In diesem Thema wird das Konfigurationsattribut virtualhosts erläutert.
Mit virtuellen Hosts kann Apigee Hybrid API-Anfragen an Hostaliasse einer Umgebungsgruppe verarbeiten. Weitere Informationen finden Sie unter Routing und Basispfade im Thema Umgebungen und Umgebungsgruppen.
Wenn Sie nur das virtualhosts-Attribut hinzufügen oder ändern, können Sie diese Änderungen mit dem Flag ‑‑settings anwenden. Dies gilt nur für apigeectl. Für Helm verwenden wir apigee-virtualhost mit der entsprechenden Variablen.
Wenn Sie die Einstellungen für virtualhosts und env ändern, müssen Sie die Änderungen anwenden, ohne ENV_GROUP_NAME apigee-virtualhost/ für Helm und ‑‑settings virtualhosts für apigeectl zu verwenden. So aktualisieren Sie den Cluster:
Für das Attribut virtualhost sind ein TLS-Schlüssel und ein Zertifikat erforderlich.
Schlüssel und Zertifikat werden zur sicheren Kommunikation mit dem Ingress-Gateway verwendet und muss mit den Hostaliassen in der angegebenen Umgebungsgruppe kompatibel sein.
Sie entscheiden selbst, wie Sie geeignete TLS-Zertifikat-/Schlüsselpaare für Ihre Hybridkonfiguration generieren. Die folgenden Themen werden nur als Beispiele bereitgestellt. Sie dienen hauptsächlich zum Ausprobieren oder Testen einer neuen Hybridinstallation, wenn es nicht möglich ist, TLS-Anmeldedaten abzurufen.
Unter TLS-Anmeldedaten abrufen finden Sie eine Reihe von Beispielschritten für die Erstellung eines autorisierten TLS-Zertifikat-/Schlüsselpaars.
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-08-28 (UTC)."],[[["\u003cp\u003eVirtual hosts in Apigee hybrid enable the handling of API requests directed to host aliases linked with an environment group.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003evirtualhosts\u003c/code\u003e property is an array, allowing the creation of multiple virtual hosts, each of which should ideally have its own TLS certificate/key pair for security.\u003c/p\u003e\n"],["\u003cp\u003eChanges to the \u003ccode\u003evirtualhosts\u003c/code\u003e property can be applied using either \u003ccode\u003eapigeectl\u003c/code\u003e with the \u003ccode\u003e‑‑settings virtualhosts\u003c/code\u003e flag or Helm by targeting \u003ccode\u003eapigee-virtualhost/\u003c/code\u003e specifically.\u003c/p\u003e\n"],["\u003cp\u003eWhen both \u003ccode\u003evirtualhosts\u003c/code\u003e and \u003ccode\u003eenv\u003c/code\u003e settings are modified, Helm and \u003ccode\u003eapigeectl\u003c/code\u003e commands must be applied in a specific sequence to ensure all changes are correctly updated in the cluster.\u003c/p\u003e\n"],["\u003cp\u003eProper TLS key/certificate pairs are required for the \u003ccode\u003evirtualhost\u003c/code\u003e property to ensure secure communication with the ingress gateway, with resources provided for both obtaining and generating them.\u003c/p\u003e\n"]]],[],null,["# Configure virtual hosts\n\n| You are currently viewing version 1.11 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\n\nThis topic discusses the [virtualhosts](/apigee/docs/hybrid/v1.11/config-prop-ref#virtualhosts) configuration property.\nVirtual hosts allow Apigee hybrid to handle\nAPI requests to hostaliases associated with an environment group. For more information, see\n[Routing and base\npaths](/apigee/docs/api-platform/fundamentals/environments-overview#routing) in the [About\nenvironments and environment groups](/apigee/docs/api-platform/fundamentals/environments-overview) topic. \n\n```text\n...\nvirtualhosts:\n - name: my-env-group\n sslCertPath: ./certs/fullchain.pem\n sslKeyPath: ./certs/privkey.key\n...\n```\n\n\nWhen an API proxy call comes, it is routed to the host alias(es) of the environment group\nwhere the API proxy is deployed.\n\n\nFor instructions on how to apply `virtualhosts` to the cluster, see\n[Applying virtualhosts changes](#applying). For information about configuring\nTLS, see [Configuring TLS and mTLS on the Istio ingress](/apigee/docs/hybrid/v1.11/ingress-tls).