0

Let's say I have a reverse-proxy server A and a cloud server B (which are in the same network).

  • Server B can only be accessed through the internal network.
  • Server A can be accessed through the internet I.
  • Server A is encrypted with Let's Encrypt.

I <-HTTPS-> (A <-HTTP-> B)

Although B can only be accessed through the internal network, anyone in the internal network can intercept the traffic between A and B and read it, because the traffic is unencrypted.

What is the best way to secure the traffic between A and B? Can I use a self signed certificate for it? And how do i configure the nginx server on A?

PatrickMA
  • 113
  • 6

1 Answers1

2

Sometimes http between reverse proxy and app server is fine, but it depends on the data in question how much you trust the network. In your own data center simple things like user logins are probably fine unencrypted, in public cloud, you may want them encrypted. Credit card, medical, or similarly rated information should likely be encrypted in transit at all times.

Yes you can use a self signed certificate on your app server. You just have to configure Nginx to accept it. That's outlined in this question.

Community
  • 1
Tim
  • 31,888
  • 7
  • 52
  • 78