Apply firewall rules to an HTTP load balancer

For your case study, you could use one network load balancer listening to ports 80 and 443 that would directly transfer request to the backend servers. The requests would be directly transferred for example to your Apache virtual hosts configured with SSL certificates for each of your websites.

If you are using an HTTPS load balancer, you are limited to 10 SSL certificates, that is to say ten websites.

What you may try to do is to have an HTTPS load balancer for each 10 domains,with SSL certificates installed, and all the load balancers would point to a backend instance group where all your websites are configured and SSL certificates installed.

As the global forwarding rule is configured on port 80 but the backend instances are serving traffic on port 8545, two separate firewall rules need to be created to allow traffic from 130.211.0.0/22 and 35.191.0.0/16 on those ports. These are IP address ranges that the load balancer uses to connect to backend instances. This rule allows traffic from both the load balancer and the health checker.

I would suggest to check on the backend instances to make sure it is listening on all addresses (0.0.0.0/0) and is not bind to any particular IP. Additionally, running tcpdump on the backend instances would be helpful to know if the traffic is reaching the instances from the above IP ranges and to continue further debugging.

More information about the firewall rules regarding Google HTTP(S) Load Balancing can be found in this help center article.