Configure Google Cloud Platform with Load Balancing as Reverse Proxy
You can set up Google Cloud Platform (GCP) with load balancing as a reverse proxy. The following diagram describes the configuration.
Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and
cname-api-keyvalues for use later.
Verify ownership of the domain by adding a TXT record in your DNS server in the Dashboard > Tenant Settings > Custom Domains and click Verify.
Once GCP has verified your domain, log in to the GCP console.
Go to Network Services > Load Balancing. Click Create Load Balancer. (See Google Cloud Platform Load Balancing documentation for details.)
Select HTTP(S) Load Balancing.
Select From Internet to my VMs because we need to route the traffic from Internet to Auth0. Click Continue.
Provide a name for the load balancer such as
auth0-reverse-proxyand click Create.
Configure the backend.
Create an Internet Network endpoint group (NEG) which is a backend that resides outside of Google Cloud.
Select the newly created Internet NEG as a backend in the backend service configuration and set the
hostvalue (origin domain name) from your Auth0 tenant.
Set up the
Choose Action as Route traffic to a single backend.
In Host rewrite, enter your origin domain name from your Auth0 tenant that you saved earlier.
Configure the frontend.
Create a certificate. The easiest method is to choose Google-managed certificate because Google automatically provisions the SSL certificate for you.
If you do not choose a Google-managed certificate, then it is your responsibility to renew and upload the SSL certificate with your certificate authority before it expires.
Review and finalize the configuration. It will take a minute for GCP to configure the load balancer. Typical issues that might cause an error include:
Invalid API key: The
cname-api-keywas not set to Auth0 from GCP.
403 Forbidden: The
hostheader was not sent to Auth0 from GCP.
Log in to your DNS provider and set up the CNAME.