API Portal: Configuring the Portal to Communicate Over HTTPS Instead of HTTP on Login and Logout

Document ID : KB000046672
Last Modified Date : 13/09/2018
Show Technical Document Details
Introduction:
  • In some circumstances, the login and logout task of a user on the API Portal may appear to be insecure (using HTTP instead of HTTPS). This article will explain how to force HTTPS across the Portal.
Environment:
  • API Portal 3.5 and lower versions
Instructions:
  1. Make a backup or copy of /etc/httpd/conf/httpd.conf: cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.<date>
  2. Add the following lines to the /etc/httpd/conf/httpd.conf file to force HTTPS:
    • # Force HTTP to HTTPS
      RewriteEngine On
      RewriteCond %{HTTPS} !=on
      RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
  3. Add a line to the ProxyPassReverse section in the httpd.conf file that has the HTTP address of the domain name (example: ProxyPassReverse / http://host.example.com/)
    • #
      # The following proxy settings are required for the Layer 7 API Portal.
      #
      # If SSL connections are being terminated on the portal via Apache, then
      # the ProxyPassReverse setting must be set to the portal site URL
      # (e.g. ProxyPassReverse / http://portal-build.l7tech.com/).
      #
      # If SSL connections to the portal are not being terminated on the portal,
      # then the following 3 lines can remain unchanged.
      #
      ProxyPass / http://localhost:37080/
      ProxyPassReverse / http://localhost:37080/
      ProxyPassReverse / http://hostname.example.com/
      ProxyPreserveHost on
  4. Restart the API Portal Server.