An SSL load balancer is a load balancer that also performs encryption and decryption of data transported via HTTPS, which uses the Secure Sockets Layer (SSL) protocol (or its successor, the Transport Layer Security [TLS] protocol) to secure HTTP data as it crosses the network. The load balancer intercepts incoming client requests and distributes them across a group of backend servers, which increases website performance, reliability, and scalability.
To review general information about load balancers, see Save 80% Compared to Hardware Load Balancers.
SSL and TLS are the standard protocols for encrypting HTTP data before it is sent across a network, which prevents it from being read by unauthorized third parties who intercept it. It is vital for protecting sensitive data such as credit card numbers and Social Security numbers transmitted over a public network like the Internet.
An SSL load balancer acts as the server‑side SSL endpoint for connections with clients, meaning that it performs the decryption of requests and encryption of responses that the web or application server would otherwise have to do. The process varies somewhat depending on the security of the network between the load balancer and server:
- If the load balancer and server are on the same secured network (generally this means being behind a firewall), the SSL load balancer is usually configured to decrypt the request, extract the information needed for load balancing, and forward the request to the server in the clear (unencrypted). It encrypts the server’s response before returning it to the client.
- If the network between the load balancer and server is not secure, the SSL load balancer is usually configured to decrypt the request, extract the information needed for load balancing, and re‑encrypt the request before forwarding it to the server. The process is reversed for the response from server to client.
Offloading the decryption and encryption process, which is computationally intensive, frees web and application servers to perform the work they are designed for, which speeds content delivery and improves the overall user experience. If the network between load balancer and servers is secure, you only need to install and manage the SSL certificates on the load balancer instead of every web and application server. This significantly reduces administrative overhead if the group of servers is large.
How Can NGINX Plus Help?
NGINX Plus and NGINX are the best-in-class load‑balancing solutions used by high‑traffic websites such as Dropbox, Netflix, and Zynga. More than 350 million websites worldwide rely on NGINX Plus and NGINX Open Source to deliver their content quickly, reliably, and securely.
As a software load balancer and SSL termination solution, NGINX Plus is significantly less expensive than hardware solutions with similar capabilities. It uses OpenSSL and the power of standard processor chips to provide a cost‑effective solution that covers most SSL requirements. For a complete discussion, see SSL Offloading, Encryption and Certificates with NGINX.
Watch this video to learn the basics of setting up SSL with NGINX.