NGINX as compressor, TLS offloader, loadbalancer
Schematic overview
TLS/SSL offloading
It is not an SSL offloader anymore, strickly TLS, because SSL has various security concerns.
ssl_certificate ssl-cert.pem;
ssl_certificate_key ssl-cert.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH;
Compression offloading
Brotli
# Brotli compression
brotli on;
brotli_comp_level 4;
brotli_min_length 100;
brotli_types text/plain text/css application/javascript image/svg+xml;
GZIP
# Gzip compression
gzip on;
gzip_vary on;
gzip_http_version 1.0;
gzip_comp_level 5;
gzip_min_length 100;
gzip_proxied any;
gzip_types text/plain text/css application/javascript image/svg+xml;
Note: text/html is always compressed
Caching