HTTP/HTTPS Listen Ports¶
By default API Umbrella will startup and listen on the default HTTP and HTTPS ports (80 and 443). If you’d like to run API Umbrella on different ports, you can make changes to the /etc/api-umbrella/api-umbrella.yml
config file:
http_port: 8080
https_port: 8443
Override Public Ports¶
If API Umbrella is placed behind a load balancer or other proxy, it should generally work without further configuration if the load balancer passes back the X-Forwarded-Proto
and X-Forwarded-Port
headers. These headers are commonly passed by other proxies by default, and it is the recommended approach to ensuring users see.
However, if your load balancer does not support sending back X-Forwarded-Proto
and X-Forwarded-Port
headers, and API Umbrella’s internal ports differ from the public-facing ports, then you can explicitly override the public-facing port and protocol. The following configuration options can be defined in /etc/api-umbrella/api-umbrella.yml
:
override_public_http_port
: Override the public port used when API Umbrella receives traffic on itshttp_port
listener.override_public_http_proto
: Override the public protocol (http
orhttps
) used when API Umbrella receives traffic on itshttp_port
listener.override_public_https_port
: Override the public port used when API Umbrella receives traffic on itshttps_port
listener.override_public_https_proto
: Override the public protocol (http
orhttps
) used when API Umbrella receives traffic on itshttps_port
listener.
As an example, if you’re terminating SSL outside of API Umbrella and sending all traffic to API Umbrella’s HTTP port, then you could force API Umbrella into thinking the traffic to API Umbrella’s HTTP port was originally received over HTTPS by overriding the public port and protocol for HTTP traffic:
override_public_http_port: 443
override_public_http_proto: https
However, note that in this case, API Umbrella has no way to distinguish between traffic that was originally HTTP or HTTPS (since they’re both received on API Umbrella’s HTTP port), so we’re assuming the SSL terminator has already forced all traffic to HTTPS.