HTTPS Configuration¶
By default, API Umbrella requires HTTPS for a variety of endpoints. On initial installation, API Umbrella will use as self-signed certificate which won’t be valid for production use. For production, you have two primary options:
SSL Termination: If you’re placing API Umbrella behind a load balancer in a multi-server setup, you can handle the SSL termination with that external load balancer.
SSL termination should work without any further configuration assuming your external load balancer passes the appropriate
X-Forwarded-Proto
andX-Forwarded-Port
headers to API Umbrella. If your load balancer does not support setting these headers, then see how you can override public ports.SSL Certificate Installation: You can configure API Umbrella with a valid SSL certificate, rather than the self-signed default one. To do so, install the certificates on your server, and then adjust the
/etc/api-umbrella/api-umbrella.yml
to point to these certificate files for your domain:hosts: - hostname: api.example.com default: true ssl_cert: /etc/ssl/your_cert.crt ssl_cert_key: /etc/ssl/your_cert.key
ssl_cert
should point to a valid certificate file in the format supported by nginx’sssl_certificate
.ssl_cert_key
should point to a valid private key file in the format supported by nginx’sssl_certificate_key
.