A Load Balancer (LB) provides automated traffic distribution from one entry point to multiple servers in VCN. This post covers everything you should know about SSL/TLS on Load Balancer in OCI.
There are two types of Load Balancer
- Public LB: Accessible over the Internet.
- Private LB: Accessible only on OCI Infrastructure.
To know more about Load Balancer in OCI and How to create a Load Balancer click here.
SSL On LB
Secure Sockets Layer (SSL) creates an encrypted link between a client and a server. We can configure SSL on LB to transmit information between client and server in a secure way (like credit card and debit card details). We can configure SSL on LB in different ways.
- SSL termination/offloading: The SSL traffic directed to the load balancer and passes to the backend server in unencrypted form.
- End to end SSL: Load balancer terminates the SSL connection with an incoming traffic client, and then initiates an SSL connection to a backend server.
- SSL tunneling: It is used for private Client to server connection (tunneling) using a Load Balancer.
Steps To Configure SSL On LB In OCI
Note: You must create at least two Backend Servers and configure a Load Balancer on those servers. We need two backend servers so to transmit traffic from one server to another in case one server get unhealthy.
Note: Also we need to create an SSL certificate using OpenSSL and add this certificate to Load Balancer. To Know about the steps to create an SSL certificate click here.
Configuring SSL Termination At LB
1) Open the navigation menu. Under the Core Infrastructure group, go to Networking, click Load Balancers and Select Load Balancer (PoC_K21_Load_Balancer)
2) In the Resources menu, click Certificates, and then click Add Certificate
3) In the Add Certificate dialog box, enter the following:
- Certificate Name: Enter PoC_K21_SSL_Certificate
- SSL Certificate: Paste SSL Certificate Which we created
- Private Key: Paste Private Key Which we created
- Enter Private Key Pass Phare: Enter welcome
- Click On Add Certificate
4) Under Resources, click Listeners, then click create Listener
5) In the Edit Listener dialog box, Edit the following:
Note: We need to tick the checkbox “Use SSL” for configuring SSL on LB
6) Verify LB for HTTP connection by hitting the IP address of the Load Balancer created.
Configuring End To End SSL (Between LB And Backend)
As we have done in the previous section, we attached the SSL certificate to Listener but to configure SSL between LB and Backend (that means encrypted information is transmitted from client to server) we also need to add the SSL certificate to Backend sets.
1) Navigate to the Load Balancer Created–> Under Resources –> click Backend Sets–> click the action button (three dots) of the Backend Set.
2) Click on Edit
3) In Edit Backend Set click Use SSL (checkbox)
It is necessary to have a secured end to end transfer of requests. To implement the same we use SSL on Load Balancer in OCI. In this post, I have covered an Overview on SSL on LB and Steps to configure SSL on LB. I hope it will help you understand the whole process.
SSL on LB is also covered in our OCI Architect Professional [1z0-997] Certification training. To know more about this training click here.
- Oracle Cloud Infrastructure 2019 Architect Professional | 1Z0-997
- [1Z0-997]Oracle Cloud Infrastructure (OCI) Architect Professional Certification: Step by Step Hands-On Lab
- Traffic Management in OCI
- Web Application Firewall in OCI
- Health Check in OCI
- Secret Management in OCI
Next Task For You
In our OCI Architect Professional [1Z0-997] Certification training, we cover SSL on LB in Design for Hybrid Cloud Architecture module. In this module, we also cover Virtual Cloud Network, Load Balancer, Fast Connect, VPN Connect, DNS Traffic Management Steering Policies, DNS Zone Management.
For the list of Hands-On guide click here.