Share via

Front Door SSL termination - end-to-end encryption

Larry Wa 26 Reputation points
2021-01-17T20:50:00.183+00:00

We are using AKS and want to use AFD and Azure App Gateway, both of which support Http2. We are also using grpc to communicate with our pods.

At this point, we can't use the AFD/AAG because for end-to-end encryption, AFD always terminates the SSL when the calls comes through, so when the call reaches AAG, its not encrypted anymore.

Can the SSL termination of AFD be more like a pass through so end-to-end encryption would work? If so, what would be the risk of passing this through and letting the termination happen at AAG?

The actual need is for the termination to happen at the pod if possible.

Thanks!

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
598 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,902 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 13,966 Reputation points MVP
    2021-01-18T05:52:38.07+00:00

    @Larry Wa

    Yes, Azure Front Door supports TLS/SSL offload, and end to end TLS, which re-encrypts the traffic to the backend. In fact, since the connections to the backend happen over its public IP, it is recommended that you configure your Front Door to use HTTPS as the forwarding protocol.

    Please refer it helps
    End to End TLS for Azure Front Door and Azure Kubernetes Service

    Please don’t forget to Accept the answer and up-vote wherever the information provided helps you, this can be beneficial to other community members.

    0 comments