Configuring the portal to use HTTPS

Developer Services Portal v. 4.17.09

All Apigee recommended Private Cloud installations of the portal require the portal to be behind a load balancer. Therefore, you configure TLS on the load balancer itself, and not on the portal. The procedure that you use to configure TLS is therefore dependent on the load balancer.

However, if necessary, you can configure TLS on the web server that hosts the portal.

See Using TLS on the portal for an overview of using TLS on the portal.

For the portal running on Nginx

By default, a portal using the Nginx web server listens for HTTP requests on port 8079. If you enable TLS, then the portal listens only for HTTPS requests on 8079. That is, you can either configure the portal to listen for HTTP requests or HTTPS requests, but not both.

You can also change the port number as described in Set the HTTP port used by the portal.

To configure TLS:

  1. Obtain your TLS key and certificate. For this example, the cert is in a file named server.crt and the key is in server.key.
  2. Upload your cert and key to the portal server to /opt/apigee/customer/nginx/ssl.
  3. Change the owner of the cert and key to the "apigee" user:
    > chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.crt
    > chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.key
  4. Open /opt/apigee/customer/application/ in an editor. If the file and directory does not exist, create it.
  5. Set the following properties in
    conf_devportal_ssl_block=ssl on; ssl_certificate /opt/apigee/customer/nginx/ssl/server.crt; ssl_certificate_key /opt/apigee/customer/nginx/ssl/server.key;
    conf_devportal_fastcgi_https=fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https;

    For the conf_devportal_ssl_block, specify the path to the cert and key files. You do not have to modify the other properties.
  6. Save the file.
  7. Restart the portal:
    /opt/apigee/apigee-service/bin/apigee-service apigee-drupal-devportal restart

You should be able to access the portal over TLS.