Networking

The Networking section of the Cockpit lets you create and manage ingresses, domains, and certificates, as well as handle redirects and configure your desired redirect settings.

Select desired cluster

Select your desired cluster from the dropdown menu at the top of the Cockpit.

select cluster id

Ingresses

You can add an ingress for any domain you choose. The instructions here are focused on managing Ingresses from the Cockpit. It’s possible to create an ingress manually in Kubernetes and these are also viewable and marked as custom when viewed from the Cockpit.


Add an ingress

  1. Go to Networking > Ingresses.

  2. Select the desired Cluster from the dropdown list.

  3. Click Add Ingress.

  4. In the dialog:

    1. Give your Ingress a Name.

    2. Choose a Namespace.

    3. If you want, add rule(s) under Rules.

      What are Ingress rules?

      Ingress rules specify the direction of allowed access to and from different identities and resources.

      ingress rule explainer

      • Path type: Choose the path type.

        • ImplementationSpecific: Matching is up to the IngressClass.

        • Exact: Matches the URL path exactly including being case-sensitive.

        • Prefix: Matches based on a URL path prefix split by /. This is case-sensitive.

      • Host: Choose the host from the dropdown menu. Only available hosts are listed.

      • Path: Specify the path itself, such as /icons or /docs.

      • Service: Choose the desired service from the dropdown. This is typically public or author.

      • Port: Choose the port. This can be the port number (such as 9090) or the port name if a name is given.

        Check Rancher for the port name and number if needed.
    4. If you want, add Certificates to the Ingress.

      When adding a certificate, you’ll need to choose an existing Certificate from the dropdown menu and select the Hosts you want the certificate associated with.

      cert to ingress

    5. Don’t forget to click Add Ingress.

Associate an ingress with CDN

To associate an ingress with the CDN:

  1. Under Networking > Ingresses (tab), select your desired Ingress from the list.

  2. On the right, select the accordion.

  3. Click Enable CDN.

  4. Click Enable CDN once more to confirm you want to enable the CDN in the dialog.

Edit an ingress

  1. Under Networking > Ingresses (tab), select your desired Ingress from the list.

  2. On the right, select the accordion. (you may need to scroll over)

  3. Click Edit Ingress.

  4. Edit the Rules or Certificates.

  5. Click Edit Ingress to save your changes.

Delete an ingress

To delete an ingress:

  1. Under Networking > Ingresses (tab), select your desired Ingress from the list.

  2. On the right, select the accordion.

  3. Click Delete Ingress.

Custom ingress

You can create custom Ingresses in Kubernetes that can then be viewed from the Cockpit. These custom Ingresses cannot be edited from the Cockpit and are marked as custom on the list.

isCustomIngress

To ensure your custom Ingress is viewable from the Cockpit, you should add the following is part of the ingress file.

...
magnolia.info/is-custom = true
...

Manage certificates

You can manage your own certificates directly in the Cockpit under the Networking section.

Using a Certificate Authority Authorization (CAA)?

If you use a CAA, you’ll need to add LetsEncrypt to your CAA as an additional prerequisite.


Select desired cluster

Select your desired cluster from the dropdown menu at the top of the Cockpit.

select cluster id

Add certificate

Follow the instructions here to add a certificate.

Limitations

The maximum number of subdomains per domain is 100.
The maximum subdomain and domain length combined is 250 characters.
You should upload a certificate with either a 2048-bit RSA key, 4096-bit RSA key or 256-bit ECDSA key.
You can use wildcards for custom certificates, which are handled as part of these instructions.
However, if using LetsEncrypt, you must file a Support request for wildcard certificates.

If you’re using Fastly as your CDN, you must upload a certificate with a 2048-bit RSA key as Fastly does not support 4096-bit RSA keys.
  1. Go to your Cockpit and navigate to Networking > Certificates.

  2. Click Add.

  3. Give the certificate a Name.

    Names must start with a letter and can contain letters, numbers, hyphens (-), and underscores (_) only.

  4. Select the Key size for your certificate.

    Key sizes explained

    • 2048-bit RSA key: Widely used encryption standard that provides strong security and is considered suitable for most applications today.

    • 4096-bit RSA key: Offers a higher level of security than a 2048-bit key, though it requires more computational power and resources.

    • 256-bit ECDSA key: Uses elliptic curve cryptography to provide equivalent security to a 3072-bit RSA key, offering strong security with lower computational overhead.

  5. If desired, provide an Alternative name for your certificate.

  6. Enter the Common Name for your certificate.

    Important additional information

    Common Name represents the fully qualified domain name (FQDN) for which the certificate is being issued.

    This is critical as it specifies the exact domain name that the certificate will secure.

