4

According to this guide for setting up an HTTP(S) load balancer in GCP:

The client SSL session terminates at the load balancer. Sessions between the load balancer and the instance can either be HTTPS (recommended) or HTTP. If HTTPS, each instance must have a certificate.

From reading online about load balancers, the HTTPS -> LB -> HTTP setup is called SSL offloading, and is not an uncommon network configuration.

Why do the GCP docs recommend using an HTTPS connection to talk to compute instances? I cannot find any reason why this would be unsafe, as long as the compute instances only allow insecure HTTP communication with the load balancer.

wczwe
  • 43
  • 5
  • 10
    Because you don't control the network between the instance and the load balancer. The traffic is unencrypted. If you're sending data that's important, it should be obvious why that's unsafe. –  Aug 13 '17 at 02:07

2 Answers2

2

As @yoonix mentioned as well, HTTPS is recommended to make sure keep the data is secure from end-to-end as in encrypted form even from load-balancer to backend servers.

N Singh
  • 438
  • 3
  • 10
0

As @yoonix and @NSingh already mentioned, without re-encrypting the traffic between the LB and your web server, a Google Engineer can snoop in on your traffic and lift sensitive information from your http traffic. So with that recommendation Google protects itself from rogue employees.

You can use self signed certificates for the internal communication since web server spoofing is not much a concert as you control the routing of the traffic.

Bernie Lenz
  • 101
  • 3