To fulfill the load balancer or proxy requirements, you can change the default endpoint Web addresses for the VMware Cloud Director Web Portal and VMware Cloud Director API.
Starting with
VMware Cloud Director 10.4, the console proxy uses the same IP address and port as the REST API. The console proxy and REST API use a single certificate. Because of the unified access point, customizing the
VMware Cloud Director public console proxy address is no longer necessary.
Note:
VMware Cloud Director 10.4.1 and later do not support the legacy implementation of the console proxy feature.
In
VMware Cloud Director 10.4, if you want to use the legacy implementation with a dedicated console proxy access point, you can enable the
LegacyConsoleProxy feature from the
Feature Flags settings menu under the
Administration tab of the
VMware Cloud Director Service Provider Admin Portal. To enable the
LegacyConsoleProxy feature, your installation or deployment must have console proxy settings configured in a previous version and transferred through a
VMware Cloud Director upgrade. After enabling or deactivating the feature you must restart the cells.
For VMware Cloud Director 10.4, if you enable the legacy console proxy implementation, you must configure the VMware Cloud Director public console proxy address, because the appliance uses a single IP address with custom port 8443 for the console proxy service. See the VMware Cloud Director 10.3 version of this document.
Prerequisites
Verify that you are logged in as a system administrator. Only a system administrator can customize the public endpoints.
Procedure
- From the top navigation bar of the Service Provider Admin Portal, select Administration.
- In the left panel, under Settings, click Public Addresses.
- To customize the public endpoints, click Edit.
- To customize the VMware Cloud Director URLs, edit the Web Portal endpoints.
- Enter a custom VMware Cloud Director public URL for HTTPS (secure) connections and click Replace Certificate File to upload the certificates that establish the trust chain for that endpoint.
The certificate chain must match the certificate used by the service endpoint, which is the proxycertificates.pem certificate uploaded to each VMware Cloud Director cell. SSL termination of console proxy connections at a load balancer is not supported. The certificate chain must include an endpoint certificate, intermediate certificates, and a root certificate in the PEM format without a private key.
- Enter a custom VMware Cloud Director public URL for HTTPS (secure) connections and click Replace Certificate File to upload the certificates that establish the trust chain for that endpoint.
- (Optional) To customize the Cloud Director REST API and OpenAPI URLs, turn off the Use Web Portal Settings toggle.
- Enter a custom HTTP base URL.
For example, if you set the HTTP base URL to http://vcloud.example.com, you can access the VMware Cloud Director API at http://vcloud.example.com/api, and you can access the VMware Cloud Director OpenAPI at http://vcloud.example.com/cloudapi.
- Enter a custom HTTPS REST API base URL and click Replace Certificate File to upload the certificates that establish the trust chain for that endpoint.
For example, if you set the HTTPS REST API base URL to https://vcloud.example.com, you can access the VMware Cloud Director API at https://vcloud.example.com/api, and you can access the VMware Cloud Director OpenAPI at https://vcloud.example.com/cloudapi.The certificate chain must match the certificate used by the service endpoint, which is either the certificates.pem certificate uploaded to each VMware Cloud Director cell or the load balancer VIP certificate if an SSL termination is used. The certificate chain must include an endpoint certificate, intermediate certificates, and a root certificate in the PEM format without a private key.
- Enter a custom HTTP base URL.
- To save your changes, click Save.