2024-01-17, 04:15 PM
I am trying to understand the ssl/tls process. It is new to me and if I get something wrong I'd appreciate being corrected.
Question 1: If I'm reading this right, your guide tells HAproxy plugin on the PFsense router to pass-through the whole request of "https://YOURJFDOMAIN.com" to the JF server, and the JF server handles everything for the TLS handshake?
I'd seen people give examples of having the reverse proxy service caddy and nginx (no clue if haproxy has similar function) in order to force proper security.
Question 2: Are there more benefits beyond forcing a more secure TLS handshake with HAproxy handling the tls handshake, or would there be other security concerns on the back end to the JF server?
Question 1: If I'm reading this right, your guide tells HAproxy plugin on the PFsense router to pass-through the whole request of "https://YOURJFDOMAIN.com" to the JF server, and the JF server handles everything for the TLS handshake?
I'd seen people give examples of having the reverse proxy service caddy and nginx (no clue if haproxy has similar function) in order to force proper security.
Question 2: Are there more benefits beyond forcing a more secure TLS handshake with HAproxy handling the tls handshake, or would there be other security concerns on the back end to the JF server?