SSL Offload for NGNIX

NGINX is a high performance webserver designed to handle thousands of simultaneous requests and has become one of the most deployed web server platforms on the Internet. A key component of delivering applications and services with NGNIX is the use of SSL to secure the communications between clients and the NGNIX servers.

The processing overhead of SSL can have a significant impact on the performance of a HTTP server and one solution is to offload this to a load balancer. This approach brings a number of benefits beyond just reducing the server overhead. It also provides a single point of management for website security with just one place to manage SSL keys and certificates and a centralized point of control for SSL configuration and policy.

SSL Offload options for NGNIX

With SSL offloading, all client traffic is decrypted/encrypted at the load balancer allowing the load balancer to perform other functions such as compression, caching and content inspection. The load balancer may optionally use SSL encrypted sessions with the NGNIX servers for additional security in environments where the network between the load balancer and NGNIX is untrusted.

Fig 1. SSL offload topology for NGNIX

Configuring SSL Offload for NGINX

A tech note on our support site provides guidelines on how to configure SSL offloading for NGNIX servers on LoadMaster. Our support team are available to assist you during your evaluation period should you need any guidance on configuring SSL offload and the best practices for securing NGNIX workloads with SSL.

Load Balancing Features for NGINX

  • SSL Offload – LoadMaster can offload the SSL processing workload from the NGINX servers and also provide a single point of administration for SSL certificates and security.
  • DDOS Protection – LoadMaster includes a snort compatible engine to offer DDOS protection for NGNIX servers
  • Authentication – The Edge Security Pack in LoadMaster provides comprehensive authentication and single sign-on services for NGNIX
  • Reverse Proxy ‐ LoadMaster can act as a reverse proxy for NGNIX environments
  • Caching and Compression – LoadMaster uses caching and compression as a way to improve NGNIX performance
  • SSL Redirect – Redirection of all non-HTTPS requests to HTTPS
  • Intelligent Session Persistence – Multiple options available to ensure clients are load balanced to the same server for the session lifetime
  • Web Application Firewall (WAF) – The LoadMaster WAF for NGNIX provides application level protection from common and day-zero vulnerabilities
  • Global Load Balancing (GSLB) – Load balance NGNIX across multiple physical locations including cloud to provide disaster recovery failover and geo-aware traffic distribution.