Sv translation | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||
The load balancer can be connected to the outside world to allow access to the jtel System from the internet. Connecting the LB to the outside world directly
Connecting the LB to the outside world via a firewallThe following ports should be forwarded to the jtel Load Balancer:
It is highly recommended to install a certificate for your domain on the load balancer. See also Rolle LB - Selbst signiertes Zertifikat and Rolle LB - Zertifikate für Load-Balancer. Note: you can use https only (i.e. open only port 443 in the firewall) if you do not require http access. See below for details of extra configuration required in the load balancer to do this. Connecting the LB to the outside world via a reverse proxyThe preceeding reverse proxy should perform the following tasks:
Note: this configuration must be performed by the administrators of the reverse proxy and depends on the exact reverse proxy used. Addition LB Configuration if only Port 443 is opened (via Firewall or via previous Reverse Proxy)If only port 443 is available to the outside world, then the following must be considered:
Because of redirections which are made in the web application, it is necessary to inform the web server that the redirected URL should refer to https and not http. This is achieved using the X-Forwarded-Proto header in most webservers. Wildfly can do this. However, JBOSS does not do this correctly and so haproxy must be configured to perform this task. JBOSSWhen running JBOSS webservers, add the following to haproxy.cfg in the backend configuration section for jtel_portal and jtel_soap
This is because JBOSS does not process the X-Forwarded-Proto header correctly when redirections are made. WildflyWhen running Wildfly on the webservers, the configuration, make sure the following is in standalone.xml on the http listener:
|
...