Creating load balancer endpoints

Each load balancer endpoint specifies a port, a network protocol (HTTP or HTTPS), and a service type (S3 or Swift). If you create an HTTPS endpoint, you must upload or generate a server certificate.

Before you begin

Procedure

  1. Select Configuration > Network Settings > Load Balancer Endpoints.
    The Load Balancer Endpoints page appears.
    load balancer endpoints
  2. Select Add endpoint.
    The Create Endpoint dialog box appears.
    Create LB Endpoint
  3. Enter a display name for the endpoint, which will appear in the list on the Load Balancer Endpoints page.
  4. Enter a port number, or leave the pre-filled port number as is.
    If you enter port number 80 or 443, the endpoint is configured only on Gateway Nodes, since these ports are reserved on Admin Nodes.
    Note: Ports used by other grid services are not permitted. See the networking guidelines for a list of ports used for internal and external communications.
  5. Select HTTP or HTTPS to specify the network protocol for this endpoint.
  6. Select an endpoint binding mode.
    • Global (default): The endpoint is accessible on all Gateway Nodes and Admin Nodes on the specified port number.
      Endpoint Global Binding Mode
    • HA Group VIPs: The endpoint is accessible only through the virtual IP addresses defined for the selected HA groups. Endpoints defined in this mode can reuse the same port number, as long as the HA groups defined by those endpoints do not overlap with each other.

      Select the HA groups with the virtual IP addresses where you want the endpoint to appear.


      Endpoint HA Group VIPs Binding Mode
    • Node Interfaces: The endpoint is accessible only on the designated nodes and network interfaces. Endpoints defined in this mode can reuse the same port number as long as those interfaces do not overlap with each other.

      Select the node interfaces where you want the endpoint to appear.


      Endpoint Node Interfaces Binding Mode
  7. Select Save.
    The Edit Endpoint dialog box appears.
  8. Select S3 or Swift to specify the type of traffic this endpoint will serve.

    Load Balancer Client
  9. If you selected HTTP, select Save.
    The unsecured endpoint is created. The table on the Load Balancer Endpoints page lists the endpoint's display name, port number, protocol, and endpoint ID.
  10. If you selected HTTPS and you want to upload a certificate, select Upload Certificate.

    Upload Cert
    1. Browse for the server certificate and the certificate private key.
      To enable S3 clients to connect using an S3 API endpoint domain name, use a multi-domain or wildcard certificate that matches all domain names that the client might use to connect to the grid. For example, the server certificate might use the domain name *.example.com.

      Configuring S3 API endpoint domain names

    2. Optionally browse for a CA bundle.
    3. Select Save.
      The PEM-encoded certificate data for the endpoint appears.
  11. If you selected HTTPS and you want to generate a certificate, select Generate Certificate.

    Generate Cert
    1. Enter a domain name or an IP address.
      You can use wildcards to represent the fully qualified domain names of all Admin Nodes and Gateway Nodes running the Load Balancer service. For example, *.sgws.foo.com uses the * wildcard to represent gn1.sgws.foo.com and gn2.sgws.foo.com.

      Configuring S3 API endpoint domain names

    2. Select Plus Sign to add any other domain names or IP addresses.
      If you are using high availability (HA) groups, add the domain names and IP addresses of the HA virtual IPs.
    3. Optionally, enter an X.509 subject, also referred to as the Distinguished Name (DN), to identify who owns the certificate.
    4. Optionally, select the number of days the certificate is valid. The default is 730 days.
    5. Select Generate.
      The certificate metadata and the PEM-encoded certificate data for the endpoint appear.
  12. Click Save.
    The endpoint is created. The table on the Load Balancer Endpoints page lists the endpoint's display name, port number, protocol, and endpoint ID.