Setting 2way SSL between Apigee and Django app

Not applicable

Hello,

I want to set 2way SSL between Apigee Proxy and Django App which is served by waitress.

I imported 3 certifies(root, intermediate, leap) on my backend server.

If I set SSL between Apigee and Django app, Do I also have to set https configuration for the application as well? (Like, editing configuration file for <VirtualHost> Block on Apache server)

Currently, when I access endpoint through Apigee proxy, it returns 504 timeout error message as below.

{"fault":{"faultstring":"Bad Gateway","detail":{"errorcode":"messaging.adaptors.http.flow.BadGateway"}}}

Is there any one who has experience setting up SSL for Django App? Any tips for me? Thanks

Solved Solved
0 5 545
1 ACCEPTED SOLUTION

rmishra
Participant V

Assuming that your Django app is the Apigee API Target. You will need to provide much more details to get help.

1. Is this a one way or two way TLS ?

Have you tried

  1. debugging network connectivity between the Apigee Message Processor and the Django app?
  2. Troubleshooting the TLS handshake ? Look at the message processor logs for why it fails to connect, on the Django app side see it a handshake is initiated at all? If yes, why is it rejected or getting hung?

View solution in original post

5 REPLIES 5

rmishra
Participant V

Assuming that your Django app is the Apigee API Target. You will need to provide much more details to get help.

1. Is this a one way or two way TLS ?

Have you tried

  1. debugging network connectivity between the Apigee Message Processor and the Django app?
  2. Troubleshooting the TLS handshake ? Look at the message processor logs for why it fails to connect, on the Django app side see it a handshake is initiated at all? If yes, why is it rejected or getting hung?

This is two way TLS.
How do I debug the network connectivity between the Apigee Message Processor and the Django App?


Assuming you are leveraging an On Prem installation of Apigee

From each Apigee Message Processor - make a curl request from the server to your DJango app, use the curl options to provide cert and CA.

That should tell you why the TLS handshake is failing or if they are any routing issues(firewall, etc.)

I don't have Apigee Message Processor and Nginx on my server. Is it required to have to set SSL? Especially, Nginx?

Can you provide what apigee stack/topology & components are you running?

Check below docs for Configuring two-way TLS to the backend server

https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service#conf...

To debug run tcpdump

tcpdump host <<backend target server>> and port <<port_number>> -w dump.out

analyze dump.out in wireshark..