DocsICP FilingConsole
官方文档
首页

Deploy portal

更新时间:
复制 MD 格式
产品详情
我的收藏

The developer portal is a self-service site on the Open Platform for external developers. This document describes how to deploy the portal service in SAE, ACK, and a local Docker environment to quickly set up a production-ready or dev/test developer portal.

Comparison of deployment options

The portal service supports the following deployment options. Choose the option that best fits your scenario:

Deployment option

Use case

Description

SAE

Recommended for production environments

Fully managed Serverless App Engine with auto scaling.

ACK

Large-scale production environments

Container Service for Kubernetes. Suitable for complex orchestration needs.

Local Docker

Development and testing

Quick local verification. Not for production use.

Deploy in SAE (recommended)

Alibaba Cloud Serverless App Engine (SAE) is the recommended method for deploying the portal service. It is fully managed, provides auto scaling, and uses a pay-as-you-go billing model.

Prerequisites

Ensure that:

  1. You have activated SAE and created a namespace.

  2. You have created a portal instance on the Open Platform console and obtained its portal ID.

Note

The portal service uses a fixed image address, provided below, which you can enter directly during deployment.

Create an application

  1. Log on to the Alibaba Cloud SAE console.

  2. On the Application Management page, click Create Application.

  3. Enter the basic information:

    • Application Name: Use the portal name for easy identification.

    • Description: Briefly describe the application's purpose.

    • Namespace: Select the namespace you created.

  4. Select the deployment method:

    • Deployment Method: Select Image Deployment.

    • Image Address: Enter opensource-registry.cn-hangzhou.cr.aliyuncs.com/higress-group/himarket-portal:latest.

  5. Configure the instance specification (as needed):

    • vCPU: Use 0.5 vCPU or higher.

    • Memory: Use 1 GiB or more.

    • Number of instances: Set based on your traffic, with a minimum of one instance.

Configure environment variables

In the application settings, add the following required environment variables.

Core configuration

Environment variable

Description

Example

POP_GATEWAY_URL

The API Gateway OpenAPI endpoint.
Public network: https://apig.{regionId}.aliyuncs.com
Internal network: https://apig-vpc.{regionId}.aliyuncs.com

https://apig.cn-hangzhou.aliyuncs.com

POP_REGION_ID

The region ID where the portal service is deployed.

cn-hangzhou

PORTAL_ID

The ID of the portal instance created on the Open Platform console.

portal-xxx

Authentication configuration (choose one)

The portal service requires authentication credentials to access Alibaba Cloud OpenAPI. SAE supports two methods: RRSA OIDC and AccessKey. We recommend using RRSA OIDC for higher security.

Method 1: RRSA OIDC (recommended, SAE-only)

Enable the RRSA OIDC feature when you configure the application. This method automatically obtains temporary credentials by using an OIDC token, eliminating the need to store AccessKey credentials as environment variables. This approach is more secure. For more information about how to configure RRSA OIDC in SAE, see Configure the identity authentication service feature (invitational preview).

Note

RRSA OIDC is a feature exclusive to SAE and is not supported in ACK environments.

Method 2: AccessKey authentication

If you cannot use RRSA OIDC, or if you are deploying in an ACK environment, you can configure the AccessKey of a RAM user in the environment variables.

Environment variable

Description

Example

ALIYUN_ACCESS_KEY_ID

The AccessKey ID of the RAM user.

LTAxxx

ALIYUN_ACCESS_KEY_SECRET

The AccessKey secret of the RAM user.

3f98xxx

Important

When you use AccessKey authentication, ensure that:

  • You use the AccessKey ID and secret of a RAM user, not the credentials of your root account.

  • The RAM user has the RAM permission policy described below.

Configure RAM permissions

The portal service accesses Alibaba Cloud API Gateway resources. Grant the following permissions to the RAM user.

System policy

  • AliyunAPIGReadOnlyAccess: Read-only permissions for Alibaba Cloud API Gateway resources.

Custom policy

Because the portal service manages consumers, you must also add the following custom policy:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "apig:*Consumer*"
      ],
      "Resource": "*"
    }
  ]
}

Configure application access

After deploying the application, configure an access endpoint to allow external users to access the portal service.

Method 1: Access through API Gateway (recommended)

We recommend using Alibaba Cloud API Gateway as a unified access layer for the portal service. This provides capabilities such as traffic control, security protection, monitoring and alerting, and log auditing.

  1. Log on to the Alibaba Cloud API Gateway console and activate the service.

  2. Create a service of the SAE type and select the deployed portal application as its backend.

  3. Create an HTTP API and configure routing rules (for example, forward requests from the /* path to port 8000 of the portal service).

  4. Use the endpoint address generated by API Gateway to access the portal.

Method 2: Access through load balancer

If you do not need the advanced features of API Gateway, you can also expose the service directly through a load balancer.

  1. Go to the application details page on the SAE console.

  2. Click Add Access Method.

  3. Select a load balancer type, either NLB or CLB.

  4. Configure the listener port:

    • Protocol: TCP

    • Container Port: 8000 (the portal service default port)

  5. After you save the configuration, the system assigns an access address. Use this address to access the portal.

Verify deployment

After completing the configuration, start the application and verify the deployment:

  1. On the SAE console, check the application instance status to confirm that it is running.

  2. Use the configured access address to open the portal's home page and confirm that it loads correctly.

  3. Test key features such as developer registration, sign-in, and browsing API products.

Deploy in ACK

For large-scale production environments that require more complex orchestration capabilities, you can deploy the portal in Alibaba Cloud Container Service for Kubernetes (ACK).

Deployment overview

  1. Prepare Kubernetes YAML manifests, including resources such as a Deployment and a Service.

  2. Use a ConfigMap to store environment variables such as POP_GATEWAY_URL, POP_REGION_ID, and PORTAL_ID.

  3. Use a Secret to store ALIYUN_ACCESS_KEY_ID and ALIYUN_ACCESS_KEY_SECRET.

  4. Configure an access method. We recommend using API Gateway, but you can also configure an Ingress or a load balancer (SLB) to expose the service.

Recommended access method

Similar to the SAE deployment, we recommend using Alibaba Cloud API Gateway as the unified access layer for the portal service in an ACK environment.

  1. On the API Gateway console, create a container-type service.

  2. Create an HTTP API and configure its routing rules.

  3. Use the API Gateway access endpoint to access the portal and use features such as traffic control and security protection.

Deploy locally with Docker

Use this method for quick validation in development and testing environments.

Run command

docker run -d \
  --name portal \
  -p 8000:8000 \
  -e POP_GATEWAY_URL=https://apig.cn-hangzhou.aliyuncs.com \
  -e POP_REGION_ID=cn-hangzhou \
  -e PORTAL_ID=portal-xxx \
  -e ALIYUN_ACCESS_KEY_ID=LTAxxx \
  -e ALIYUN_ACCESS_KEY_SECRET=3f98xxx \
  opensource-registry.cn-hangzhou.cr.aliyuncs.com/higress-group/himarket-portal:latest

After the container starts, access the portal at http://localhost:8000. You can change the port as needed.

Previous:Create a portalNext:Developer guide