.png){kind=logo}
Galera replication uses the following port for communication:
-
443 - For TLS connections between the CA and the RA/VA.
In this example, the VPC internal address space is 172.16.0.0/16 in US-East-1, and the address space in US-East-2 is 172.31.0.0/16.
To create a security group that allows for TLS traffic within the VPCs:
-
Create a Security Group called "TLS 443 Traffic to US-East"
-
Add the following Inbound rules:
|
Type |
Protocol |
Port Range |
Source |
Description |
|---|---|---|---|---|
|
HTTPS |
TCP |
443 |
Custom: 172.16.0.0/16 |
- |
|
HTTPS |
TCP |
443 |
Custom: 172.31.0.0/16 |
- |
-
Add the following Outbound rules:
|
Type |
Protocol |
Port Range |
Destination |
Description |
|---|---|---|---|---|
|
All traffic |
All |
0 – 65535 |
Custom: 0.0.0.0/0 |
- |
These rules will allow any connections outbound to any address and any inbound connection on port 443 from any address on the 172.16.0.0/16 and 172.31.0.0/16 subnets. The same rule in the other VPC will also need the same rule configured. These rules may be tightened as required for the organization.
-
To apply these Security Groups to the EJBCA Enterprise Cloud Nodes in each of the VPCs, right-click the node, select Networking > Change Security Groups.
-
In the list of Security Groups, check the new Security Group to let the instance communicate with the other nodes in the cluster.