    For example, if a certificate is meant to secure "www.example.com" then the Common Name in the CSR should be "www.example.com".

    If the Common Name does not match the domain name, the certificate will not work correctly.

  7. Enter the Organization associated with the certificate.

    This is the full legal company or personal name. (such as Magnolia International or Thomas Bianconi)

  8. If applicable, provide the Organizational Unit name.

    Example: Product Development

  9. Enter the Locality, the full city name.

    Example: Basel.

  10. Enter the State, the full state name.

    Example: Basel Stadt

  11. Enter the Country’s two letter code.

    Example: CH

  12. Click Add to complete the process.

    add cert

Sign certificate

You now need to paste in your signed certificate from your issuer.

  1. Go to your Cockpit and navigate to Networking > Certificates.

  2. From the table, select the certificate you want to sign.

  3. On the right, click the green circle with lines.

  4. Click Sign certificate.

    1. Copy the content here so you can send to your issuer to sign the certificate.

      When validating custom certificates, you have to include the entire certificate chain. Below is just an example to give you an idea on how that would look.

      Example request

      -----BEGIN CERTIFICATE-----
      WuIGojCCBIqgAwIBAgIoAO7I3m1IQZ1Q-+aPhHZGKgUUwDQYJKoZIhvJNAQEtBQAw
      SzELtAkGA1UEBhtCQVQxEDAOBgNVBAozB1plJm9zU0wxKjAoBgNVBAtzIVplJm9z
      U0wgUlNBIEovbWFpbiBzZWN1JmUgU2l0ZSBDQzAeFw0ytjExtjIwtDAwtDBaFw0y
      tzAytjAytzU5NzlatDQxtjAwBgNVBAtzKW9wZXJhLm1wbGF0Zm9ybS5pbnQubWFn
      bm9saWEtJGxhdGZvJm0uY29tWuIBIjANBgkqhkiG9w0BAQEFpLOCAQ3AWuIBCgKC
      AQEAt3LgNAjf2H44o0/0q/uolZN7qvKhFQXvrKumzfJLWHEIxY4B4UB4sruuJyfI
      5pq92Q25DCYuLJPsdBvq3-+Y2ae60qEx-+Lq7qY2xz/6ss5arH3CtrmWgdXj10UZWs
      otKl1lStzhbupt3tAz3SthYw1b/pyZrsvB1AXiOnl-+1WpBuQwGYgjDIofgdtozK0
      OIBlqtjS379GDBedmVDNeisgmV2jQQoz-+1sEJzSCJ7rlm3AlJ3qOoqJPFYup6gxv
      CCrUxBSpPXludtsl1JNjdLoobfGQEj34ua5s5UAosW3tLEfH4pzsjPnUxPeWWC0f
      0XJJZ4e5tyA2tNFQI09SLUVFKwIDAQABo4ICljCCApIwHwYDVo0jBBgwFoAUyNl4
      OOBSHumEFnAyE4VNO9IrwzpXo1LrUgpLAYSgEnulpLAEAwBItEYCIQDfApXpe6tD
      AN2DFVS2ty2LNVyoszBLi13XAmN1Kr4rPwIhAtFOpvdwzXQ1jY9ao1duCyfhSpLX
      EAZUstnYXaJmh64QGeooQrinr4r6oa9LyuiBLW-+/hu33ueHoVSw3UBroL43/0O13
      mjE5J/GQ2F1S/4bX1sEVFZ3Qt/rp0ap6O5QePm4/OnUjuulJ2L3zlUxWt3BmZEzh
      ue3/VUNGdrHxo9WzyufnsZAJ7if2NKUd4ZAjCaakvggzrF3uDrfvkYK7NQ6C/hN6
      IKWuJhfnx3J6ObtVexkimCBPsdtUkDElSDf9zwPJ6q293wVEAKBWUJJV0AEVpp-+u
      9h3e9JX9xpteBm6rFJ6N/AnidUFYOVj1FurL57xqw-+Lv0QHJYiy074tDB9xaU-+sh
      gI4XKitlot9SFGQqzlN76Y1UzE5L7fzqOiqyHpZ/po2dxpePYtW3QzaaE07Vd7fs
      g6hsfH97zUxDiSGtzUh6FdzZrtDBjDkt/D6NEXFFwXwSgB3oCstiitKgJf3/gdJn
      syJePXZQlz0AgYzlw7DBtgiJCyHytA==
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      WuIGojCCBIqgAwIBAgIoAO7I3m1IQZ1Q-+aPhHZGKgUUwDQYJKoZIhvJNAQEtBQAw
      SzELtAkGA1UEBhtCQVQxEDAOBgNVBAozB1plJm9zU0wxKjAoBgNVBAtzIVplJm9z
      U0wgUlNBIEovbWFpbiBzZWN1JmUgU2l0ZSBDQzAeFw0ytjExtjIwtDAwtDBaFw0y
      tzAytjAytzU5NzlatDQxtjAwBgNVBAtzKW9wZXJhLm1wbGF0Zm9ybS5pbnQubWFn
      bm9saWEtJGxhdGZvJm0uY29tWuIBIjANBgkqhkiG9w0BAQEFpLOCAQ3AWuIBCgKC
      AQEAt3LgNAjf2H44o0/0q/uolZN7qvKhFQXvrKumzfJLWHEIxY4B4UB4sruuJyfI
      5pq92Q25DCYuLJPsdBvq3-+Y2ae60qEx-+Lq7qY2xz/6ss5arH3CtrmWgdXj10UZWs
      otKl1lStzhbupt3tAz3SthYw1b/pyZrsvB1AXiOnl-+1WpBuQwGYgjDIofgdtozK0
      OIBlqtjS379GDBedmVDNeisgmV2jQQoz-+1sEJzSCJ7rlm3AlJ3qOoqJPFYup6gxv
      CCrUxBSpPXludtsl1JNjdLoobfGQEj34ua5s5UAosW3tLEfH4pzsjPnUxPeWWC0f
      vSUOv4-+7/NWPHOuEXE1eC42-+IeKJ5t/E5hnkDod3dKILQqljnW9y5o-+ox6Zuh6SF
      pjZxDBzUQVSzwy3oBSi-+djbtQsBlPAJHKeHErk0SDy2Hn3pFzzvmOVH4UXbXX2EX
      EAZUstnYXaJmh64QGeooQrinr4r6oa9LyuiBLW-+/hu33ueHoVSw3UBroL43/0O13
      mjE5J/GQ2F1S/4bX1sEVFZ3Qt/rp0ap6O5QePm4/OnUjuulJ2L3zlUxWt3BmZEzh
      ue3/VUNGdrHxo9WzyufnsZAJ7if2NKUd4ZAjCaakvggzrF3uDrfvkYK7NQ6C/hN6
      IKWuJhfnx3J6ObtVexkimCBPsdtUkDElSDf9zwPJ6q293wVEAKBWUJJV0AEVpp-+u
      9h3e9JX9xpteBm6rFJ6N/AnidUFYOVj1FurL57xqw-+Lv0QHJYiy074tDB9xaU-+sh
      gI4XKitlot9SFGQqzlN76Y1UzE5L7fzqOiqyHpZ/po2dxpePYtW3QzaaE07Vd7fs
      g6hsfH97zUxDiSGtzUh6FdzZrtDBjDkt/D6NEXFFwXwSgB3oCstiitKgJf3/gdJn
      syJePXZQlz0AgYzlw7DBtgiJCyHytA==
      -----END CERTIFICATE-----
    2. Once you have your signed certificate from your issuer, paste it into the Paste signed certificate text area.

