Create a Load Balancer and Configure a Hostname

You can use the Oracle Load Balancer service to create a public load balancer for managing the certificates in your tenancy.

A load balancer provides automated traffic distribution from one entry point to servers reachable from your virtual cloud network. For more about Oracle Load Balancer, see Overview of Oracle Load Balancer and Creating a Load Balancer.

To create a load balancer:

  1. In the OCI Console, click Navigation Menu the Menu icon, select Networking, and then select Load Balancer.
  2. Create a new load balancer:
    1. On the Load Balancers page, click Create load balancer.
    2. Select Load Balancer as the type, then click Create Load Balancer to open the Create Load Balancer page to define the load balancer's details.
    3. On the Add Details page, select the defaults for the shapes and networking options.

      In the Choose networking section, you need to select a Virtual cloud network and Subnet, if they are not already selected.


      Description of waf-load-choose-networking.png follows
      Description of the illustration waf-load-choose-networking.png

      Click Next.

    4. In the Specify Health Check Policy pane on the Choose Backends page, select TCP as the Protocol and set the port to 443. Click Next.
    5. In the SSL Certificate pane on the Configure Listener page, select Load Balancer Managed Certificate in the Certificate Resource dropdown list.
    6. Provide your certificate chain and private key. Click Next.
    7. On the Manage Logging page, accept the default settings. Click Submit to create the load balancer.

      Note:

      It will take a few minutes to provision the load balancer
  3. After the load balancer is provisioned, click the name of the new load balancer on the Load Balancers page to open its Details tab.
  4. Open the Hostnames tab, and then click Create hostname.
  5. Enter a Name and Hostname in the Create hostname page. Click Create.

    The hostname will be your custom endpoint.


    Description of waf-load-hostnames-tab.png follows
    Description of the illustration waf-load-hostnames-tab.png

  6. Open the Listeners tab, and edit your listener to add the hostname. Click Save changes.
  7. Configure the load balancer Virtual Cloud Network (VCN):
    1. Open the load balancer's Details tab, and then click the Virtual Cloud Network (VCN) link to open the VCN's Details tab:
    2. Open the VCN's Gateways tab, and then click Create Internet Gateway.
    3. In the Create Internet Gateway page, enter a name, and then click Create Internet Gateway to return to the Gateways tab.
    4. In the Gateways tab, click Create NAT Gateway.
    5. In the Create NAT Gateway page, enter a name for the gateway and select Ephemeral Public IP Address. Click Create NAT Gateway.
    6. Open the Routing tab, and then click Create Route Table.
    7. In the Create Route Table page, enter a name, and then click Create Route Table to return to the Routing tab.
    8. Click the new route table to open its details page.
    9. Open the Route Rules tab, and then click Add Route Rules.
    10. In the Add Route Rules page, enter these details for the NAT gateway route rule:
      • Target Type: NAT Gateway.
      • Destination CIDR Block: Provide the Visual Builder instance public load balancer IP (see Setup above on how to obtain it). If it is a single IP, append /32 to it to form a single IP CIDR Block.
      • Compartment: Leave as is.
      • Target: Select the NAT gateway you created.
      • Description: An optional description of the rule.

      Description of waf-load-add-route-rules.png follows
      Description of the illustration waf-load-add-route-rules.png

      You need to create a NAT gateway route rule for each of your Visual Builder instance public load balancer IPs. To add a route rule, click + Another Route Rule.

    11. Click + Another Route Rule, and enter these details for the internet gateway route rule:
      • Target Type: Internet Gateway.
      • Destination CIDR Block: 0.0.0.0/0
      • Compartment: Leave as is.
      • Target Internet Gateway: Select the internet gateway you created.
      • Description: An optional description of the rule.

      Click Add Route Rules.

    12. Confirm that the health check status for your Backend Set is OK.
  8. Return to the load balancer's Details tab.
  9. Configure the load balancer subnet:
    1. On the load balancer's Details tab, click the Subnet link to open its details page.
    2. Open the subnet's Security tab, and then click the default security list in the table to open its Details pane.
    3. Open the Security rules tab.
    4. Edit the rule for entry 0.0.0.0/0 in the Ingress Rules table to change the Destination Port Range to 443. Click Save changes.
  10. Set the SSL option for the backend:
    1. On the Backends page, select the SSL option.
    2. Select the Load Balancer Managed Certificate option.
    3. Select Load Balancer managed certificate and select the certificate from the dropdown list.

      Note:

      If you get an error that a CA certificate is missing, create a new Load Balancer Managed Certificate and provide the server cert and intermediate cert separately instead of a combined chain.
  11. Add a new backend:
    1. Open the Backend Sets tab, and then click the backend set link in the table to open its Details tab.
    2. Open the Backends tab, and then click Add Backend.
    3. Select the IP Addresses option, and set the following backend details:
      • IP Address: Provide the IP address for the load balancer. This is the IP address you obtained when you used the dig command on the Visual Builder hostname.
      • Port: Set the port to 443.

      Description of waf-load-add-backend.png follows
      Description of the illustration waf-load-add-backend.png

      Click Add.

  12. (Optional) If you want to restrict access:
    1. Open the Policies tab, and then click Create routing policy.
    2. In the Create routing policy page, enter a name for the routing policy.
    3. In the Conditions pane, configure the policy by setting the following:
      • When the following conditions are met: Set to If All Match
      • Condition Type: Set to Path
      • Operator: Set to Is
      • URL String: Set to / .

      Description of waf-load-create-routingpolicy.png follows
      Description of the illustration waf-load-create-routingpolicy.png

    4. In the Action pane, define the "Route to backend" action by selecting the backend set from the dropdown list. Click Next.
    5. Set the order that policies should be performed, if needed. Click Create routing policy to return to the Policies tab.
    6. In the Policies tab, click Create rule set.
    7. In the Create rule set page, enter a name for the rule set.
    8. Select Specify request header rules, and then enter the details:
      • Action: Add Request Header
      • Header: Host
      • Value: Add your custom URL (for example: myhost.example.com)

      Description of waf-load-create-ruleset.png follows
      Description of the illustration waf-load-create-ruleset.png

      Click Submit to return to the Policies tab.