Configure Upstream HTTPS
TLS (Transport Layer Security) is a cryptographic protocol designed to secure communication between two parties, such as a web browser and a web server. Services often require TLS if traffic between the API gateway and upstream services is not considered secure or private.
This guide will show you how to configure TLS between APISIX and an upstream service.
Prerequisite(s)
- Install Docker.
- Install cURL to send requests to the services for validation.
- Install and run APISIX, or follow the Getting Started tutorial to start a new APISIX instance in Docker.
Create a Route With TLS Enabled
Create a route to an example upstream httpbin.org on its default HTTPS port 443:
- Admin API
- ADC
curl -i "http://127.0.0.1:9180/apisix/admin/routes" -X PUT -d '
{
"id": "quickstart-tls-upstream",
"uri": "/ip",
"upstream": {
"scheme": "https",
"nodes": {
"httpbin.org:443":1
},
"type": "roundrobin"
}
}'
❶ Configure scheme as https
❷ Configure port as 443
services:
- name: httpbin Service
routes:
- uris:
- /ip
name: quickstart-tls-upstream
upstream:
type: roundrobin
scheme: https
nodes:
- host: httpbin.org
port: 443
weight: 1
❶ Configure scheme as https
❷ Configure port as 443
Synchronize the configuration to APISIX:
adc sync -f adc.yaml
Test TLS between APISIX and Upstream
Send a request to the route:
curl -i -k "http://127.0.0.1:9080/ip"
An HTTP/1.1 200 OK response verifies that APISIX has successfully established connection and communicated with the upstream service over HTTPS.
Next Steps
APISIX also supports TLS connection between clients and APISIX. See configure HTTPS between Client and APISIX.