in the next weeks, I would like to apply some more security measures at my OH setup. In this context, I’m searching (among other things) for some experiences with mutual TLS, e.g. using server and client certificates. Therefore …
Does anyone have enabled mutual TLS in his setup?
If yes, how was the server side TLS-enabled via Jetty or Nginx?
I’m using Browser-based MainUI and on mobile devices the Android App. Are there any problems when using the Android App?
Yes, I know that page, it is one reason why I open this topic here. Afaik a reverse proxy is used to hide different servers from the clients’ perspective. In case of TLS it looks for me like a workaround - but I’m not an expert. Therefore I asked for some feedback to get a better gut feeling about that.
It does way more than that and it is pretty standard to have the reverse proxy implement TLS, authentication/authorization (i.e. your client certificate), load balancing, entry point to a DMZ, and more.
It’s not a work around, it’s the standard way to expose a service to the Internet or even Intranet.