Send Docs Feedback

Note: Most user interface tasks can be performed in Edge Classic or the New Edge experience. For an overview, getting started topics, and release notes specific to the New Edge experience, see the docs.

Configuring Virtual Hosts FAQ

Edge Cloud customers can now create, modify, and delete virtual hosts. Previously, these actions had to be performed by Apigee Support.

Who can configure a virtual host in Edge Cloud?

Only a Cloud customer with a paid account can create, modify, and delete a virtual host. The user creating the virtual host must be in the role of organization administrator, or in a custom role with permissions to modify a virtual host. Users in other roles do not have authorization to create virtual hosts.

Free and trial accounts cannot create or modify virtual hosts and are limited to the virtual hosts created for them at Edge registration time. For more information on Edge pricing plans, see https://apigee.com/api-management/#/pricing.

What if I have an existing virtual host created by Apigee?

Existing Edge Cloud customers already have virtual hosts created by Apigee. With this Beta release, you can now modify those virtual hosts. However, review the requirements for modifying a virtual host at Configuring virtual hosts for the Cloud before you make any changes. 

Is TLS is required on all new virtual hosts in the Cloud? 

To create a virtual host, you must enable TLS on the virtual host. That means you must first create a keystore with the TLS cert and key before creating the virtual host.

See Configuring virtual hosts for the Cloud for more. 

Can I update the TLS cert used by a virtual host?

If you have a virtual host with an expiring TLS cert, then you can update the virtual host to use a different keystore that contains a valid cert.

However, that virtual host must be configured to use a reference to the keystore, and not the keystore name itself. If your virtual hosts currently uses a keystore name, then you must contact Apigee Support to restart the Edge Routers to complete the conversion of the virtual host to use a reference. 

What is a reference?

A reference is a variable that contains the name of the keystore. To change the keystore used by a virtual host, you update the reference variable, not the virtual host itself.

Older virtual hosts on Apigee Edge might not be configured to use references. In this case, you must request Apigee Support to update the virtual host to use a reference. Do not update a virtual host yourself to change it to use a reference.

How do I determine if my virtual host uses a reference?

To see information about a specific virtual host, use the Get Virtual Host API:

$ curl -X GET -H "accept:application/xml" \
https://api.enterprise.apigee.com/v1/o/{org_name}/e/{env_name}/virtualhosts/{vhost_name} \
-u orgAdminEmail:pWord

where vhost_name is the name of the virtual host. For example, you can specify the vhost_name as "secure" to see the configuration of the default secure virtual host:

<VirtualHost name="secure">
    <HostAliases>
        <HostAlias>orgname-prod.apigee.net</HostAlias>
    </HostAliases>
    <Interfaces/>
    <Port>443</Port>
    <Properties/>
    <SSLInfo>
        <ClientAuthEnabled>false</ClientAuthEnabled>
        <Enabled>true</Enabled>
        <KeyAlias>freetrial</KeyAlias>
        <KeyStore>ref://freetrial</KeyStore>
        <IgnoreValidationErrors>false</IgnoreValidationErrors>
    </SSLInfo>
</VirtualHost>

Notice that in this example, the value of the <KeyStore> element in the response begins with ref://. That prefix signifies that the keystore use a reference.

If the value of the <KeyStore> element is a string literal, then it does not use a reference. For example:

        <KeyStore>mykeystore</KeyStore>

Do not update a virtual host yourself to change it to use a reference. You must request Apigee Support to update the virtual host to use a reference.  After Apigee updates the virtual host to use a reference, you can then change the keystore by updating the reference varialbe. 

See Configuring virtual hosts for the Cloud for more. 

How do I create a virtual host?

Use the following procedure to create the virtual host:

  1. Create a DNS entry and CNAME record for your publicly facing domain that points to [org]-[environment].apigee.net. See "About host aliases and DNS names" at About virtual hosts for more.
  2. Create and configure a keystore by using the procedure as described in Creating keystores and truststore for the Cloud using the Edge UI
  3. Upload your cert and key to the keystore. 
  4. Create a reference to the keystore as described in Configuring virtual hosts for the Cloud.
  5. Create the virtual host by using the Create a Virtual Host API as described in Configuring virtual hosts for the Cloud. Make sure to specify the correct keystore reference.
  6. If you have any existing API proxies, add the virtual host to the <HTTPConnection> element in the ProxyEndpoint. The virtual host is added automatically to all new API proxies. See Updating an API proxy after creating a virtual host in About virtual hosts.

 

 

Help or comments?