Loadbalancing, nginx & certs question
Hello everyone,
i'm in the process of creating a synchronised replica of my dedicated server.
At the moment, the second server is ready. The dedicateds are hosting DB + Backends.
In regard of loadbalancing, for my dns "api.foo.bar", should I just have an nginx config without certifications on both servers and let the SSL be handled by cloudflare ?
I haven't tried yet, but i'm pretty sure I will encounter issue generating ssl certificates on both server (different IP) for the same DNS using certbot.
How do you go about this ? Thank you !
3 Replies
For a secure setup, you need encryption/ssl on both ends. CF's SSL handles Client -> Edge, you need to configure encryption in nginx for Edge -> origin to be secure
You can use Cloudflare Origin Certificates (under SSL/TLS -> Origin Server): https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/
They last for up to 15 years and are trusted by CF Proxy (assuming you will use proxy)
Cloudflare Docs
Origin CA certificates · Cloudflare SSL/TLS docs
Origin Certificate Authority (CA) certificates allow you to encrypt traffic between Cloudflare and your origin web server, and reduce origin bandwidth …
Perfect, thank you very much ! :10000: