homelab

6510 readers

48 users here now

founded 4 years ago

MODERATORS

When is it necessary to have SSL on the LAN side of a reverse proxy (between the reverse proxy and the server)? (sh.itjust.works)

submitted 9 months ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Without SSL on the LAN side of a reverse proxy, I presume that all traffic between the server and the reverse proxy is unencrypted and, thus, accessible to any device on the LAN.

Which specific scenarios result in this being a concern? The primary concern that I can come up with is if you know that there are untrustworthy entities connected to the LAN (untrustworthy devices, or perhaps malicious individuals).

you are viewing a single comment's thread
view the rest of the comments

[–] stevestevesteve 14 points 9 months ago

Security comes in layers. If someone compromises your DNS server, or switch, (or does arp poisoning, etc etc) for example, but not the reverse proxy, (and it resolves backend via DNS and it doesn't validate/pin certs), they could intercept the traffic transparently. If you have SSL on that link, it massively reduces the attack potential.