Layer7 API Management

If the API portal is hosted within the intranet, is it a good practice or a standard to utilize a proxy server like Apache hosted on the DMZ to front all the externally generated traffic to the portal ?

In such a case, would the Proxy server primarily just enable reverse proxying or is it used to terminate SSL (we could terminate the traffic at the Load balancer, so not sure if this feature is necessary) and take up other roles such as authenticating the user and passing on a token to portal ?

I wouldn't say it's a standard practice to do that, no. Doesn't mean it can't be done, but just isn't what we typically see done in customer environments. Generally customers will simply use a load balancer in front of the Portal to take the traffic and present a desired hostname, and more. I would not set it up for terminating SSL, SSL should be done at the target application level in ideal circumstances.
Original Message:
Sent: 07-09-2019 10:19 AM
From: Keshava Murthy Jayaram
Subject: Using a reverse proxy for API Portal

If the API portal is hosted within the intranet, is it a good practice or a standard to utilize a proxy server like Apache hosted on the DMZ to front all the externally generated traffic to the portal ?

In such a case, would the Proxy server primarily just enable reverse proxying or is it used to terminate SSL (we could terminate the traffic at the Load balancer, so not sure if this feature is necessary) and take up other roles such as authenticating the user and passing on a token to portal ?