Jump to content

[SOLVED] APP VOL certificates with load balancer


D81
Go to solution Solved by vmguru,

Recommended Posts

HI

Im configuring a pair of App Volumes that will work behind a load balancer (F5). 

  • I've installed the firsta app volume without problems
  • I have installed the domain CA certificate on it
  • Later I have created the .CRT and .KEY for the PEM certificates (with OpenSSL)
  • I have copied them on the specific route
  • Finally I have modified the nginx.conf file with the name of the certificates
  • After restarting the server all works fine and I can access to each App vol server with https

However when configuring the load balancer, the customer has provided a SSL certificate for the load balancer url: appvol.mydomain.local

So now Im suposed to configure that certificate on the nginx... how should I do it?

As far as I know the nginx config file can only point to one certificate at time. 

Thanks in advance!

Edited by D81
SOLVED
Link to comment
Share on other sites

  • D81 changed the title to APP VOL certificates with load balancer

A little feedback here...

I have deleted the last certificate on both app volumes and I have created a new one.

The certificate is configured in that way on server Appvol01:

  • CN = appvol01.mydomain.local
  • DNS= appvol01.mydomain.local
  • DNS= appvolbalance.mydomain.local

And the second server will have this certificate:

  • CN = appvol02.mydomain.local
  • DNS= appvol02.mydomain.local
  • DNS= appvolbalance.mydomain.local

 

So if anybody is pointing to the appvol01 it will load and if anybody points to the load balance URL it will point to any of the servers.

Is that config  corrcet on the servers side??

 

Link to comment
Share on other sites

  • Solution

I think you need only one certificate with these properties:

 

  • CN = appvolbalance.mydomain.local
  • DNS= appvol01.mydomain.local
  • DNS= appvolbalance.mydomain.local
  • DNS= appvol02.mydomain.local

br

  • Thanks 1
Link to comment
Share on other sites

1 hour ago, vmguru said:

I think you need only one certificate with these properties:

 

  • CN = appvolbalance.mydomain.local
  • DNS= appvol01.mydomain.local
  • DNS= appvolbalance.mydomain.local
  • DNS= appvol02.mydomain.local

br

We have something like this. So one certificate for both/multiple servers.

  • Like 1

Senior Engineer (SDDC, EUC, DBA, Applications) at the Netherlands Cancer Institute - Antoni van Leeuwenhoek Hospital (NKI-AVL)
 

Link to comment
Share on other sites

  • D81 changed the title to [SOLVED] APP VOL certificates with load balancer
3 hours ago, D81 said:

OK we will thest it that way!

By the way, the order of the DNS is relevant?


EDIT: it works!!! thanks!!

Good that is works.

Not sure if the order is relevant, but we tend to use the LB adderss as the main (CN) and the LB and server adresses as alternate (DNS)

  • Like 1

Senior Engineer (SDDC, EUC, DBA, Applications) at the Netherlands Cancer Institute - Antoni van Leeuwenhoek Hospital (NKI-AVL)
 

Link to comment
Share on other sites

8 minutes ago, Robin Harmsen said:

Good that is works.

Not sure if the order is relevant, but we tend to use the LB adderss as the main (CN) and the LB and server adresses as alternate (DNS)

OK thanks! I assume the connection servers should be configured in that way too

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...