End of Sale Notice:

F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.

F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.

See our End of Sale announcement for more details.

Install or Upgrade the Developer Portal

Follow the steps in this guide to install or upgrade the Developer Portal for F5 NGINX Management Suite API Connectivity Manager.


Platform Requirements

Important:
To run the Developer Portal, you need a dedicated Linux host specifically for this purpose. Do not install the Developer Portal on a host that is currently serving as a management or data plane.

Complete the following steps to prepare the Developer Portal for use with API Connectivity Manager:

  1. Install F5 NGINX Plus R24 or later
  2. Install NGINX njs module
Supported Linux distributions

The Developer Portal supports the following Linux distributions:

Distribution Version Platform API Connectivity Manager Developer Portal
Amazon Linux 2 LTS x86_64 1.0.0 and later
CentOS 7.4 and later in the 7.x family x86_64 1.0.0 and later
Debian 10
11
x86_64
x86_64
1.0.0 and later
1.0.0 and later
Oracle Linux 7.4 and later in the 7.x family x86_64 1.0.0 and later
RHEL 7.4 and later in the 7.x family
8.x
9.x
x86_64
x86_64
x86_64
1.0.0 and later
1.0.0 and later
1.3.0 and later
Ubuntu 18.04
20.04
22.04
x86_64
x86_64
x86_64
1.0.0 and later
1.0.0 and later
1.2.0 and later


Prerequisites

Add NGINX Management Suite Repository

Select the tab matching your Linux distribution, then follow the instructions to add the NGINX Instance Manager repository.


Add the NGINX Instance Manager repository:

  • CentOS/RHEL

    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms.repo
    

    • RHEL 8: If you’re installing on RHEL 8 and using the distro’s NGINX, run the following commands to use the new version of NGINX (1.20 at the time of this update):

      sudo yum module disable nginx:1.14
      sudo yum module enable nginx:1.20
      
  • Amazon Linux 2

    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms-amazon2.repo
    

Add the NGINX Instance Manager repository:

  • Debian

    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/nms/debian `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nms.list
    sudo wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx
    

  • Ubuntu

    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/nms/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nms.list
    sudo wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx
    

Install PostgreSQL or SQLite

The Developer Portal requires a PostgreSQL or SQLite database to store configuration settings and analytics information.

Select the tab for the database you want to use, then follow the installation instructions.

To use PostgreSQL for the Developer Portal database, take the following steps:

  1. Install PostgreSQL:

    • CentOS, RHEL, RPM-based:

      sudo yum install -y postgresql-server
      sudo postgresql-setup initdb
      
    • Debian, Ubuntu, Deb-based:

      sudo apt-get install -y postgresql
      
  2. Configure the PostgreSQL host-based authentication (HBA) file:

    • CentOS, RHEL, RPM-based:

      cat << EOF | sudo tee /var/lib/pgsql/data/pg_hba.conf
      
      # TYPE DATABASE USER ADDRESS METHOD
      
      local all postgres peer
      local all all md5
      # IPv4 local connections:
      host all all 127.0.0.1/32 md5
      # IPv6 local connections:
      host all all ::1/128 md5
      EOF
      
    • Debian, Ubuntu, Deb-based:

      cat << EOF | sudo tee /etc/postgresql/<pg_version>/main/pg_hba.conf
      
      # TYPE DATABASE USER ADDRESS METHOD
      
      local all postgres peer
      local all all md5
      # IPv4 local connections:
      host all all 127.0.0.1/32 md5
      # IPv6 local connections:
      host all all ::1/128 md5
      EOF
      
  3. Restart PostgreSQL:

    sudo systemctl restart postgresql
    
  4. Create the devportal database, add the nginxdm user, and assign privileges:

    sudo -u postgres createdb devportal
    sudo -u postgres psql -c "CREATE USER nginxdm WITH LOGIN PASSWORD 'nginxdm';"
    sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE devportal TO nginxdm;"
    

To use SQLite for the Developer Portal database, run the following commands:

echo 'DB_TYPE="sqlite"' | sudo tee -a /etc/nginx-devportal/devportal.conf
echo 'DB_PATH="/var/lib/nginx-devportal"' | sudo tee -a /etc/nginx-devportal/devportal.conf


Install the Developer Portal

  1. To install the Developer Portal, run the following command:

    sudo yum -y install nginx-devportal nginx-devportal-ui
    

  1. To install the Developer Portal, run the following commands:

    sudo apt-get update
    sudo apt-get -y install nginx-devportal nginx-devportal-ui
    
  1. Enable the Developer Portal service:

    sudo systemctl enable nginx-devportal.service
    
  2. Start the Developer Portal service:

    sudo systemctl start nginx-devportal.service
    

Upgrade the Developer Portal

  1. To install the latest version of the Developer Portal, run the following command:

    sudo yum update -y nginx-devportal nginx-devportal-ui
    

  1. To install the latest version of the Developer Portal, run the following commands:

    sudo apt-get update
    sudo apt-get upgrade -y nginx-devportal nginx-devportal-ui
    
  1. Enable the Developer Portal service:

    sudo systemctl enable nginx-devportal.service
    
  2. Restart the Developer Portal service:

    sudo systemctl restart nginx-devportal.service
    

Secure Developer Portal API communication

Depending on your deployment pattern for the Developer Portal, you may have either a single host installation(default) or a multi-host installation for high availability. We recommend using mTLS for the communication between the NGINX reverse proxy and the Developer Portal APIs to provide maximum security.

  1. On the Developer Portal Service host or hosts, edit the Dev Portal configuration file located at /etc/nginx-devportal/devportal.conf

  2. Add the location of the server certificate and certificate key, as shown in the example below.

    CERT_FILE="/path/to/devportal-server.crt"
    KEY_FILE="/path/to/devportal-server.key"
    INSECURE_MODE=false
    CA_FILE="/path/to/ca.pem"  # If using mTLS
    CLIENT_VERIFY=true # If using mTLS
    
  3. Adjust the permissions of each of the certificate and key files provided to ensure they are readable by the Dev Portal backend service.

  4. Restart the developer portal backend service:

    sudo systemctl restart nginx-devportal
    
  5. If mTLS is configured on your Developer Portal service, you must add a TLS Backend Policy to both;

    • The Developer Portal Cluster (Used for communication from users to the Developer Portal API)
    • The Developer Portal Internal Cluster (For communication from the API Connectivity Manager to your Devportal Portal API to publish and maintain information)
      Note:
      To add a TLS Backend Policy to both clusters. Follow the TLS Policies documentation.

Secure communication from the Developer Portal to NGINX Management Suite host with mTLS

For complete Developer Portal functionality, such as the ability to create credentials from the Developer Portal, mTLS must be added for server-to-server communication.

Follow the steps below to make sure NGINX Management Suite host can verify the client certificates provided by the Developer Portals backend service.

  1. Edit the NGINX Management Suite configuration file located at /etc/nginx/conf.d/nms-http.conf.

  2. Add the location of the CA PEM file to the ssl_client_certificate directive, as shown in the example below:

    ssl_certificate         /etc/nms/certs/manager-server.pem;
    ssl_certificate_key     /etc/nms/certs/manager-server.key;
    ssl_client_certificate  /etc/nms/certs/ca.pem;
    
  3. Reload the NGINX configuration:

    sudo nginx -s reload
    
  4. Follow the steps in the TLS Policies documentation to add TLS policies that will enforce mTLS using these the correct client keys to connect to the NGINX Management Suite host.