This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Steps to configure the portal which is running on Nginx to use HTTPS

on ‎06-03-2017 06:11 PM

Not applicable
2 7 974

On a new install of 4.17.01 and above, the installation script installs Postgres and Nginx.

The conf files for portal are here /opt/apigee/data/apigee-lb/conf.d/apigee-drupal-devportal-nginx.conf
and the server block looks like below by default

server {
    listen 8079 default_server;
    server_name _;
    root /opt/apigee/apigee-drupal;
    location = /favicon.ico {
      log_not_found off;
      access_log off;
    }

The above conf is loaded during nginx start as the above is included in the /opt/nginx/conf/nginx.conf as "include /opt/apigee/data/apigee-lb/conf.d/*.conf;"

The default http port listens on 8079 and if you want to enable SSL follow the below steps:

To enable SSL:

#1 Create one more conf file (example: apigee-drupal-devportal-nginxssl.conf owned by apigee )

#2 Copy the content of the original file, remove the original "listen" lines, and add the below lines:

listen 9443;
ssl on;
ssl_certificate /opt/apigee/data/apigee-lb/conf.d/www.example.com.chained.crt; 
ssl_certificate_key /opt/apigee/data/apigee-lb/conf.d/www.example.com.key;

#3 The final server block should look like this

server {
    listen              9443;
    ssl on;
    server_name         www.example.com;
    ssl_certificate     /opt/apigee/data/apigee-lb/conf.d/www.example.com.chained.crt;
    ssl_certificate_key /opt/apigee/data/apigee-lb/conf.d/www.example.com.key;
    ..... 
}

#4 If you want to add more ssl properties/directives refer this http://nginx_ssl/

For example: ssl_password_file password_file_path =/path if you have a passphrase for the cert.

#5 Reload nginx (nginx -s reload) and restart apigee-drupal-devportal.

To redirect the http to https:

#1 Present http settings are in /opt/apigee/data/apigee-lb/conf.d/apigee-drupal-devportal-nginx.conf, you can't add a redirect right now using CWC or delete this file as restart creates it again.

#2 Delete include /opt/apigee/data/apigee-lb/conf.d/*.conf; from the /opt/nginx/conf/nginx.conf

#3 cp apigee-drupal-devportal-nginx.conf to default.conf and include this default.conf instead of * in your nginx conf (include the SSL one too).

#4 Add the return 301 https://$host$request_uri; in the server block, as below

server {
  listen 8079 default_server;
  server_name _;
  return 301 https://$host$request_uri;
}

#5 nginx -t to validate the syntax

#6 Reload nginx (nginx -s reload)

Topic Labels
Comments
sgilson
New Member
‎06-13-2017 08:38 AM

In the steps above that say to use: 

nginx -s reload

You should instead use:

/opt/apigee/apigee-service/bin/apigee-service apigee-lb restart

Stephen

ylesyuk
New Member
‎06-13-2017 01:41 PM

@sglison, do you mean:

/opt/apigee/apigee-service/bin/apigee-service apigee-lb reload

?

sgilson
New Member
‎07-06-2017 10:11 AM

I used "restart"

Feroz_Mahammad
New Member
‎07-13-2017 01:23 PM
@Maruti Chand,

I have performed below mentioned steps for configuring dev portal to use https. Post the configuration, I am able to launch dev portal using https but unable to redirect from http to https. Am I missing any step? pls advice?

  1. Created "apigee-drupal-devportal-nginxssl.conf" under /opt/apigee/data/apigee-lb/conf.d/
  2. Edited "apigee-drupal-devportal-nginx.conf" and added redirect to https
  3. Copied both the conf files /opt/nginx/conf.d/
  4. Edited /opt/nginx/conf/nginx.conf I
    • deleted include /opt/apigee/data/apigee-lb/conf.d/*.conf
    • included "/opt/nginx/conf.d/*.conf"
  5. Restarted all the components "/opt/apigee/apigee-service/bin/apigee-all restart"
cmbrown
Staff
‎07-19-2017 10:49 AM

@Mahammad Feroz

can you try adding a space after the server name and before the "_" like the following :

server { listen 80 default_server;

server_name _;

return 301 https://$host$request_uri;

}

Not applicable
‎07-19-2017 10:55 AM

@Christin Brown Thanks for pointing that out, let me edit the post.

Not applicable
‎07-18-2018 01:05 PM

I worked with Apigee support originally when initially configuring the servers, and they assisted in getting SSL configured on the drupal server with nginx.

At least in version 4.18.05-0.0.274 it seemed a bit different.

I edited the existing apigee-drupal-devportal-nginx.conf file, and added the following to the top of the file:

server {
  listen 80 default_server;
  server_name _1;
  return301 https://$host$request_uri;
}

This seemed to work without a default.conf, etc. Just thought I would put this here in case someone else ran into issues following these instructions.

Keep in mind, where server_name is mentioned, it cannot have the same name as the other 443. (I made the mistake of not noticing the names were the same in both files.)

Not sure if there are any issues with using the same file for multiple ports. This seemed to resolve all issues and keep everything in a single file.

Version history
Last update:
‎06-03-2017 06:11 PM
Updated by: