this post was submitted on 25 Dec 2023
30 points (96.9% liked)
homelab
6653 readers
2 users here now
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I imagine the primary reason for having SSL between a reverse proxy and servers is to align with a zero-trust model. You're exactly correct that you'd rather expect that you don't know who is on the network and can monitor the traffic, so encrypt traffic rather than trust the network is secure and leave the traffic unencrypted.
Although best-practice is likely to always have SSL, especially in a corporate environment or in an environment where you don't control the proxy or the server (since this also rules out man in the middle attacks as you can verify the proxy an potentially the client), in a LAN where you control both elements and know what's likely to be on the network (like a home network) you can probably get away without SSL for the convenience.