Package org.jclouds.rackspace.cloudloadbalancers.v1.features

Interface SSLTerminationApi

  • public interface SSLTerminationApi
    The SSL Termination feature allows a load balancer user to terminate SSL traffic at the load balancer layer versus at the web server layer. A user may choose to configure SSL Termination using a key and an SSL certificate or an (Intermediate) SSL certificate.

    When SSL Termination is configured on a load balancer, a secure shadow server is created that listens only for secure traffic on a user-specified port. This shadow server is only visible to and manageable by the system. Existing or updated attributes on a load balancer with SSL Termination will also apply to its shadow server. For example, if Connection Logging is enabled on an SSL load balancer, it will also be enabled on the shadow server and Cloud Files logs will contain log files for both.

    Notes

    1. SSL Termination may only be configured on load balancers with non-secure protocols. For example, SSL Termination can be applied to an HTTP load balancer, but not to an HTTPS load balancer.
    2. SSL-terminated load balancers decrypt the traffic at the traffic manager and pass unencrypted traffic to the back-end node. Because of this, the customer's back-end nodes don't know what protocol the client requested. Therefore the X-Forwarded-Proto (XFP) header has been added for identifying the originating protocol of an HTTP request as "http" or "https" depending on what protocol the client requested.
    3. Not every service will return certificates in the proper order. Please verify that your chain of certificates matches that of walking up the chain from the domain to the CA root.
    Warning
    1. If SSL is enabled on a load balancer that is configured with nodes that are NOT in the same datacenter, then decrypted traffic will be sent in clear text over the public internet to the external node(s) and will no longer be secure.

    • Method Detail

      • createOrUpdate

        @Named("ssltermination:create")
@PUT
@Consumes("application/json")
@Path("/ssltermination")
void createOrUpdate​(SSLTermination sslTermination)
        Create or update SSL termination.

        The following attributes may be updated without overwriting a load balancer's existing SSL certificate and key specifications:
        • enabled
        • secureTrafficOnly
        • securePort
        These configurable attributes must be provided (individually or grouped) in a request without specifying any certificate/key combination if a user does not want the system to overwrite the existing SSL certificate/key configuration.

        If a user wants to replace the existing SSL configuration, a new certificate, privatekey, and securePort combination must be provided instead of, or in addition to, the optional/editable attributes.

      • get

        @Named("ssltermination:get")
@GET
@Consumes("application/json")
@Path("/ssltermination")
SSLTermination get()
        Get SSL termination info.

      • delete

        @Named("ssltermination:delete")
@DELETE
@Path("/ssltermination")
@Consumes("*/*")
boolean delete()
        Delete SSL termination.
        Returns:
        true on a successful delete, false if the SSL termination was not found