Configure Upstream HTTPS
TLS (Transport Layer Security) is a cryptographic protocol designed to secure communication between two parties, such as a web browser and a web server. Services often require TLS if traffic between the API gateway and upstream services is not considered secure or private.
This guide will show you how to configure TLS between APISIX and an upstream service.
Prerequisite(s)
- Install Docker.
- Install cURL to send requests to the services for validation.
- Install and run APISIX, or follow the Getting Started tutorial to start a new APISIX instance in Docker.
Create a Route With TLS Enabled
Create a route to an example upstream httpbin.org on its default HTTPS port 443
:
curl -i "http://127.0.0.1:9180/apisix/admin/routes" -X PUT -d '
{
"id": "quickstart-tls-upstream",
"uri": "/ip",
"upstream": {
"scheme": "https",
"nodes": {
"httpbin.org:443":1
},
"type": "roundrobin"
}
}'
❶ Configure scheme as https
❷ Configure port as 443
Test TLS between APISIX and Upstream
Send a request to the route:
curl -i -k "http://127.0.0.1:9080/ip"
An HTTP/1.1 200 OK
response verifies that APISIX has successfully established connection and communicated with the upstream service over HTTPS.
Next Steps
APISIX also supports TLS connection between clients and APISIX. See configure HTTPS between Client and APISIX.