How to terminate SSL at a Load Balancer in front of the vFunction Docker Server

Overview of the Issue

An organization wants to use SSL for secure traffic from external traffic to the vFunction Server. But, the organization does not want to add the SSL Certificates to the vFunction filesystem. Instead, they want to terminate SSL at a Load Balancer in front of the vFunction Server.

Solution to the Problem

Take the following steps to terminate SSL in front of the vFunction Server:

  1. Download the vFunction Docker Server Installation TGZ to the VM where the vFunction Server wil lrun
  2. Unpack the TGZ
  3. Set the server.host field in the etc/sysconfig/vfunction/installation/server-installation.yaml to the value that users will access in a browser. For example, https://vfunction.organization.com
  4. Add the key and value FORCE_HTTP=true to the etc/sysconfig/vfunction/installation/nginx/automated-custom-env.list
  5. Create placeholder server.crt and server.key files
echo 'placeholder' > /etc/sysconfig/vfunction/nginx/certs/server.crt
echo 'placeholder' > /etc/sysconfig/vfunction/nginx/certs/server.key
  1. Install the vFunction Server
sudo bash /opt/vfunction/server-installation/install.sh
  1. Set the Load Balancer to terminate SSL and forward traffic to the vFunction Server over http

Updated on 04 Mar 2025