Configuring VPC to Access the CAE Environment in CAE
Scenario
If no VPC is configured for CAE, CAE applications are exposed to the public network, posing data transmission security risks and hindering efficient collaboration with other systems within the VPC. Configuring a VPC establishes secure and isolated network connections, ensuring efficient access to CAE applications and secure data transmission.
Constraints
- This function is available only in CN North-Beijing4, CN South-Guangzhou, CN East-Shanghai1, ME-Riyadh, TR-Istanbul, AF-Johannesburg, LA-Mexico City2, and LA-Sao Paulo1.
- The network segment of the user VPC to be accessed by CAE components cannot conflict with the network segments reserved in CAE. Internal reserved network segments of CAE: 10.247.0.0/16 and 180.0.0.0/8.
- By default, two EIPs need to be bound to the subnet.
- When you add a domain name, enter a wildcard or full domain name as required to prevent network access exceptions. For details, see "How Do I Prevent Access Exceptions Caused by Incorrect Format During Domain Name Configuration?" in FAQs of CAE.
Prerequisites
- You need to use the Huawei Cloud account with the Security Administrator permission to access CAE and click Authorize. Existing functions are not affected if you do not perform authorization.
- You have added a certificate. For details, see Configuring a Certificate.
Configuring Network Access Information
- Log in to CAE.
- Choose System Settings.
- Click Edit in the System Network Configuration module.
- Select Inbound Configuration. By default, the VPC, subnet, and load balancer are configured during environment creation and cannot be modified.
- Click Add Domain Name Suffix and set the domain name and certificate by referring to Table 1.
Table 1 Parameters for configuring network access Parameter
Description
sysConfig.sysIngress.domainSuffix
Enter a domain name.
A maximum of 10 domain names can be created. A domain name consists of at least two strings separated by periods (.). The string can contain only letters, digits, hyphens (-), dots (.), and special characters. It must start with a letter, digit, or asterisk (*) and cannot end with a hyphen (-). An asterisk (*) must be the leftmost label, followed by a period (.), if you want to configure a wildcard domain name.
Example: *.component.example.com
NOTE:When you add a domain name, enter a wildcard or full domain name as required to prevent network access exceptions.
Certificate
When accessing a website using HTTPS, you are advised to bind a certificate to improve website security.
Select the certificate to be bound from the drop-down list.
If no certificate is available, click Configure new certificate and set certificate information by referring to Adding a Certificate.
Redirect
The redirection function controls the access to a domain name. If a request meets a redirection condition, the request is redirected to a specified address.
- After this function is enabled, you need to configure the redirection target address and other details.
When you access an address under the domain name suffix, if the domain name in the request matches the configured domain name suffix, the request is sent to another target address based on the preset rule.
- If this function is disabled, requests for accessing addresses under the domain name suffix will be directly sent to the corresponding CAE component service based on the original configuration.
- After this function is enabled, you need to configure the redirection target address and other details.
- Click Save.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
