This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
I have an azure application gateway with api management set up per instructions here: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway
The only difference is I am trying to create a setup where the application gateway is listening for public traffic on api-southcentralus.<somedomainname>.com, and then forwarding those requests to a backend pool with hostname api.<somedomainname>.com, where api.<somedomainname>.com internally is mapped to the private IP of the api management (and the same setup for portal and management hostnames).
With this setup, the gateway probes report healthy. But the issue I run into is from api management, the link to open the admin developer portal tries to open the portal at portal.<somedomainname>.com, which doesn't exist publicly. Even if I manually edit the URL in the browser to say portal-southcentralus, the portal fails to load because behind the scenes it makes some requests to management API also using the hostname that doesn't exist publicly.
Every example I've found on Microsoft Learn so far has used the same hostname for the backend api management hostnames and the hostnames for which app gateway listens for public traffic, but I haven't found anything in the docs that explicitly says it needs to be set up in this way. Is the setup I've described above possible? Or do those hostnames need to be the same?
Hi,
Is there a requirement for listener hostnames and backend hostnames to be the same when integrating application gateway and api management on internal vnet? --> Not necessarily.
In the HTTP setting of your Application gateway, you can rewrite the hostname to your internal API FQDN.
Regards,
Karthik Srinivas
Hi Karthik,
I have already done this. The application gateway probes report healthy and I am able to communicate with my APIs through the gateway. My problem is accessing the developer portal. From my API management instance in the azure portal, when I click the Developer Portal link from the Overview tab, this tries to load the admin developer portal at portal.<somedomainname>.com which is unreachable publicly. I am not sure how to access developer portal when listener and backend hostnames are different.
Thanks,
Mark Fisher
You can create another rule, HTTP Settings and Listener dedicated for Dev portal. In that case, you can point the hostname to dev portal FQDN.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@msrini-MSFT Thank you for providing the answer.
@Mark Fisher When you select developer portal link, it opens up portal.<somedomainname>.com (which is a custom domain name configured in APIM) and this is expected. It must be accessible within the network and not publicly as you mentioned.
To your initial question, listener hostnames and backend hostnames can be configured differently. Docs: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-http-settings#configuring-the-host-name talks about how to configure host names and its implications.
For this specific scenario, create backend pool settings with FQDN for three endpoints api.<somedomainname>.com, portal.<somedomainname>.com, management.<somedomainname>.com and then configure HttpSetting with trusted root certificates for the custom domains. Please select Yes for Override with new host name and Click on Pick host name from backend target as shown below:
You have already set up three different listeners api-southcentralus.<somedomainname>.com, portal-southcentralus.<somedomainname>.com, management-southcentralus.<somedomainname>.com and please make sure it is configured to host names api.<somedomainname>.com, portal.<somedomainname>.com, management.<somedomainname>.com accordingly. Once you map APIM hostnames to static public IP of App gateway, you can access developer portal publicly.