All Apigee recommended Private Cloud installations of Apigee Developer Services portal (or simply, the portal) require that the portal be behind a load balancer. Therefore, you configure TLS on the load balancer itself, and not on the portal. The procedure that you use to configure TLS is therefore dependent on the load balancer.
However, if necessary, you can configure TLS on the web server that hosts the portal.
See Using TLS on the portal for an overview of using TLS on the portal.
For the portal running on NGINX
By default, a portal using the NGINX web server listens for HTTP requests on port 8079. If you enable TLS, then the portal listens only for HTTPS requests on 8079. That is, you can either configure the portal to listen for HTTP requests or HTTPS requests, but not both.
You can also change the port number as described in Set the HTTP port used by the portal.
To configure TLS:
- Obtain your TLS key and certificate. For this example, the cert is in a file named server.crt and the key is in server.key.
- Upload your cert and key to the portal server to
If the directory does not exist, create it and change the owner to the "apigee" user:
chown apigee:apigee /opt/apigee/customer/nginx/ssl
- Change the owner of the cert and key to the "apigee" user:
chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.crt
chown apigee:apigee /opt/apigee/customer/nginx/ssl/server.key
/opt/apigee/customer/application/drupal-devportal.propertiesin an editor. If the file and directory do not exist, create them.
- Set the following properties in
conf_devportal_ssl_block=ssl on; ssl_certificate /opt/apigee/customer/nginx/ssl/server.crt; ssl_certificate_key /opt/apigee/customer/nginx/ssl/server.key; conf_devportal_http_https_redirect= conf_devportal_fastcgi_https=fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https;
conf_devportal_ssl_blockto the path to the cert and key files. You are not required to modify the other properties.
- Save the file.
- Restart the portal:
/opt/apigee/apigee-service/bin/apigee-service apigee-drupal-devportal restart
You should be able to access the portal over TLS.