GUI
commented
8 years ago Yes, multi-tenancy across multiple domains is one of the primary things we aim to support. As an example, api.data.gov serves both https://api.nasa.gov and https://developer.nrel.gov (among others) from a single API Umbrella cluster. I'll try to get some better documentation written on this subject, but there's typically not much to it other than pointing a CNAME to your servers. API Umbrella will then route based on that hostname, so you can setup API Backends using that hostname, or API Scopes to limit admin permissions, and everything should work as expected.
The only real trick to getting this setup is SSL, where there are several options. A couple primary ones we've used:
- Terminate SSL in front of API Umbrella for each domain (so for example, you might have one Amazon ELB per domain to handle SSL, but they could all point to the same API Umbrella instance).
- If you only have a single IP address, but you're okay with SNI-only SSL support, then API Umbrella can handle any number SSL certs in a single instance with the normal HTTPS configuration.
- Related to SNI support, we're experimenting with the possibility of auto-provisioning SSL certs from Let's Encrypt so no SSL cert purchasing or configuration is necessary. No concrete plans on this yet, but this would eliminate the main manual step in CNAME setup (SSL).
jykae
kyyberi
bajiat
At a conference, we were asked whether API Umbrella (and Apinf) can be configured to use a CNAME domain. On the spot, I intuitively answered 'yes', but am unsure if the implications in retrospect.
What are some considerations when configuring a CNAME domain for an existing API Umbrella instance?