1. Home
  2. Misc
  3. How to setup Snapt Aria SSL offloading

How to setup Snapt Aria SSL offloading

Why SSL Offload

SSL is computationally very expensive, and depending on the implementation and regular maintenance that you do on your SSL libraries or their lack thereof, it can also raise a number of security issues.

Snapt Aria uses the strongest and most efficient ciphers, blocks denial-of-service attacks (DoS), and it only passes through complete and valid HTTPS requests.

In a nutshell, by letting Snapt Aria offload SSL management, you can:

  • reduce up to 90% of your web server load!
  • remove complexity from managing SSL
  • protect against SSL vulnerabilities
  • optimize SSL content

For more information see our SSL Offloading and Web Acceleration article.

Note: To make use of SSL offloading, you’ll need to have a valid SSL certificate installed on your Snapt Aria instance.

SSL Offloading in the virtual Load Balancer

Step 1, Option 1: Add a Group (standard)

The first step in setting up virtual load balancing or a highly available (HA) group of servers, is by creating a group and setting it to listen somewhere. For example, you may want your HTTP-Servers group to listen on port 80, after creating the said group you can then add servers to it and specify their individual options.

If you already have a Group, you can safely skip this step; if not, navigate to:

Balancer > Group Management

Click on the Add a Group tab, and enter your group details.

Step 1, Option 2: Add a Frontend (advanced)

Just as with Groups, the first step in setting up a Frontend is setting it to listen somewhere. Frontends are often chosen over groups when you plan to route traffic to multiple backends, based on ACL’s.

Please note that backends and frontends are advanced ACL-based load balancing options; if you are not sure, use the standard groups as described in Step 1, Option 1.

To add a Frontend, navigate to:

Balancer > Frontend Management

Click on the Add a Frontend tab, and enter your frontend details.

 

Step 2: Enable SSL Termination

Additionally, you will need to have an SSL certificate already installed and configured on your virtual Snapt Aria instance, which you can do from > Settings > SSL > SSL Certificates. For detailed instructions on how to do this, please refer to How to Upload SSL Certificates.

Select the Group or Frontend you want to edit, by navigating to:

Balancer > Group Management

or

Balancer > Frontend Management

Then select the Group of Frontend you want to work with, and click on Edit.

Under the SSL Options tab, go to the SSL Options pane, and mark SSL Termination as On.

That will enable a set of options, most of which are not mandatory, except for Bind (where you want to attach your SSL too) and the SSL Certificate, in case you have several; so make you set them properly.

Click on Save button, and reload the virtual Load Balancer.

Note: You may want to redirect HTTP to HTTPS on your HTTP frontend, please see Redirect port 80 to port 443 (HTTP to HTTPS).

SSL Offloading in the SSL Accelerator

Same as with the load balancer, make sure you have a valid SSL certificate on your virtual Snapt Aria instance before continuing.

Navigate to:

Accelerator > Create an Accelerator

Choose HTTPS Frontend Server, which passes HTTPS traffic through to your upstreams.

Make sure that you select a valid SSL Certificate and SSL Certificate Key.

Note: Unlike the load balancer, the SSL accelerator cannot redirect HTTP traffic to HTTPS. Instead, you’ll need to setup an HTTP frontend on the load balancer to redirect traffic to HTTPS.

Updated on May 18, 2020


Was this article helpful?

Related Articles