load balancer don't public website https

Hoang Vo 21 Reputation points
2022-10-25T08:33:40.437+00:00

Create a public load balancer to load balance VMs using the Azure portal

  1. Create the virtual network
  2. Create load balancer
  3. Create NAT gateway
  4. Create virtual machines
  5. Install IIS (with website company)
  6. Test the load balancer work to port 80, don't work port 443
    https://learn.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-public-portal.
    how to work port 443 on public load balancer
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
506 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2022-11-07T15:08:28.307+00:00

    Hello @Hoang Vo ,

    I understand that you wanted to access your website over HTTPs via load balancer but it was not working.

    Below is the summary of our discussion on this issue:

    Azure Load Balancer doesn't currently support TLS termination as it's a pass through network load balancer. Application Gateway could be a potential solution if your application requires termination.

    Hence, I advised you to deploy an Azure Application gateway and add the virtual machines in the backend pool. Upload a certificate (you can use a self signed certificate for testing) to the Application gateway listener.
    Refer : https://learn.microsoft.com/en-us/azure/application-gateway/ssl-overview
    https://learn.microsoft.com/en-us/azure/application-gateway/create-ssl-portal

    You deployed an App gateway but were still unable to access the site over HTTPs.

    On further investigation, we found that your backend health was showing healthy but the status code was a 307 which is a Temporary Redirect redirect status response code and indicates that the resource requested has been temporarily moved to the URL given by the Location headers.
    We then checked your App gateway configuration and IIS configuration and found the below:

    The application gateway configuration was correct except the host on the health probe.

    The default host should be 127.0.0.1 but in your case I see you have added a 10. IP. May I know what is that IP address?
    By default IIS should be listening on 127.0.0.1. Could you please confirm this by opening a web browser in the VM server itself, and type http://127.0.0.1 to see if your site loads or not?

    And the Application gateway listener you were using was a basic one. When a basic listener is accessed, it will by default route to the default site in your IIS.

    There are 2 types of listeners in Application gateway:
    Basic: This listener configuration is required when you host a single site behind an application gateway.
    Multi-site: This listener configuration is required when you want to configure routing based on host name or domain name for more than one web application on the same application gateway.
    Refer : https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-components#types-of-listeners

    In case, you would like to differentiate between the default site and the site you created, I would suggest you to use a multi-site listener for port 443 and then add a hostname to it which should be binded to your IIS port 443 setting. Then you can edit your local hosts file for name resolution (for testing) or add a custom domain mapping in a DNS provider (for production).
    Refer : https://learn.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal

    You were able to make the required changes and now the Application gateway is working fine and you are able to access you site over HTTPs.

    Kindly let us know if you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Sreeju Nair 12,666 Reputation points
    2022-10-25T08:43:37.31+00:00

    Azure load balancer is a Layer 4 load balancer and it doesnot offload SSL certificates. You can use Application Gateway to implement load balancing at the application layer.

    See the below flowchart that will help you to decide what type of load balancer can be utilized based on various scenarios.

    253810-image.png

    Reference: https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
    https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview#decision-tree-for-load-balancing-in-azure

    Hope this helps


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.