You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by GitBox <gi...@apache.org> on 2023/01/10 12:09:33 UTC

[GitHub] [cloudstack-documentation] DaanHoogland commented on a diff in pull request #299: Add documentation regarding SystemVMs load-balancing and SSL-Offloading

DaanHoogland commented on code in PR #299:
URL: https://github.com/apache/cloudstack-documentation/pull/299#discussion_r1065704106


##########
source/adminguide/systemvm.rst:
##########
@@ -372,17 +372,44 @@ are still in default PEM format (no URL encoding needed here).
 After editing the database, please restart management server, and destroy SSVM and CPVM after that,
 so the new SSVM and CPVM with new certificates are created.
 
-Load-balancing Console Proxies
+Load-balancing Console Proxies / Secondary Storage VMs
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 An alternative to using dynamic DNS or creating a range of DNS entries
 as described in the last section would be to create a SSL certificate
 for a specific domain name, configure CloudStack to use that particular
 FQDN, and then configure a load balancer to load balance the console
-proxy's IP address behind the FQDN. As the functionality for this is
+proxy's IP address behind the FQDN. When using a load balancer it is
+also possible to perform SSL-Offloading, so no certificate needs to be
+configured on CloudStack itself. As the functionality for this is
 still new, please see

Review Comment:
   I donĀ“t think this is new anymore:
   ```suggestion
   proxy's IP address behind the FQDN. When using a load balancer it is
   also possible to perform SSL-Offloading, so no certificate needs to be
   configured on CloudStack itself. For further information please see
   ```



##########
source/adminguide/systemvm.rst:
##########
@@ -372,17 +372,44 @@ are still in default PEM format (no URL encoding needed here).
 After editing the database, please restart management server, and destroy SSVM and CPVM after that,
 so the new SSVM and CPVM with new certificates are created.
 
-Load-balancing Console Proxies
+Load-balancing Console Proxies / Secondary Storage VMs
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Review Comment:
   ```suggestion
   Load-balancing Console Proxies / Secondary Storage VMs
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   ```



##########
source/adminguide/systemvm.rst:
##########
@@ -372,17 +372,44 @@ are still in default PEM format (no URL encoding needed here).
 After editing the database, please restart management server, and destroy SSVM and CPVM after that,
 so the new SSVM and CPVM with new certificates are created.
 
-Load-balancing Console Proxies
+Load-balancing Console Proxies / Secondary Storage VMs
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 An alternative to using dynamic DNS or creating a range of DNS entries
 as described in the last section would be to create a SSL certificate
 for a specific domain name, configure CloudStack to use that particular
 FQDN, and then configure a load balancer to load balance the console
-proxy's IP address behind the FQDN. As the functionality for this is
+proxy's IP address behind the FQDN. When using a load balancer it is
+also possible to perform SSL-Offloading, so no certificate needs to be
+configured on CloudStack itself. As the functionality for this is
 still new, please see
 https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes
 for more details.
 
+These ports needed to be configured for load-balancing:
+- 443 to 443 (to CPVM)
+- 8080 to 8080 (to CPVM)
+- 443 to 443 (to SSVM)
+
+SSL-Offloading with Load-balancing for Console Proxies / Secondary Storage VMs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Review Comment:
   ```suggestion
   SSL-Offloading with Load-balancing for Console Proxies / Secondary Storage VMs
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   ```



##########
source/adminguide/systemvm.rst:
##########
@@ -258,7 +258,7 @@ communication with SSL:
 
 -  Set up a SSL wild-card certificate and domain name resolution
 
--  Set up SSL certificate for specific FQDN and configure load-balancer
+-  Set up SSL certificate for specific FQDN and configure load-balancer (with ssl offloading optional)

Review Comment:
   ```suggestion
   -  Set up SSL certificate for specific FQDN and configure a load-balancer with optional ssl offloading.
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org