SSL and Load Balancing


#1

Recently, I have successfully followed a Digital Ocean tutorial on splitting the MySQL database off into a remote Droplet.

After this was done, I then successfully followed another one of their tutorials with respect to securing the instance with SSL.

Now, I am reading and preparing to further optimize/upgrade the performance of my overall system for this site with a Layer 4 Load Balancing configuration. While reading this tutorial…

…I see that the SSL needs to be installed on the HAProxy Droplet rather than the WP Droplets. This would seem to mean that I’m going to have to rollback the Let’s Encrypt SSL installation from the current WP Droplet.

Questions…

• Please confirm…will I have to rollback the SSL Installation on the original WP Droplet?

• If yes to the first question, how would I go about rolling back the Let’s Encrypt install on the original Server?

Thanks for reading.


#2

With load balancing at layer 4 only you have the option of SSL pass-through. So instead of installing SSL on HAProxy it just forwards the encrypted traffic to one of the webservers using your existing config as shown in the 2nd half of this guide.

Alternatively with newer versions of HAProxy (1.5+) you can also use SSL on the back end connections as shown here.

Otherwise removing the HTTP to HTTPS redirect will suffice.