We have a couple application/web servers which we are currently using a single F5 with a certificate for these app/web servers.
The app/web servers are for internal users only ( no public access ). Would the web functionality require a public IP or an internal IP? These servers are also receiving information from an external vendor?,... how would we configure this as well?,... maybe we could separate out the web and app functions into separate VMs but this seems inefficient use of resources.
If we want to replace the F5 with a basic (sku) LB which does not allow certificates to be attached how do work around this inability to have a web certificate on this LB? Do we have to create a web certificate on each server? However the basic LB has a single IP point for ingress/egress and certificate usually have just one IP on it with other associated names. How is a certificate configured for this?,...
When I examined standard (sku) LB a certificate can be added however it does not allow *.cert to be configured on the LB?? I created a standard LB and did not see a place to configure a web cert (SSL). Is the Standard LB able to offload SSL traffic to the web server end points?
I am confused by the terminology of "API gateway" versus standard load balancer? They seem to refer to both as the same? If standard LB is at layer 7 (SSL) do you have steps on how to configure this? Recall a long time ago that is wanted to configure something other than *.cert?,... or maybe just unclear how to configure this?
Do we need to use F5 or IGINX for SSL offloading?
dsk