SSL offloading or SSL termination is the process of removing the SSL based encryption from incoming traffic that a web server receives to relieve it from decryption of data. Security Socket Layer (SSL) is a protocol that ensures the security of HTTP traffic and HTTP requests on the internet. SSL traffic can be compute intensive since it requires encryption and decryption of traffic. SSL (called TLS or Transport Layer Security now) relies on public key cryptography to encrypt communications between the client and server sending messages safely across networks. Encryption of sensitive information protects against potential hackers and man-in-the-middle attacks.
SSL is a cryptographic procedure that secures communications over the internet. SSL encoding ensures user communications are secure. The encryption and decryption of SSL are CPU intensive and can put a strain on server resources. In order to balance the compute demands of SSL encryption and decryption of traffic sent via SSL connections, SSL offloading or SSL termination moves that processing to a dedicated server. This frees the web server to handle other load balancer.
SSL termination intercepts encrypted https traffic when a server receives data from a secure socket layer (SSL) connection in an SSL session. SSL termination or SSL offloading decrypts and verifies data on the load balancer instead of the application server. Spared of having to organize incoming connections, the server can prioritize on other tasks like loading web pages. This helps increase server speed. SSL termination represents the end — or termination point — of an SSL connection.
For creating a Proxy with SSL offloading go to the "Add proxy" page and chose what proxy you would like to create, Listen or Frontend. In our example it will be a new Listen:
Press on the "Create SSL Listen" and you will redirect to the "Listen". It will have configured Listen section, so you just need start typing certificate name, HAProxy-WI shows existing certificate on a remote servers. Check right certificate, write down Listen name, backend servers and press the "Add Listen" button: