Sticky sessions for AWS NLB over TLS

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問


プラットフォームについて: Data Center のみ - この記事は、Data Center プラットフォームのアトラシアン製品にのみ適用されます。

 

要約

In certain environments, it might be mandatory to have all network traffic encrypted, even the internal traffic between your Jira nodes and the Load Balancer. AWS NLB offers the ability to encrypt traffic between the target group (Jira application nodes) and the load balancer VPS with TLS, however that removes the session stickiness functionality which is required for a Jira Data Environment.

Without session stickiness, users will keep being redirected to different nodes each time they make a request, and their requests will fail as sessions are not replicated across Jira nodes (see  JRASERVER-67647 - Getting issue details... STATUS ).

環境

  1. Jira Data Center
  2. AWS NLB as Load Balancer
  3. TLS traffic between targets and the NLB


ソリューション

Due to architectural restrictions in AWS NLB, it's not possible to enable stickiness when using TLS encryption between the LB and the targets. Customers that have faced such requirements have been instructed by Amazon support to move TLS encryption back in the chain, onto the app servers directly. The traffic can then be passed through the NLB as TCP traffic and not TLS traffic, and session stickiness is enabled on the NLB directly, without compromising complete end-to-end encryption in the environment.

最終更新日 2021 年 6 月 1 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.