Hacker News new | past | comments | ask | show | jobs | submit login

So, the way I understand it, the connection between the load balanacer <-> web server is over the private network, right? And with VPC, your private network is isolated and can't be snooped by other Amazon customers?

Sounds cool, but this would only work on Amazon or datacenters w/ cross-data center private networks (SoftLayer has this, for example).




No, the way it works is that there is a load balancer that terminates ssl and forwards it to nginx instances all in a private network. The nginx instances then have secure HTTPS connections over the public internet to the main load balancer that terminates ssl and forwards it over a private network the application servers. So this would be possible with any network since the cross country connections are encrypted.


That's a nice technique and the explanation is good while remaining concise. We do something similar at work (I work in finance) where our clients connect to a secure gateway using HTTPS but all communication with our other services are made using an unsecure protocol. If it lives in your house then it's likely to be harmless!


Oh, I guess I misunderstood. The load balancer <-> web server connection is over HTTPS, not HTTP.


You can edit (or delete) comments here for up to 2 hours after you make them.


I don't think he should delete his comment. It's helpful to see it explained in more detail from other contributors.


Delete, no. Editing would be fine, below an "ETA:"


I just meant he could have edited his first comment instead of replying to himself.


You can have the endpoint servers participating in a VPN with the backend servers. They don't have to be on EC2. This way you wouldn't need to make the front-back requests via https.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: