here is my setup. I have 4 servers
ARR
Node1
Node2
Node3
I have set the nodes up to use a shared configuration and have set the ARR box up to have a central certificate store ( followed the docs on msdn ). On the ARR box there is a DefaultWebsite as per the standard IIS installation. It has a binding that matches all HTTP traffic ( ie no domain specified ). There is also a ARR rule ( set up by default ) that points all requests to my server farm. Everything is working perfectly for normal HTTP traffic, but when I try HTTPS the requests fail ( browser gives ERR_CONNECTION ). I have stuck to all the defaults an no joy. I have multiple sites with multiple certificates, so I have made sure that all HTTPS bindings on the node are set to use SNI and the CCS. Still HTTPS does not work. However, if I add the HTTPS binding on the ARR box, then the requests go through correctly.
Surely that behavior is not correct? I can't manage https bindings on the ARR box and then all other bindings through a shared config setup? I was under the impression that the ARR box should not even need to have a single site configured, it should simply pick up the request, match the ARR rule and then delegate off to one of the nodes?
Am I missing something here, any help would be greatly appreciated
I think it might have something to do with SSL offloading. When I disable that, I get an error 502 response.
Could it have something to do with compression? I zip all responses using a filter, but surely then even http traffic would fail?