SSL certificate and Azure classic load balancer

ssl ssl-certificate load-balancing azure https
17,478

Solution 1

Azure's Load Balancer is a Layer 4 balancer and can balance TCP and UDP traffic.Therefor, it doesn't support SSL offloading.

The Application Gateway can balance at Layer 7, so it can do SSL offloading. This means you only need to upload the certificate to the App Gateway.

If you want to stick with the LB, all your VMs will need the certificate. You should be able to balance on port 443 with no issue. You'll need a balancing rule and a health probe, and you will need to allow traffic to 443 from the Internet in your Network Security Groups.

Solution 2

Loadbalancer comparation

AWS

Application Load Balancer - Layer 7 - HTTP, HTTPS
Network Load Balancer - layer 4 - TCP, UDP, TLS 
Classic - Layer 4/7 - HTTP/HTTPS(layer 7), TCP, SSL/TLS(layer 4)

Azure

Load Balancer - Layer 4 - TCP and UDP
Application Gateway - Layer 7 - HTTP, HTTPS(support SSL)
Share:
17,478

Related videos on Youtube

Vedran
Author by

Vedran

Updated on September 18, 2022

Comments

  • Vedran
    Vedran over 1 year

    I have 2 VMs behind a load balancer on Azure. I created a new SSL certificate via Let's Encrypt on one of the VMs using the domain that is assigned to the load balancer. When I connect to that VM directly via IP I see the certificate loaded, but I'm having trouble routing from load balancer traffic to the VM now, the website just doesn't load.

    It all worked fine before I added the certificate and a rule in nginx to redirect 80 to HTTPS. I added a new rule in the load balancer to route data from 443 to the backpool 443, and a new health probe for 443, but that did not help.

    I read that loading the certificate directly on the load balancer is possible using the Azure Application Gateway, but in that case I need to recreate my VMs to put them in the same virtual network, which I would like to avoid.

    Is it possible to route HTTPS traffic using the classic load balancer. Note that I'm fine with setting up each VM to use the same certificate in order to get the HTTPS traffic in each VM.

    • VladFr
      VladFr almost 6 years
      What do you mean by "recreate my VMs to put them in the same virtual network"? They are not in the same vnet?
  • rocketspacer
    rocketspacer about 3 years
    "Azure's Load Balancer is a Layer 4 balancer and can balance TCP and UDP traffic.Therefor, it doesn't support SSL offloading" SSL/TLS doesn't need to happen at layer 7, so using it as a reason makes Azure look weak.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Some clients accept SSL cert; others reject it
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Where is the location of Keystore file in JAVA?
How to create an OpenSSL Self-Signed Certificate using SAN?
Exporting the SSL certificate with the private Key on windows
SSL Certificate for multiple servers
HTTPS request in c++ using Poco
The certificate is not trusted because no issuer chain was provided
Cannot set up https on microsoft azure VM
NGINX + SSL certificate securing the connection in some browsers only