Kvindo™ Cloud Docs


Language

Load Balancing

A public HTTPS load balancer that terminates TLS with a self-managed certificate and forwards to a backend. The pieces: a floating IP, a certificate, a target group with a static target (the backend's private IP), the load balancer itself, an HTTPS listener, and a listener rule that forwards matching requests to the target group.

How traffic flows: a client connects to the load balancer's floating IP (lb-ip) on port 443 → the HTTPS listener terminates TLS using web-cert → the listener rule matches the request path (/) → it forwards to the web-tg target group → which sends it to the static target, the backend VM at 10.10.0.5:80.

Why a self-managed certificate instead of automatic Let's Encrypt? Let's Encrypt has to verify the domain, which requires its DNS to already point at the load balancer's IP — but that IP only exists once the floating IP is created. So for a single declarative apply, provide your own certificate (a self-signed pair is fine for testing).

Save this as stack.yaml:

Then apply it:


Related pages

Resource docs

More in this section

An unhandled error has occurred. Reload 🗙