Update https.md

loxilb-io · Nov 5, 2024 · ceb1f70 · ceb1f70
1 parent 88edcd1
commit ceb1f70
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/docs/https.md b/docs/https.md
@@ -1,7 +1,7 @@
 
 # HTTPS guide for loxilb API
 
-By default loxilb uses plain http for its API operation. Please refere to the arch [guide](https://docs.loxilb.io/latest/kube-loxilb/#overall-topology) for more info. This guide will detail the steps needed to enable https in both loxilb (server-mode) and kube-loxilb (client-mode). For enabling https, we need to have proper certificate and keys in place. We will use popular tool [mkcert](https://github.com/FiloSottile/mkcert) to configure locally-trusted development certificates. One could also use tools like [letsencrypt](https://letsencrypt.org) for production grade certificates. Nonetheless, overall process is the same.
+By default loxilb uses plain http for its API operation. Please refer to the arch [guide](https://docs.loxilb.io/latest/kube-loxilb/#overall-topology) for more info. This guide will detail the steps needed to enable https in both loxilb (server-mode) and kube-loxilb (client-mode). For enabling https, we need to have proper certificate and keys in place. We will use popular tool [mkcert](https://github.com/FiloSottile/mkcert) to configure locally-trusted development certificates. One could also use tools like [letsencrypt](https://letsencrypt.org) for production grade certificates. Nonetheless, overall process is the same.
 
 ## Generate the certificates 
 
@@ -11,7 +11,7 @@ cd cert
 wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
 chmod +x mkcert-v1.4.3-linux-amd64
 mv mkcert-v1.4.3-linux-amd64 mkcert
-mkdir loxilb.io
+mkdir loxilb
 export CAROOT=`pwd`/loxilb
 ./mkcert -install
 ./mkcert 192.168.80.9
@@ -30,7 +30,9 @@ To run loxilb, we can simply mount the cert directory created earlier into appro
 ```
 docker run -u root --cap-add SYS_ADMIN   --restart unless-stopped --privileged -dit -v /dev/log:/dev/log -v `pwd`/cert:/opt/loxilb/cert/ --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest --tls
 ```
-The http only api channel is still available at this point. We can restrict its availability only inside the pod by adding the argument ```--host=127.0.0.1```. If loxilb is running in-cluster, we can use volume mounts to the loxilb pod. The volume mount option is similar to what will be used for kube-loxilb as explained below. 
+The http only api channel is still available at this point outside the pod. We can restrict its availability only inside the pod by adding the argument ```--host=127.0.0.1```. 
+
+If loxilb is running in-cluster, we can use volume mounts to the loxilb pod to have the same effect as explained. The volume mount option is similar to what will be used for kube-loxilb as explained below. 
 
 ## Run kube-loxilb with updated rootCA