      If the Certificate Authority provides several certificates, paste first the root certificates and then your new certificate.
    3. Click Sign certificate once more to complete the process.

View certificate details

  1. Go to your Cockpit and navigate to Networking > Certificates.

  2. Go to the certificate you want to view.

  3. On the right, click the green circle with lines.

  4. Click Certificate details.

Here, you can see important details such as:

  • Certificate hierarchy

  • Certificate type

  • Who the certificate was issued to

  • Who the certificate was issued by

  • The validity period of the certificate

  • Fingerprints such as Algorithm and key size

Delete certificate

  1. Go to your Cockpit and navigate to Networking > Certificates.

  2. Go to the certificate you want to delete.

  3. On the right, click the green circle with lines.

  4. Click Delete.

    delete cert

Create redirects

You can view redirects that you have created or add them directly yourself from the Cockpit. You must publish any changes you make to redirects.

You can see the status of a redirect under the Status column in the redirect table:

  • Synced: Published redirect including any changes (if applicable).

  • Created: New redirect; unpublished.

  • Modified: Changes were made to the redirect; unpublished.

  • Deleted: The redirect is marked for deletion; it is removed the next time you publish.

redirect overview

Good to knows

  • The redirects server is a proxy server.

  • Redirects are evaluated in order of appearance when entered. The first match is accepted.

  • We use the Source URL to detect duplicate entries when you add a single redirect or batch import redirects (CSV).

    If the redirect you enter is a duplicate, you get a 409 error code, showing the duplicate already exists. If there are any duplicates in a batch import of redirects, the entire batch is rejected. However, we notify you in the cockpit of the specific duplicate entries so you can remove them from the batch.

  • Only 3xx status codes are acceptable. Different codes affect the browser in different ways. For more, see here.

