1

I know its is advised to encrypt the traffic within the company network.

Should we also stay away from SSL termination after a reverse proxy that's proxies multiple worker nodes on the same LAN?

By SSL termination I mean that the proxy will deal with all the TLS stuff and forward the request afterwards over HTTP. I hope I get that right.

The Fool
  • 115
  • 5

1 Answers1

3

Security is always a balance between risks and needs. TLS terminating reverse proxies are typically put in front of some service on the same machine or to systems in the same LAN. As long as this LAN is sufficiently controlled (i.e. only some system administrators can make changes, no "common" employees have access) the risk can be acceptable. If not one can add an additional TLS connection (or a VPN) between reverse proxy and the final server, but at the cost of a performance impact.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424