0

Regarding this MSDN article; https://msdn.microsoft.com/en-us/magazine/mt793270

Scale Unit Network Configuration sections has below sentences;

In the case of IP-based SSL, a given application is allocated a dedicated IP address for only inbound traffic, which is associated with the Cloud Service deployment. Please note: Front ends terminate SSL connection for all HTTPS requests for all applications and any type of certificate. The front end then forwards the request to the designated worker for a given application.

But, when Please note: Front ends terminate SSL connection for all HTTPS requests for all applications and any type of certificate happens?

  • Is this happened right after that we configure IP-based SSL?
  • or, is this happened to all traffics always under IP-based SSL?
  • or else?
Youngjae
  • 24,352
  • 18
  • 113
  • 198

1 Answers1

1

It happens for all traffics. All https traffic irrespective of whether you are using a ip-based SSL, SSL cert from external CA's or using internal Azure SSL (azurewebsites.net) the SSL traffic is terminated at the front-end each scale unit has and from front-end to worker will always be http traffic. In return the same is encrypted back at front-end before traffic goes out using the SSL uploaded for specific domain/azure provided SSL cert.

Gopi Kolla
  • 964
  • 6
  • 12
  • The document describes _Frond End_ is just layer-7 LB simply. So in Azure AppService, can we say that SSL encrypt/decrypt happens at _Front End_ with given certificate? – Youngjae Mar 31 '17 at 04:31
  • Yes, front end does both SSL termination as well load balancing – Gopi Kolla Mar 31 '17 at 05:00