Quote:
Originally Posted by testy8888
Let`s say that an application is behind an apache server and apache is configured with tls traffic->there is an certificate and a private key.
when using - browser to access that application,the traffic will be encrypted between the browser and the application.right?
|
The traffic is encrypted between the browser and apache, you don't provide enough detail about your application to provide you more information.
Examples:
1) A forum website could be considered an "application", phpMyAdmin could be considered an "application", in these cases the website code is being executed by apache so all traffic between the browser and the application would be encrypted.
2) Apache acts as a reverse proxy / front end, passing traffic to some other process on the server. In this case the traffic between the browser and apache would be encrypted using the cert/key pair above, however the traffic between apache and the other process may not necessarily be encrypted. A (partial) example of where apache does the TLS termination but passes on the traffic unencrypted is shown below:
Code:
<VirtualHost _default_:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName somehost.example.com
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
...
So without knowing what you actually mean by "application" it's impossible to say where encryption will end.