SSL with Anycast setup - Githubissues

Janusec / janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

https://janusec.github.io/

Other

1.13k stars 263 forks source link

SSL with Anycast setup #24

Open vhostvn opened 3 years ago

vhostvn commented 3 years ago

Hi,

We get problem with Anycast IP in 3 datacenter, 3 datacenter has the same IP (like 8.8.8.8) and SSL was unable to provision. If we change domain to Unicast IP, then it created SSL cert successful.

So which validation method you are using to validate certs?

zhyale commented 3 years ago

if you are using ACME automatic certificate, simple node is required, multiple nodes are not supported, because the CA will call back to validate the owner of the domain, the domain must be pointed to the gateway.

If you are using multiple nodes, please configure certificate manully with public key and private key.

vhostvn commented 3 years ago

I think that we can do our own research and integrated with DNS-01 validation. This can delegate and allow our DNS auto active CNAME record and accept it. Do you want to join, test and integrate with Janusec?

Something like CloudFlare architectures.