ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SSL between a proxy and its target

    IT Discussion
    certbot lets encrypt nginx reverse proxy
    6
    12
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Never had to do that. Seems like a script to pull it from time to time might be enough, though?

      dafyreD 1 Reply Last reply Reply Quote 1
      • dafyreD
        dafyre @scottalanmiller
        last edited by

        @scottalanmiller said in SSL between a proxy and its target:

        Never had to do that. Seems like a script to pull it from time to time might be enough, though?

        Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

        DashrenderD wirestyle22W 2 Replies Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch
          last edited by

          That was my thought also, but wanted to ask for opinions.

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @dafyre
            last edited by

            @dafyre said in SSL between a proxy and its target:

            @scottalanmiller said in SSL between a proxy and its target:

            Never had to do that. Seems like a script to pull it from time to time might be enough, though?

            Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

            Any security risk to this? I don't know anything about it - I just see passwordless and have to ask.

            scottalanmillerS travisdh1T 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said in SSL between a proxy and its target:

              Any security risk to this? I don't know anything about it - I just see passwordless and have to ask.

              Far more secure than passwords. 🙂 It's key rather than password. Think of it as 256 character password.

              DashrenderD 1 Reply Last reply Reply Quote 1
              • travisdh1T
                travisdh1 @Dashrender
                last edited by

                @Dashrender said in SSL between a proxy and its target:

                @dafyre said in SSL between a proxy and its target:

                @scottalanmiller said in SSL between a proxy and its target:

                Never had to do that. Seems like a script to pull it from time to time might be enough, though?

                Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

                Any security risk to this? I don't know anything about it - I just see passwordless and have to ask.

                It's industry standard public/private key encryption, so shouldn't be an issue.

                You should go read up on SQRL. In my not so humble opinion, passwords have long outlived the point where they are a useful security mechanism.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • wirestyle22W
                  wirestyle22 @dafyre
                  last edited by

                  @dafyre said in SSL between a proxy and its target:

                  @scottalanmiller said in SSL between a proxy and its target:

                  Never had to do that. Seems like a script to pull it from time to time might be enough, though?

                  Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

                  How often would you want to pull something like this? daily?

                  dafyreD travisdh1T 2 Replies Last reply Reply Quote 0
                  • dafyreD
                    dafyre @wirestyle22
                    last edited by

                    @wirestyle22 said in SSL between a proxy and its target:

                    @dafyre said in SSL between a proxy and its target:

                    @scottalanmiller said in SSL between a proxy and its target:

                    Never had to do that. Seems like a script to pull it from time to time might be enough, though?

                    Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

                    How often would you want to pull something like this? daily?

                    I would. Make it fire and forget.

                    1 Reply Last reply Reply Quote 1
                    • travisdh1T
                      travisdh1 @wirestyle22
                      last edited by

                      @wirestyle22 said in SSL between a proxy and its target:

                      @dafyre said in SSL between a proxy and its target:

                      @scottalanmiller said in SSL between a proxy and its target:

                      Never had to do that. Seems like a script to pull it from time to time might be enough, though?

                      Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

                      How often would you want to pull something like this? daily?

                      I'd add it to the script I use to update the letsencrypt certs, so it all happens at the same time.

                      1 Reply Last reply Reply Quote 2
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in SSL between a proxy and its target:

                        @Dashrender said in SSL between a proxy and its target:

                        Any security risk to this? I don't know anything about it - I just see passwordless and have to ask.

                        Far more secure than passwords. 🙂 It's key rather than password. Think of it as 256 character password.

                        awww OK key.. got it.. thanks.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @travisdh1
                          last edited by

                          @travisdh1 said in SSL between a proxy and its target:

                          @Dashrender said in SSL between a proxy and its target:

                          @dafyre said in SSL between a proxy and its target:

                          @scottalanmiller said in SSL between a proxy and its target:

                          Never had to do that. Seems like a script to pull it from time to time might be enough, though?

                          Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

                          Any security risk to this? I don't know anything about it - I just see passwordless and have to ask.

                          It's industry standard public/private key encryption, so shouldn't be an issue.

                          You should go read up on SQRL. In my not so humble opinion, passwords have long outlived the point where they are a useful security mechanism.

                          I'm fully aware of SQRL - I asked Scott on Day one of ML if he would support it when it became available, sadly it's still not released to the wild 😞

                          1 Reply Last reply Reply Quote 1
                          • 1 / 1
                          • First post
                            Last post