Jahia Cloud environment domains and endpoints

February 2, 2022

Jahia is designed to handle hundreds of websites per instance which means that many domain names are resolved by the same Jahia environment. 

Jahia Cloud offers many features aimed at making the DNS management experience easier:

  • Traffic forwarding to Jahia sites based on the public domain being used
  • Live traffic swap between two instances when performing upgrades or maintenance
  • SSL termination and certificate management
  • Domain rewriting with URL rewrite rules

Jahia Cloud endpoints

Public access through the main domain name

Many domains can be configured to target the same Jahia environment. The first step is to configure one or more domain names to point to the relevant Jahia Cloud environment. All incoming traffic first goes through the Jahia Cloud shared load balancers before they are routed to the correct environments.

DNS configuration

In a typical setup, the DNS configuration of public domain names is the CNAME of a given domain, based on the region where your destination environment is hosted. Those given domains are as follows:

Region CNAME
AWS US EAST lb.cloud.jahia.com
AWS IRELAND lb.aws-eu-west-1.j.jahia.com
AZURE US CENTRAL lb.azure.jahia.com

If the domain name you need to bind to Jahia Cloud cannot rely on CNAMEs (because it is a root domain or because of DNS provider limitations),  create an A-type DNS record with all IPs associated to the relevant region:

Region A-type

Note that these IPs are subject to change and must be updated in your DNS configuration on a regular basis. Jahia Cloud customers receive email notifications to schedule these changes when required.

SSL/TLS certificate management

HTTPS endpoints

The following image shows the typical route used to resolve and route traffic to a Jahia Cloud environment.

Jahia Cloud endpoints(2).png

  • Jahia Cloud shared load balancers
    Used to mitigate DDoS attacks and perform an initial HTTPS request validity check. Once checked, the request is routed to the correct Jahia Cloud environment.
  • Dedicated HAProxy
    Lives in the dedicated subnet of the Jahia Cloud organization. HAProxy is primarily used to load balance traffic across all the application servers and to disconnect faulty application servers when detected. HAProxy's configuration is also available to all Jahia Cloud users to upload authentication, security, or URL rewriting rules.
  • Dedicated Jahia environment
    All Jahia Cloud environments are fully dedicated to a single customer and live within the dedicated subnet of an organization.

Public HTTPS access

Public HTTPS access uses the configured public domain pointing to a Jahia Cloud environment, as well as the technical domain provided by default with each environment. No specific configuration is required to enable the public HTTPS endpoint of an environment, but you can configue a basic authentication or a Jahia authentication to filter access.

Direct HTTPS access to nodes for troubleshooting purposes

Two methods are offered: direct node access and proxied node access.

Jahia Cloud endpoints - Individual node access(1).png

Proxied access to a given application server

Proxied access to a given application server (Jahia or jCustomer) goes through the whole network stack (shared load balancer and HAProxy as described in the above graphic) and is subject to HAProxy rules (authentication, security, URL rewriting). It is mainly used for testing or debugging purposes and is ideal for troubleshooting an issue on a specific Jahia or jCustomer node while getting the same experience as public website visitors.

To force a web browser to access a specific application server node, edit the SERVERID cookie of the Jahia or jCustomer website you want to access. The cookie contains a value of the type s<nodeId>. Change the nodeId to the Jahia Cloud nodeId of the application server you need to access directly and save.


You can find the nodeId of an application server under the Node tab of a given environment.


Direct access to a given application server

Direct access to a given application server can be activated temporarily for troubleshooting purpose only. This feature bypasses HAProxy and all the custom rules deployed in it (authentication, security, URL rewrite rules). However, Jahia authentication remains active and all software-protected resources remain private.