SSL for Active/Passif Architecture


#1

Hi,

I am trying to build a secondary instance of jitsi server (prosody, jicofo, jvb …) in order to have an high availability architecture in actif/passive mode.
Will jitsi work normally if is the load balancer that handles SSL (Lets Encrypt) and the application server is contacted only in HTTP from the load balancer? In other words can SSL be handled by the loadbalancer in front of the server that contains jitsi-meet, prosody etc?

Or it is better to do load balancing on TCP level?

Thanks,


#2

Yep, this will work, terminate SSL on the balancer and connect using HTTP to the shard, just make sure that connection doesn’t go through public connection(over Internet where someone can see the traffic).


#3

Great,
thank you damencho