Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

This command creates a new TLS Endpoint.

Synopsis

Usage:
  aptible endpoints:tls:create [--app APP] SERVICE

Options:
  --env, [--environment=ENVIRONMENT]
      [--app=APP]
  -r, [--remote=REMOTE]
      [--default-domain], [--no-default-domain]                          # Enable Default Domain on this Endpoint
      [--ports=one two three]                                            # A list of ports to expose on this Endpoint
      [--idle-timeout=IDLE_TIMEOUT]                                      # Timeout (seconds) to enforce idle timeouts while sending and receiving responses. Use "default" to reset to the platform default
      [--internal], [--no-internal]                                      # Restrict this Endpoint to internal traffic
      [--ip-whitelist=one two three]                                     # A list of IPv4 sources (addresses or CIDRs) to which to restrict traffic to this Endpoint
      [--certificate-file=CERTIFICATE_FILE]                              # A file containing a certificate to use on this Endpoint
      [--private-key-file=PRIVATE_KEY_FILE]                              # A file containing a private key to use on this Endpoint
      [--managed-tls], [--no-managed-tls]                                # Enable Managed TLS on this Endpoint
      [--managed-tls-domain=MANAGED_TLS_DOMAIN]                          # A domain to use for Managed TLS
      [--certificate-fingerprint=CERTIFICATE_FINGERPRINT]                # The fingerprint of an existing Certificate to use on this Endpoint
      [--ssl-protocols-override=SSL_PROTOCOLS_OVERRIDE]                  # Specify the allowed SSL protocols. Valid options: "TLSv1 TLSv1.1 TLSv1.2", "TLSv1.1 TLSv1.2", "TLSv1.2", "TLSv1.3". Use "default" to reset to the platform default
      [--ssl-ciphers-override=SSL_CIPHERS_OVERRIDE]                      # Specify the allowed SSL ciphers. Use "default" to reset to the platform default
      [--disable-weak-cipher-suites], [--no-disable-weak-cipher-suites]  # Block the SSLv3 protocol and RC4 ciphers

Examples

In all the examples below, $SERVICE represents the name of a Service for the app you add an Endpoint to.
📘 If your app is using an Implicit Service, the service name is always cmd.

Create a new Endpoint using custom Container Ports and an existing Custom Certificate

In the example below, $CERTIFICATE_FINGERPRINT is the SHA-256 fingerprint of a Custom Certificate that exist in the same Environment as the App you are adding an Endpoint for.
📘 Tip: Use the Dashboard to easily locate the Certificate Fingerprint for a given Certificate.
❗️ Warning: Everything after the --ports argument is assumed to be part of the list of ports, so you need to pass it last. 
aptible endpoints:tls:create \
        "$SERVICE" \
        --app "$APP_HANDLE" \
        --certificate-fingerprint "$CERTIFICATE_FINGERPRINT" \
        --ports 8000 8001 8002 8003

More Examples

This command is fairly similar in usage to aptible endpoints:https:create. Review the examples there.