Build HTTPS Support Load Balancer on Azure

3 min readApr 9, 2019

Setting ssl to Application Gateway using Ubuntu VM. I was so tired to achieve this, so I left my knowledge here.

In Azure, there are 2 types of load balancer. One is Load Balancer and the other is Application Gateway. If you want to support https, only Application Gateway is available. Load Balancer is a Layer 4 balancer. So it doesn’t support SSL offloading.

I break down the whole process as following steps.

Build Application Gateway
Build Ubuntu VM and install Nginx
Obtain SSL certification from Let’s Encrypt
Upload certifications to Application Gateway

1. Build Application Gateway

Basically, follow the official instruction. We are going to create Nginx web server on top of Ubuntu VM, so please skip later sections than “Create a virtual machine”

2. Build Ubuntu VM and install Nginx

Basically, follow the official instruction. Currently a newer version of Ubuntu is available, so we are going to choose 18.04. And as Inbound port rules, please add HTTPS.

A Important point here is network setting. Please take care that previously created virtual network and subnet are selected.

VM is created so now is the time to do a previously skipped section which is “Add backend servers to backend pool”

3. Obtain SSL certification from Let’s Encrypt

We are going to obtain ssl certification from Let’s Encrypt which provide free, automated, and open Certificate Authority.

Basically, follow this great instruction.

4. Upload certifications to Application Gateway

Now we have pem format server certification, named “fullchain.pem”. We convert this as “pfx” and “cer” format.

// pem to pfx
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in fullchain.pem// pem to cer
openssl x509 -inform PEM -in fullchain.pem -outform DER -out certificate.cer

Open Azure portal. Then go to “Listeners” setting in Application Gateway and add a https listener.