Server Name Indication (SNI)
Ambassador supports serving multiple Host
s behind a single IP address, each
with their own certificate.
This is as easy to do as creating a Host
for each domain or subdomain you
want Ambassador to serve, getting a certificate for each, and telling
Ambassador which Host
the route should be created for.
The example below configures two Host
s and assigns routes to them.
Configuring a Host
The Host
resources lets you separate configuration for each distinct domain
and subdomain you plan on serving behind Ambassador.
Let's start by creating a simple Host
and providing our own certificate in
the host-cert
secret.
---apiVersion: getambassador.io/v2kind: Hostmetadata:name: example-hostspec:hostname: host.example.comacmeProvider:authority: nonetlsSecret:name: host-cert
Now lets, create a second Host
for a different domain we want to serve behind
Ambassador. This second Host
we can use Ambassador Edge Stack's automatic TLS
to get a certificate from Let's Encrypt.
---apiVersion: getambassador.io/v2kind: Hostmetadata:name: foo-hostspec:hostname: host.foo.comacmeProvider:email: julian@example.com
We now have two Host
s with two different certificates.
Configuring Routes
Now that we have two domains behind Ambassador, we can create routes for either or both of them.
We do this by setting the host
attribute of a Mapping
to the domain the
Mapping
should be created for.
---apiVersion: getambassador.io/v2kind: Mappingmetadata:name: httpbinspec:prefix: /httpbin/service: httpbin.org:80host_rewrite: httpbin.orghost: host.example.com
Will create a /httpbin/
endpoint for host.example.com
---apiVersion: getambassador.io/v2kind: Mappingmetadata:name: mockbinspec:prefix: /foo/service: foo-servicehost: host.foo.com
Will create a /foo/
endpoint for host.foo.com
---apiVersion: getambassador.io/v2kind: Mappingmetadata:name: frontendspec:prefix: /bar/service: bar-endpoint
Will create a /bar/
endpoint for all Host
s.
Questions?
We’re here to help. If you have questions, join our Slack or contact us.