Enable SSL on load balanced site?

Vote:
 

Hi,

Can anyone point me in the right direction (forum posts, blogs, articles and so forth) on how to enable SSL on a load balanced site?

Obviously you need a valid certificate and some redirect rules in web.config, but apart from that? Are there any potential pitfalls? What settings do I need in admin (Manage websites)? Is the procedure the same for a load balanced site as for a single server site?


We're running EPiServer CMS 10.10.4.0.

Thanks!

#195933
Aug 13, 2018 10:26
Vote:
 

Depends on whether or not the load balancer does SSL termination? if the load balancer does not do SSL termination you need a certificate on both the load balancer and the websites, if the load balancer does SSL termination you do not need a certificate on the webservers. It also affects your code if you try to generate full urls to something if the load balancer is doing SSL termination or not. Other than that, just configure the sites as you would normally in Episerver, just point them to https://yoursite.com and mark it https scheme and so on and you should be good to go.

I would suggest the load balancer does the http to https redirects for all requests, just the easiest to maintain imho.

Common pitfalls in load balanced environments:

  • Don't use Session state in code (TempData in mvc uses Session state, so don't use that either) or sticky load balancer setup, not possible to have a HA setup unless you use distributed session storage which you cannot currently do when Episerver on .net full framework is involved (when it end up on .net core things will be different). There is a reason Session state is not supported in a DXC environment.
  • Make sure you configure events properly so cache invalidation works between the servers
  • Make sure you have machine keys specified directly in web.config with the highest encryption settings otherwise you will run into issues with encryption/decryption of for example cookies
#195998
Aug 15, 2018 12:08
Vote:
 

Hi Thomas,

And thank you for your answer!

I'm a developer so I can't say I know a whole lot about load balancers. However, there are people here at work that do so I'll talk to them if necessary.

The site's already load balanced between two servers so everything should be set up. Apart from the certificate and HTTPS that is.

#196047
Aug 17, 2018 7:42
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.