Comment on Many Network Interfaces per VM/CT - Good Practice?
raldone01@lemmy.world 4 months agoFull pass through has no advantage when my reverse proxy terminates ssl and internal services are http only right?
Regardless of fqdn nginx has to decrypt and restream anyways.
pyrosis@lemmy.world 3 months ago
This would be correct if you are terminating ssl at the proxy and it’s just passing it to http. However, if you can enable SSL on the service it’s possible to take advantage of full passthru if you care about such things.
raldone01@lemmy.world 3 months ago
Ahh nice good to know. For my use case I’d rather not distribute the certificates to all my services.
pyrosis@lemmy.world 3 months ago
When I was experimenting with this it didn’t seem like you had to distribute the cert to the service itself. As long as the internal service was an https port. The certificate management was still happening on the proxy.
The trick was more getting the host names right and targeting the proxy for the hostname resolution.
Either way IP addresses are much easier but it is nice to observe a stream being completely passed through. I’m sure it takes a load off the proxy and stabilizes connections.