API gateways are mighty powerful when it comes to quickly setting up a secure service on the web. For example, to start using an APEX Office Print (AOP) installation, you will need SSL as the APEX Service only allows HTTPS calls. You could set up SSL certificates with a service like Certbot if you like to run the AOP server on your domain, but an easier method is to use the OCI API Gateways feature. Below you can find an in-depth guide on how to set up an API Gateway in Oracle Cloud for AOP.
Before we start creating the gateway we need to check up on some things. First, navigate to your APEX Office Print OCI instance and take note of the private IPv4 address, the VCN, and the subnet the instance is in. Once you have copied these values click on the subnet name.
A new page opens up, on this page click on the default security list name and the security lists page will open up. From here you can click on the Add Ingress Rules button to create a new rule.
For the gateway to be able to reach to AOP instance we need to allow traffic to flow through the 8010 port. This is the default AOP server port and without opening it up in the security list, the gateway won't be able to communicate with the AOP instance.
In the modal that opens we need to fill in some values:
Source CIDR: This defines the source IP range allowed to access the port we are going to open up. To allow traffic from anywhere we enter
0.0.0.0/0. Note that now the whole internet has access to your instance if a public IPv4 address was assigned. You can also narrow down the range so only devices in the same subnet can reach the instance by inputting the subnet CIDR.
Destination Port Range: This defines the port we are going to open up for traffic. In our case, this will be the
Description: This field is optional but for future reference, it is a good idea to enter a meaningful name.
AOP Serverwill do.
When all necessary fields have been filled, click the Add Ingress Rules button.
Everything is now in place to allow communication to your APEX Office Print OCI instance. We can now start to create and use API gateways.
Creating an API gateway
Create the gateway
To create an API gateway, navigate to
Developer Services > API Management > Gateways.
On the Gateways page click the Create Gateway button and a modal will open up. Enter the following details.
Name: This will be the name for the gateway, input
Compartment: Select the comportment of your choice.
Virtual cloud network: Select the correct VCN from the drop-down. This has to be the same VCN we took note of earlier in the preparation step. In case your VCN does not show up, click change compartment and make sure you select the compartment where the VCN is located.
Subnet: Select the correct subnet from the drop-down. This has to be the same subnet we took note of earlier in the preparation step. In case your subnet does not show up, click change compartment and make sure you select the compartment where the subnet is located.
When all necessary fields have been filled, click the Create Gateway button.
Create the deployment
The page for your newly created API Gateway will open up and should show an orange icon indicating that the creation of the gateway is underway. Once the icon becomes green your Gateway is ready to go. Navigate to the deployments section by clicking on the link in the left navigation bar and click on the Create deployment button
Give the deployment a suiting Name, eg.:
AOP Server, enter the Path Prefix:
/aop, select the compartment of your choice, and click next.
No Authentication and click Next once again.
In this last step, we need to set up the connection to the AOP OCI instance. Enter the following values in the matching fields:
Path: This can just be
/as we will only set up one single route.
Methods: Here we will select the methods our endpoint will support, for the AOP server select
Backend Type: the type of our backend, for our purpose select
URL: This is the URL to our server instance. Input the IP we copied in the preparation step and prepend the HTTP protocol and append the AOP port.
Disable SSL verification: Since our compute instance doesn't support SSL please check this checkmark. We will be offloading our SSL onto the gateway.
Once every value has been filled, click next and review that everything looks correct. If you are happy with what you see click the Create deployment button. You will now be taken back to the gateway page where the deployment will show up. From here you can copy the endpoint URL to your AOP server.
Congrats! You can now access your APEX Office Print OCI instance securely with SSL certificates in place using an OCI Application Gateway.