Depends on whether or not the load balancer does SSL termination? if the load balancer does not do SSL termination you need a certificate on both the load balancer and the websites, if the load balancer does SSL termination you do not need a certificate on the webservers. It also affects your code if you try to generate full urls to something if the load balancer is doing SSL termination or not. Other than that, just configure the sites as you would normally in Episerver, just point them to https://yoursite.com and mark it https scheme and so on and you should be good to go.

I would suggest the load balancer does the http to https redirects for all requests, just the easiest to maintain imho.

Common pitfalls in load balanced environments:

• Don't use Session state in code (TempData in mvc uses Session state, so don't use that either) or sticky load balancer setup, not possible to have a HA setup unless you use distributed session storage which you cannot currently do when Episerver on .net full framework is involved (when it end up on .net core things will be different). There is a reason Session state is not supported in a DXC environment.
• Make sure you configure events properly so cache invalidation works between the servers
• Make sure you have machine keys specified directly in web.config with the highest encryption settings otherwise you will run into issues with encryption/decryption of for example cookies

Hi Thomas,

And thank you for your answer!

I'm a developer so I can't say I know a whole lot about load balancers. However, there are people here at work that do so I'll talk to them if necessary.

The site's already load balanced between two servers so everything should be set up. Apart from the certificate and HTTPS that is.