Adding changes related to setting reverse proxy ports for standalone …

…installer
MicrosoftDocs · Sep 23, 2016 · 2047f3c · 2047f3c
1 parent 1296fa9
commit 2047f3c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/articles/service-fabric/service-fabric-cluster-manifest.md b/articles/service-fabric/service-fabric-cluster-manifest.md
@@ -117,10 +117,12 @@ Note that since a primary node runs a single copy of the system services, you wo
 ### **nodeTypes**
 The **nodeTypes** section describes the type of the nodes that your cluster has. At least one node type must be specified for a cluster, as shown in the snippet below. 
 
-	"nodeTypes": [{
+    "nodeTypes": [{
         "name": "NodeType0",
         "clientConnectionEndpointPort": "19000",
         "clusterConnectionEndpoint": "19001",
+        "leaseDriverEndpointPort": "19002"
+        "serviceConnectionEndpointPort": "19003",
         "httpGatewayEndpointPort": "19080",
         "applicationPorts": {
 			"startPort": "20001",
@@ -133,7 +135,7 @@ The **nodeTypes** section describes the type of the nodes that your cluster has.
         "isPrimary": true
     }]
 
-The **name** is the friendly name for this particular node type. To create a node of this node type, you will need to assign the friendly name for this node type to the **nodeTypeRef** variable for that node, as mentioned in the [Nodes on the cluster](#clusternodes) section above. For each node type, you can define various endpoints for connecting to this cluster. You can choose any port number for these connection endpoints, as long as they do not conflict with any other endpoints in this cluster. In a cluster with multiple node types, there will be one primary node type, which has **isPrimary** set to *true*. The rest of the nodes will have the **isPrimary** set to *false*. Read [Service Fabric cluster capacity planning considerations](service-fabric-cluster-capacity.md) for more information on **nodeTypes** and **reliabilityLevel** values as per your cluster capacity, as well as to know the difference between the primary and the non-primary node types.
+The **name** is the friendly name for this particular node type. To create a node of this node type, you will need to assign the friendly name for this node type to the **nodeTypeRef** variable for that node, as mentioned in the [Nodes on the cluster](#clusternodes) section above. For each node type, you can define various endpoints for connecting to this cluster. You can choose any port number for these connection endpoints, as long as they do not conflict with any other endpoints in this cluster. If you want to create a http application gateway port, then you can specify "reverseProxyEndpointPort": [Port number] in addition to other ports as above. In a cluster with multiple node types, there will be one primary node type, which has **isPrimary** set to *true*. The rest of the nodes will have the **isPrimary** set to *false*. Read [Service Fabric cluster capacity planning considerations](service-fabric-cluster-capacity.md) for more information on **nodeTypes** and **reliabilityLevel** values as per your cluster capacity, as well as to know the difference between the primary and the non-primary node types.
 
 
 ### **fabricSettings**

diff --git a/articles/service-fabric/service-fabric-windows-cluster-x509-security.md b/articles/service-fabric/service-fabric-windows-cluster-x509-security.md
@@ -53,8 +53,12 @@ To start with, [download the standalone cluster package](service-fabric-cluster-
                 "CertificateIssuerThumbprint" : "[Thumbprint]",
                 "IsAdmin": true
             }]
+			"HttpApplicationGatewayCertificate":{
+                "Thumbprint": "[Thumbprint]",
+                "X509StoreName": "My"
+			}
         }
-    },
+    }
 
 This section describes the certificates that you need for securing your standalone Windows cluster. To enable certificate-based security set the values of **ClusterCredentialType** and **ServerCredentialType** to *X509*.
 
@@ -68,6 +72,7 @@ The following table lists the certificates that you will need on your cluster se
 |ServerCertificate|This certificate is presented to the client when it tries to connect to this cluster. For convenience, you can choose to use the same certificate for *ClusterCertificate* and *ServerCertificate*. You can use two different server certificates, a primary and a secondary for upgrade. Set the thumbprint of the primary certificate in the **Thumbprint** section and that of the secondary in the **ThumbprintSecondary** variables. |
 |ClientCertificateThumbprints|This is a set of certificates that you want to install on the authenticated clients. You can have a number of different client certificates installed on the machines that you want to allow access to the cluster. Set the thumbprint of each certificate in the **CertificateThumbprint** variable. If you set the **IsAdmin** to *true*, then the client with this certificate installed on it can do administrator management activities on the cluster. If the **IsAdmin** is *false*, the client with this certificate can only perform the actions allowed for user access rights, typically read-only. For more information on roles read [Role based access control (RBAC)](service-fabric-cluster-security.md/#role-based-access-control-rbac)  |
 |ClientCertificateCommonNames|Set the common name of the first client certificate for the **CertificateCommonName**. The **CertificateIssuerThumbprint** is the thumbprint for the issuer of this certificate. Read [Working with certificates](https://msdn.microsoft.com/library/ms731899.aspx) to know more about common names and the issuer.|
+|HttpApplicationGatewayCertificate|This is an optional certificate that can be specified if you want to secure your Http Application Gateway. Make sure reverseProxyEndpointPort is set in nodeTypes if you are using this certificate.|
 
 Here is example cluster configuration where the Cluster, Server, and Client certificates have been provided.