Reputation: 767
Using Google Cloud Load Balancer & SSL For MANY Domains
I'm planning to set up HTTP/HTTPS load balancing (https://cloud.google.com/compute/docs/load-balancing/http/) on the Google Cloud Platform for over 1,700 domains (different websites); and all will have TLS/SSL. However, you can only add up to 10 SSL certificates per load balancer, according to this: https://cloud.google.com/compute/docs/load-balancing/http/ssl-certificates
How should I go about trying to set up load balancing to serve websites using Compute Engine? I'd like to have instances in several different regions, and all of the steps in adding a domain should be automated (I have the deployment process figured out).
Of course I'll be providing my own SSL certificates. I can add up to 100 domains per certificate using Let's Encrypt (https://letsencrypt.org/docs/rate-limits/). But do I need a separate certificate for each domain for the Google Cloud load balancer? But if I can use one certificate for every 100 domains, does that mean I can only use a load balancer for up to 1,000 domains (10*100)? Would I have to create multiple load balancers, each with its own Frontend, using the same Backend service? How many load balancers am I allowed to create per project?
Upvotes: 4
Views: 4988
Answers (2)
Reputation: 1683
The limitation on number of certs is by IP, not by load balancer. The number of certs by ip is now 15 on each per the GCP docs. If in your case the sites can use a shared cert, then that would cover 1500 domains per IP address.
GCP quotas have a default but you can request an increase if your case needs it.
Upvotes: 3
Reputation: 1108
We also had the same scenario and requirement (1000+ domains, letsencrypt SSL and Google LoadBalancer) but alas couldn't use Google Load Balancer to do that. Instead we made an TCP LoadBalancer instead of an HTTPS one, so that we could handle the 443 port.
Now the request directly came to our instances (even with ssl), and we made conf for all the domains in nginx and all the domains had their ssl certifciates configured using letsencrypt and serve the app based on the domain.
Upvotes: 4
Related Questions
- Change domain for load balancer's SSL certificates
- Dynamic SSL allocation in GCP HTTP(s) Layer 7 Load balancer
- How to setup Letsencrypt for Google Cloud Compute Engine load balancer?
- HTTPS load balancer in Google Container Engine
- GCP Https Load Balancer SSL Certificate
- Setting up an SSL cert with Google Cloud Load Balancer
- How to set up an architecture of scalable custom domains & auto-SSL on Google Kubernetes Engine
- How to use multiple SSL certificates with Google Load Balancer?
- Google load balancer force https
- Google Cloud SSL/HTTPS Load Balancer