Hi All,
Lots in here, but i'm really hoping someone can help out!
If you know the answers to some of this but not all, please still shout :)
I'm trying to understand how we should be configuring DNS for our cloud foundry V2 installation as currently it doesn't 'feel right'.
I'm sure i'm missing something key somewhere.
Current situation:
- We have the following defined URL's in our CF deployment manifest (obviously lots removed, just left the bits to give context to the URL's).
name: cpg-cf-138
releases:
- name: cf
version: 138
properties:
# properties.domain---------------
domain: ourdomain.net
system_domain: ourdomain.net
system_domain_organization: org1
app_domains:
- ourdomain.net
cc: &cc
port: 80
srv_api_uri: http://api.ourdomain.net
external_host: ccng
ccng: *cc
uaa:
port: 80
no_ssl: false
require_https: false
dump_requests: true
spring_profiles: postgresql
url: https://uaa.ourdomain.net
token:
url: https://uaa.ourdomain.net/oauth/token
login:
url: https://uaa.ourdomain.net/login.do
Questions
1. Login not working via GoRouter like everything else
The only way we could get 'cf login' to work was by having a static hosts file entry for '
login.ourdomain.net' pointing to the IP of our UAA.
This overrode the *.
ourdomain.net DNS record pointing to the IP of our GoRouter.
Is this normal behaviour? Does Login always need it's own separate DNS entry instead of requests hitting the router?
Also, we are using the UAA for authentication at the moment and do not have the seperate login service instance;
- i'm wondering if we DID have this login service, it would have registered with the gorouter and the gorouter would then pass login.ourdomain.net properly? If this is the case, how can we register login.ourdomain.net with the gorouter so it passes those requests to the UAA?
As you can see, this question is really around clarity of what should pass through the gorouter, gorouter 'route registration' and why login appears special in our case.
2. Defining system and 'customer facing' DNS Domains (Background)
What we were initially trying to achieve, was to have all the internal CF components on one domain (
platform.ourdomain.net for example) and all the 'customer applications and services' on another (
apps.ourdomain.net for example).
ie
we were hoping this was the differentiation between system_domain and domain in the CF deployment manifest, however could find no useful documentation explaining this and looking through the source code seemed to suggest that system_domain isn't used that much at all.
Also, it seems lots of code is hard-coded to use the properties.domain, (such as login.<properties.domain>) again, suggesting system_domain is not used for this purpose.
Alas, when we tried defining different combinations of system_domain, domain and hardcoded URL's (such as in the uaa login section above) we couldn't get the results required.
So our questions here are;
- What are the intended differences between domain and system_domain?
- If we wanted the per-app
UUID.ourdomain.net generated on a separate subdomain, how would we go about this?
- Is there any documentation that properly explains the use of DNS internally within CF?
- Should we be hard-coding internal 'system' URL's to achieve our goal, and if so is there documentation for which properties need to be defined?
Kind Regards,
Matt