Configure SSL offloading
Applies to |
Content Delivery, Content Management |
---|
SSL encryption and decryption of incoming traffic is CPU intensive and can put strain on server resources. SSL offloading moves processing to a dedicated device that handles all encryption and decryption. The load balancer adds additional X-Forwarded headers before passing the incoming request on to the target instance - for example, a Content Delivery server.
To configure SSL offloading:
-
Navigate to
App_Config\Include\Examples
folder. -
Remove the
.example
extension fromSitecore.LoadBalancing.config.example
. -
Change the settings in
Sitecore.LoadBalancing.config
according to your load balancer's settings. -
Repeat steps 1-3 on all instances behind the load balancer.
Enabling Sitecore.LoadBalancing.config
means that Sitecore will use X-Forward-* headers with higher priority than context URLs for building URLs, unless the site definition contains host, port, and schema.
The wrong usage of this header can lead to wrong links building on the server side and results in inappropriate system behavior or security issues.
One of the main scenarios for enabling this config is working under reverse proxy, so the Sitecore instances are hidden from direct external requests. It usually means that some changes in the architecture of the solution is required.