| Jamie Hannaford | 276a032 | 2014-11-06 14:26:12 +0100 | [diff] [blame] | 1 | /* |
| Jamie Hannaford | 249bb62 | 2014-11-07 12:11:26 +0100 | [diff] [blame] | 2 | Package ssl provides information and interaction with the SSL Termination |
| Jamie Hannaford | 276a032 | 2014-11-06 14:26:12 +0100 | [diff] [blame] | 3 | feature of the Rackspace Cloud Load Balancer service. |
| 4 | |
| 5 | You may only enable and configure SSL termination on load balancers with |
| 6 | non-secure protocols, such as HTTP, but not HTTPS. |
| 7 | |
| 8 | SSL-terminated load balancers decrypt the traffic at the traffic manager and |
| 9 | pass unencrypted traffic to the back-end node. Because of this, the customer's |
| 10 | back-end nodes don't know what protocol the client requested. For this reason, |
| 11 | the X-Forwarded-Proto (XFP) header has been added for identifying the |
| 12 | originating protocol of an HTTP request as "http" or "https" depending on what |
| 13 | protocol the client requested. |
| 14 | |
| 15 | Not every service returns certificates in the proper order. Please verify that |
| 16 | your chain of certificates matches that of walking up the chain from the domain |
| 17 | to the CA root. |
| 18 | |
| 19 | If used for HTTP to HTTPS redirection, the LoadBalancer's securePort attribute |
| Jamie Hannaford | 227d959 | 2014-11-13 10:32:07 +0100 | [diff] [blame] | 20 | must be set to 443, and its secureTrafficOnly attribute must be true. |
| Jamie Hannaford | 276a032 | 2014-11-06 14:26:12 +0100 | [diff] [blame] | 21 | */ |
| Jamie Hannaford | 249bb62 | 2014-11-07 12:11:26 +0100 | [diff] [blame] | 22 | package ssl |