Customize an Apigee Developer Portal Kickstart in Cloud Marketplace

This pageapplies toApigee andApigee hybrid.

View Apigee Edge documentation.

This page describes options for customizing, maintaining, and securing your Apigee Developer Portal Kickstart solution. Once deployed, all Cloud services components utilized by the portal can generally be customized following standardGoogle Cloud documentation. The sections below provide configuration options and production guidelines specific to the portal solution.

Connect to Apigee or Apigee hybrid

To use the Apigee Developer Portal Kickstart solution with an Apigee or Apigee hybrid organization, the portal must be deployed to the Google Cloud project used during Apigee provisioning. During deployment,service account is created with theApigee Developer Admin role. This role is required for service account callers to Apigee APIs.

NOTE: Confirm the name of the Apigee or Apigee hybrid org before beginning the deployment process for the Apigee Developer Portal Kickstart solution. The org name must be provided during the installation process.

Configure HTTPS for the portal

In the portal deployment launch configuration, you can opt to configure HTTPS for your portal. Checkbox configuration options include:

UncheckedThe deployment script will not automatically enable TLS. TLS can be configured manually after deployment usingCloud Load Balancing. This is the default option.
CheckedThe deployment package will enable TLS, provision an IP address, configure a domain name, and request an SSL certificate usingnip.io. Use of nip.io is not endorsed by Google, but is offered as a convenience option for testing deployments. Selecting this option indicates acceptance of the terms and conditions for nip.io.

Use Cloud SQL with CMEK

The Cloud SQL instance for the portal is created in the region you choose during launch configuration. By default, Google encrypts data at rest using Google-owned and Google-managed encryption keys. To use a customer-managed encryption key (CMEK) to encrypt the data stored in the CloudSQL instance, follow the steps outlined inUsing customer-managed encryption keys configure a key.

Note: CMEK should be configured before beginning the portallaunch configuration. TheResource Name of the Encryption key must be provided priorto deploying the portal.

Manage Cloud SQL

To manage the Cloud SQL instance after deployment:

Configure and update managed instance groups

Amanaged instance group (MIG) is a collection of virtual machine (VM) instances that you can manage as a single entity.You can make your workloads scalable and highly available by taking advantage of automated MIG services including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating.

To configure your MIGs after deployment:

New VM images for the Apigee Developer Portal Kickstart solutions will be released regularly. Customers can use the steps detailed inUpdating instances in a MIG to replace or restart instances in a MIG to use the latest image.

Enable private IP with VPC Service Controls

To enable a private IP address for your Cloud SQL instance:

Customize the portal code

If customizations are made to the portal code or startup scripts after deployment, those changes must be exported and backed up in Filestore to prevent their loss during any updates to the Apigee Developer Portal Kickstart base image.

For example, if new Drupal modules are installed on a Compute Engine instance, create a backup using the following steps:

  1. Run the/opt/apigee/scripts/export-code.shto export the changes.
  2. The script copies the exported files to the Filestore instance mounted at/mnt/fileshare/portalname/.
  3. Restart the instances in the managed instance group to trigger pick up of the changes across the group. The startup script automatically detects if a code backup exists, loads the changes, fixes file permissions, and applies thesettings.php file.
  4. Update Drupal core and modules usingcomposer update. Apigee updates to the base image only provide OS updates, PHP patches, and NGINX updates. All Drupal core and module updates are managed by the customer and must be applied manually.

To add any customizations to the startup script, create a script at/mnt/fileshare/$PORTAL_NAME/custom-startup-script.sh.

If installing any PHP packages, run theservice supervisor restart command to apply the changes.

Create backups

The creation of regular backups is recommended as a best practice for your Apigee Developer Portal Kickstart solution.For detailed steps, see:

Configure a portal for production usage

To configure your portal for production usage, the following steps are recommended:

Cloud SQL Database
  • Verify or change the machine type of the database
  • Disable the public IP of the database and configure Private IP
  • Enable automated backups of the database
  • Enable high availability for the database
Filestore
  • Enable backups for Filestore
Cloud Load Balancing
  • Enable Cloud CDN to cache static content
  • Add a custom SSL certificate if preferred
Managed Instance Groups
Authentication
  • Remove HTTP Basic Auth access restriction on your site.

    Run the following commands to make your portal site publicly accessible:

    gcloudbetaruntime-configconfigsvariablessetsite_basic_auth/enabled0\--is-text--config-name=PORTAL_NAME--project=GCP_PROJECT_NAME
    gcloudbetacomputeinstance-groupsmanagedrolling-action\replaceINSTANCE_GROUP_ID--region=GCP_REGION\--replacement-method=substitute--project=GCP_PROJECT_NAME

What's next

  • Learn more aboutSupport resources for the Apigee Developer Portal Kickstart solution.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.