Written by The Jahia Team
 
Marketers
   Estimated reading time:

Jahia DNS management overview

Jahia is designed to handle hundred websites per instance, which means that many domain names will end up being resolved by the same Jahia environment. 

Jahia Cloud offers many features aimed at making the DNS management experience easier:

  • Traffic forwarding to Jahia sites based on the public domain being used
  • Live traffic swap between two instances when performing upgrades or maintenance
  • SSL termination and certificate management
  • Domain rewriting with URL rewrite rules

Jahia Cloud Endpoints

Public access via the main domain name

Many domains can be configured to target the same Jahia environment. The first step is to configure one or several domain names to point to the relevant Jahia Cloud environment. All public accesses will first go through the Jahia Cloud shared load balancers before being routed to the right environments.

DNS configuration

In a typical setup the DNS configuration of public domain names will be a CNAME of a given domain, based on the region where your destination environment is hosted. Those given domains are as follows:

AWS US EAST lb.cloud.jahia.com
AWS IRELAND lb.aws-eu-west-1.j.jahia.com
AZURE US CENTRAL lb.azure.jahia.com

In case the domain name you need to bind to Jahia Cloud cannot rely on CNAMEs (because it is a root domain or because of DNS provider limitations),  create an A-type DNS record with all IPs associated to the relevant region:

AWS US EAST 34.198.249.113
18.209.144.191
18.235.143.165
18.213.84.67
AWS IRELAND 108.129.28.77
52.213.233.197
AZURE US CENTRAL 40.67.182.152
40.67.182.137
40.67.169.186
40.67.170.75

Please note that these IPs are subject to change and will need to be updated in your DNS configuration on a regular basis. Jahia Cloud customers receive email notifications to schedule these changes when required.

HTTPS endpoints

The following graphic shows the typical route used to resolve and route traffic to a Jahia Cloud environment:

Jahia Cloud endpoints(2).png

  • Jahia Cloud shared load balancers: used to mitigate DDoS attacks and performs an initial HTTPS request validity check. Once checked, the request is routed to the right Jahia Cloud environment
  • Dedicated HAProxy: lives in the dedicated subnet of the Jahia Cloud organization. HAProxy is primarily used to load balance traffic across all the application servers, and to disconnect faulty application servers when detected. HAProxy's configuration is also available to all Jahia Cloud users to upload authentication, security or URL rewriting rules.
  • Dedicated Jahia: all Jahia Cloud environments are fully dedicated to one customer and live within the dedicated subnet of an organization.

Public HTTPS access

Public HTTPS accesses use the configured public domain pointing to a Jahia Cloud environment, as well as the technical domain provided by default with each environment. No specific configuration is required to enable the public HTTPS endpoint of an environment, but a basic authentication or a Jahia authentication can be configured to filter the access.

 

Direct HTTPS access to nodes for troubleshooting purposes

Two methods are offered: direct node access and proxied node access.

Jahia Cloud endpoints - Individual node access(1).png

Proxied access to a given application server

A proxied access to a given application server (Jahia or jCustomer) goes through the whole network stack (shared load balancer and haproxy as described in the above graphic) and is subjected to the haproxy rules (authentication, security, URL rewriting). It is mainly used for testing or debugging purposes and is ideal to troubleshoot an issue on a specific Jahia or jCustomer node while getting the same experience as public website visitors.

To force a web browser to access a specific application server node, edit the JSESSSIONID cookie of the Jahia or jCustomer website you want to access. The cookie will contain a value of the type s<nodeId>~<TomcatSessionID>. Change the nodeId to the Jahia Cloud nodeId  of the application server you need to access directly and save.

 

cookie_edit.png

The nodeId of an application server can be found under the tab "Nodes" of a given environment:

get_node_id.png

Direct access to a given application server

Direct access to a given application server can be activated temporarily for troubleshooting purpose only. This feature will bypass HAProxy and all the custom rules deployed in it (authentication, security, URL rewrite rules). However, the Jahia authentication will remain active and all software-protected resource will remain private.

direct_access.png