DaanHoogland commented on code in PR #299: URL: https://github.com/apache/cloudstack-documentation/pull/299#discussion_r1065736042
########## source/adminguide/systemvm.rst: ########## @@ -372,17 +372,43 @@ are still in default PEM format (no URL encoding needed here). After editing the database, please restart management server, and destroy SSVM and CPVM after that, so the new SSVM and CPVM with new certificates are created. -Load-balancing Console Proxies -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Load-balancing Console Proxies / Secondary Storage VMs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An alternative to using dynamic DNS or creating a range of DNS entries as described in the last section would be to create a SSL certificate for a specific domain name, configure CloudStack to use that particular FQDN, and then configure a load balancer to load balance the console -proxy's IP address behind the FQDN. As the functionality for this is -still new, please see +proxy's IP address behind the FQDN. When using a load balancer it is +also possible to perform SSL-Offloading, so no certificate needs to be +configured on CloudStack itself. For further information please see https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes for more details. +These ports needed to be configured for load-balancing: +- 443 to 443 (to CPVM) +- 8080 to 8080 (to CPVM) +- 443 to 443 (to SSVM) + +SSL-Offloading with Load-balancing for Console Proxies / Secondary Storage VMs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To implement SSL-Offloading you need 2 public IP addresses (one for Console Proxy and one for Secondary Storage VM) which +each of them resolve to a different FQDN and terminate at the load balancer. Also 3 global settings need to be edited. +- The setting ‘consoleproxy.url.domain’ to the FQDN used by the certificate (For example: cpvm.company.com) +- The setting ‘secstorage.ssl.cert.domain’ to the FQDN used by the cerrificate (For example: ssvm.company.com) +- The setting ‘secstorage.encrypt.copy’ to true Review Comment: ```suggestion each of them resolve to a different FQDN and terminate at the load balancer. Also 3 global settings need to be edited. - The setting ‘consoleproxy.url.domain’ to the FQDN used by the certificate (For example: cpvm.company.com) - The setting ‘secstorage.ssl.cert.domain’ to the FQDN used by the cerrificate (For example: ssvm.company.com) - The setting ‘secstorage.encrypt.copy’ to true ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
