NodeBalancers have always supported TCP-based protocols, including SSL – but we’re pleased to announce that NodeBalancers now include native HTTPS support.
This means a NodeBalancer can terminate SSL connections for you, and have the functionality and behavior you already enjoy from HTTP mode – including correctly setting an
X-Fowarded-For header with the requester’s IP address, and session cookies for backend node stickiness.
In order to do this, create a new configuration profile using port 443 (typically), set the Protocol to HTTPS, and then provide the certificate and its private key (without a passphrase). Chained intermediate certificates are also supported. Here’s a screenshot showing the new options:
A note for higher trafficked SSL sites: SSL negotiation is a computationally expensive operation, and the ability for a NodeBalancer in SSL mode to keep up may not be sufficient. In these situations we recommend using TCP mode and distributing the SSL termination load to your backend Linodes. Alternatively, you could use multiple NodeBalancers in SSL mode and use round-robin DNS.