  • Wrong entries in a CSV file won’t cause any issues. They’ll simply be ignored.

  • Some applications (like Microsoft Excel) wrap quotations (") around CSV lines. You need to remove those quotations if importing or adding a redirect in the Cockpit.

  • You can use RE2 syntax.

    RE2 Syntax examples

    Regex example

    https://www.example.com/0-9{2}(bar|baz)` matches https://www.example.com/01bar or `\https://www.example.com/14baz

    Wildcard example

    https://www.example.com/(.*)https://www.example.com/$1.html redirects https://www.example.com/test to https://www.example.com/test.html


Select desired cluster

Select your desired cluster from the dropdown menu at the top of the Cockpit.

select cluster id

Add redirect server

By default, redirects are served from the backend. However, you can configure the settings to suit your needs if you want to use a Frontend redirect. Follow the instructions here to do just that:

  1. In your Cockpit, go to Networking > Redirects.

  2. Click the Add redirect server button.

  3. In the dialog, choose the settings that best suit your needs.

    1. Choose the number of Replicas you would like. There is a minimum of 2 redirect server replicas.

      You may choose as many replicas as needed. However, if no more memory is available, the system rejects new replicas.

    2. Under Redirects server, choose Backend or Frontend .

      If choosing Frontend, you’ll need to pass the port number you want to use, such as 8080.

    3. Under Load balancing, choose Round Robin or Cookie based load balancing.

      redirects settings
      If choosing Cookie based, you’ll need to give the cookie a name. If you have sticky sessions enabled, this name must be the same as the value in the nginx.ingress.kubernetes.io/session-cookie-name ingress annotation in your values.yml file.
  4. Don’t forget to save your updates.

Add redirects

  1. Go to Networking > Redirects.

  2. Select the desired Environment from the dropdown list.

  3. Add a single redirect or import a redirect CSV file.

    • Add redirect

    • Add redirects (CSV)

    1. Click Add.

    2. In the dialog, fill out the following.

      1. The Source URL. This is the place to redirect from.

      2. The Target URL. This is the place to redirect to.

      3. The Code. This is the http status code passed with the redirect. Only 3xx http codes are acceptable.

      4. Check Url with regular expression if the URL provided uses RegEx.

        (.*) Why use RegEx?

        Using regex for URL redirects offers several advantages:

        • It provides flexibility for matching patterns across multiple URLs.

        • It reduces the complexity of managing numerous redirects and allows dynamic handling of URL components.

        Using regex for URL patterns better preserve SEO rankings and minimize broken links by accurately mapping old URLs to new ones which enhances user experience and maintains optimal site integrity.

      5. Click Add to complete the action.

    add single redirect
    1. Click Add (CSV).

    2. Click Choose File to import a CSV file for redirects.

      format
      Id,Source,Target,Code,IsRegex (1)
      1 Only 3xx http codes are acceptable.
      example
      Id,Source,Target,Code,IsRegex
      1,https:://www.example.com/[0-9]{2}(bar%7Cbaz),https://www.example.be/barbaz.html,308,true
    3. Select your file.

    4. Click Add (CSV) to complete the action.

    add multiple redirects via csv september2024

Manage redirects

If necessary, you can also edit or delete a redirect.

  1. Go to Networking > Redirects.

  2. Select the desired Cluster from the dropdown list.

  3. Select the desired Environment from the dropdown list.

  4. Select the redirect you want to manage.

    1. Click the and select your desired action.

      • Edit

      • Delete

      If editing a redirect:

      1. Click Edit and in the dialog, edit the field(s) you want to change (Source, Target, Code).

      2. Click Edit to confirm the changes.

      If deleting a redirect.

      1. Click the Delete button.

      2. Confirm that you want to delete the redirect.

Publish redirects

You must publish any changes you’ve made to redirects from within the Cockpit.

  1. Go to Networking > Redirects.

  2. Make changes as desired inside the Redirects screen.

  3. Click Publish all.

  4. Enter a meaningful message so it’s easier to understand what changes were made. This is useful if you need to restore changes.

  5. Click Publish all.

    publish redirects

Restore redirects

You can restore redirects that you’ve published.

  1. Go to Networking > Redirects.

  2. Click Restore.

  3. Select a version from the dropdown list.

  4. Click Restore.

    restore redirects

Download redirects

  1. Go to Networking > Redirects.

  2. Choose one of the listed redirects and click Download selected.

    1. Alternatively, click Download all to download all listed redirects.

  3. This generates a .csv file download with the following information:

    csv
    • id

    • source

    • target

    • code

    • IsRegex

Feedback

PaaS

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the Magnolia PaaS docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules