NGINX is a high performance webserver designed to handle thousands of simultaneous requests and has become one of the most deployed web server platforms on the Internet. A key component of delivering applications and services with NGNIX is the use of SSL to secure the communications between clients and the NGNIX servers.
The processing overhead of SSL can have a significant impact on the performance of a HTTP server and one solution is to offload this to a load balancer. This approach brings a number of benefits beyond just reducing the server overhead. It also provides a single point of management for website security with just one place to manage SSL keys and certificates and a centralized point of control for SSL configuration and policy.
With SSL offloading, all client traffic is decrypted/encrypted at the load balancer allowing the load balancer to perform other functions such as compression, caching and content inspection. The load balancer may optionally use SSL encrypted sessions with the NGNIX servers for additional security in environments where the network between the load balancer and NGNIX is untrusted.
Fig 1. SSL offload topology for NGNIX
A tech note on our support site provides guidelines on how to configure SSL offloading for NGNIX servers on LoadMaster. Our support team are available to assist you during your evaluation period should you need any guidance on configuring SSL offload and the best practices for securing NGNIX workloads with SSL.