port with different HostAlias pointing to the respective keystores. I was able to configure this on one of the edge org.

frankliu1

This is supported but if your client is not SNI capable (all browsers are), you may get a certificate warning when accessing second VH since it will get the default apigee.net cert instead of the customer cert.

sgilson

Thanks Frank, I have updated the doc to say:

Note for Apigee for Private Cloud releases prior to 4.16.01: A Router can listen to only one HTTPS connection per virtual host, on a specific port, with the specified cert. Therefore, multiple virtual hosts cannot use the same port number if TLS termination occurs on the Router at the specified port.

Stephen

frankliu1

Thanks Stephen for the doc update!

I should've mentioned in my original post that this is supported, only with the nginx routers.

Multiple HTTPS virtual hosts on the same port in an environment