How to enable dedicated load balancer under own domain

Last Updated on 30/05/2021 by Patryk Bandurski

A Dedicated Load Balancer is an optional component of the Anypoint Platform. Unlike the Shared Load Balancer, this one gives greater flexibility and possibility to configure. In this article, you will find the answers to three questions: Why use a DLB? How does it work? And finally, how to configure it work with our domain.

Dedicated Load Balancer

The Shared Load Balancer translates our services like to What if we would like to hide this address, make it more readable and client-friendly? MuleSoft Dedicated Load Balancer can help.

As in the diagram below, DLB comprises of two instances – at least. You can decide to use up to eight workers, but this depends on your entitlements.

Comparison of MuleSoft DLB and MuleSoft SLB

The DLB translates the incoming traffic to one of HTTP, HTTPS, or Web Socket. The mapping is different from Shared LB. The traffic is routed to mule-woker-internal-[api-name].[region] This means that your application listest internally on http.private.port or https.private.port. That is respectively 8091 and 8092

DLB benefits

Using MuleSoft Dedicated Load Balancer has benefits such as:

  • private, non-shared with others, Load Balancer
  • hide CloudHub domain with your own
  • distribute the load to your MuleSoft applications
  • define certificates
  • enable two-way client authentication
  • supports Web Socket transport – how to expose web socket you can find in my article here
  • set proxy rules that route the traffic to specific applications

DLB configuration

In this section, we will focus on creating and configuring a Dedicated Load Balancer.

Our use case is depicted in the first diagram. We want to expose our APIs under the domain for production applications and for other environments.

DLB setup

The Dedicated Load Balancer is associated with specific VPC. I already have two VPCs. One for a production environment that is associated with my PROD environment and the second VPC for all other environments like DEV, SIT.

Creating DLB
Creating DLB

On the Create Load Balancer screen above, I named the load balancer api-lb and selected prod-vpc. This configuration will result in the following address to our services:


Remember that the DLB name must be unique across the word.

Assigning our domain

I want to hide the address to my MuleSoft DLB – Clients should use this one We can achieve this by adding a CNAME record on my domain. Here is, how I configured it:

Key nameValue
Record typeCNAME
TTL1 hour
CNAME record configuration


The propagation on DNS may take up to 24 hours. Usually, it takes about an hour. I check the DNS propagation status via whatsmydns web page.

Certificate upload

We need to add public and private keys for our domain. You can enable two-way SSL by uploading client certificates.

Routing rules

For each domain, you can define different routing rules. In the URL Mapping Rules section, you can adjust the routing mechanism. In the table below, you can see what rules I would like to implement.

DLB Routing

This is a straightforward pattern as you can see, the incoming resource is part of the name of the Mule application. The simple mapping rule, matching my expectation, looks as follows:

DLB Mapping Rules
DLB Mapping Rules

In the DLB screen, you can see the certificate and associated domains. You can add as many domains as you need to.

List of certificates attached to DLB
List of certificates attached to DLB


After the CNAME was propagated, I can connect to my MuleSoft service via The configuration is relatively straightforward, and you should be able to do it without any significant difficulties. I didn’t want to make this article too long. That is the reason why the best practice you will find in the next article.

How to enable dedicated load balancer under own domain

4 thoughts on “How to enable dedicated load balancer under own domain

  1. Hi Patryk Bandurski,

    Thankyou for the detailed explanation. I had a query .. In the above after the cname entry is made in the dns . does it mean that lets say a request will redirect to which intern will redirect to the cloudhub url using the url mapping ?

    1. Hi,

      thanks. When I intrude CNAME DNC record it is redirected from one domain to another one. In this case, I will make a call to and it will reach actually We do not add an application name (as subdomain) in front of your vanity domain name. We can do the application mapping only based on URI parameters in DLB

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top