Jahia Cloud environment domains and endpoints
Jahia is designed to handle hundreds of websites per instance which means that many domain names are resolved by the same Jahia environment.
Jahia Cloud offers many features aimed at making the DNS management experience easier:
- Traffic forwarding to Jahia sites based on the public domain being used
- Live traffic swap between two instances when performing upgrades or maintenance
- SSL termination and certificate management
- Domain rewriting with URL rewrite rules
Jahia Cloud endpoints
Public access through the main domain name
Many domains can be configured to target the same Jahia environment. The first step is to configure one or more domain names to point to the relevant Jahia Cloud environment. All incoming traffic first goes through the Jahia Cloud shared load balancers before they are routed to the correct environments.
In a typical setup, the DNS configuration of public domain names is the CNAME of a given domain, based on the region where your destination environment is hosted. Those given domains are as follows:
|AWS US EAST||lb.cloud.jahia.com|
|AZURE US CENTRAL||lb.azure.jahia.com|
If the domain name you need to bind to Jahia Cloud cannot rely on CNAMEs (because it is a root domain or because of DNS provider limitations), create an A-type DNS record with all IPs associated to the relevant region:
|AWS US EAST||220.127.116.11
|AZURE US CENTRAL||18.104.22.168
Note that these IPs are subject to change and must be updated in your DNS configuration on a regular basis. Jahia Cloud customers receive email notifications to schedule these changes when required.
SSL/TLS certificate management
The following image shows the typical route used to resolve and route traffic to a Jahia Cloud environment.
- Jahia Cloud shared load balancers
Used to mitigate DDoS attacks and perform an initial HTTPS request validity check. Once checked, the request is routed to the correct Jahia Cloud environment.
- Dedicated HAProxy
Lives in the dedicated subnet of the Jahia Cloud organization. HAProxy is primarily used to load balance traffic across all the application servers and to disconnect faulty application servers when detected. HAProxy's configuration is also available to all Jahia Cloud users to upload authentication, security, or URL rewriting rules.
- Dedicated Jahia environment
All Jahia Cloud environments are fully dedicated to a single customer and live within the dedicated subnet of an organization.
Public HTTPS access
Public HTTPS access uses the configured public domain pointing to a Jahia Cloud environment, as well as the technical domain provided by default with each environment. No specific configuration is required to enable the public HTTPS endpoint of an environment, but you can configue a basic authentication or a Jahia authentication to filter access.
Direct HTTPS access to nodes for troubleshooting purposes
Two methods are offered: direct node access and proxied node access.
Proxied access to a given application server
Proxied access to a given application server (Jahia or jCustomer) goes through the whole network stack (shared load balancer and HAProxy as described in the above graphic) and is subject to HAProxy rules (authentication, security, URL rewriting). It is mainly used for testing or debugging purposes and is ideal for troubleshooting an issue on a specific Jahia or jCustomer node while getting the same experience as public website visitors.
To force a web browser to access a specific application server node, edit the SERVERID cookie of the Jahia or jCustomer website you want to access. The cookie contains a value of the type
s<nodeId>. Change the nodeId to the Jahia Cloud nodeId of the application server you need to access directly and save.
You can find the nodeId of an application server under the Node tab of a given environment.
Direct access to a given application server
Direct access to a given application server can be activated temporarily for troubleshooting purpose only. This feature bypasses HAProxy and all the custom rules deployed in it (authentication, security, URL rewrite rules). However, Jahia authentication remains active and all software-protected resources remain private.