Sitecore 9.2 SSL offloading

SSL Offloading is the process of removing SSL encryption from incoming traffic approaching web servers so the webserver does not need to decrypt the data. The objective of SSL Offloading is to delegate the process of encryption to another device so that it can provide benefits like improving web server’s performance, load time, etc.

Sitecore 9.2 now provides this feature.

To enable this SSL Offloading, you will need to configure \App_Config\Include\Examples\Sitecore.LoadBalancing.config.example file.

<configuration xmlns:patch="https://www.sitecore.net/xmlconfig/" xmlns:role="https://www.sitecore.net/xmlconfig/role/">
    <sitecore role:require="Standalone or ContentManagement or ContentDelivery">
        <settings>
            <!-- SITECORE LOADBALANCING ENABLED
            Defines whether the SSL offloading feature is enabled
            Default value: true
            -->
            <setting name="Sitecore.LoadBalancing.Enabled" value="true" />
            <!-- SITECORE LOADBALANCING HOSTHEADER
            Defines the value indicating from which request header the host should be taken during the SSL offloading
            Default value: X-FORWARDED-HOST
            -->
            <setting name="Sitecore.LoadBalancing.HostHeader" value="X-FORWARDED-HOST" />
            <!-- SITECORE LOADBALANCING SCHEMEHEADER
            Defines the value indicating from which request header the scheme should be taken during the SSL offloading
            Default value: X-FORWARDED-PROTO
            -->
            <setting name="Sitecore.LoadBalancing.SchemeHeader" value="X-FORWARDED-PROTO" />
            <!-- SITECORE LOADBALANCING PORTHEADER
            Defines the value indicating from which request header the port should be taken during the SSL offloading
            Default value: X-FORWARDED-PORT
            -->
            <setting name="Sitecore.LoadBalancing.PortHeader" value="X-FORWARDED-PORT" />
        </settings>
    </sitecore>

</configuration>

You need to set Sitecore.LoadBalancing.Enabled to true to configure SSL offloading.

Load balancer adds additional X-Forwarded headers before the request is pushed to the target instance.

The X-Forwarded-Host header is a standard header for identifying the original host requested by the client in the Host HTTP request header.

Example:

X-Forwarded-Host: cd.site-cdn.com

X-Forwarded-Proto provides the information on the protocol (HTTP or HTTPS) that a client used to connect to your load balancer.

Example:

X-Forwarded-Proto: https

X-Forwarded-Proto: http

X-Forwarded-Port provides the information on the destination port that the client used to connect to the load balancer.

Before you enable this feature, please consult with the relevant team.