For more on how to do this, check out the dedicated section here.
Do I need extra configuration for CDN caching?
Expand for answer
Only if you are using a headless approach with a frontend server, in this case, you will have to make sure you set the Cache-Control headers with the values you want the CDN to use.
To use redirects in DX Cloud, you’ll create them directly via the Cockpit if you are dealing with more than 10 redirects. If you have fewer than 10, you can manage them directly in a redirects ingress.
We recommend you use the Cockpit redirects option, especially if you have greater than 10 redirects.
Can I have a dedicated custom error page per site?
Expand for answer
Yes, you can have a dedicated custom error page per site by using Virtual URI mapping.
However, you should always proceed with extra caution when using Virtual URI mapping.
https://adb8bffe76c8c422087e3732eabd17b9-58b5e8e7a952af5b.elb.eu-central-1.amazonaws.com 300 IN A 203.0.113.1 (1)
1
The IP address associated with the domain.
This is the IP address you should use for your A record.
Can I use a wildcard when adding a certificate?
Expand for answer
Yes, you can use wildcards for custom certificates, which are handled in the Cockpit.
However, if using LetsEncrypt, you must file a Support request for wildcard certificates as of 2024-12-23.
General
Are DX Cloud users automatically logged out after a period of inactivity?
Expand for answer
Yes. After 15 minutes of inactivity, the user is automatically logged out of the Cockpit.
Can you send emails with DX Cloud?
Expand for answer
In short, no. This is not currently in scope for DX Cloud.
At the moment, we recommend that you use some of the available external services such as Mailgun, Mailchimp, etc.
The above statement is not an endorsement of any particular service, but is solely intended to provide a starting point for your mail service search.
How many authors can work in Magnolia on DX Cloud?
Expand for answer
There is technically no exact maximum to the number of concurrent authors that can be working on Magnolia on DX Cloud.
However, we recommend that no more than 50 authors work in Admincentral concurrently.
This helps avoid latency issues in Admincentral due to too many authors using the Pages app, too many authors publishing, or just generally too many actions occurring simultaneously.
When you upgrade your Helm chart because of a major release, like moving from 1.15.2 to 1.16.0, you need to delete the workloads before your next deployment. You also need to recreate the indexes folder from your Author environment.
You need to modify the version, the values file, and the namespace.
Licenses
How do I update my Magnolia license key?
Expand for answer
Your license key is entered in the values.yml file during onboarding for DX Cloud, so you don’t need to worry about entering it to get started.
However, you may need to update your license at some point.
For example, when your license expires, you need to update to a license that isn’t expired.
In this case, you should update your license key directly within Magnolia instead of the values.yml file.
Sticky sessions, or session persistence, is when you instruct the load balancer to remain linked to a specific node (server) to avoid losing the session data if the request goes to the other server.
Essentially, you send the request from a given IP to the delivery server, but continue to send follow-up requests to the same server until the session expires.
Session persistence is needed when the project has transactions or required data in the session.
Sticky sessions are typically used in situations where you have some data in the session and the sessions are not replicated between servers, but you also need to ensure that the data doesn’t get lost.
How do I configure sticky sessions?
Expand for answer
To enable sticky sessions:
Go to your values.yml file in your DX Cloud project.
Set nginx.ingress.kubernetes.io/affinity to cookie.
2
Set nginx.ingress.kubernetes.io/affinity-mode to persistent.
3
Put the INGRESSCOOKIE at nginx.ingress.kubernetes.io/session-cookie-name.
4
Set nginx.ingress.kubernetes.io/session-cookie-max-age to the time (in seconds) you want the cookie to persist.
After this configured time, the cookie is deleted.
How do I define custom environment variables?
Expand for answer
You can define custom environment variables in the Helm Values file in your project.
To define a variable for the OS
Define the name and value of the variable like so:
The Fastly maintenance page is at the CDN level. To use this approach, reach out to the Helpdesk for assistance.
How I regenerate a new activation key pair?
Expand for answer
The re-creation of the key pair must be done on the author instance.
Go to AdminCentral.
Open the Publishing Tools app.
Click on Generate new key.
The system creates both keys and stores them in the magnolia-activation-keypair.properties file. In addition, the system stores the public key in the author system’s JCR.
When using DX Cloud, the keys are automatically distributed to the public instance with the help of a dedicated sidecar.
Setup and deployment
What is the minimum Java version needed for PaaS?
Expand for answer
Currently, the minimum supported Java version for DX Cloud is Java 11 (LTS).
What is the base image used for Magnolia as part of PaaS?
Expand for answer
The recommended base image is:
Key
Type
Default
Description
image.tomcat.tag
string
"9.0-jre11-temurin"
Tomcat repo tag.
This is defined in the image.tomcat.tag helm value. For more, see Helm values.
Can I deploy anything I want with DX Cloud?
Expand for answer
No.
DX Cloud is a solution designed to deploy Magnolia only.
In some instances, headless frontends are also deployed as part of DX Cloud.
Can I have a custom deployment script or setup?
Expand for answer
We don’t allow custom helm charts or operators for DX Cloud.
Only the official DX Cloud helm chart is used for deployments.
Certain properties in the values.yml file which is created during setup can be configured.
However, only those properties available in the official DX Cloud Helm chart are available at all.
Increase failureThreshold (number of attempts before failing) to accommodate indexing time for large storage or migrating customers in order to avoid indexing failures.
2
periodSeconds defines the interval (in seconds) between each probe check.
In this example, the probe is checked every 10 seconds 720 times, meaning 2 hours (7200 seconds) before the application officially fails.
Is Two-Factor Authentication (2FA) used to access the Cockpit?
Expand for answer
Yes, 2FA is used for all customer and partner accounts.
How do you prevent DDoS attacks?
Expand for answer
To prevent and mitigate DDoS attacks, DX Cloud grants all customers (using Fastly as their CDN):
Access to origin shielding
Origin shielding is designed to reduce the load on an origin server by centralizing cache fill operations to a limited set of CDN locations.
For more details, see Shielding.
Web Application Firewalls, or WAFs, protect web applications from common malicious attacks such as cross-site-scripting (XSS) and SQL injections. Essentially, they act as a type of wall or shield between your web application and the internet. If you have your own CDN for your project, you’ll likely have your own WAF.
If you choose to go with the default CDN for DX Cloud, you’ll be protected with the Fastly WAF.
The Fastly WAF inspects the web traffic at the HTTP application layer by looking at all HTTP and HTTPS requests (both header and body included). This can be configured specifically for your deployment.
What happens if attacks are detected?
If the WAF detects any of the owasp or application-multi attacks, it automatically blocks the request. If they detect there is an increased volume of requests, Fastly notifies us at Magnolia, and we perform a security review.
If needed, we send the logs to you to check if the requests have come form the same IP and if the requests are legitimate or not. If you need to block the IP, you can do it through the cockpit.
We encourage you to use the cockpit. However, if you feel you need to, you can request our help directly with the issue.
The rest-anonymous role is handled differently in DX Cloud than in on-prem Magnolia.
Any change to the anonymous user may cause Cockpit functionality to break.
Table 1. Web access
Permission
Path
Requests within PaaS all require a valid JSON Web Token (JWT) which is only available to the Magnolia Bootstrap sidecar.
Get & Post
/.rest/configuration/*
Get & Post
/.rest/cloud/*
Get
/.rest/status
For more details on rest security generally for Magnolia, see REST security.
Snippets
Is it okay to use ingress-nginx snippets?
Expand for answer
Generally, no. You should only use configuration and/or server snippets exactly as instructed by documentation or the DX Cloud team. Making changes to these snippets without consultation or approval could lead to unintended consequences for your PaaS project.
I want to add snippets for redirect rules. Is this okay?
Expand for answer
No. As stated in Is it okay to use ingress-nginx snippets?, we generally advise against using nginx-ingress configuration and server snippets and you should only use it exactly as instructed by the documentation or the DX Cloud team.
For redirects, use our Redirects feature in the Cockpit.