We have been working on a flow of upstream services on Azure. The following is the architecture:
User -> DNS -> Azure CDN -> Azure Traffic Manager -> Frontend Load Balancer (Firewall NVA) -> Azure Application Gateway -> Backend Pool (VM-Webserver)
The above flow was designed for a client and we are provisioning the same. The entire end to end flow works with HTTP requests.
But for HTTPS with SSL, the flow works only till traffic manager, as soon as we add CDN in the flow, it gives error, 'Request cannot be served', when checked in browser, it shows 502 bad gateway in developer tools
What we have seen so far:
- The end to end flow is working seamless for HTTP requests For
- HTTPs/SSL requests following configs have been done:
a) CDN : We have a profile with Custom Domain and HTTPS and Certificate enabled over it.The profile has both 80,443 enabled
b) Traffic manager : Endpoint set to port 443
c) Application Gateway : Plan to use end to end SSL encryption
i) Listener is on 443 port and has a pfx certificate
ii) HTTP setting with HTTPS and has a cer certificate from the original webserver
We have tried different combinations of configuration with CDN and traffic manager but doesn't seem to be working. I need this flow to be working end to end for HTTPS requests. This is for a prod migration to Azure.