Configuring Endpoints and Paths for Apps Deployed to a Private Space
| CloudHub 2.0 supports customizing public endpoints only for apps that are deployed to private spaces, not shared spaces. |
A private space routes requests from clients to apps deployed to the private space.
When you deploy an app to a private space, both public and private endpoints are created, but you can modify only the public endpoint.
An endpoint is the URL used to reach the app deployed to the private space,
for example https://my-app.example.com/. Public endpoints enable clients outside of the network to reach the app. Private endpoints are accessible only within the private network, a VPN, or transit gateway (TGW). To ensure an app is accessible only within the network, you can remove public endpoints.
You can customize how requests from clients reach the app by configuring:
-
Multiple custom public endpoints
The administrator specifies the domains that you can use for the public endpoints by configuring the TLS context in the private space settings. For information, see Configuring Domains and Certificates (TLS Context) for a Private Space.
-
Different paths for the app and the public endpoint URL
The path is the base path expected by the HTTP Listener in your app, for example
my-app.example.com/v1/api.For information, see HTTP Listener Reference - Mule 4.
You can also remove the public endpoint to ensure clients outside of the private network cannot make requests to the app.
Before You Begin
The administrator must set up the TLS contexts for the private space before you can configure the endpoints and paths for the app.
For information, see Configuring Domains and Certificates (TLS Context) for a Private Space.
Configure Multiple Public Endpoints
You can enable your app to be reached via multiple public endpoints, for example,
my-app.example.com and my-old-app.oldname.com.
To ensure that each endpoint name is unique, use the app-name placeholder in the subdomain,
or the path if the domain doesn’t include a wildcard.
|
To configure multiple public endpoints:
-
When deploying an app to a private space, click the Ingress tab.
If the app is already deployed:
-
From Anypoint Platform, select Runtime Manager > Applications.
-
Click the app name.
-
In the navigation menu, click Settings.
-
Click the Ingress tab.
-
-
Configure the first endpoint:
-
Select the first domain from the Domain drop-down list, for example
*.example.com.If the domain includes a wildcard, the Subdomain field becomes available.
-
Enter the subdomain, or enter the
my-appplaceholder in the Subdomain field to use the name of the app that you specified in the Application Name field as the subdomain.For information, see placeholders.
-
Enter the path where the HTTP Listener in the app is listening, for example
v1/api.
-
-
If you want to configure additional endpoints, click Add Endpoint and repeat steps 2.1 through 2.3.
-
Depending on the deployment status, choose either:
-
If you’re ready to deploy the application, click Deploy.
-
If this application is deployed, click Apply Changes.
-
-
Verify that the app can be reached at each configured endpoint.
Placeholders
The subdomain and path support the following optional lowercase placeholders:
| Placeholder | Resolves to |
|---|---|
|
Name of the app that you specified in the Application Name field when you deploy the app |
|
Business group ID associated with the app |
|
Environment that you deploy the app to |
Configure a Different Path for the App and the Public URL Endpoint
You can configure different paths for the app and the public URL endpoint.
For example, if the app is listening on my-app.example.com/v1/api and you
want the app to be reachable from the internet using my-app.example.com/api.
When you rewrite the path URL, the new path applies to all endpoints.
To configure different paths:
-
Click the Ingress tab.
-
In the Path field, enter the path where you want the app to be reachable, for example,
/api. -
In the Path Rewrite field, enter the base path expected by the HTTP Listener in your app, for example,
/v1/api. -
Click Apply Changes to create a new configuration for your application.
Remove a Public Endpoint
To remove a public endpoint:
-
From Anypoint Platform, select Runtime Manager > Applications.
-
Click the app name.
-
In the navigation menu, click Settings.
-
Click the Ingress tab.
-
In the endpoint link row, click X (Delete).
View the Private Endpoint for an App
A private endpoint is accessible from inside the same private space or through the VPN or transit gateway connection for the private space. You cannot make changes to the path or domain for a private endpoint.
To view or copy the URL for the private endpoint:
-
From Anypoint Platform, select Runtime Manager > Applications.
-
Click the app name.
-
In the navigation menu, click Settings.
-
Click the Ingress tab.
-
Hover over private endpoint.
Send Application-to-Application Requests within a Private Space
In a private space, every application replica exposes an endpoint inside the private space. When you enable inbound traffic, that endpoint is exposed externally.
Every application has a DNS record in the private space internal domain. For example, the DNS record for the application helloch2 in the 2abc2ce6-cce6-463b-afaa-a1979e3xxxxx environment is:
helloch2.2abc2ce6-cce6-463b-afaa-a1979e3xxxxx.svc.cluster.localBecause application replicas first search DNS records in the same domain before searching the parent domain, you need only the application name to send a request to another application in the same private space. If both applications are in the same namespace, you need only the application name:
http://helloch2:8081/helloIf required, replace http with https.