Kvindo™ Cloud Docs
A public HTTPS load balancer that terminates TLS with a self-managed certificate and forwards to a backend. The pieces: a floating IP, a certificate, a target group with a static target (the backend's private IP), the load balancer itself, an HTTPS listener, and a listener rule that forwards matching requests to the target group.
How traffic flows: a client connects to the load balancer's floating IP (lb-ip) on port 443 → the HTTPS listener terminates TLS using web-cert → the listener rule matches the request path (/) → it forwards to the web-tg target group → which sends it to the static target, the backend VM at 10.10.0.5:80.
Why a self-managed certificate instead of automatic Let's Encrypt? Let's Encrypt has to verify the domain, which requires its DNS to already point at the load balancer's IP — but that IP only exists once the floating IP is created. So for a single declarative apply, provide your own certificate (a self-signed pair is fine for testing).
Save this as stack.yaml:
Then apply it:
Resource docs
More in this section