You will see a lot of places on the web telling you the way to setup SSL with an AWS ELB is to set up a certificate on the load balancer and then forward traffic from port 443 to 80 so that traffic between the load balancer and nginx is unencrypted. To me this doesn't appear very secure as you have unencrypted data flowing over a network connection. What if that data is credit card information?
My questions:
- Does having and unencrypted connection between the load balancer and nginx pose a security risk?
- If the answer to 1 is yes, how would I setup nginx to allow the secure connections from the load balancer?
- Would this involve setting up an ssl certificate on each nginx server?
- What would the nginx config look like if it needs to be different than a standard ssl setup where nginx is not behind a load balancer?
Best Answer
nginx
config is / would be fairly standard, nothing fancy.nginx
. You could use one cert for this, you don't need necessarily multiple. Besides: Using Lets Encrypt it's now fairly easy and automated possible to get certs, free of charge.There isn't a major difference, as far as I know. If you need the client IP for whatever reason, put these lines into your
nginx
config: