Can Two Load balancers have same ssl endpoint and certificate

One of my application is running behind a Load balancer on a server in east region. I have created a replica of the same application and deployed it on a server in west region

My question is, that can I achieve High availability using two load balancers? Something Like

  1. Application running in EAST region behind load balancer LB-1 (Primary)
  2. If we shut down the above, then Application running in WEST region should become active which is running behind LB-2.

My thoughts:

  1. Replication Of Code on deployment: Write Jenkins script which will trigger a deploy command to deploy APP TO west REGION, whenever a deployment is done on east region.
  2. CHecking the health of primary Server/application: Write cron, which will check if the server on east region is down
  3. If it is down, then a. Using Load Balancer PATCH API, remove the mapping of load balancer in EAST region. b. Using Load Balancer PATCH API, update the mapping of load balancer in WEST region [To match with the previous east region mappings]

Are these feasible?

1 answer

  • answered 2020-08-22 22:45 aled

    Note that each Dedicated Load Balancer has a unique DNS host name in CloudHub. And the certificate subject's common name attribute must match the host name to avoid SSL/TLS validation errors in the clients.

    If you are intending to failover transparently for the clients, meaning that the next requests go through LB-2, then you should have a DNS CNAME record that matches LB-1 and you need to point to LB-2. If you don't have a DNS CNAME record to point to the other dedicated load balancer, then you need to change the clients URL to point to LB-2, and need to be sure that the certificate has a Subject Alternative Name with LB-2 host name, so it is valid for both.