This page applies to Apigee and Apigee hybrid.
View Apigee Edge documentation.
This page describes options for customizing, maintaining, and securing your Apigee Developer Portal Kickstart solution. Once deployed, all Cloud services components utilized by the portal can generally be customized following standard Google Cloud documentation. The sections below provide configuration options and production guidelines specific to the portal solution.
Connect to Apigee or Apigee hybrid
To use the Apigee Developer Portal Kickstart solution with an Apigee or Apigee hybrid organization, the portal must be deployed
to the Google Cloud project used during Apigee provisioning. During deployment, service account
is created with the Apigee Developer Admin
role. This role is required
for service account callers to Apigee APIs.
Configure HTTPS for the portal
In the portal deployment launch configuration, you can opt to configure HTTPS for your portal. Checkbox configuration options include:
Unchecked | The deployment script will not automatically enable TLS. TLS can be configured manually after deployment using Cloud Load Balancing. This is the default option. |
Checked | The deployment package will enable TLS, provision an IP address, configure a domain name, and request an SSL certificate using nip.io. Use of nip.io is not endorsed by Google, but is offered as a convenience option for testing deployments. Selecting this option indicates acceptance of the terms and conditions for nip.io. |
Use Cloud SQL with CMEK
The Cloud SQL instance for the portal is created in the region you choose during launch configuration. By default, Google encrypts data at rest using Google-owned and Google-managed encryption keys. To use a customer-managed encryption key (CMEK) to encrypt the data stored in the CloudSQL instance, follow the steps outlined in Using customer-managed encryption keys configure a key.
Manage Cloud SQL
To manage the Cloud SQL instance after deployment:
- Go to the Cloud SQL instances page.
- Select an instance to edit by clicking the instance name.
- Click Edit.
- See Editing instances for configuration setting details.
Configure and update managed instance groups
A managed instance group (MIG) is a collection of virtual machine (VM) instances that you can manage as a single entity. You can make your workloads scalable and highly available by taking advantage of automated MIG services including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating.
To configure your MIGs after deployment:
- Go to the VM instances page.
- Select an instance to edit by clicking the instance name.
- Click Edit.
- See Creating and managing regional MIGs for configuration setting details.
New VM images for the Apigee Developer Portal Kickstart solutions will be released regularly. Customers can use the steps detailed in Updating instances in a MIG to replace or restart instances in a MIG to use the latest image.
Enable private IP with VPC Service Controls
To enable a private IP address for your Cloud SQL instance:
- Confirm that private services access is available on your VPC network. See Configuring private services access for a detailed list of required steps.
- Cloud Deployment Manager is not supported by VPC Service Controls. To enable Deployment Manager for your portal deployments within VPC Service Controls, add the Cloud Deployment Manager service account to allow calls to APIs protected by VPC Service Controls.
Customize the portal code
If customizations are made to the portal code or startup scripts after deployment, those changes must be exported and backed up in Filestore to prevent their loss during any updates to the Apigee Developer Portal Kickstart base image.
For example, if new Drupal modules are installed on a Compute Engine instance, create a backup using the following steps:
- Run the
/opt/apigee/scripts/export-code.sh
to export the changes. - The script copies the exported files to the Filestore instance mounted at
/mnt/fileshare/portalname/
. - Restart the instances in the managed instance group to trigger pick up of the changes across the group.
The startup script automatically detects if a code backup exists, loads the changes,
fixes file permissions, and applies the
settings.php
file. - Update Drupal core and modules using
composer update
. Apigee updates to the base image only provide OS updates, PHP patches, and NGINX updates. All Drupal core and module updates are managed by the customer and must be applied manually.
To add any customizations to the startup script, create a script at /mnt/fileshare/$PORTAL_NAME/custom-startup-script.sh
.
If installing any PHP packages, run the service supervisor restart
command to apply the changes.
Create backups
The creation of regular backups is recommended as a best practice for your Apigee Developer Portal Kickstart solution. For detailed steps, see:Configure a portal for production usage
To configure your portal for production usage, the following steps are recommended:
Cloud SQL Database |
|
Filestore |
|
Cloud Load Balancing |
|
Managed Instance Groups |
|
Authentication |
|
What's next
- Learn more about Support resources for the Apigee Developer Portal Kickstart solution.