GCP SSL/TCP Load Balancer using a SSL and TCP backend at the same time

0
votes

Is it possible to have on the same GCP SSL/TCP Load Balancer an SSL :443 frontend and a TCP :9300 frontend, pointing to a HTTP :80 backend an a TCP :9300 backend?

I cant get this to work on the same load balancer, the frontends seem to mix up the requests to the different backends?

I have also tried having two load balancers using the same ephemeral IP on the two frontends and then pointing to the respective backends and instance groups on different port paths, but having the same IP doesn't work with two load balancers even though you can configure them to have the same one.

I want to achieve this so I can have one DNS record pointing to one IP address and utilising the different port mappings.

2
google-cloud-platformgcp-load-balancer

2 Answers

1
votes

I tried creating your intended configuration and it doesn't work. You can configure the Frontend to listen on SSL:443 / TCP:9300 and Backend TCP:9300 but it doesn't work for HTTP:80.

I can't think of a workaround that would get that set up but I would suggest posting it as a feature request [1] with your business need so that it can be reviewed and see if it's feasable to apply to GCLB.

[1] https://cloud.google.com/support/docs/issue-trackers

0
votes

To use two separate ports on the TCP/SSL LB you have to create two load balancers each referencing each port but using the SAME static IP you can create. You then also have to use a google-managed certificate and add the CAA record to you DNS. It then handles both connections perfectly using the same DNS name for the static IP.