Configuring a Load Balancer for SSL Termination or SSL Passthrough

You can create a listener to secure the flows passing through the load balancer.

The SSL termination approach consists in enabling HTTPS or SSL flows between the Internet and your load balancer. In this case, the SSL certificate is located in the load balancer.

The SSL passthrough approach consists in forwarding the HTTPS flows to the back-end instances using the TCP protocol. In this case, SSL certificates are located in each of the back-end instances.

Configuring a Load Balancer with SSL Termination

Upload an SSL server certificate to your account.
For more information, see Uploading a Server Certificate.
Add a listener to your load balancer with either of the following configurations:
- For HTTPS:
  - Protocol: HTTPS
  - Load balancer port: 443
  - Instance protocol: HTTP
  - Instance port: 80
  - SSL certificate: The previously uploaded SSL certificate
- For SSL:
  - Protocol: SSL
  - Load balancer port: Any value between 1 and 65535, both included
  - Instance protocol: TCP
  - Instance port: Any value between 1 and 65535, both included
  - SSL certificate: The previously uploaded SSL certificate
    
    If you use Cockpit v1, you cannot specify the instance protocol as it is automatically determined by Cockpit v1.
For more information, see Adding or Deleting Listeners.

Configuring a Load Balancer with SSL Passthrough

Add a listener to your load balancer with the following configuration:
- Protocol: TCP
- Load balancer port: 443
- Instance protocol: TCP
- Instance port: 443
  
  If you use Cockpit v1, you cannot specify the instance protocol as it is automatically determined by Cockpit v1.
For more information, see Adding or Deleting Listeners.
Install an SSL certificate on each of the back-end instances of the load balancer.

To do so, you can connect to your back-end instances. For more information, see Accessing Your Instances.

Related Pages

Corresponding API Methods