Load balancer using SSL without open port on service?

So I have a web app running on three hosts without any open ports for the service. When I add a Load Balancer in front of the service and just use HTTP on port 80 -> 80 it all works just fine and dandy. But if I filp the switch to HTTPS 443->80 (and of course providing a working cert) it no longer works, unless I port map 80 -> 80 on the service (meaning the app is now open @ port 80 on all running servers).

I’m sure I’m just doing this wrong, can anyone please point me in the right direction for this?

Thanks!

EDIT: Some additional info: I have set up the correct sub domain for use with the cert of course, proof of this is that the app actually works when opening the port map on the service.

Just going to answer my own question here: the problem seem to be that both ports have to be open and point to port 80. So: if I add both HTTPS for port 443 -> 80 as well as HTTP 80 -> 80 the https version seem to work?

If anyone would confirm or reject this I would be very happy, cheers!

What do you mean with “It no longer works”?
Is there an issue with the Cert or what problem exactly do you experience? Error Message?

Hi, what I meant was that having port 80->80 worked just fine (using http), but having port 443->80 (and of course closing 80->80) did not work (using https), not unless I also opened port 80 on the service (which I would like to avoid of course).

But what I found was that if 80->80 remained open, (so both 443->443 and 80->80) then https worked.

My first thought was that I could map 443 -> 80, but that seems to be the case? Both 443 and 80 seems to be required?

I’m now using Cloudflare page rules to force HTTPS, but that was kind of what I wanted to avoid, and just not have port 80 open at all.


I’ve not had that much sleep (I have a 1 year old daughter) and what I just wrote feels very confusing, but maybe you can figure out what I’m getting at? :slight_smile: