End of Sale Notice:
F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.
F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.
See our End of Sale announcement for more details.
Install or Upgrade the Developer Portal
Follow the steps in this guide to install or upgrade the Developer Portal for F5 NGINX Management Suite API Connectivity Manager.
Platform Requirements
Important:
To run the Developer Portal, you need a dedicated Linux host specifically for this purpose. Do not install the Developer Portal on a host that is currently serving as a management or data plane.
Complete the following steps to prepare the Developer Portal for use with API Connectivity Manager:
Supported Linux distributions
The Developer Portal supports the following Linux distributions:
| Distribution | Version | Platform | API Connectivity Manager Developer Portal |
|---|---|---|---|
| Amazon Linux | 2 LTS | x86_64 | 1.0.0 and later |
| CentOS | 7.4 and later in the 7.x family | x86_64 | 1.0.0 and later |
| Debian | 10 11 |
x86_64 x86_64 |
1.0.0 and later 1.0.0 and later |
| Oracle Linux | 7.4 and later in the 7.x family | x86_64 | 1.0.0 and later |
| RHEL | 7.4 and later in the 7.x family 8.x 9.x |
x86_64 x86_64 x86_64 |
1.0.0 and later 1.0.0 and later 1.3.0 and later |
| Ubuntu | 18.04 20.04 22.04 |
x86_64 x86_64 x86_64 |
1.0.0 and later 1.0.0 and later 1.2.0 and later |
Prerequisites
Add NGINX Management Suite Repository
Select the tab matching your Linux distribution, then follow the instructions to add the NGINX Management Suite repository.
Add the NGINX Management Suite repository:
-
CentOS/RHEL
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms.repo
-
RHEL 8: If you’re installing on RHEL 8 and using the distro’s NGINX, run the following commands to use the new version of NGINX (1.20 at the time of this update):
sudo yum module disable nginx:1.14 sudo yum module enable nginx:1.20
-
-
Amazon Linux 2
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nms-amazon2.repo
Add the NGINX Management Suite repository:
-
Debian
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/nms/debian `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nms.list sudo wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx
-
Ubuntu
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/nms/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nms.list sudo wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx
Install PostgreSQL or SQLite
The Developer Portal requires a PostgreSQL or SQLite database to store configuration settings and analytics information.
Select the tab for the database you want to use, then follow the installation instructions.
To use PostgreSQL for the Developer Portal database, take the following steps:
-
Install PostgreSQL:
-
CentOS, RHEL, RPM-based:
sudo yum install -y postgresql-server sudo postgresql-setup initdb -
Debian, Ubuntu, Deb-based:
sudo apt-get install -y postgresql
-
-
Configure the PostgreSQL host-based authentication (HBA) file:
-
CentOS, RHEL, RPM-based:
cat << EOF | sudo tee /var/lib/pgsql/data/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD local all postgres peer local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 EOF -
Debian, Ubuntu, Deb-based:
cat << EOF | sudo tee /etc/postgresql/<pg_version>/main/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD local all postgres peer local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 EOF
-
-
Restart PostgreSQL:
sudo systemctl restart postgresql -
Create the
devportaldatabase, add thenginxdmuser, and assign privileges:sudo -u postgres createdb devportal sudo -u postgres psql -c "CREATE USER nginxdm WITH LOGIN PASSWORD 'nginxdm';" sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE devportal TO nginxdm;"
To use SQLite for the Developer Portal database, run the following commands:
echo 'DB_TYPE="sqlite"' | sudo tee -a /etc/nginx-devportal/devportal.conf
echo 'DB_PATH="/var/lib/nginx-devportal"' | sudo tee -a /etc/nginx-devportal/devportal.conf
Install the Developer Portal
-
To install the Developer Portal, run the following command:
sudo yum -y install nginx-devportal nginx-devportal-ui
-
To install the Developer Portal, run the following commands:
sudo apt-get update sudo apt-get -y install nginx-devportal nginx-devportal-ui
-
Enable the Developer Portal service:
sudo systemctl enable nginx-devportal.service -
Start the Developer Portal service:
sudo systemctl start nginx-devportal.service
Upgrade the Developer Portal
-
To install the latest version of the Developer Portal, run the following command:
sudo yum update -y nginx-devportal nginx-devportal-ui
-
To install the latest version of the Developer Portal, run the following commands:
sudo apt-get update sudo apt-get upgrade -y nginx-devportal nginx-devportal-ui
-
Enable the Developer Portal service:
sudo systemctl enable nginx-devportal.service -
Restart the Developer Portal service:
sudo systemctl restart nginx-devportal.service
Secure Developer Portal API communication
Depending on your deployment pattern for the Developer Portal, you may have either a single host installation(default) or a multi-host installation for high availability. We recommend using mTLS for the communication between the NGINX reverse proxy and the Developer Portal APIs to provide maximum security.
-
On the Developer Portal Service host or hosts, edit the Dev Portal configuration file located at
/etc/nginx-devportal/devportal.conf -
Add the location of the server certificate and certificate key, as shown in the example below.
CERT_FILE="/path/to/devportal-server.crt" KEY_FILE="/path/to/devportal-server.key" INSECURE_MODE=false CA_FILE="/path/to/ca.pem" # If using mTLS CLIENT_VERIFY=true # If using mTLS -
Adjust the permissions of each of the certificate and key files provided to ensure they are readable by the Dev Portal backend service.
-
Restart the developer portal backend service:
sudo systemctl restart nginx-devportal -
If mTLS is configured on your Developer Portal service, you must add a TLS Backend Policy to both;
- The Developer Portal Cluster (Used for communication from users to the Developer Portal API)
- The Developer Portal Internal Cluster (For communication from the API Connectivity Manager to your Devportal Portal API to publish and maintain information)
Note:
To add a TLS Backend Policy to both clusters. Follow the TLS Policies documentation.
Secure communication from the Developer Portal to NGINX Management Suite host with mTLS
For complete Developer Portal functionality, such as the ability to create credentials from the Developer Portal, mTLS must be added for server-to-server communication.
Follow the steps below to make sure NGINX Management Suite host can verify the client certificates provided by the Developer Portals backend service.
-
Edit the NGINX Management Suite configuration file located at
/etc/nginx/conf.d/nms-http.conf. -
Add the location of the CA PEM file to the
ssl_client_certificatedirective, as shown in the example below:ssl_certificate /etc/nms/certs/manager-server.pem; ssl_certificate_key /etc/nms/certs/manager-server.key; ssl_client_certificate /etc/nms/certs/ca.pem; -
Reload the NGINX configuration:
sudo nginx -s reload -
Follow the steps in the TLS Policies documentation to add TLS policies that will enforce mTLS using these the correct client keys to connect to the NGINX Management Suite host.