Use HTTPS with the portal

All Apigee recommended Private Cloud installations of Apigee Developer Services portal (or simply, the portal) require that the portal be behind a load balancer. Therefore, you configure TLS on the load balancer itself, and not on the portal. The procedure that you use to configure TLS is therefore dependent on the load balancer.

However, if necessary, you can configure TLS on the web server that hosts the portal.

See Using TLS on the portal for an overview of using TLS on the portal.

For the portal running on NGINX

By default, a portal using the NGINX web server listens for HTTP requests on port 8079. If you enable TLS, then the portal listens only for HTTPS requests on 8079. That is, you can either configure the portal to listen for HTTP requests or HTTPS requests, but not both.

You can also change the port number as described in Set the HTTP port used by the portal.

To configure TLS:

1. Obtain your TLS key and certificate. For this example, the cert is in a file named server.crt and the key is in server.key.
2. Upload your cert and key to the portal server to /opt/apigee/customer/nginx/ssl.

   If the directory does not exist, create it and change the owner to the "apigee" user:

   mkdir /opt/apigee/customer/nginx/ssl
   chown apigee:apigee /opt/apigee/customer/nginx/ssl

3. Change the owner of the cert and key to the "apigee" user:
   

   chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.crt
   chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.key

4. Open /opt/apigee/customer/application/drupal-devportal.properties in an editor. If the file and directory do not exist, create them.
5. Set the following properties in drupal-devportal.properties:

   conf_devportal_ssl_block=ssl on; ssl_certificate /opt/apigee/customer/nginx/ssl/server.crt; ssl_certificate_key /opt/apigee/customer/nginx/ssl/server.key;
   conf_devportal_http_https_redirect=
   conf_devportal_fastcgi_https=fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https;

   Set conf_devportal_ssl_block to the path to the cert and key files. You are not required to modify the other properties.

6. Save the file.
7. Restart the portal:

   /opt/apigee/apigee-service/bin/apigee-service apigee-drupal-devportal restart

You should be able to access the portal over TLS.