Skip to main content

Version: 3.8.0

Configure Upstream HTTPS

TLS (Transport Layer Security) is a cryptographic protocol designed to secure communication between two parties, such as a web browser and a web server. Services often require TLS if traffic between the API gateway and upstream services is not considered secure or private.

This guide will show you how to configure TLS between APISIX and an upstream service.

TLS between APISIX and Upstream


  • Install Docker.
  • Install cURL to send requests to the services for validation.
  • Install and run APISIX, or follow the Getting Started tutorial to start a new APISIX instance in Docker.

Create a Route With TLS Enabled

Create a route to an example upstream on its default HTTPS port 443:

curl -i "" -X PUT -d '
"id": "quickstart-tls-upstream",
"uri": "/ip",
"upstream": {
"scheme": "https",
"nodes": {
"type": "roundrobin"

❶ Configure scheme as https

❷ Configure port as 443

Test TLS between APISIX and Upstream

Send a request to the route:

curl -i -k ""

An HTTP/1.1 200 OK response verifies that APISIX has successfully established connection and communicated with the upstream service over HTTPS.

Next Steps

APISIX also supports TLS connection between clients and APISIX. See configure HTTPS between Client and APISIX. Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.


API7 Cloud

SOC2 Type IRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation