Nginx and Google Appengine Reverse Proxy Security
Posted
by
jmq
on Pro Webmasters
See other posts from Pro Webmasters
or by jmq
Published on 2014-05-22T16:45:32Z
Indexed on
2014/05/28
22:06 UTC
Read the original article
Hit count: 375
The scenario is that I have a Google compute node running Nginx as a reverse proxy to the google appengine. The appengine is used to service REST calls from an single page application (SPA). HTTPS is used to the Nginx front end from the Internet.
Do I also need to make the traffic from the Nginx reverse proxy to the appengine secure by turning on HTTPS on the appengine?
I would like to avoid the overhead of HTTPS between the proxy and the backend. My thinking was that once the traffic has arrived at Nginx encrypted, decrypted in Nginx, and then sent via the reverse proxy inside of Google's infrastructure it would be secure.
Is it safe in this case to not use HTTPS?
© Pro Webmasters or respective owner