Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

  • Initial-Repeat9146B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    OP, what you’re describing is not the “big scary MITM” attack vector. It’s how TLS/Reverse proxies work. Whether you are using Cloudflare or hosting your own reverse proxy somewhere with full control, it’s still terminating TLS at the endpoint and passing back traffic in the clear to the backend.

    Some people like Cloudflare for whatever reasons, and that’s okay. I host my own reverse proxy out on a VPS and it works just fine.

    You’ll find that not all of the seflhosted community is super-focused on privacy as say r/privacy is.

    • spottyPottyOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Maybe it’s my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You’re right, r/privacy might be a better sub for this conversation.

      In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.

      • Initial-Repeat9146B
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Maybe it’s my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You’re right, r/privacy might be a better sub for this conversation.

        In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.

        No worries, it’s just not a useful post for this group, most know the “risks” :-)