+1 vote
by
Look at apicreate_offer
Can an attacker intercept the data if the nginx config is like this?
I understand that the answer is yes, if he can put his software (sniffer) on the machine where nginx is.
Please explain if it is safe to do so
server {
set $background 111.111.111.111:3000;
listen 443 ssl;
server_name a.store www.a.store;

location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://backends/;
}

location /api/create_offer {
proxy_pass http://$background/api/create_offer ;
}
}

1 Answer

0 votes
by
1. In general, it is normal to have only nginx on one server, which proxies requests to many other servers.

2. Proxying can be done using the https protocol, to increase the security of data transfer between servers.

If the server is hacked, not only can the data be intercepted, but it can also be used to give visitors their own forms to enter the same bank cards. So use stable versions of software on the server, keep up to date, disable root, and log in with a certificate instead of a password.
...