All Products
Search
Document Center

Alibaba Cloud Service Mesh:Use an ASM ingress gateway to access a service over HTTPS

Last Updated:Jun 17, 2026

Service Mesh (ASM) supports accessing services over HTTPS through an ASM ingress gateway. To enable HTTPS access, configure Transport Layer Security (TLS) termination on the access path by specifying a certificate. With TLS termination, encrypted HTTPS requests are decrypted and forwarded to backend service pods over HTTP.

Configure methods for accessing the backend services of an ASM ingress gateway over HTTPS

The following figure shows the HTTPS access path to a backend service of an ASM ingress gateway.

image

You can use the following methods to access backend services of an ASM ingress gateway over HTTPS:

Method

Description

References

Configure TLS termination on an ASM ingress gateway

Recommended. Configure a certificate for the ASM ingress gateway. The gateway decrypts HTTPS requests and forwards HTTP requests to backend services.

With this method, you manage the gateway certificate in the ASM console.

Configure TLS termination on a Classic Load Balancer (CLB) instance

If a CLB instance is created for an ASM ingress gateway, bind a certificate to the instance and create an HTTPS listener to access backend services. The CLB instance decrypts HTTPS requests and sends HTTP requests to the ASM ingress gateway.

This method requires managing the certificate in the CLB console and enabling HTTP access in the ASM console.

Configure TLS termination on backend services

If TLS termination is configured on backend services, enable TLS pass-through on the ASM ingress gateway to forward HTTPS requests directly to the backend services.

With this method, backend services accept and decrypt HTTPS requests and manage the corresponding certificate.

Enable TLS pass-through on an ingress gateway