How to re-encrypt Load Balancer-to-server traffic?
I'm about to set up a Load Balancer with 2 droplets (with more droplets likely added in the future). I understand that with DigialOcean Load Balancers I can SSL/TLS encrypt the user-to-loadbalancer traffic, but then the traffic will pass unencrypted from the load balancer to the 2 backend server droplets.
I know that SSL Passthrough (i.e. end-to-end encryption) on DigitalOcean LoadBalancer is possible, but am concerned about DDoS attacks and would like to perform layer 7 functions on the data ... therefore passthrough doesn't seem suitable. I'm therefore looking into "re-encrypting" the loadbalancer-to-server traffic.
1) Do DigitalOcean load balancers allow for re-encryption?
2) How can I set up such re-encryption? (preferably on DigitalOcean LoadBalancers, or otherwise if this isn't possible)
3) Is re-encryption even value-add if I have set up an OpenVPN around my back-end server droplets (I haven't figured out how to include Load Balancer in the VPN)?
Apologies, networking is still fairly new to me!