Configuring the portal to use HTTPS

Developer Services Portal v. 4.17.05

All Apigee recommended Private Cloud installations of the portal require the portal to be behind a load balancer. Therefore, you configure TLS on the load balancer itself, and not on the portal. The procedure that you use to configure TLS is therefore dependent on the load balancer.

However, if necessary, you can configure TLS on the web server that hosts the portal.

See Using TLS on the portal for an overview of using TLS on the portal.

For the portal running on Apache

If your portal installation uses the Apache web server:

  1. Obtain your TLS key and certificate.
  2. Ensure that you install mod_ssl:
    > yum install mod_ssl
  3. Update /etc/httpd/conf/httpd.conf:
    1. If you want to disable HTTP access on port 80, search for 'Listen 80' and comment it out.
    2. Add the following lines at the end of file:
      LoadModule ssl_module modules/mod_ssl.so
      Listen 443
  4. Setup a virtual host by editing /etc/httpd/conf/vhosts/devportal.conf to add the following:
    <VirtualHost *:443>
    ServerName localhost
    SSLEngine on
    SSLCertificateFile "<public cert path>"
    SSLCertificateKeyFile "<private key path>"
    DocumentRoot "/var/www/html"
    <Directory "/var/www/html">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
    </Directory>
    </VirtualHost>


    Also, comment out the existing VirtualHost definition if you do not want to use HTTP.
  5. Because TLS is configured in httpd.conf, you do not need ssl.conf:
    > mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.orig
  6. Restart Apache:
    > service httpd restart
    You might be prompted to enter the passphrase for your key file.

You should be able to access the portal over TLS.

For the portal running on Nginx

By default, a portal using the Nginx web server listens for HTTP requests on port 8079. If you enable TLS, then the portal listens only for HTTPS requests on 8079. That is, you can either configure the portal to listen for HTTP requests or HTTPS requests, but not both.

You can also change the port number as described in Set the HTTP port used by the portal.

If your portal installation uses the Nginx web server:

  1. Obtain your TLS key and certificate. For this example, the cert is in a file named server.crt and the key is in server.key.
  2. Upload your cert and key to the portal server to /opt/apigee/customer/nginx/ssl.
  3. Change the owner of the cert and key to the "apigee" user:
    > chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.crt
    > chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.key
  4. Open /opt/apigee/customer/application/drupal-devportal.properties in an editor. If the file and directory does not exist, create it.
  5. Set the following properties in drupal-devportal.properties:
    conf_devportal_ssl_block=ssl on; ssl_certificate /opt/apigee/customer/nginx/ssl/server.crt; ssl_certificate_key /opt/apigee/customer/nginx/ssl/server.key;
    conf_devportal_http_https_redirect=
    conf_devportal_fastcgi_https=fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https;

    For the conf_devportal_ssl_block, specify the path to the cert and key files. You do not have to modify the other properties.
  6. Save the file.
  7. Restart the portal:
    /opt/apigee/apigee-service/bin/apigee-service apigee-drupal-devportal restart

You should be able to access the portal over TLS.