Configure Google Cloud Platform with Load Balancing as Reverse Proxy
You can set up Google Cloud Platform (GCP) with load balancing as a reverse proxy. The following diagram describes components in the configuration.
Google Cloud Platform Load Balancer distributes traffic across multiple instances of applications.
Internet Network Endpoint Group is a backend that resides outside of Google Cloud. See Internet Network endpoint group for details.
Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and
cname-api-key
values for use later.Verify ownership of the domain by adding a TXT record in your DNS server in the Auth0 Dashboard > Tenant Settings > Custom Domains and click Verify.
Once GCP has verified your domain, log in to the GCP console.
Go to Network Services > Load Balancing. Click Create Load Balancer. To learn more, see Google Cloud Platform Load Balancing in Google Cloud documentation.
Select HTTP(S) Load Balancing.
Select From Internet to my VMs because we need to route the traffic from Internet to Auth0. Click Continue.
Provide a name for the load balancer such as
auth0-reverse-proxy
and click Create.
Configure the backend.
Create an internet network endpoint group (NEG) which is a backend that resides outside of Google Cloud. To learn more, see Internet network endpoint groups overview in Google Cloud documentation.
Select the newly created Internet NEG as a backend in the backend service configuration and set the
cname-api-key
andhost
value (origin domain name) from your Auth0 tenant.Click Done.
Set up the
host
andpath
rules.Choose Action as Route traffic to a single backend.
In Host rewrite, enter your origin domain name from your Auth0 tenant that you saved earlier.
Click Create.
Configure the frontend.
Create a certificate. The easiest method is to choose Google-managed certificate because Google automatically provisions the SSL certificate for you.
If you do not choose a Google-managed certificate, then it is your responsibility to renew and upload the SSL certificate with your certificate authority before it expires.
Review and finalize the configuration. It will take a minute for GCP to configure the load balancer. Typical issues that might cause an error include:
Invalid API key: The
cname-api-key
was not set to Auth0 from GCP.403 Forbidden: The
host
header was not sent to Auth0 from GCP.
Log in to your DNS provider and set up the CNAME.