Hi there team!
Have a few queries related to the SSL termination for the API portal communications. Looking for your suggestions/inputs on this.
In CA API portal documentation --> Configure the Load Balancer. We found the following recommendations.
Question 1: Our understanding from this is, "external facing PORTAL URL traffic is supposed to hit the LB on port 443. So we just provide the URL with no port specified to external users and this traffic on port 443 has to be terminated at the Load Balancer layer ?
If we configure LB to terminate SSL on port 443. Then traffic from LB onwards to API Portal will be on PORT 80 ?
Our flow for External Traffic: GLB -> F5 -> Apache -> F5 -> Apache -> Portal
And it was mentioned to Optionally routing all
traffic on port 80 to port 443.
On which Layer we have to get this implemented. Does it mean the external traffic comes on port 80 by default ? Do we need to force to use port 443 in URL ?
Question 2:Traffic on 9443 is some thing initiated by the API portal components/services internal and will be routed through the Domain Name and comes externally ? This is not some thing we provide / use for External API portal domain URL.
Question 3:
With regards to 'Dispatcher Service'. I understand the role of this server in API Portal. But trying understanding the following statement from CA documentations.
Dispatcher is a public-facing service that proxies traffic to the
API Portal
web application. Port 80 is exposed but automatically redirects to https (443) traffic.
So if we terminate the SSL on port 443 at LB layer and passing the traffic through port 80 .. Dispatcher listens on 80 and establishes the connection and routes the traffic again on to port 443. So all the internal communications happens thropugh HTTPS ?
Thanks & Regards,
Imran