<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-family: Calibri, sans-serif; ">
<div><span style="font-size: 16px;">We are designing a deployment were NGINX front ends all incoming https connection and then forwards it to multiple web containers like</span></div>
<div><span style="font-size: 16px;">Tomcat and Node.js which listen on internal ports on 127.0.0.1.</span></div>
<div><span style="font-size: 16px;"><br>
</span></div>
<div><span style="font-size: 16px;">I have some questions here</span></div>
<ol>
<li><span style="font-size: 16px;">Is it possible to route Outbound connection through NGINX as well. I.e for requests outbound from Tomcat/Node.js, can the requests be forwarded to an internal nginx port first over HTTP and then Nginx will proxy them to the
destination over HTTPS?</span></li><li><span style="font-size: 16px;">Are there any high to medium severity known threats for having an HTTP connection between nginx and the other web containers listening on local ports on the same machine instead of using HTTPS.Is is there any other alternative?</span></li><li><span style="font-size: 16px;">What is the best way to allow access from a list of know IP addresses at the NGINX layer. That is a White list of Ips. Would it be by using mod_security or the <span class="final-path">ngx_http_access_module. Is the one better
over the other?</span></span></li></ol>
<div><span style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 16px; font-style: normal; font-weight: normal; text-decoration: none; ">Thanks,</span></div>
<div><span style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 16px; font-style: normal; font-weight: normal; text-decoration: none; ">Anamitra</span></div>
</body>
</html>