1. Home
  2. Misc
  3. How to setup SSL offloading

How to setup SSL offloading

Why SSL Offload

SSL is computationally very expensive, and depending on the implementation and regular maintenance that you do on your SSL libraries or their lack thereof, it can also raise a number of security issues.

Snapt uses the strongest and most efficient ciphers, blocks denial-of-service attacks (DoS), and it only passes through complete and valid HTTPS requests.

In a nutshell, by letting Snapt offload SSL management, you can:

  • reduce up to 90% of your web server load!
  • remove complexity from managing SSL
  • protect against SSL vulnerabilities
  • optimize SSL content

For more information see our SSL Offloading and Acceleration article.

Note: to make use of SSL offloading, you’ll need to have a valid SSL certificate installed on your Snapt instance.

SSL Offloading in the Balancer

Step 1, Option 1: Add a Group (standard)

The first step in setting up load balancing or a highly available (HA) group of servers, is by creating a group and setting it to listen somewhere. For example, you may want your HTTP-Servers group to listen on port 80, after creating the said group you can then add servers to it and specify their individual options.

If you already have a Group, you can safely skip this step; if not, navigate to:

Balancer > Group Management

Click on the Add a Group tab, and enter your group details.

Step 1, Option 2: Add a Frontend (advanced)

Just as with Groups, the first step in setting up a Frontend is setting it to listen somewhere. Frontends are often chosen over groups when you plan to route traffic to multiple backends, based on ACL’s.

Please note that backends and frontends are advanced ACL-based load balancing options; if you are not sure, use the standard groups as described in Step 1, Option 1.

To add a Frontend, navigate to:

Balancer > Frontend Management

Click on the Add a Frontend tab, and enter your frontend details.

 

Step 2: Enable SSL Termination

Additionally, you will need to have an SSL certificate already installed and configured on your Snapt instance, which you can do from > Settings > SSL > SSL Certificates. For detailed instructions on how to do this, please refer to How to Upload SSL Certificates.

Select the Group or Frontend you want to edit, by navigating to:

Balancer > Group Management

or

Balancer > Frontend Management

Then select the Group of Frontend you want to work with, and click on Edit.

Under the SSL Options tab, go to the SSL Options pane, and mark SSL Termination as On.

That will enable a set of options, most of which are not mandatory, except for Bind (where you want to attach your SSL too) and the SSL Certificate, in case you have several; so make you set them properly.

Click on Save button, and reload the Balancer.

Note: you may want to redirect HTTP to HTTPS on your HTTP frontend, please see Redirect port 80 to port 443 (HTTP to HTTPS).

SSL Offloading in the Accelerator

Same as with the Balancer, make sure you have a valid SSL certificate on your Snapt instance before continuing.

Navigate to:

Accelerator > Create an Accelerator

Choose HTTPS Frontend Server, which passes HTTPS traffic through to your upstreams.

Make sure that you select a valid SSL Certificate and SSL Certificate Key.

Note: unlike the Balancer, the Accelerator cannot redirect HTTP traffic to HTTPS. Instead, you’ll need to setup an HTTP frontend on the Balancer to redirect traffic to HTTPS.

Updated on November 30, 2018


Was this article helpful?

Related Articles