Hello @Hoang Vo ,
I understand that you wanted to access your website over HTTPs via load balancer but it was not working.
Below is the summary of our discussion on this issue:
Azure Load Balancer doesn't currently support TLS termination as it's a pass through network load balancer. Application Gateway could be a potential solution if your application requires termination.
Hence, I advised you to deploy an Azure Application gateway and add the virtual machines in the backend pool. Upload a certificate (you can use a self signed certificate for testing) to the Application gateway listener.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/ssl-overview
https://learn.microsoft.com/en-us/azure/application-gateway/create-ssl-portal
You deployed an App gateway but were still unable to access the site over HTTPs.
On further investigation, we found that your backend health was showing healthy but the status code was a 307 which is a Temporary Redirect redirect status response code and indicates that the resource requested has been temporarily moved to the URL given by the Location headers.
We then checked your App gateway configuration and IIS configuration and found the below:
The application gateway configuration was correct except the host on the health probe.
The default host should be 127.0.0.1 but in your case I see you have added a 10. IP. May I know what is that IP address?
By default IIS should be listening on 127.0.0.1. Could you please confirm this by opening a web browser in the VM server itself, and type http://127.0.0.1 to see if your site loads or not?
And the Application gateway listener you were using was a basic one. When a basic listener is accessed, it will by default route to the default site in your IIS.
There are 2 types of listeners in Application gateway:
Basic: This listener configuration is required when you host a single site behind an application gateway.
Multi-site: This listener configuration is required when you want to configure routing based on host name or domain name for more than one web application on the same application gateway.
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-components#types-of-listeners
In case, you would like to differentiate between the default site and the site you created, I would suggest you to use a multi-site listener for port 443 and then add a hostname to it which should be binded to your IIS port 443 setting. Then you can edit your local hosts file for name resolution (for testing) or add a custom domain mapping in a DNS provider (for production).
Refer : https://learn.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal
You were able to make the required changes and now the Application gateway is working fine and you are able to access you site over HTTPs.
Kindly let us know if you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.