SSL offloading, or SSL termination, is the process of removing SSL-based encryption from incoming traffic to a web server, thereby relieving the server of the burden of decrypting data. The Security Socket Layer (SSL) protocol, now commonly referred to as Transport Layer Security (TLS), ensures the security of HTTP traffic and requests over the internet. Handling SSL traffic can be computationally intensive due to the encryption and decryption processes involved. SSL/TLS relies on public key cryptography to securely encrypt communications between clients and servers, allowing messages to be sent safely across networks. This encryption of sensitive information helps protect against potential threats, such as hackers and man-in-the-middle attacks.

SSL is a cryptographic protocol that secures communications over the internet. SSL encryption ensures that user communications remain secure. The processes of encryption and decryption in SSL are CPU-intensive and can strain server resources. To balance the computational demands of SSL traffic, SSL offloading or SSL termination transfers that processing to a dedicated server. This allows the web server to focus on handling other tasks, such as load balancing.

SSL termination intercepts encrypted HTTPs traffic when a server receives data from a Secure Socket Layer (SSL) connection during an SSL session. SSL termination or SSL offloading decrypts and verifies data on the load balancer instead of the application server. Spared of having to organize incoming connections, the server can prioritize on other tasks like loading web pages. This helps increase server speed. SSL termination represents the end — or termination point — of an SSL connection.

To create a proxy with SSL offloading, go to the HAProxy => Add proxy section and select the type of proxy you would like to create (Listener or Frontend). In this example, we will create a new Listener proxy.

Click Create SSL Listener and you will be redirected to the Listener section. Select a server and start typing the certificate name, Roxy-WI will show the existing certificates on remote servers. Select the desired certificate, enter the names of the Listener proxy adn backend servers, and then click Add.