Are you trying to set up a load balancer in DigitalOcean with SSL?
Setting up an SSL for the load balancer will decrypt the request before sending it to the droplet.
At Bobcares, we often get requests to set up a Load Balancer with SSL as a part of our DigitalOcean Managed Services.
Today, let’s see how our Support Engineers setup the Load Balancing with SSL.
DigitalOcean Load Balancer SSL
Load Balancer helps us to distribute network traffic to multiple servers.
In load Balancing web traffic encryption, there are two main configurations.
i) SSL termination: It decrypts the request at the load balancer and sends it to the Droplet. The load balancer uses SSL termination by default.
ii) SSL passthrough: It sends encrypted SSL requests directly to Droplet.
Let’s discuss how our Support Engineers set up the load balancing with SSL.
Add an SSL certificate for Load Balancer
Recently, one customer contacted us to set up a load balancer for his two Droplets. Also, he wanted to secure the connection to his droplets at the load balancer. The best option here was to set up LoadBalancer using SSL. Now, let’s discuss how our Support Engineers create and add the SSL certificate.
First, we login to the DigitalOcean Control Panel.
In the left pane, we click on Networking.
Then we click on the Load Balancers tab and click on Create Load Balancers.
In Choose a datacenter region, we choose the region where the Droplet is created.
Then in Forwarding rules sub-section, we select as HTTPS or HTTPS2 in Load Balancer Protocol.
After that, we enter Port 443 for the Protocol. Now we click on the certificate, now a drop-down appears.
If a certificate is already added the certificate will display then we click on the certificate. Else we click on + New certificate.
Now a window appears. Thus we can add a Let’s Encrypt SSL certificate or SSL certificate from the third party as shown below in the screenshot.
Now, let’s discuss the two options available to add the certificate.
1. Bring your own certificate
We click on Bring your own certificate tab, Now we manually enter the details of the certificate that is available.
Now we enter the name for the certificate. We suggest giving the domain name to identify the certificate.
In Certificate, we paste the public key of the SSL certificate.
Also, we paste the Private key in the next column.
Next, we paste the CA certificate in the certificate chain.
Then we click on Save SSL Certificate. Finally, click on Save to apply the new changes.
2. Use Let’s Encrypt
If a certificate is not available you can choose Let’s Encrypt free SSL. But to use Let’s Encrypt, the DNS needs to be with DigitalOcean.
The best option is to change the nameserver of the domain to DigitalOcean by contacting the registrar.
When we click on Search for a domain on DigitalOcean the domain will be listed. Thus we select the domain and we give the name for the certificate.
If the domain is not added then we click on + Add new domain.
Now a warning appears to change the nameserver. Here, we click on Yes, continue.
We enter the domain name and enter the subdomain if available.
Then we add the name of the certificate.
We click on the Generate certificate.
Use secure connection
Here, the customer was having an eCommerce website. He purchased an SSL certificate from the SSL vendor and provided us the details thus we used Bring your own certificate option.
After adding the certificate we Force the connection to HTTPS.
Thus in Advanced settings, we check Redirect HTTP to HTTPS.
Finally, we click on Create Load Balancer and add the Droplets.
[Need any assistance with load balancing? – We’ll help you]
In short, we’ve discussed DigitalOcean supports adding an SSL certificate using Let’s Encrypt or manually. Also, we saw how our Support Engineers add an SSL certificate for a load balancer in DigitalOcean.