When is it necessary to have SSL on the LAN side of a reverse proxy (between the reverse proxy and the server)? (sh.itjust.works)

submitted 9 months ago by Kalcifer@sh.itjust.works to c/homelab@lemmy.ml

12 comments fedilink hide all child comments

Without SSL on the LAN side of a reverse proxy, I presume that all traffic between the server and the reverse proxy is unencrypted and, thus, accessible to any device on the LAN.

Which specific scenarios result in this being a concern? The primary concern that I can come up with is if you know that there are untrustworthy entities connected to the LAN (untrustworthy devices, or perhaps malicious individuals).

you are viewing a single comment's thread
view the rest of the comments

[-] poVoq@slrpnk.net 1 points 9 months ago

Its worth considering to do SNI routing without decryption in the reverse-proxy, but usually it is not a major issue to just terminate.

[-] usbpc@programming.dev 1 points 9 months ago

Can you link an example on how that can be done?

[-] poVoq@slrpnk.net 2 points 9 months ago

https://levelup.gitconnected.com/multiplex-tls-traffic-with-sni-routing-ece1e4e43e56

this post was submitted on 25 Dec 2023

31 points (97.0% liked)

homelab

6460 readers

2 users here now

founded 4 years ago

MODERATORS

CMonster@lemmy.ml