Configure virtual hosts
This topic discusses thevirtualhosts configuration property. Virtual hosts allow Apigee hybrid to handle API requests to hostaliases associated with an environment group. For more information, seeRouting and base paths in theAbout environments and environment groups topic.
...virtualhosts: - name: my-env-group sslCertPath: ./certs/fullchain.pem sslKeyPath: ./certs/privkey.key...
When an API proxy call comes, it is routed to the host alias(es) of the environment group where the API proxy is deployed.
For instructions on how to applyvirtualhosts to the cluster, seeApplying virtualhosts changes. For information about configuring TLS, seeConfiguring TLS and mTLS on the Istio ingress.
Adding multiple virtual hosts
Thevirtualhosts[] property is an array, and therefore you can create more than one.
...virtualhosts: - name: my-env-group-1 sslCertPath: ./certs/fullchain1.pem sslKeyPath: ./certs/privkey1.key - name: my-env-group-2 sslCertPath: ./certs/fullchain2.pem sslKeyPath: ./certs/privkey2.key...
For information about configuring TLS, seeConfiguring TLS and mTLS on the Istio ingress.
Applyingvirtualhosts changes
If you only add or change thevirtualhosts property, and nothing else, then you can apply those changes with the‑‑settings flag. This applies only forapigeectl; for Helm, we are applyingapigee-virtualhost with the appropriate variable.
Helm
helm upgradeENV_GROUP_NAME apigee-virtualhost/ \ --namespaceapigee \ --atomic \ --set envgroup=ENV_GROUP_NAME \ -fOVERRIDES_FILE.yaml
Error: UPGRADE FAILED: "ENV_GROUP_NAME" has no deployed releases, replaceupgrade withinstall and try the command again.apigeectl
$APIGEECTL_HOME/apigeectl apply -fOVERRIDES_FILE.yaml ‑‑settings virtualhosts
If you modify thevirtualhosts andenv settings, you need to apply the changes without usingENV_GROUP_NAME apigee-virtualhost/ for Helm and‑‑settings virtualhosts forapigeectl. Here's how to update the cluster:
Helm
Run
helm upgradeENV_NAME apigee-env/ \ --namespaceapigee \ --atomic \ --set env=ENV_NAME \ -fOVERRIDES_FILE.yaml
Then upgrade theapigee-virtualhost chart:
helm upgradeENV_GROUP_NAME apigee-virtualhost/ \ --namespaceapigee \ --atomic \ --set envgroup=ENV_GROUP_NAME \ -fOVERRIDES_FILE.yaml
Error: UPGRADE FAILED: "ENV_NAME" has no deployed releases, replaceupgrade withinstall and try the command again.apigeectl
$APIGEECTL_HOME/apigeectl apply -fOVERRIDES_FILE.yaml --envENV_NAME
or, to update the component for all environments:
$APIGEECTL_HOME/apigeectl apply -fOVERRIDES_FILE.yaml --all-envs
Then Apply the changes to the virtualhost:
$APIGEECTL_HOME/apigeectl apply -fOVERRIDES_FILE.yamlsettings virtualhosts
TLS keys and certificates
Thevirtualhost property requires a TLS key and certificate. The key/cert are used to provide secure communication with the ingress gateway and must be compatible with the host aliases used in the specified environment group.
It is up to you how you generate proper TLS certificate/key pairs for your hybrid configuration. The following topics are provided as samples only, intended primarily for trying out or testing a new hybrid installation if it isn't feasible to obtain TLS credentials in another way:
- SeeObtain TLS credentials for a set of sample steps for creating an authorized TLS certificate/key pair.
- You can use a self-signed certificate/key pair(s) for testing purposes only. SeeGenerate self-signed TLS credentials.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.