Configure SSL offloading

Current version: 10.4

Applies to

Content Delivery, Content Management

SSL encryption and decryption of incoming traffic is CPU intensive and can put strain on server resources. SSL offloading moves processing to a dedicated device that handles all encryption and decryption. The load balancer adds additional X-Forwarded headers before passing the incoming request on to the target instance - for example, a Content Delivery server.

To configure SSL offloading:

  1. Navigate to App_Config\Include\Examples folder.

  2. Remove the .example extension from Sitecore.LoadBalancing.config.example.

  3. Change the settings in Sitecore.LoadBalancing.config according to your load balancer's settings.

  4. Repeat steps 1-3 on all instances behind the load balancer.

Enabling Sitecore.LoadBalancing.config means that Sitecore will use X-Forward-* headers with higher priority than context URLs for building URLs, unless the site definition contains host, port, and schema.

The wrong usage of this header can lead to wrong links building on the server side and results in inappropriate system behavior or security issues.

One of the main scenarios for enabling this config is working under reverse proxy, so the Sitecore instances are hidden from direct external requests. It usually means that some changes in the architecture of the solution is required.

Do you have some feedback for us?

If you have suggestions for improving this article,