Administering the Platform / Operations Cookbook
Parent topic: Operations Cookbook

Configuring SSL on the Load Balancer

Configuring SSL termination at the load balancer, which is required, involves configuring your load balancer pool with your SSL certificate information and the addresses of your web app nodes, then ensuring your JiveURL property matches the load balancer.

This procedure describes how to configure SSL termination at the load balancer, which is required to effectively secure your installation. Running the Jive site behind a load balancer allows you to operate your Jive web application nodes on a separate, non-public network. For this reason most customers will find it sufficient to terminate SSL at the load balancer and proxy http connections to the web application nodes. If you want to also configure SSL encryption between your load balancer and each web application node, go here.

Note: To ensure consistent results, you should enable SSL for your UAT environment as well as your production instance of Jive. The Apps Market requires an additional domain. To properly test and implement SSL, then, if you use Apps, you'll need certificates for community.yourdomain.com and apps.community.yourdomain.com (Production) as well as community-uat.yourdomain.com and apps.community-uat.yourdomain.com (UAT). To secure these domains, you should purchase two Multiple Domain UC certificates with SAN entries for the Apps domain. If you're a hosted customer, you can contact Support instead of using the steps below to apply the certificates. You can find more information about Apps subdomain security here.

To configure SSL termination at the load balancer:

  1. Configure your load balancer pool to use the SSL certificates you've acquired for your sites.
  2. Create a DNS record for each domain that resolves to your load balancer pool's IP address.
  3. Add all of your site's web application node addresses and ports to the balancer pool. For example, add: 
    http://myapp-wa01.internal.mycompany.com:8080
    http://myapp-wa02.internal.mycompany.com:8080
    http://myapp-wa03.internal.mycompany.com:8080
  4. On each of the webapp nodes, set the required proxy-related properties and restart. For example: 
    jive set webapp.http_proxy_name community.mycompany.com
    jive set webapp.http_proxy_port 443
    jive set webapp.http_proxy_scheme https
  5. Make sure that the jiveURL property in Jive's core database is set to the address of the load balancer by going to System > Management > System Propertiesand checking the setting of the JiveURL system property.
  6. Restart Jive on all the web application nodes.
Parent topic: Operations Cookbook

Powered by Jive Software
© 1999-2018 Jive Software. All rights reserved. Follow us on Twitter @JiveSoftware