Package org.jclouds.rackspace.cloudloadbalancers.v1.domain

Class SSLTermination

  • public class SSLTermination
extends Object
    The SSL Termination feature allows a load balancer user to terminate SSL traffic at the load balancer layer versus at the web server layer. A user may choose to configure SSL Termination using a key and an SSL certificate or an (Intermediate) SSL certificate.

    When SSL Termination is configured on a load balancer, a secure shadow server is created that listens only for secure traffic on a user-specified port. This shadow server is only visible to and manageable by the system. Existing or updated attributes on a load balancer with SSL Termination will also apply to its shadow server. For example, if Connection Logging is enabled on an SSL load balancer, it will also be enabled on the shadow server and Cloud Files logs will contain log files for both.

    Notes

    1. SSL Termination may only be configured on load balancers with non-secure protocols. For example, SSL Termination can be applied to an HTTP load balancer, but not to an HTTPS load balancer.
    2. SSL-terminated load balancers decrypt the traffic at the traffic manager and pass unencrypted traffic to the back-end node. Because of this, the customer's back-end nodes don't know what protocol the client requested. Therefore the X-Forwarded-Proto (XFP) header has been added for identifying the originating protocol of an HTTP request as "http" or "https" depending on what protocol the client requested.
    3. Not every service will return certificates in the proper order. Please verify that your chain of certificates matches that of walking up the chain from the domain to the CA root.
    Warning
    1. If SSL is enabled on a load balancer that is configured with nodes that are NOT in the same datacenter, then decrypted traffic will be sent in clear text over the public internet to the external node(s) and will no longer be secure.
    Optional SSL Attributes
    Optional SSL Attributes Non-SSL Traffic SSL Traffic
    enabled = true (default) Yes Yes
    enabled = false Yes No
    secureTrafficOnly = true No Yes
    secureTrafficOnly = false (default) Yes Yes

    enabled = true

    secureTrafficOnly = true

    		 No Yes

    enabled = true

    secureTrafficOnly = false

    		 Yes Yes

    enabled = false

    secureTrafficOnly = false

    		 Yes No

    enabled = false

    secureTrafficOnly = true

    		 Yes No

    • Constructor Detail

      • SSLTermination

        @ConstructorProperties({"enabled","secureTrafficOnly","securePort","certificate","privatekey","intermediateCertificate"})
protected SSLTermination​(boolean enabled,
                         boolean secureTrafficOnly,
                         int securePort,
                         String certificate,
                         String privateKey,
                         String intermediateCertificate)

    • Method Detail

      • getEnabled

        public boolean getEnabled()

      • getSecureTrafficOnly

        public boolean getSecureTrafficOnly()

      • getSecurePort

        public int getSecurePort()

      • getCertificate

        public com.google.common.base.Optional<String> getCertificate()

      • getPrivateKey

        public com.google.common.base.Optional<String> getPrivateKey()

      • getIntermediateCertificate

        public com.google.common.base.Optional<String> getIntermediateCertificate()

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • string

        protected com.google.common.base.MoreObjects.ToStringHelper string()