One or more backend Droplets running an application configured for SSL. You can use DigitalOcean’s free DNS hosting service or another service of your choice. Namecheap or Omnis).ĭNS records pointing from your domain to the load balancer. You can use any domain name registrar (e.g. Backend Configuration for SSL Passthroughīefore you configure SSL passthrough on your load balancer, you’ll need:Ī registered domain name that you own. Sticky sessions do not work with SSL passthrough (port 443 to 443). You also can’t add or modify HTTP headers, so you may lose the client’s IP address, port, and other information contained in the X-forwarded-* headers. SSL passthrough distributes the decryption load across the backend servers, but every server must have the certificate information. This secures the traffic between the load balancers and the backend servers. SSL passthrough, which sends encrypted SSL requests directly to the backend, via the Droplets’ private IP addresses. We recommend separating customers by team or using SSL passthrough instead. However, if you host multiple customer applications in a single account or team, data could be readable by others on the private network. Traffic between the load balancer and its Droplets is secured by routing over the VPC network. SSL termination places the slower and more CPU-intensive work of decryption on the load balancer and simplifies certificate management. SSL termination, which decrypts SSL requests at the load balancer and sends them unencrypted to the backend via the Droplets’ private IP addresses. ![]() ![]() When load balancing encrypted web traffic, there are two main configuration choices: ![]() To configure SSL passthrough for a load balancer for Kubernetes nodes, see our reference on configuring DigitalOcean Kubernetes load balancers. This guide applies to load balancers for Droplets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |