Creating load balancer endpoints

Each load balancer endpoint specifies a port, a protocol (HTTP or HTTPS), and a service type (S3 or Swift). HTTPS endpoints require a server certificate.

Before you begin

You must have Root Access permission.
You must be signed in to the Grid Manager using a supported browser.
If you have previously remapped ports you intend to use for the Load Balancer service, you must have removed the remaps.
Attention: If you have remapped any ports, you cannot use the same ports to configure load balancer endpoints. You can create endpoints using remapped ports, but those endpoints will be remapped to the original CLB ports and service, not the Load Balancer service. Follow the steps in the recovery and maintenance instructions for removing port remaps.

Steps

Select Configuration > Load Balancer Endpoints.
The Load Balancer Endpoints page appears.
Select Add endpoint.
The Create Endpoint dialog box appears.
Enter a Display name for the endpoint, which will appear in the list on the Load Balancer Endpoints page.
Enter a port number, or leave the pre-filled port number as is.
If you enter port number 80 or 443, the endpoint is configured only on Gateway Nodes, since these ports are reserved on Admin Nodes.
Note: Ports used by other grid services are not permitted. See the installation instructions for StorageGRID for a list of ports used for internal and external communications.
Select the HTTP or HTTPS radio button, and perform the appropriate procedure for configuring either an unsecured or a secured port:
- If you select the HTTP (unsecured port) radio button, complete step 6.
- If you select the HTTPS (secured port) radio button, complete step 7.
For an HTTP (unsecured) endpoint, follow these substeps:
1. After you select HTTP, click Save.
  The Edit Endpoint dialog box appears. The display name of the endpoint is included after "Edit Endpoint" in the title bar of the dialog box.
2. Select the S3 or Swift radio button, and click Save.
  
  The unsecured endpoint is created.
For an HTTPS (secured) endpoint, follow these substeps:
1. After you select HTTPS, click Save.
  The Edit Endpoint dialog box appears. The display name of the endpoint is included after "Edit Endpoint" in the title bar of the dialog box.
2. Select the S3 or Swift radio button.
3. Click Upload Certificate or Generate Certificate.
  - Upload Certificate
    - Browse for a server certificate and a certificate private key.
      To enable S3 clients to connect using an S3 API endpoint domain name, use a multi-domain or wildcard certificate that matches all domain names that the client might use to connect to the grid. For example, the server certificate might use the domain name *.company1.com.
    - Optionally browse for a CA bundle.
    - Click Save.
  - Generate Certificate
    - Enter a domain name or an IP address.
      You can use wildcards to represent the fully qualified domain names of all Admin Nodes and Gateway Nodes running the Load Balancer service. For example, *.sgws.foo.com uses the * wildcard to represent gn1.sgws.foo.com and gn2.sgws.foo.com.
      
      Click to add more domain names or IP addresses. All other fields are optional.
    - If you are using high availability (HA) groups, add the domains and IP addresses of the HA virtual IPs.
    - Optionally, enter an X.509 subject, also referred to as the Distinguished Name (DN), to identify who owns the certificate.
    - Optionally, select the number of days the certificate is valid. The default is 730 days.
    - Click Generate.
      The plain text version of the public certificate appears in the Certificate PEM field.
Click Save.
The endpoint is created. The Load Balancer Endpoints page lists the endpoint's display name (if any), port number, and whether it is an HTTPS endpoint.