homelab

6501 readers

1 users here now

founded 4 years ago

MODERATORS

When is it necessary to have SSL on the LAN side of a reverse proxy (between the reverse proxy and the server)? (sh.itjust.works)

submitted 9 months ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Without SSL on the LAN side of a reverse proxy, I presume that all traffic between the server and the reverse proxy is unencrypted and, thus, accessible to any device on the LAN.

Which specific scenarios result in this being a concern? The primary concern that I can come up with is if you know that there are untrustworthy entities connected to the LAN (untrustworthy devices, or perhaps malicious individuals).

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 9 months ago (2 children)

Its worth considering to do SNI routing without decryption in the reverse-proxy, but usually it is not a major issue to just terminate.

[–] [email protected] 1 points 9 months ago (1 children)

Can you link an example on how that can be done?

[–] [email protected] 2 points 9 months ago

https://levelup.gitconnected.com/multiplex-tls-traffic-with-sni-routing-ece1e4e43e56