So I have a droplet on DigitalOcean, the front-end is a Backbone.js app, and our back-end is a JSON API written in Go. Nginx is in-between proxying requests from port 80 to our front-end JavaScript app's port.
My question, where in this stack does SSL/TLS go? I've seen tutorials that suggest we configure only Nginx to handle SSL/TLS calls (like this one: https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04)
, and I've seen tutorials using Go's ListenAndServeTLS
that suggest this is done within the server code (like this one: https://www.kaihag.com/https-and-go/).
A follow-up question, let's say that it ends up that only Nginx needs to be configured for SSL/TLS, wouldn't the incoming requests be encrypted using SSL, and the responses from the Go server be unencrypted? This leads me to believe that both Nginx and the Go server need to be configured for SSL/TLS integration.
Which one is it? Nginx? The Go server? Both?
Thanks everyone