Skip to main content

Configuring SSL on Load Balancer

Configuring SSL termination at the load balancer, which is required, involves configuring your load balancer pool with your SSL certificate information and the addresses of your web app nodes, then ensuring your JiveURL property matches the load balancer.

This procedure describes how to configure SSL termination at the load balancer, which is required to effectively secure your installation. Running the Jive site behind a load balancer allows you to operate your Jive web application nodes on a separate, non-public network. For this reason, most customers find it sufficient to terminate SSL at the load balancer and proxy HTTP connections to the web application nodes.

However, if you want to establish SSL encryption between the load balancer and each web application node, additional configuration is necessary. For information on how to configure SSL encryption between your load balancer and web application nodes, see the section below.

Note: To ensure consistent results, you should enable SSL for your UAT environment as well as your production instance of Jive. To properly test and implement SSL, you need certificates for community.yourdomain.com (Production) as well as community-uat.yourdomain.com and apps.community-uat.yourdomain.com (UAT).

If you're a hosted customer, you can contact Support instead of using the steps below to apply the certificates. For more information about Apps subdomain security, see Creating secure subdomains for apps.

To configure SSL termination at the load balancer:

  1. Configure your load balancer pool to use the SSL certificates you've acquired for your sites.

  2. Create a DNS record for each domain that resolves to your load balancer pool's IP address.

  3. Add all of your site's web application node addresses and ports to the balancer pool. For example, add:

    http://myapp-wa01.internal.mycompany.com:8080
    http://myapp-wa02.internal.mycompany.com:8080
    http://myapp-wa03.internal.mycompany.com:8080

  4. On each of the web application nodes, set the required proxy-related properties and restart. For example:

    jive set webapp.http_proxy_name community.mycompany.com
    jive set webapp.http_proxy_port 443
    jive set webapp.http_proxy_scheme https

  5. Make sure that the jiveURL property in Jive's core database is set to the address of the load balancer by going to System > Management > System Properties and checking the setting of the jiveURL system property.

  6. Restart Jive on all the web application nodes.

Configuring SSL between load balancer and web app nodes

Configuring SSL encryption between your load balancer and each web application node is not required, but if you plan to do it, you need to acquire an SSL certificate for each node.

To set up SSL encryption to each node:

  1. On each web application node, enable SSL by assigning the following startup properties:

    jive set httpd.ssl_enabled True
    jive set httpd.ssl_certificate_file /path/to/your/crt/file
    jive set httpd.ssl_certificate_key_file /path/to/your/key/file

  2. Change your load balancer pool's members to reflect the new SSL port. For example:

    https://myapp-wa01.internal.mycompany.com:8443
    https://myapp-wa02.internal.mycompany.com:8443
    https://myapp-wa03.internal.mycompany.com:8443

  3. Restart httpd on all the web application nodes.

Related

Operations cookbook