logoalt Hacker News

sandermvanvliettoday at 7:08 PM0 repliesview on HN

I run a reverse proxy that handles the TLS termination for that reason.

Services themselves are constrained to the server, bound to listen on 127.0.0.1 only.

Key is only available to the reverse proxy.