I have 2 VMs behind a load balancer on Azure. I created a new SSL certificate via Let's Encrypt on one of the VMs using the domain that is assigned to the load balancer. When I connect to that VM directly via IP I see the certificate loaded, but I'm having trouble routing from load balancer traffic to the VM now, the website just doesn't load.
It all worked fine before I added the certificate and a rule in nginx to redirect 80 to HTTPS. I added a new rule in the load balancer to route data from 443 to the backpool 443, and a new health probe for 443, but that did not help.
I read that loading the certificate directly on the load balancer is possible using the Azure Application Gateway, but in that case I need to recreate my VMs to put them in the same virtual network, which I would like to avoid.
Is it possible to route HTTPS traffic using the classic load balancer. Note that I'm fine with setting up each VM to use the same certificate in order to get the HTTPS traffic in each VM.
Answer
Azure's Load Balancer is a Layer 4 balancer and can balance TCP and UDP traffic.Therefor, it doesn't support SSL offloading.
The Application Gateway can balance at Layer 7, so it can do SSL offloading. This means you only need to upload the certificate to the App Gateway.
If you want to stick with the LB, all your VMs will need the certificate. You should be able to balance on port 443 with no issue. You'll need a balancing rule and a health probe, and you will need to allow traffic to 443 from the Internet in your Network Security Groups.
No comments:
Post a Comment