Configure virtual hosts

You are currently viewing version 1.3 of the Apigee hybrid documentation.This version is end of life. You should upgrade to a newer version. For more information, seeSupported versions.

This topic discusses thevirtualhosts configuration property. Virtual hosts allow Apigee hybrid to handle API requests to hostaliases associated with an environment group. For more information, seeRouting and base paths in theAbout environments and environment groups topic.

...virtualhosts:  - name: my-env-group    sslCertPath: ./certs/fullchain.pem    sslKeyPath: ./certs/privkey.pem...

When an API proxy call comes, it is routed to the host alias(es) of the environment group where the API proxy is deployed.

For instructions on how to applyvirtualhosts to the cluster, seeApplying virtualhosts changes. For information about configuring TLS, seeConfiguring TLS and mTLS on the Istio ingress.

Adding multiple virtual hosts

Thevirtualhosts[] property is an array, and therefore you can create more than one.

...virtualhosts:  - name: my-env-group-1    sslCertPath: ./certs/fullchain.pem    sslKeyPath: ./certs/privkey.pem  - name: my-env-group-2    sslCertPath: ./certs/fullchain.pem    sslKeyPath: ./certs/privkey.pem...

For information about configuring TLS, seeConfiguring TLS and mTLS on the Istio ingress.

Applyingvirtualhosts changes

If you only add or change thevirtualhosts property, and nothing else, then you can apply those changes with the‑‑settings flag:

apigeectl apply -f overrides-file.yaml ‑‑settings virtualhosts

If, for example, you changevirtualhosts andenv, then you must apply the change without using‑‑settings, like this, to update the cluster. Forexample:

apigeectl apply -f overrides-file.yaml --envmy-environment

or, to update the component for all environments:

apigeectl apply -f overrides-file.yaml --all-envs

TLS keys and certificates

Thevirtualhost property requires a TLS key and certificate. The key/cert are used to provide secure communication with the ingress gateway and must be compatible with the host aliases used in the specified environment group.

It is up to you how you generate proper TLS certificate/key pairs for your hybrid configuration. The following topics are provided as samples only, intended primarily for trying out or testing a new hybrid installation if it isn't feasible to obtain TLS credentials in another way:

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.