Nginx and Google Appengine Reverse Proxy Security

Posted by jmq on Pro Webmasters See other posts from Pro Webmasters or by jmq
Published on 2014-05-22T16:45:32Z Indexed on 2014/05/28 22:06 UTC
Read the original article Hit count: 375

Filed under:
|
|
|

The scenario is that I have a Google compute node running Nginx as a reverse proxy to the google appengine. The appengine is used to service REST calls from an single page application (SPA). HTTPS is used to the Nginx front end from the Internet.

Do I also need to make the traffic from the Nginx reverse proxy to the appengine secure by turning on HTTPS on the appengine?

I would like to avoid the overhead of HTTPS between the proxy and the backend. My thinking was that once the traffic has arrived at Nginx encrypted, decrypted in Nginx, and then sent via the reverse proxy inside of Google's infrastructure it would be secure.

Is it safe in this case to not use HTTPS?

© Pro Webmasters or respective owner

Related posts about security

Related posts about ssl