Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?

  • spottyPottyOPB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Maybe it’s my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You’re right, r/privacy might be a better sub for this conversation.

    In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.

    • Initial-Repeat9146B
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Maybe it’s my fault for posting this in selfhosted. My question was of a more generic nature about security and privacy in general. You’re right, r/privacy might be a better sub for this conversation.

      In my case my reverse proxy (nginx) runs on the same machine as my backend. In fact nginx also serves all static data with the backend only serving api requests.

      No worries, it’s just not a useful post for this group, most know the “risks” :-)