How to create SSL offloading(SSL termination) for HAProxy with Roxy-WI
SSL offloading or SSL termination is the process of removing the SSL based encryption from incoming traffic that a web server receives to relieve it from decryption of data. Security Socket Layer (SSL) is a protocol that ensures the security of HTTP traffic and HTTP requests on the internet. SSL traffic can be compute intensive since it requires encryption and decryption of traffic. SSL (called TLS or Transport Layer Security now) relies on public key cryptography to encrypt communications between the client and server sending messages safely across networks. Encryption of sensitive information protects against potential hackers and man-in-the-middle attacks.
SSL is a cryptographic procedure that secures communications over the internet. SSL encoding ensures user communications are secure. The encryption and decryption of SSL are CPU intensive and can put a strain on server resources. In order to balance the compute demands of SSL encryption and decryption of traffic sent via SSL connections, SSL offloading or SSL termination moves that processing to a dedicated server. This frees the web server to handle other load balancer.
SSL termination intercepts encrypted https traffic when a server receives data from a secure socket layer (SSL) connection in an SSL session. SSL termination or SSL offloading decrypts and verifies data on the load balancer instead of the application server. Spared of having to organize incoming connections, the server can prioritize on other tasks like loading web pages. This helps increase server speed. SSL termination represents the end — or termination point — of an SSL connection.
For creating a Proxy with SSL offloading, go to the "Add proxy" page and select the type of proxy you would like to create (Listen or Frontend). In our example, it will be a new Listen proxy:
Press "Create SSL Listen" and you will be redirected to "Listen". It will have configure the Listen section, so you just need to start typing certificate name and Roxy-WI will show the existing certificate on remote servers. Check the certificate, enter the names of theListen proxy, backend servers and press the "Add Listen" button: