Creating load balancer endpoints

Each load balancer endpoint specifies a port, a protocol (HTTP or HTTPS), and a service type (S3 or Swift). HTTPS endpoints require a server certificate.

Before you begin

Steps

  1. Select Configuration > Load Balancer Endpoints.
    The Load Balancer Endpoints page appears.
    load balancer endpoints
  2. Select Add endpoint.
    The Create Endpoint dialog box appears.
    Create LB Endpoint
  3. Enter a Display name for the endpoint, which will appear in the list on the Load Balancer Endpoints page.
  4. Enter a port number, or leave the pre-filled port number as is.
    If you enter port number 80 or 443, the endpoint is configured only on Gateway Nodes, since these ports are reserved on Admin Nodes.
    Note: Ports used by other grid services are not permitted. See the installation instructions for StorageGRID for a list of ports used for internal and external communications.
  5. Select the HTTP or HTTPS radio button, and perform the appropriate procedure for configuring either an unsecured or a secured port:
    • If you select the HTTP (unsecured port) radio button, complete step 6.
    • If you select the HTTPS (secured port) radio button, complete step 7.
  6. For an HTTP (unsecured) endpoint, follow these substeps:
    1. After you select HTTP, click Save.
      The Edit Endpoint dialog box appears. The display name of the endpoint is included after "Edit Endpoint" in the title bar of the dialog box.
    2. Select the S3 or Swift radio button, and click Save.

      Load Balancer Client
      The unsecured endpoint is created.
  7. For an HTTPS (secured) endpoint, follow these substeps:
    1. After you select HTTPS, click Save.
      The Edit Endpoint dialog box appears. The display name of the endpoint is included after "Edit Endpoint" in the title bar of the dialog box.


      Edit HTTPS Endpoint

    2. Select the S3 or Swift radio button.
    3. Click Upload Certificate or Generate Certificate.
      • Upload Certificate
        • Browse for a server certificate and a certificate private key.

          To enable S3 clients to connect using an S3 API endpoint domain name, use a multi-domain or wildcard certificate that matches all domain names that the client might use to connect to the grid. For example, the server certificate might use the domain name *.company1.com.

        • Optionally browse for a CA bundle.
        • Click Save.

        Upload Cert
      • Generate Certificate
        • Enter a domain name or an IP address.

          You can use wildcards to represent the fully qualified domain names of all Admin Nodes and Gateway Nodes running the Load Balancer service. For example, *.sgws.foo.com uses the * wildcard to represent gn1.sgws.foo.com and gn2.sgws.foo.com.

          Click Plus Sign to add more domain names or IP addresses. All other fields are optional.

        • If you are using high availability (HA) groups, add the domains and IP addresses of the HA virtual IPs.
        • Optionally, enter an X.509 subject, also referred to as the Distinguished Name (DN), to identify who owns the certificate.
        • Optionally, select the number of days the certificate is valid. The default is 730 days.
        • Click Generate.

          The plain text version of the public certificate appears in the Certificate PEM field.


        Generate Cert
  8. Click Save.
    The endpoint is created. The Load Balancer Endpoints page lists the endpoint's display name (if any), port number, and whether it is an HTTPS endpoint.