What is the best way secure traffic from one droplet running NGINX as a reverse-proxy to tomcat on another droplet over 'private' network?
Currently, I’m using the latest CentOS, but is not really a CentOS question.
NGINX acting as a reverse proxy serves https requests
Apache Tomcat (my java web server) running on port 80.
Historically when I was not on Digital Ocean, I had physical security and I connected over port 80 between my backend servers
At Digital Ocean, there is not a true ‘private’ network. Only private within Digital Ocean’s thousands of clients.
Some people have mentioned the following:
- IPSec using Strong Swan or something similar
- Using Tomcat’s cryptography (I’m not sure how fast java is at cryptography)
- SSL Tunneling (We’ve used autossh for less critical things, but doesn’t feel right here)
- Running NGINX in front of the tomcat. (Installling another NGINX instance on Droplet B in front of tomcat)
What is the best way to secure and not compromise performance?