\n\nAdding multiple virtual hosts\n-----------------------------\n\n\nThe `virtualhosts[]` property is an array, and therefore you can create more than\none. \n\n```text\n...\nvirtualhosts:\n - name: my-env-group-1\n sslCertPath: ./certs/fullchain1.pem\n sslKeyPath: ./certs/privkey1.key\n\n - name: my-env-group-2\n sslCertPath: ./certs/fullchain2.pem\n sslKeyPath: ./certs/privkey2.key\n...\n```\n| **Tip:** For security purposes, it is best practice to have a separate TLS cert/key pair for each virtual host. If you are using a Subject Alternative Name (SAN ) certificate, this TLS cert/key pair should be used on one virtual host that is shared across the domain.\n\n\nFor information about configuring\nTLS, see [Configuring TLS and mTLS on the Istio ingress](/apigee/docs/hybrid/v1.11/ingress-tls).\n\nApplying `virtualhosts` changes\n-------------------------------\n\n\nIf you only add or change the `virtualhosts`\nproperty, and nothing else, then you can apply those changes with the `‑‑settings` flag. This applies only for `apigeectl`; for Helm, we are applying `apigee-virtualhost` with the appropriate variable.\n\n### Helm\n\n```\nhelm upgrade ENV_GROUP_NAME apigee-virtualhost/ \\\n --namespace apigee \\\n --atomic \\\n --set envgroup=ENV_GROUP_NAME \\\n -f OVERRIDES_FILE.yaml\n```\n| **Note:** If you see an error saying `Error: UPGRADE FAILED: \"`*ENV_GROUP_NAME*`\" has no deployed releases`, replace `upgrade` with `install` and try the command again.\n\n### `apigeectl`\n\n```\n$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml ‑‑settings virtualhosts\n```\n\nIf you modify the `virtualhosts` and `env` settings,\nyou need to apply the changes without using \u003cvar translate=\"no\"\u003eENV_GROUP_NAME\u003c/var\u003e` apigee-virtualhost/` for Helm and\n`‑‑settings virtualhosts` for `apigeectl`. Here's how to update the cluster:\n\n### Helm\n\nRun helm upgrade for each environment you want to update. \n\n```\nhelm upgrade ENV_NAME apigee-env/ \\\n --namespace apigee \\\n --atomic \\\n --set env=ENV_NAME \\\n -f OVERRIDES_FILE.yaml\n```\n\nThen upgrade the `apigee-virtualhost` chart: \n\n```\nhelm upgrade ENV_GROUP_NAME apigee-virtualhost/ \\\n --namespace apigee \\\n --atomic \\\n --set envgroup=ENV_GROUP_NAME \\\n -f OVERRIDES_FILE.yaml\n```\n| **Note:** If you see an error saying `Error: UPGRADE FAILED: \"`*ENV_NAME*`\" has no deployed releases`, replace `upgrade` with `install` and try the command again.\n\n### `apigeectl`\n\n```\n$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml --env ENV_NAME\n```\n\n\nor, to update the component for all environments: \n\n```\n$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml --all-envs\n```\n\nThen Apply the changes to the virtualhost:\n\n```\n$APIGEECTL_HOME/apigeectl apply -f OVERRIDES_FILE.yaml settings virtualhosts\n```\n\nTLS keys and certificates\n-------------------------\n\nThe `virtualhost` property requires a TLS key and certificate.\nThe key/cert are used to provide secure communication with the ingress gateway and\nmust be compatible with the host aliases used in the specified environment group.\n\n\nIt is up to you how you generate proper TLS certificate/key pairs for your hybrid\nconfiguration. The following topics are provided as samples only, intended primarily\nfor trying out or testing a new hybrid installation if it isn't feasible to obtain\nTLS credentials in another way:\n\n- See [Obtain TLS credentials](/apigee/docs/hybrid/v1.11/lets-encrypt) for a set of sample steps for creating an authorized TLS certificate/key pair.\n- You can use a self-signed certificate/key pair(s) for testing purposes only. See [Generate self-signed TLS credentials](/apigee/docs/hybrid/v1.11/environment-self-signed-tls)."]]