TLS Termination is a critical feature of any layer 7 proxy. Here are some Pros & Cons 🖌 Offloads Crypto from backend 🖌 Caching (eg. Varnish) 🖌 Intrusion detection system 🖌 Load Balancing and Service Mesh 🖍 Limited by the Max Conn. of the Proxy 🖍 Dangerous when compromised

Thanks, Hussein this is one of the best video on TLS termination on the web.

The most clear explanation I have seen.

One con I can think of right now is that special services ( e.g. downloading patch/upgrade packages) for your servers do not work well if you have a proxy in the middle from a different vendor. Kudos for this excellent explanation!

@hnasr

4 жыл бұрын

Jorge Orozco exactly! that is a perfect example of a layer 7 proxy having to “know” the protocol being proxied. A layer 4 proxy will blindly work because it doesn’t terminate the connection it merely streams it back to the backend. Thanks Jorge!

Really good stuff man. Very clear and straight forward

thanks for not having a boring introduction in your video & getting straight to the point

Thank you. All of your videos are helpful. You're awesome! Please keep going!

@hnasr

3 жыл бұрын

I am glad it is my goal is to help with what i know 😊

clear explain and points about the subject. Thanks Hussein

Thank you this is actually useful. Vs what alot of people do, which is usually just a money grift.

thanks Hussein, you have taught me a lot. I also did your courses.

Good stuff!

Fantastic

Week done!

Hello Hussein thank you for the content you have been posting. Would it be possible if you can make a video on HAR captures and Fiddler with some example along with core concept.

What measures are in place to safeguard confidential data of the end user using a connection through a proxy, such as authentication and personal data?

for load Balancing do we really need tls termination , the header is not encrypted, only the content so i can look at the header and see what i want to see right ?

Hi bro,is it possible to terminate ssl at zuul gateway? If not any suggestion?

Does the SSL termination happen at API Gateway i.e is proxy same as API Gateway

Hi. Can you help me to create DLL file using Visual Studio? I have already a decompiled code from a DLL and has updated it in a txt file.

Hi I am confused about the internal how reverse proxy, inbound request, and outbound request work. I have an appliance server sitting behind Nginx reverser proxy (http2 enabled). So all the API made to the appliance server will go through the nginx. Here Nginx will do the SSL/TLS termination etc. Till here I am able to understand and visualize what is going on for all the incoming requests to my server. Now when the application server will make a request (outbound), can we tunnel it through Nginx?

@chengdongliao9875

3 жыл бұрын

not a nginx user, but I guess you can tailor the nginx as a forward proxy for your application server with tunnel enabled for https traffic...

Hi great vid. What if you use a proxy to do ssl termination on the actual webserver, so all the data is passed internally. I know HAProxy allows you to do this

@hnasr

4 жыл бұрын

That is also a good idea. Only problem I see with this scaling. You will have to scale both the web server and the tls termination which is something you won’t necessarily want to do... this also will force you to add another layer of load balancer on front probably a layer 4 or keepalived kind of configuration

A little bit confusing, I previously thought TLS forward proxy is forward proxy + Tunnel for HTTPs, the client still TCP/TLS handshakes with targert server via tunnel. What is the name of this forward proxy, or call it HTTPs forward porxy?

@MrAlazawi

2 жыл бұрын

with the presence of a forward proxy the client does not handshake with the target server unless you make an exception for that specific communication, the client will always talk only to the proxy, the proxy see the traffic from client in clear text then will start tls handshake with the targeted server and asks for data and then will get it sees it in clear text and retransmit it to client after encrypting it.

TLS Forward Proxy is this what cloudflare does? as cloudflare cannot decrypt data so it adds its own SSL for use between the client and cloudflare , and then uses the previous ssl certificate between cloudflare and the origin server?

@hnasr

4 жыл бұрын

It depends. Are you physically specifying Cloudflare as an HTTPS proxy on your machine? If yes then yes they terminate TLS and make the request in your behalf and cache and do all those pretty stuff. But they can also in this case see the content which is something you might not want. If you are not using an HTTPS proxy, then you are governed by the rule of the destination server. “end to end encrypted “ cloudflare can’t see the content That being said, if you hosted your website on Cloudflare than they can cache your content on edge servers and yes edge servers that are closer to you must be TLS terminator s by design But if your website is hosted on godaddy then they can’t do much about it. They don’t see any content even if you used Cloudflare as DNS Hope that helps 😊

can you please cover DoS and how to handle that DoS attack?

@hnasr

4 жыл бұрын

kzread.info/dash/bejne/Zn1r1rKQaNLMYso.html

@raghuvallikkat3384

4 жыл бұрын

@@hnasr Thanks. One piece is missing is how do we handle such attacks in server side?

The best name ever HUSSEIN i hope you understand

Do some new videos CGi

He hass the same name as me but he has 2 s in naser

You repeat or get stuck with the point alot. But thanks for the tutorial.